[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   26.125067] kauditd_printk_skb: 7 callbacks suppressed
[   26.125079] audit: type=1800 audit(1539488672.636:29): pid=5205 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   26.151742] audit: type=1800 audit(1539488672.636:30): pid=5205 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.77' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   33.621597] ==================================================================
[   33.629056] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7ad/0x880
[   33.636403] Read of size 4 at addr ffff8801d7b3cf14 by task syz-executor838/5357
[   33.643912] 
[   33.645528] CPU: 0 PID: 5357 Comm: syz-executor838 Not tainted 4.19.0-rc7+ #282
[   33.652957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.662291] Call Trace:
[   33.664886]  dump_stack+0x1c4/0x2b4
[   33.668517]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.673691]  ? printk+0xa7/0xcf
[   33.676961]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   33.681724]  print_address_description.cold.8+0x9/0x1ff
[   33.687078]  kasan_report.cold.9+0x242/0x309
[   33.691476]  ? fscache_alloc_cookie+0x7ad/0x880
[   33.696136]  __asan_report_load4_noabort+0x14/0x20
[   33.701051]  fscache_alloc_cookie+0x7ad/0x880
[   33.705540]  ? fscache_cookie_init_once+0x80/0x80
[   33.710401]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   33.715493]  ? __kmalloc_track_caller+0x14a/0x750
[   33.720322]  ? kstrdup+0x39/0x70
[   33.723677]  ? nfs_alloc_client+0x383/0x760
[   33.727984]  ? nfs_get_client+0x8e8/0x14d0
[   33.732204]  ? nfs_init_server+0x357/0x1010
[   33.736510]  ? nfs_create_server+0x86/0x5f0
[   33.740832]  ? nfs_fs_mount+0x17f8/0x2f1c
[   33.744970]  ? mount_fs+0xae/0x31d
[   33.748503]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   33.753240]  ? do_mount+0x581/0x31f0
[   33.756937]  ? ksys_mount+0x12d/0x140
[   33.760720]  ? __x64_sys_mount+0xbe/0x150
[   33.764857]  ? do_syscall_64+0x1b9/0x820
[   33.768909]  __fscache_acquire_cookie+0x230/0xb60
[   33.773743]  ? fscache_cookie_put+0x880/0x880
[   33.778229]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.783769]  ? check_preemption_disabled+0x48/0x200
[   33.788778]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   33.794321]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   33.799610]  ? rcu_pm_notify+0xc0/0xc0
[   33.803489]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.809020]  nfs_fscache_get_client_cookie+0x463/0x600
[   33.814301]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   33.820191]  nfs_alloc_client+0x563/0x760
[   33.824341]  ? register_nfs_version+0x280/0x280
[   33.829016]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   33.833686]  nfs_get_client+0x8e8/0x14d0
[   33.837759]  ? kmem_cache_alloc_trace+0x152/0x750
[   33.842592]  ? mount_fs+0xae/0x31d
[   33.846143]  ? nfs_put_client+0x30/0x30
[   33.850123]  ? kmem_cache_alloc_trace+0x5a2/0x750
[   33.854970]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.860496]  ? check_preemption_disabled+0x48/0x200
[   33.865511]  ? check_preemption_disabled+0x48/0x200
[   33.870511]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   33.875703]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   33.880714]  nfs_init_server+0x357/0x1010
[   33.884853]  ? nfs_clone_server+0x920/0x920
[   33.889164]  ? nfs_alloc_fattr+0x48/0x1d0
[   33.893302]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.898317]  nfs_create_server+0x86/0x5f0
[   33.902463]  nfs_try_mount+0x180/0xa80
[   33.906344]  ? lock_downgrade+0x900/0x900
[   33.910477]  ? nfs_request_mount.constprop.18+0x920/0x920
[   33.916001]  ? kasan_check_read+0x11/0x20
[   33.920140]  ? do_raw_spin_unlock+0xa7/0x2f0
[   33.924554]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   33.929124]  ? kasan_check_write+0x14/0x20
[   33.933344]  ? do_raw_spin_lock+0xc1/0x200
[   33.937570]  ? _raw_spin_unlock+0x2c/0x50
[   33.941705]  ? find_nfs_version+0x138/0x190
[   33.946017]  nfs_fs_mount+0x17f8/0x2f1c
[   33.949980]  ? nfs_show_options+0x250/0x250
[   33.954305]  ? nfs_clone_super+0x420/0x420
[   33.958548]  ? nfs_parse_mount_options+0x2660/0x2660
[   33.963640]  ? lock_downgrade+0x900/0x900
[   33.967782]  mount_fs+0xae/0x31d
[   33.971138]  vfs_kern_mount.part.35+0xdc/0x4f0
[   33.975721]  ? may_umount+0xb0/0xb0
[   33.979384]  ? _raw_read_unlock+0x2c/0x50
[   33.983520]  ? __get_fs_type+0x97/0xc0
[   33.987409]  do_mount+0x581/0x31f0
[   33.991003]  ? copy_mount_string+0x40/0x40
[   33.995257]  ? copy_mount_options+0x5f/0x380
[   33.999655]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.004666]  ? kmem_cache_alloc_trace+0x353/0x750
