[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   27.137568] kauditd_printk_skb: 8 callbacks suppressed
[   27.137581] audit: type=1800 audit(1539638964.460:29): pid=5227 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   27.162947] audit: type=1800 audit(1539638964.460:30): pid=5227 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.15' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   53.128177] ==================================================================
[   53.135644] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7ad/0x880
[   53.142993] Read of size 4 at addr ffff8801d72fa1d4 by task syz-executor800/5383
[   53.150512] 
[   53.152131] CPU: 1 PID: 5383 Comm: syz-executor800 Not tainted 4.19.0-rc8+ #62
[   53.159475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.168920] Call Trace:
[   53.171503]  dump_stack+0x1c4/0x2b4
[   53.175370]  ? dump_stack_print_info.cold.2+0x52/0x52
[   53.180613]  ? printk+0xa7/0xcf
[   53.183894]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   53.188643]  print_address_description.cold.8+0x9/0x1ff
[   53.194002]  kasan_report.cold.9+0x242/0x309
[   53.198403]  ? fscache_alloc_cookie+0x7ad/0x880
[   53.203066]  __asan_report_load4_noabort+0x14/0x20
[   53.208083]  fscache_alloc_cookie+0x7ad/0x880
[   53.212636]  ? fscache_cookie_init_once+0x80/0x80
[   53.217476]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   53.222572]  ? __kmalloc_track_caller+0x14a/0x750
[   53.227403]  ? kstrdup+0x39/0x70
[   53.230817]  ? nfs_alloc_client+0x383/0x760
[   53.235126]  ? nfs_get_client+0x8e8/0x14d0
[   53.239360]  ? nfs_init_server+0x357/0x1010
[   53.243683]  ? nfs_create_server+0x86/0x5f0
[   53.248000]  ? nfs_fs_mount+0x17f8/0x2f1c
[   53.252176]  ? mount_fs+0xae/0x31d
[   53.255708]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   53.260452]  ? do_mount+0x581/0x31f0
[   53.264156]  ? ksys_mount+0x12d/0x140
[   53.267947]  ? __x64_sys_mount+0xbe/0x150
[   53.272080]  ? do_syscall_64+0x1b9/0x820
[   53.276132]  __fscache_acquire_cookie+0x230/0xb60
[   53.280966]  ? fscache_cookie_put+0x880/0x880
[   53.285495]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.291028]  ? check_preemption_disabled+0x48/0x200
[   53.296050]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   53.301589]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   53.306872]  ? rcu_pm_notify+0xc0/0xc0
[   53.310832]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.316380]  nfs_fscache_get_client_cookie+0x463/0x600
[   53.321746]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   53.327629]  nfs_alloc_client+0x563/0x760
[   53.331781]  ? register_nfs_version+0x280/0x280
[   53.336442]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   53.341017]  nfs_get_client+0x8e8/0x14d0
[   53.345068]  ? kmem_cache_alloc_trace+0x152/0x750
[   53.349909]  ? mount_fs+0xae/0x31d
[   53.353442]  ? nfs_put_client+0x30/0x30
[   53.357837]  ? nfs_alloc_server+0x5ca/0x730
[   53.362150]  ? depot_save_stack+0x292/0x470
[   53.366457]  ? nfs_wait_client_init_complete+0x210/0x210
[   53.371922]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.377443]  ? check_preemption_disabled+0x48/0x200
[   53.382441]  ? check_preemption_disabled+0x48/0x200
[   53.387441]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   53.392615]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   53.398143]  nfs_init_server+0x357/0x1010
[   53.402286]  ? nfs_clone_server+0x920/0x920
[   53.406603]  ? nfs_alloc_fattr+0x48/0x1d0
[   53.410738]  ? rcu_read_lock_sched_held+0x108/0x120
[   53.415750]  nfs_create_server+0x86/0x5f0
[   53.419897]  nfs_try_mount+0x180/0xa80
[   53.423788]  ? lock_downgrade+0x900/0x900
[   53.427935]  ? nfs_request_mount.constprop.18+0x920/0x920
[   53.433479]  ? kasan_check_read+0x11/0x20
[   53.437619]  ? do_raw_spin_unlock+0xa7/0x2f0
