[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   24.565252] audit: type=1800 audit(1539640642.662:21): pid=5185 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[....] Starting enhanced syslogd: rsyslogd[   25.075676] rsyslogd (5210) used greatest stack depth: 15688 bytes left
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   33.842326] ==================================================================
[   33.850184] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7ad/0x880
[   33.857532] Read of size 4 at addr ffff8801d7aa3e14 by task syz-executor267/5340
[   33.865047] 
[   33.866671] CPU: 0 PID: 5340 Comm: syz-executor267 Not tainted 4.19.0-rc8+ #285
[   33.874098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.883439] Call Trace:
[   33.886033]  dump_stack+0x1c4/0x2b4
[   33.889650]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.894829]  ? printk+0xa7/0xcf
[   33.898096]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   33.902845]  print_address_description.cold.8+0x9/0x1ff
[   33.908198]  kasan_report.cold.9+0x242/0x309
[   33.912598]  ? fscache_alloc_cookie+0x7ad/0x880
[   33.917257]  __asan_report_load4_noabort+0x14/0x20
[   33.922175]  fscache_alloc_cookie+0x7ad/0x880
[   33.926662]  ? fscache_cookie_init_once+0x80/0x80
[   33.931508]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   33.936610]  ? __kmalloc_track_caller+0x14a/0x750
[   33.941438]  ? kstrdup+0x39/0x70
[   33.944800]  ? nfs_alloc_client+0x383/0x760
[   33.949122]  ? nfs_get_client+0x8e8/0x14d0
[   33.953343]  ? nfs_init_server+0x357/0x1010
[   33.957653]  ? nfs_create_server+0x86/0x5f0
[   33.961960]  ? nfs_fs_mount+0x17f8/0x2f1c
[   33.966093]  ? mount_fs+0xae/0x31d
[   33.969622]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   33.974363]  ? do_mount+0x581/0x31f0
[   33.978060]  ? ksys_mount+0x12d/0x140
[   33.981855]  ? __x64_sys_mount+0xbe/0x150
[   33.986010]  ? do_syscall_64+0x1b9/0x820
[   33.990089]  __fscache_acquire_cookie+0x230/0xb60
[   33.994930]  ? fscache_cookie_put+0x880/0x880
[   33.999420]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.004949]  ? check_preemption_disabled+0x48/0x200
[   34.009956]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   34.015502]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   34.020773]  ? rcu_pm_notify+0xc0/0xc0
[   34.024662]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.030196]  nfs_fscache_get_client_cookie+0x463/0x600
[   34.035466]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   34.041347]  nfs_alloc_client+0x563/0x760
[   34.045497]  ? register_nfs_version+0x280/0x280
[   34.050158]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.054735]  nfs_get_client+0x8e8/0x14d0
[   34.058783]  ? kmem_cache_alloc_trace+0x152/0x750
[   34.063621]  ? mount_fs+0xae/0x31d
[   34.067160]  ? nfs_put_client+0x30/0x30
[   34.071120]  ? nfs_alloc_server+0x5ca/0x730
[   34.075427]  ? depot_save_stack+0x292/0x470
[   34.079734]  ? nfs_wait_client_init_complete+0x210/0x210
[   34.085175]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.090703]  ? check_preemption_disabled+0x48/0x200
[   34.095709]  ? check_preemption_disabled+0x48/0x200
[   34.100712]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   34.105898]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.111425]  nfs_init_server+0x357/0x1010
[   34.115589]  ? nfs_clone_server+0x920/0x920
[   34.119901]  ? nfs_alloc_fattr+0x48/0x1d0
[   34.124040]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.129056]  nfs_create_server+0x86/0x5f0
[   34.133201]  nfs_try_mount+0x180/0xa80
[   34.137098]  ? lock_downgrade+0x900/0x900
[   34.141247]  ? nfs_request_mount.constprop.18+0x920/0x920
[   34.146772]  ? kasan_check_read+0x11/0x20
