[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   15.935281] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.904836] random: sshd: uninitialized urandom read (32 bytes read)
[   21.144355] random: sshd: uninitialized urandom read (32 bytes read)
[   21.846905] random: sshd: uninitialized urandom read (32 bytes read)
[   21.982212] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts.
[   27.432081] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   27.522269] ==================================================================
[   27.529690] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x740/0x800
[   27.537049] Read of size 4 at addr ffff8801cde475b4 by task syz-executor803/4465
[   27.544560] 
[   27.546172] CPU: 1 PID: 4465 Comm: syz-executor803 Not tainted 4.18.0-rc3-next-20180709+ #2
[   27.554638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.563974] Call Trace:
[   27.566560]  dump_stack+0x1c9/0x2b4
[   27.570172]  ? dump_stack_print_info.cold.2+0x52/0x52
[   27.575350]  ? printk+0xa7/0xcf
[   27.578632]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   27.583373]  ? fscache_alloc_cookie+0x740/0x800
[   27.588035]  print_address_description+0x6c/0x20b
[   27.592861]  ? fscache_alloc_cookie+0x740/0x800
[   27.597519]  kasan_report.cold.7+0x242/0x30d
[   27.601916]  __asan_report_load4_noabort+0x14/0x20
[   27.606834]  fscache_alloc_cookie+0x740/0x800
[   27.611310]  ? fscache_cookie_init_once+0x80/0x80
[   27.616137]  ? lock_downgrade+0x8f0/0x8f0
[   27.620268]  ? radix_tree_delete_item+0x188/0x310
[   27.625093]  ? kasan_check_read+0x11/0x20
[   27.629223]  ? do_raw_spin_unlock+0xa7/0x2f0
[   27.633609]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   27.638190]  ? kasan_check_write+0x14/0x20
[   27.642421]  __fscache_acquire_cookie+0x230/0xb00
[   27.647261]  ? fscache_cookie_put+0x850/0x850
[   27.651754]  ? p9_client_attach+0x215/0x860
[   27.656072]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   27.661174]  ? debug_check_no_obj_freed+0x30b/0x595
[   27.666203]  ? p9_client_walk+0xab0/0xab0
[   27.670349]  ? trace_hardirqs_off+0xd/0x10
[   27.674578]  ? quarantine_put+0x10d/0x1b0
[   27.678717]  v9fs_cache_session_get_cookie+0xc4/0x270
[   27.683889]  v9fs_session_init+0x1013/0x1a80
[   27.688288]  ? rcu_note_context_switch+0x730/0x730
[   27.693200]  ? v9fs_show_options+0x7e0/0x7e0
[   27.697602]  ? lock_release+0xa30/0xa30
[   27.701562]  ? check_same_owner+0x340/0x340
[   27.705872]  ? lock_downgrade+0x8f0/0x8f0
[   27.710027]  ? kasan_unpoison_shadow+0x35/0x50
[   27.714595]  ? kasan_kmalloc+0xc4/0xe0
[   27.718465]  ? kasan_unpoison_shadow+0x35/0x50
[   27.723024]  ? kasan_kmalloc+0xc4/0xe0
[   27.726908]  v9fs_mount+0x7c/0x900
[   27.730442]  ? v9fs_drop_inode+0x150/0x150
[   27.734669]  legacy_get_tree+0x118/0x440
[   27.738741]  vfs_get_tree+0x1cb/0x5c0
[   27.742553]  do_mount+0x6c1/0x1fb0
[   27.746098]  ? check_same_owner+0x340/0x340
[   27.750427]  ? lock_release+0xa30/0xa30
[   27.754432]  ? copy_mount_string+0x40/0x40
[   27.758671]  ? kasan_kmalloc+0xc4/0xe0
[   27.762569]  ? kmem_cache_alloc_trace+0x318/0x780
[   27.767427]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   27.772979]  ? _copy_from_user+0xdf/0x150
[   27.777163]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   27.782702]  ? copy_mount_options+0x285/0x380
[   27.787182]  ksys_mount+0x12d/0x140
[   27.790820]  __x64_sys_mount+0xbe/0x150
[   27.794799]  do_syscall_64+0x1b9/0x820
[   27.798664]  ? syscall_return_slowpath+0x5e0/0x5e0
[   27.803575]  ? syscall_return_slowpath+0x31d/0x5e0
[   27.808500]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   27.813522]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   27.819070]  ? prepare_exit_to_usermode+0x291/0x3b0