[   53.442015]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   53.446584]  ? kasan_check_write+0x14/0x20
[   53.450819]  ? do_raw_spin_lock+0xc1/0x200
[   53.455085]  ? _raw_spin_unlock+0x2c/0x50
[   53.459227]  ? find_nfs_version+0x138/0x190
[   53.463549]  nfs_fs_mount+0x17f8/0x2f1c
[   53.467577]  ? nfs_show_options+0x250/0x250
[   53.471899]  ? nfs_clone_super+0x420/0x420
[   53.476121]  ? nfs_parse_mount_options+0x2660/0x2660
[   53.481216]  ? lock_downgrade+0x900/0x900
[   53.485356]  mount_fs+0xae/0x31d
[   53.488713]  ? digsig_verify+0x1530/0x1530
[   53.492938]  vfs_kern_mount.part.35+0xdc/0x4f0
[   53.497512]  ? may_umount+0xb0/0xb0
[   53.501125]  ? _raw_read_unlock+0x2c/0x50
[   53.505258]  ? __get_fs_type+0x97/0xc0
[   53.509134]  do_mount+0x581/0x31f0
[   53.512660]  ? copy_mount_string+0x40/0x40
[   53.516894]  ? copy_mount_options+0x5f/0x380
[   53.521334]  ? rcu_read_lock_sched_held+0x108/0x120
[   53.526357]  ? kmem_cache_alloc_trace+0x353/0x750
[   53.531199]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   53.536726]  ? _copy_from_user+0xdf/0x150
[   53.540870]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.546403]  ? copy_mount_options+0x288/0x380
[   53.550912]  ksys_mount+0x12d/0x140
[   53.554530]  __x64_sys_mount+0xbe/0x150
[   53.558495]  do_syscall_64+0x1b9/0x820
[   53.562370]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   53.567718]  ? syscall_return_slowpath+0x5e0/0x5e0
[   53.572629]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   53.577476]  ? trace_hardirqs_on_caller+0x310/0x310
[   53.582496]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   53.587525]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.593055]  ? prepare_exit_to_usermode+0x291/0x3b0
[   53.598063]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   53.602909]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.608085] RIP: 0033:0x440129
[   53.611265] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   53.630154] RSP: 002b:00007fffaa414588 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   53.637854] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440129
[   53.645116] RDX: 000000002015bffc RSI: 0000000020343ff8 RDI: 00000000208deff8
[   53.652372] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   53.659628] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019b0
[   53.666889] R13: 0000000000401a40 R14: 0000000000000000 R15: 0000000000000000
[   53.674272] 
[   53.675894] Allocated by task 5383:
[   53.679513]  save_stack+0x43/0xd0
[   53.682957]  kasan_kmalloc+0xc7/0xe0
[   53.686702]  __kmalloc+0x14e/0x760
[   53.690293]  fscache_alloc_cookie+0x6f7/0x880
[   53.694783]  __fscache_acquire_cookie+0x230/0xb60
[   53.699614]  nfs_fscache_get_client_cookie+0x463/0x600
[   53.704888]  nfs_alloc_client+0x563/0x760
[   53.709032]  nfs_get_client+0x8e8/0x14d0
[   53.713076]  nfs_init_server+0x357/0x1010
[   53.717210]  nfs_create_server+0x86/0x5f0
[   53.721346]  nfs_try_mount+0x180/0xa80
[   53.725220]  nfs_fs_mount+0x17f8/0x2f1c
[   53.729182]  mount_fs+0xae/0x31d
[   53.732585]  vfs_kern_mount.part.35+0xdc/0x4f0
[   53.737164]  do_mount+0x581/0x31f0
[   53.740688]  ksys_mount+0x12d/0x140
[   53.744303]  __x64_sys_mount+0xbe/0x150
[   53.748273]  do_syscall_64+0x1b9/0x820
[   53.752151]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.757320] 
[   53.758931] Freed by task 3226:
[   53.762201]  save_stack+0x43/0xd0
[   53.765640]  __kasan_slab_free+0x102/0x150
[   53.769982]  kasan_slab_free+0xe/0x10
[   53.773772]  kfree+0xcf/0x230
[   53.776876]  smk_import_entry+0x101/0x420
[   53.781013]  smk_fetch.part.24+0xe0/0xf0
[   53.785058]  smack_d_instantiate+0x94e/0xea0
[   53.789455]  security_d_instantiate+0x5c/0xf0
[   53.794059]  d_instantiate+0x5e/0xa0
[   53.797765]  shmem_mknod+0x189/0x1f0