[   34.150918]  ? do_raw_spin_unlock+0xa7/0x2f0
[   34.155315]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.159886]  ? kasan_check_write+0x14/0x20
[   34.164109]  ? do_raw_spin_lock+0xc1/0x200
[   34.168349]  ? _raw_spin_unlock+0x2c/0x50
[   34.172487]  ? find_nfs_version+0x138/0x190
[   34.176817]  nfs_fs_mount+0x17f8/0x2f1c
[   34.180779]  ? nfs_show_options+0x250/0x250
[   34.185098]  ? nfs_clone_super+0x420/0x420
[   34.189331]  ? nfs_parse_mount_options+0x2660/0x2660
[   34.194422]  ? lock_downgrade+0x900/0x900
[   34.198559]  mount_fs+0xae/0x31d
[   34.202093]  vfs_kern_mount.part.35+0xdc/0x4f0
[   34.206681]  ? may_umount+0xb0/0xb0
[   34.210298]  ? _raw_read_unlock+0x2c/0x50
[   34.214433]  ? __get_fs_type+0x97/0xc0
[   34.218326]  do_mount+0x581/0x31f0
[   34.221858]  ? copy_mount_string+0x40/0x40
[   34.226108]  ? copy_mount_options+0x5f/0x380
[   34.230504]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.235514]  ? kmem_cache_alloc_trace+0x353/0x750
[   34.240363]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.245894]  ? copy_mount_options+0x288/0x380
[   34.250378]  ksys_mount+0x12d/0x140
[   34.254007]  __x64_sys_mount+0xbe/0x150
[   34.257984]  do_syscall_64+0x1b9/0x820
[   34.261863]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   34.267229]  ? syscall_return_slowpath+0x5e0/0x5e0
[   34.272144]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.276978]  ? trace_hardirqs_on_caller+0x310/0x310
[   34.281985]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   34.286992]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.292516]  ? prepare_exit_to_usermode+0x291/0x3b0
[   34.297536]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.302371]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.307546] RIP: 0033:0x440129
[   34.310725] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   34.329715] RSP: 002b:00007ffcdea49638 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   34.337431] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440129
[   34.344704] RDX: 000000002015bffc RSI: 0000000020343ff8 RDI: 00000000208deff8
[   34.351960] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   34.359214] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019b0
[   34.366467] R13: 0000000000401a40 R14: 0000000000000000 R15: 0000000000000000
[   34.373729] 
[   34.375341] Allocated by task 5340:
[   34.378952]  save_stack+0x43/0xd0
[   34.382391]  kasan_kmalloc+0xc7/0xe0
[   34.386109]  __kmalloc+0x14e/0x760
[   34.389641]  fscache_alloc_cookie+0x6f7/0x880
[   34.394135]  __fscache_acquire_cookie+0x230/0xb60
[   34.398967]  nfs_fscache_get_client_cookie+0x463/0x600
[   34.404233]  nfs_alloc_client+0x563/0x760
[   34.408380]  nfs_get_client+0x8e8/0x14d0
[   34.412446]  nfs_init_server+0x357/0x1010
[   34.416579]  nfs_create_server+0x86/0x5f0
[   34.420711]  nfs_try_mount+0x180/0xa80
[   34.424583]  nfs_fs_mount+0x17f8/0x2f1c
[   34.428556]  mount_fs+0xae/0x31d
[   34.431913]  vfs_kern_mount.part.35+0xdc/0x4f0
[   34.436482]  do_mount+0x581/0x31f0
[   34.440006]  ksys_mount+0x12d/0x140
[   34.443619]  __x64_sys_mount+0xbe/0x150
[   34.447580]  do_syscall_64+0x1b9/0x820
[   34.451452]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.456619] 
[   34.458227] Freed by task 1:
[   34.461244]  save_stack+0x43/0xd0
[   34.464705]  __kasan_slab_free+0x102/0x150
[   34.468935]  kasan_slab_free+0xe/0x10
[   34.472726]  kfree+0xcf/0x230
[   34.475825]  acpi_ns_get_node_unlocked+0x2b9/0x309
[   34.480739]  acpi_ns_get_node+0x4d/0x6b
[   34.484704]  acpi_get_handle+0x15b/0x263
[   34.488753]  acpi_has_method+0x70/0xb0
[   34.492645]  acpi_add_single_object+0x220/0x1ed0
[   34.497388]  acpi_bus_check_add+0x5e0/0xb10
[   34.501692]  acpi_ns_walk_namespace+0x224/0x400