[   34.009503]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.015026]  ? copy_mount_options+0x288/0x380
[   34.019514]  ksys_mount+0x12d/0x140
[   34.023125]  __x64_sys_mount+0xbe/0x150
[   34.027091]  do_syscall_64+0x1b9/0x820
[   34.030985]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   34.036336]  ? syscall_return_slowpath+0x5e0/0x5e0
[   34.041274]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.046120]  ? trace_hardirqs_on_caller+0x310/0x310
[   34.051125]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   34.056131]  ? prepare_exit_to_usermode+0x291/0x3b0
[   34.061134]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.065968]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.071144] RIP: 0033:0x440139
[   34.074335] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   34.093223] RSP: 002b:00007ffdd98f6ce8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   34.100918] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440139
[   34.108172] RDX: 0000000020000180 RSI: 0000000020000140 RDI: 0000000020000040
[   34.115428] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   34.122698] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019c0
[   34.129952] R13: 0000000000401a50 R14: 0000000000000000 R15: 0000000000000000
[   34.137231] 
[   34.138843] Allocated by task 5357:
[   34.142497]  save_stack+0x43/0xd0
[   34.145955]  kasan_kmalloc+0xc7/0xe0
[   34.149666]  __kmalloc+0x14e/0x760
[   34.153192]  fscache_alloc_cookie+0x6f7/0x880
[   34.157673]  __fscache_acquire_cookie+0x230/0xb60
[   34.162502]  nfs_fscache_get_client_cookie+0x463/0x600
[   34.167766]  nfs_alloc_client+0x563/0x760
[   34.171898]  nfs_get_client+0x8e8/0x14d0
[   34.175942]  nfs_init_server+0x357/0x1010
[   34.180076]  nfs_create_server+0x86/0x5f0
[   34.184208]  nfs_try_mount+0x180/0xa80
[   34.188078]  nfs_fs_mount+0x17f8/0x2f1c
[   34.192038]  mount_fs+0xae/0x31d
[   34.195391]  vfs_kern_mount.part.35+0xdc/0x4f0
[   34.199958]  do_mount+0x581/0x31f0
[   34.203481]  ksys_mount+0x12d/0x140
[   34.207093]  __x64_sys_mount+0xbe/0x150
[   34.211053]  do_syscall_64+0x1b9/0x820
[   34.214926]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.220096] 
[   34.221706] Freed by task 1:
[   34.224713]  save_stack+0x43/0xd0
[   34.228166]  __kasan_slab_free+0x102/0x150
[   34.232437]  kasan_slab_free+0xe/0x10
[   34.236228]  kfree+0xcf/0x230
[   34.239322]  acpi_ns_get_node_unlocked+0x2b9/0x309
[   34.244251]  acpi_ns_get_node+0x4d/0x6b
[   34.248234]  acpi_ns_evaluate+0xf3/0x9bc
[   34.252281]  acpi_ut_evaluate_object+0x12b/0x425
[   34.257020]  acpi_ut_execute_power_methods+0xf1/0x22a
[   34.262197]  acpi_get_object_info+0x670/0xd1b
[   34.266692]  acpi_init_device_object+0x12a0/0x1e20
[   34.271619]  acpi_add_single_object+0x1d2/0x1ed0
[   34.276360]  acpi_bus_check_add+0x5e0/0xb10
[   34.280667]  acpi_ns_walk_namespace+0x224/0x400
[   34.285320]  acpi_walk_namespace+0xf2/0x12c
[   34.289624]  acpi_bus_scan+0x146/0x170
[   34.293499]  acpi_scan_init+0x403/0x8fe
[   34.297465]  acpi_init+0x941/0xa19
[   34.300989]  do_one_initcall+0x145/0x957
[   34.305049]  kernel_init_freeable+0x4bb/0x5ae
[   34.309531]  kernel_init+0x11/0x1b2
[   34.313141]  ret_from_fork+0x3a/0x50
[   34.316863] 
[   34.318475] The buggy address belongs to the object at ffff8801d7b3cf00
[   34.318475]  which belongs to the cache kmalloc-32 of size 32
[   34.330947] The buggy address is located 20 bytes inside of
[   34.330947]  32-byte region [ffff8801d7b3cf00, ffff8801d7b3cf20)
[   34.342648] The buggy address belongs to the page:
[   34.347586] page:ffffea00075ecf00 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801d7b3cfc1
[   34.357032] flags: 0x2fffc0000000100(slab)
[   34.361283] raw: 02fffc0000000100 ffffea00075ece08 ffff8801da801238 ffff8801da8001c0
[   34.369244] raw: ffff8801d7b3cfc1 ffff8801d7b3c000 0000000100000011 0000000000000000
[   34.377105] page dumped because: kasan: bad access detected
[   34.382795] 
[   34.384408] Memory state around the buggy address:
[   34.389341]  ffff8801d7b3ce00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   34.396697]  ffff8801d7b3ce80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   34.404039] >ffff8801d7b3cf00: 00 00 06 fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   34.411377]                          ^
[   34.415247]  ffff8801d7b3cf80: 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.422591]  ffff8801d7b3d000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.429929] ==================================================================
[   34.437295] Disabling lock debugging due to kernel taint
[   34.443479] Kernel panic - not syncing: panic_on_warn set ...