[   53.801468]  shmem_create+0x2b/0x40
[   53.805087]  lookup_open+0x1319/0x1b90
[   53.808965]  path_openat+0x15e7/0x5160
[   53.812836]  do_filp_open+0x255/0x380
[   53.816625]  do_sys_open+0x568/0x700
[   53.820380]  __x64_sys_open+0x7e/0xc0
[   53.824181]  do_syscall_64+0x1b9/0x820
[   53.828060]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.833234] 
[   53.834846] The buggy address belongs to the object at ffff8801d72fa1c0
[   53.834846]  which belongs to the cache kmalloc-32 of size 32
[   53.847446] The buggy address is located 20 bytes inside of
[   53.847446]  32-byte region [ffff8801d72fa1c0, ffff8801d72fa1e0)
[   53.859245] The buggy address belongs to the page:
[   53.864166] page:ffffea00075cbe80 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801d72fafc1
[   53.873597] flags: 0x2fffc0000000100(slab)
[   53.877818] raw: 02fffc0000000100 ffffea00075dbf08 ffffea00075939c8 ffff8801da8001c0
[   53.885693] raw: ffff8801d72fafc1 ffff8801d72fa000 000000010000003f 0000000000000000
[   53.893560] page dumped because: kasan: bad access detected
[   53.899259] 
[   53.900907] Memory state around the buggy address:
[   53.905822]  ffff8801d72fa080: 00 00 01 fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   53.913210]  ffff8801d72fa100: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc
[   53.920565] >ffff8801d72fa180: 01 fc fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   53.927911]                                                  ^
[   53.933879]  ffff8801d72fa200: 00 00 01 fc fc fc fc fc 00 00 01 fc fc fc fc fc
[   53.941230]  ffff8801d72fa280: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc
[   53.948582] ==================================================================
[   53.955935] Disabling lock debugging due to kernel taint
[   53.963348] Kernel panic - not syncing: panic_on_warn set ...
[   53.963348] 
[   53.970851] CPU: 0 PID: 5383 Comm: syz-executor800 Tainted: G    B             4.19.0-rc8+ #62
[   53.979592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.988931] Call Trace:
[   53.991507]  dump_stack+0x1c4/0x2b4
[   53.995120]  ? dump_stack_print_info.cold.2+0x52/0x52
[   54.000298]  panic+0x238/0x4e7
[   54.003472]  ? add_taint.cold.5+0x16/0x16
[   54.007630]  ? preempt_schedule+0x4d/0x60
[   54.011772]  ? ___preempt_schedule+0x16/0x18
[   54.016165]  ? trace_hardirqs_on+0xb4/0x310
[   54.020470]  kasan_end_report+0x47/0x4f
[   54.024433]  kasan_report.cold.9+0x76/0x309
[   54.028740]  ? fscache_alloc_cookie+0x7ad/0x880
[   54.033394]  __asan_report_load4_noabort+0x14/0x20
[   54.038310]  fscache_alloc_cookie+0x7ad/0x880
[   54.042792]  ? fscache_cookie_init_once+0x80/0x80
[   54.047618]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   54.052705]  ? __kmalloc_track_caller+0x14a/0x750
[   54.057548]  ? kstrdup+0x39/0x70
[   54.060913]  ? nfs_alloc_client+0x383/0x760
[   54.065227]  ? nfs_get_client+0x8e8/0x14d0
[   54.069555]  ? nfs_init_server+0x357/0x1010
[   54.073870]  ? nfs_create_server+0x86/0x5f0
[   54.078183]  ? nfs_fs_mount+0x17f8/0x2f1c
[   54.082432]  ? mount_fs+0xae/0x31d
[   54.085965]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   54.090735]  ? do_mount+0x581/0x31f0
[   54.094429]  ? ksys_mount+0x12d/0x140
[   54.098230]  ? __x64_sys_mount+0xbe/0x150
[   54.102369]  ? do_syscall_64+0x1b9/0x820
[   54.106470]  __fscache_acquire_cookie+0x230/0xb60
[   54.111300]  ? fscache_cookie_put+0x880/0x880
[   54.115782]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.121309]  ? check_preemption_disabled+0x48/0x200
[   54.126319]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   54.131849]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   54.137120]  ? rcu_pm_notify+0xc0/0xc0
[   54.141056]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.146597]  nfs_fscache_get_client_cookie+0x463/0x600