[   34.506363]  acpi_walk_namespace+0xf2/0x12c
[   34.510670]  acpi_bus_scan+0x146/0x170
[   34.514559]  acpi_scan_init+0x403/0x8fe
[   34.518524]  acpi_init+0x941/0xa19
[   34.522047]  do_one_initcall+0x145/0x957
[   34.526100]  kernel_init_freeable+0x4bb/0x5ae
[   34.530592]  kernel_init+0x11/0x1b2
[   34.534211]  ret_from_fork+0x3a/0x50
[   34.537902] 
[   34.539515] The buggy address belongs to the object at ffff8801d7aa3e00
[   34.539515]  which belongs to the cache kmalloc-32 of size 32
[   34.551981] The buggy address is located 20 bytes inside of
[   34.551981]  32-byte region [ffff8801d7aa3e00, ffff8801d7aa3e20)
[   34.563661] The buggy address belongs to the page:
[   34.568574] page:ffffea00075ea8c0 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801d7aa3fc1
[   34.578005] flags: 0x2fffc0000000100(slab)
[   34.582226] raw: 02fffc0000000100 ffffea00075eaa88 ffffea00075d3808 ffff8801da8001c0
[   34.590123] raw: ffff8801d7aa3fc1 ffff8801d7aa3000 000000010000003f 0000000000000000
[   34.598001] page dumped because: kasan: bad access detected
[   34.603697] 
[   34.605313] Memory state around the buggy address:
[   34.610231]  ffff8801d7aa3d00: 00 02 fc fc fc fc fc fc 00 02 fc fc fc fc fc fc
[   34.617577]  ffff8801d7aa3d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   34.624922] >ffff8801d7aa3e00: 00 00 06 fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   34.632277]                          ^
[   34.636150]  ffff8801d7aa3e80: 01 fc fc fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   34.643500]  ffff8801d7aa3f00: fb fb fb fb fc fc fc fc 00 06 fc fc fc fc fc fc
[   34.650952] ==================================================================
[   34.658292] Disabling lock debugging due to kernel taint
[   34.664188] Kernel panic - not syncing: panic_on_warn set ...
[   34.664188] 
[   34.671579] CPU: 0 PID: 5340 Comm: syz-executor267 Tainted: G    B             4.19.0-rc8+ #285
[   34.680408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.689742] Call Trace:
[   34.692332]  dump_stack+0x1c4/0x2b4
[   34.695964]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.701144]  panic+0x238/0x4e7
[   34.704337]  ? add_taint.cold.5+0x16/0x16
[   34.708473]  ? preempt_schedule+0x4d/0x60
[   34.712606]  ? ___preempt_schedule+0x16/0x18
[   34.716999]  ? trace_hardirqs_on+0xb4/0x310
[   34.721306]  kasan_end_report+0x47/0x4f
[   34.725264]  kasan_report.cold.9+0x76/0x309
[   34.729572]  ? fscache_alloc_cookie+0x7ad/0x880
[   34.734227]  __asan_report_load4_noabort+0x14/0x20
[   34.739142]  fscache_alloc_cookie+0x7ad/0x880
[   34.743626]  ? fscache_cookie_init_once+0x80/0x80
[   34.748463]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   34.753555]  ? __kmalloc_track_caller+0x14a/0x750
[   34.758383]  ? kstrdup+0x39/0x70
[   34.761735]  ? nfs_alloc_client+0x383/0x760
[   34.766056]  ? nfs_get_client+0x8e8/0x14d0
[   34.770284]  ? nfs_init_server+0x357/0x1010
[   34.774588]  ? nfs_create_server+0x86/0x5f0
[   34.778894]  ? nfs_fs_mount+0x17f8/0x2f1c
[   34.783023]  ? mount_fs+0xae/0x31d
[   34.786569]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   34.791310]  ? do_mount+0x581/0x31f0
[   34.795004]  ? ksys_mount+0x12d/0x140
[   34.798784]  ? __x64_sys_mount+0xbe/0x150
[   34.802925]  ? do_syscall_64+0x1b9/0x820
[   34.807007]  __fscache_acquire_cookie+0x230/0xb60
[   34.811852]  ? fscache_cookie_put+0x880/0x880
[   34.816334]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.821886]  ? check_preemption_disabled+0x48/0x200
[   34.826893]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   34.832437]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   34.837701]  ? rcu_pm_notify+0xc0/0xc0