[   27.824093]  ? perf_trace_sys_enter+0xb10/0xb10
[   27.828756]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.833597]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   27.838780] RIP: 0033:0x440309
[   27.841948] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   27.861069] RSP: 002b:00007ffc98180878 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[   27.868756] RAX: ffffffffffffffda RBX: 6761746568636163 RCX: 0000000000440309
[   27.876016] RDX: 00000000200002c0 RSI: 0000000020000280 RDI: 0000000000000000
[   27.883265] RBP: 00000000006ca018 R08: 0000000020000340 R09: 00000000004002c8
[   27.890540] R10: 0000000000800000 R11: 0000000000000206 R12: 0000000000401b90
[   27.897793] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   27.905048] 
[   27.906663] Allocated by task 4465:
[   27.910277]  save_stack+0x43/0xd0
[   27.913709]  kasan_kmalloc+0xc4/0xe0
[   27.917402]  __kmalloc+0x14e/0x760
[   27.920922]  fscache_alloc_cookie+0x698/0x800
[   27.925398]  __fscache_acquire_cookie+0x230/0xb00
[   27.930222]  v9fs_cache_session_get_cookie+0xc4/0x270
[   27.935390]  v9fs_session_init+0x1013/0x1a80
[   27.939777]  v9fs_mount+0x7c/0x900
[   27.943297]  legacy_get_tree+0x118/0x440
[   27.947339]  vfs_get_tree+0x1cb/0x5c0
[   27.951120]  do_mount+0x6c1/0x1fb0
[   27.954636]  ksys_mount+0x12d/0x140
[   27.958252]  __x64_sys_mount+0xbe/0x150
[   27.962208]  do_syscall_64+0x1b9/0x820
[   27.966259]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   27.971435] 
[   27.973042] Freed by task 1:
[   27.976044]  save_stack+0x43/0xd0
[   27.979477]  __kasan_slab_free+0x11a/0x170
[   27.983699]  kasan_slab_free+0xe/0x10
[   27.987481]  kfree+0xd9/0x260
[   27.990567]  kobject_uevent_env+0x275/0x1110
[   27.994965]  kobject_uevent+0x1f/0x30
[   27.998742]  device_add+0x95d/0x16f0
[   28.002435]  device_create_groups_vargs+0x1ff/0x270
[   28.007430]  device_create+0xdb/0x110
[   28.011210]  sound_insert_unit.constprop.2+0x695/0x870
[   28.016467]  register_sound_special_device+0xf4/0x2e0
[   28.021635]  snd_register_oss_device+0x2a4/0x4e0
[   28.026371]  alsa_seq_oss_init+0x32/0x26c
[   28.030499]  do_one_initcall+0x127/0x913
[   28.034540]  kernel_init_freeable+0x49b/0x58e
[   28.039013]  kernel_init+0x11/0x1b3
[   28.042620]  ret_from_fork+0x3a/0x50
[   28.046306] 
[   28.047929] The buggy address belongs to the object at ffff8801cde47580
[   28.047929]  which belongs to the cache kmalloc-64 of size 64
[   28.060404] The buggy address is located 52 bytes inside of
[   28.060404]  64-byte region [ffff8801cde47580, ffff8801cde475c0)
[   28.072080] The buggy address belongs to the page:
[   28.076990] page:ffffea00073791c0 count:1 mapcount:0 mapping:ffff8801da800340 index:0x0
[   28.085110] flags: 0x2fffc0000000100(slab)
[   28.089336] raw: 02fffc0000000100 ffffea0007361408 ffff8801da801348 ffff8801da800340
[   28.097203] raw: 0000000000000000 ffff8801cde47000 0000000100000020 0000000000000000
[   28.105055] page dumped because: kasan: bad access detected
[   28.110737] 
[   28.112354] Memory state around the buggy address:
[   28.117263]  ffff8801cde47480: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   28.124598]  ffff8801cde47500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   28.131942] >ffff8801cde47580: 00 00 00 00 00 00 07 fc fc fc fc fc fc fc fc fc
[   28.139274]                                      ^
[   28.144182]  ffff8801cde47600: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   28.151516]  ffff8801cde47680: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   28.158854] ==================================================================
[   28.166279] Kernel panic - not syncing: panic_on_warn set ...