[   54.151860]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   54.157753]  nfs_alloc_client+0x563/0x760
[   54.161901]  ? register_nfs_version+0x280/0x280
[   54.166561]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   54.171132]  nfs_get_client+0x8e8/0x14d0
[   54.175222]  ? kmem_cache_alloc_trace+0x152/0x750
[   54.180057]  ? mount_fs+0xae/0x31d
[   54.183588]  ? nfs_put_client+0x30/0x30
[   54.187548]  ? nfs_alloc_server+0x5ca/0x730
[   54.191913]  ? depot_save_stack+0x292/0x470
[   54.196227]  ? nfs_wait_client_init_complete+0x210/0x210
[   54.201667]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.207195]  ? check_preemption_disabled+0x48/0x200
[   54.212197]  ? check_preemption_disabled+0x48/0x200
[   54.217196]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   54.222367]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   54.227898]  nfs_init_server+0x357/0x1010
[   54.232085]  ? nfs_clone_server+0x920/0x920
[   54.236397]  ? nfs_alloc_fattr+0x48/0x1d0
[   54.240539]  ? rcu_read_lock_sched_held+0x108/0x120
[   54.245554]  nfs_create_server+0x86/0x5f0
[   54.249784]  nfs_try_mount+0x180/0xa80
[   54.253664]  ? lock_downgrade+0x900/0x900
[   54.257797]  ? nfs_request_mount.constprop.18+0x920/0x920
[   54.263316]  ? kasan_check_read+0x11/0x20
[   54.267450]  ? do_raw_spin_unlock+0xa7/0x2f0
[   54.271844]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   54.276424]  ? kasan_check_write+0x14/0x20
[   54.280642]  ? do_raw_spin_lock+0xc1/0x200
[   54.284858]  ? _raw_spin_unlock+0x2c/0x50
[   54.288996]  ? find_nfs_version+0x138/0x190
[   54.293303]  nfs_fs_mount+0x17f8/0x2f1c
[   54.297280]  ? nfs_show_options+0x250/0x250
[   54.301584]  ? nfs_clone_super+0x420/0x420
[   54.305798]  ? nfs_parse_mount_options+0x2660/0x2660
[   54.310896]  ? lock_downgrade+0x900/0x900
[   54.315037]  mount_fs+0xae/0x31d
[   54.318394]  ? digsig_verify+0x1530/0x1530
[   54.322621]  vfs_kern_mount.part.35+0xdc/0x4f0
[   54.327288]  ? may_umount+0xb0/0xb0
[   54.330969]  ? _raw_read_unlock+0x2c/0x50
[   54.335152]  ? __get_fs_type+0x97/0xc0
[   54.339029]  do_mount+0x581/0x31f0
[   54.342553]  ? copy_mount_string+0x40/0x40
[   54.346774]  ? copy_mount_options+0x5f/0x380
[   54.351171]  ? rcu_read_lock_sched_held+0x108/0x120
[   54.356173]  ? kmem_cache_alloc_trace+0x353/0x750
[   54.360999]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   54.366522]  ? _copy_from_user+0xdf/0x150
[   54.370655]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.376175]  ? copy_mount_options+0x288/0x380
[   54.380651]  ksys_mount+0x12d/0x140
[   54.384269]  __x64_sys_mount+0xbe/0x150
[   54.388232]  do_syscall_64+0x1b9/0x820
[   54.392106]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   54.397496]  ? syscall_return_slowpath+0x5e0/0x5e0
[   54.402414]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   54.407243]  ? trace_hardirqs_on_caller+0x310/0x310
[   54.412250]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   54.417255]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.422817]  ? prepare_exit_to_usermode+0x291/0x3b0
[   54.427920]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   54.432750]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.437922] RIP: 0033:0x440129
[   54.441107] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   54.459996] RSP: 002b:00007fffaa414588 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   54.467689] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440129
[   54.474943] RDX: 000000002015bffc RSI: 0000000020343ff8 RDI: 00000000208deff8
[   54.482195] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   54.489449] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019b0
[   54.496727] R13: 0000000000401a40 R14: 0000000000000000 R15: 0000000000000000
[   54.504980] Kernel Offset: disabled
[   54.508601] Rebooting in 86400 seconds..