[   34.841576]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.847101]  nfs_fscache_get_client_cookie+0x463/0x600
[   34.852379]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   34.858251]  nfs_alloc_client+0x563/0x760
[   34.862383]  ? register_nfs_version+0x280/0x280
[   34.867039]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.871608]  nfs_get_client+0x8e8/0x14d0
[   34.875655]  ? kmem_cache_alloc_trace+0x152/0x750
[   34.880482]  ? mount_fs+0xae/0x31d
[   34.884013]  ? nfs_put_client+0x30/0x30
[   34.887973]  ? nfs_alloc_server+0x5ca/0x730
[   34.892275]  ? depot_save_stack+0x292/0x470
[   34.896602]  ? nfs_wait_client_init_complete+0x210/0x210
[   34.902041]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.907571]  ? check_preemption_disabled+0x48/0x200
[   34.912572]  ? check_preemption_disabled+0x48/0x200
[   34.917578]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   34.922767]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.928297]  nfs_init_server+0x357/0x1010
[   34.932430]  ? nfs_clone_server+0x920/0x920
[   34.936737]  ? nfs_alloc_fattr+0x48/0x1d0
[   34.940871]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.945877]  nfs_create_server+0x86/0x5f0
[   34.950013]  nfs_try_mount+0x180/0xa80
[   34.953888]  ? lock_downgrade+0x900/0x900
[   34.958018]  ? nfs_request_mount.constprop.18+0x920/0x920
[   34.963997]  ? kasan_check_read+0x11/0x20
[   34.968130]  ? do_raw_spin_unlock+0xa7/0x2f0
[   34.972521]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.977088]  ? kasan_check_write+0x14/0x20
[   34.981307]  ? do_raw_spin_lock+0xc1/0x200
[   34.985527]  ? _raw_spin_unlock+0x2c/0x50
[   34.989658]  ? find_nfs_version+0x138/0x190
[   34.993969]  nfs_fs_mount+0x17f8/0x2f1c
[   34.997933]  ? nfs_show_options+0x250/0x250
[   35.002240]  ? nfs_clone_super+0x420/0x420
[   35.006474]  ? nfs_parse_mount_options+0x2660/0x2660
[   35.011564]  ? lock_downgrade+0x900/0x900
[   35.015703]  mount_fs+0xae/0x31d
[   35.019069]  vfs_kern_mount.part.35+0xdc/0x4f0
[   35.023637]  ? may_umount+0xb0/0xb0
[   35.027249]  ? _raw_read_unlock+0x2c/0x50
[   35.031378]  ? __get_fs_type+0x97/0xc0
[   35.035271]  do_mount+0x581/0x31f0
[   35.038814]  ? copy_mount_string+0x40/0x40
[   35.043049]  ? copy_mount_options+0x5f/0x380
[   35.047449]  ? rcu_read_lock_sched_held+0x108/0x120
[   35.052449]  ? kmem_cache_alloc_trace+0x353/0x750
[   35.057279]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.062805]  ? copy_mount_options+0x288/0x380
[   35.067286]  ksys_mount+0x12d/0x140
[   35.070897]  __x64_sys_mount+0xbe/0x150
[   35.074856]  do_syscall_64+0x1b9/0x820
[   35.078726]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   35.084081]  ? syscall_return_slowpath+0x5e0/0x5e0
[   35.088997]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.093824]  ? trace_hardirqs_on_caller+0x310/0x310
[   35.098826]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   35.103830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.109352]  ? prepare_exit_to_usermode+0x291/0x3b0
[   35.114352]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.119179]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.124369] RIP: 0033:0x440129
[   35.127562] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   35.146450] RSP: 002b:00007ffcdea49638 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   35.154142] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440129
[   35.161394] RDX: 000000002015bffc RSI: 0000000020343ff8 RDI: 00000000208deff8
[   35.168656] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   35.175908] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019b0
[   35.183157] R13: 0000000000401a40 R14: 0000000000000000 R15: 0000000000000000
[   35.191320] Kernel Offset: disabled
[   35.194939] Rebooting in 86400 seconds..