[   28.166279] 
[   28.173640] CPU: 1 PID: 4465 Comm: syz-executor803 Tainted: G    B             4.18.0-rc3-next-20180709+ #2
[   28.183494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.192833] Call Trace:
[   28.195409]  dump_stack+0x1c9/0x2b4
[   28.199028]  ? dump_stack_print_info.cold.2+0x52/0x52
[   28.204201]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.208943]  panic+0x238/0x4e7
[   28.212116]  ? add_taint.cold.5+0x16/0x16
[   28.216249]  ? do_raw_spin_unlock+0xa7/0x2f0
[   28.220823]  ? fscache_alloc_cookie+0x740/0x800
[   28.225474]  kasan_end_report+0x47/0x4f
[   28.229428]  kasan_report.cold.7+0x76/0x30d
[   28.233732]  __asan_report_load4_noabort+0x14/0x20
[   28.238644]  fscache_alloc_cookie+0x740/0x800
[   28.243122]  ? fscache_cookie_init_once+0x80/0x80
[   28.247945]  ? lock_downgrade+0x8f0/0x8f0
[   28.252073]  ? radix_tree_delete_item+0x188/0x310
[   28.256902]  ? kasan_check_read+0x11/0x20
[   28.261027]  ? do_raw_spin_unlock+0xa7/0x2f0
[   28.265502]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   28.270064]  ? kasan_check_write+0x14/0x20
[   28.274279]  __fscache_acquire_cookie+0x230/0xb00
[   28.279110]  ? fscache_cookie_put+0x850/0x850
[   28.283600]  ? p9_client_attach+0x215/0x860
[   28.287920]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   28.293007]  ? debug_check_no_obj_freed+0x30b/0x595
[   28.298003]  ? p9_client_walk+0xab0/0xab0
[   28.302134]  ? trace_hardirqs_off+0xd/0x10
[   28.306350]  ? quarantine_put+0x10d/0x1b0
[   28.310482]  v9fs_cache_session_get_cookie+0xc4/0x270
[   28.315656]  v9fs_session_init+0x1013/0x1a80
[   28.320045]  ? rcu_note_context_switch+0x730/0x730
[   28.324957]  ? v9fs_show_options+0x7e0/0x7e0
[   28.329539]  ? lock_release+0xa30/0xa30
[   28.333495]  ? check_same_owner+0x340/0x340
[   28.337795]  ? lock_downgrade+0x8f0/0x8f0
[   28.341927]  ? kasan_unpoison_shadow+0x35/0x50
[   28.346500]  ? kasan_kmalloc+0xc4/0xe0
[   28.350369]  ? kasan_unpoison_shadow+0x35/0x50
[   28.354940]  ? kasan_kmalloc+0xc4/0xe0
[   28.358811]  v9fs_mount+0x7c/0x900
[   28.362332]  ? v9fs_drop_inode+0x150/0x150
[   28.366558]  legacy_get_tree+0x118/0x440
[   28.370611]  vfs_get_tree+0x1cb/0x5c0
[   28.374393]  do_mount+0x6c1/0x1fb0
[   28.377912]  ? check_same_owner+0x340/0x340
[   28.382213]  ? lock_release+0xa30/0xa30
[   28.386183]  ? copy_mount_string+0x40/0x40
[   28.390402]  ? kasan_kmalloc+0xc4/0xe0
[   28.394271]  ? kmem_cache_alloc_trace+0x318/0x780
[   28.399123]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   28.404643]  ? _copy_from_user+0xdf/0x150
[   28.408784]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   28.414304]  ? copy_mount_options+0x285/0x380
[   28.418789]  ksys_mount+0x12d/0x140
[   28.422397]  __x64_sys_mount+0xbe/0x150
[   28.426351]  do_syscall_64+0x1b9/0x820
[   28.430217]  ? syscall_return_slowpath+0x5e0/0x5e0
[   28.435127]  ? syscall_return_slowpath+0x31d/0x5e0
[   28.440038]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   28.445047]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   28.450572]  ? prepare_exit_to_usermode+0x291/0x3b0
[   28.455569]  ? perf_trace_sys_enter+0xb10/0xb10
[   28.460218]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.465045]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   28.470225] RIP: 0033:0x440309
[   28.473400] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   28.492528] RSP: 002b:00007ffc98180878 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[   28.500227] RAX: ffffffffffffffda RBX: 6761746568636163 RCX: 0000000000440309
[   28.507475] RDX: 00000000200002c0 RSI: 0000000020000280 RDI: 0000000000000000
[   28.514723] RBP: 00000000006ca018 R08: 0000000020000340 R09: 00000000004002c8
[   28.521987] R10: 0000000000800000 R11: 0000000000000206 R12: 0000000000401b90
[   28.529769] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   28.537465] Dumping ftrace buffer:
[   28.540998]    (ftrace buffer empty)
[   28.544698] Kernel Offset: disabled
[   28.548306] Rebooting in 86400 seconds..