[   34.443479] 
[   34.450864] CPU: 0 PID: 5357 Comm: syz-executor838 Tainted: G    B             4.19.0-rc7+ #282
[   34.459699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.469069] Call Trace:
[   34.471653]  dump_stack+0x1c4/0x2b4
[   34.475265]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.480466]  panic+0x238/0x4e7
[   34.483674]  ? add_taint.cold.5+0x16/0x16
[   34.487810]  ? preempt_schedule+0x4d/0x60
[   34.491943]  ? ___preempt_schedule+0x16/0x18
[   34.496339]  ? trace_hardirqs_on+0xb4/0x310
[   34.500646]  kasan_end_report+0x47/0x4f
[   34.504606]  kasan_report.cold.9+0x76/0x309
[   34.508911]  ? fscache_alloc_cookie+0x7ad/0x880
[   34.513573]  __asan_report_load4_noabort+0x14/0x20
[   34.518489]  fscache_alloc_cookie+0x7ad/0x880
[   34.522972]  ? fscache_cookie_init_once+0x80/0x80
[   34.527804]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   34.532890]  ? __kmalloc_track_caller+0x14a/0x750
[   34.538003]  ? kstrdup+0x39/0x70
[   34.541359]  ? nfs_alloc_client+0x383/0x760
[   34.545680]  ? nfs_get_client+0x8e8/0x14d0
[   34.549926]  ? nfs_init_server+0x357/0x1010
[   34.554235]  ? nfs_create_server+0x86/0x5f0
[   34.558545]  ? nfs_fs_mount+0x17f8/0x2f1c
[   34.562692]  ? mount_fs+0xae/0x31d
[   34.566219]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   34.571043]  ? do_mount+0x581/0x31f0
[   34.574740]  ? ksys_mount+0x12d/0x140
[   34.578536]  ? __x64_sys_mount+0xbe/0x150
[   34.582683]  ? do_syscall_64+0x1b9/0x820
[   34.586750]  __fscache_acquire_cookie+0x230/0xb60
[   34.591590]  ? fscache_cookie_put+0x880/0x880
[   34.596089]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.601634]  ? check_preemption_disabled+0x48/0x200
[   34.606657]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   34.612176]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   34.617446]  ? rcu_pm_notify+0xc0/0xc0
[   34.621318]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.626842]  nfs_fscache_get_client_cookie+0x463/0x600
[   34.632106]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   34.637978]  nfs_alloc_client+0x563/0x760
[   34.642109]  ? register_nfs_version+0x280/0x280
[   34.646767]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.651336]  nfs_get_client+0x8e8/0x14d0
[   34.655381]  ? kmem_cache_alloc_trace+0x152/0x750
[   34.660209]  ? mount_fs+0xae/0x31d
[   34.663734]  ? nfs_put_client+0x30/0x30
[   34.667710]  ? kmem_cache_alloc_trace+0x5a2/0x750
[   34.672549]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.678073]  ? check_preemption_disabled+0x48/0x200
[   34.683073]  ? check_preemption_disabled+0x48/0x200
[   34.688075]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   34.693262]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   34.698267]  nfs_init_server+0x357/0x1010
[   34.702409]  ? nfs_clone_server+0x920/0x920
[   34.706723]  ? nfs_alloc_fattr+0x48/0x1d0
[   34.710856]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.715863]  nfs_create_server+0x86/0x5f0
[   34.719998]  nfs_try_mount+0x180/0xa80
[   34.723873]  ? lock_downgrade+0x900/0x900
[   34.728023]  ? nfs_request_mount.constprop.18+0x920/0x920
[   34.733545]  ? kasan_check_read+0x11/0x20
[   34.737680]  ? do_raw_spin_unlock+0xa7/0x2f0
[   34.742068]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.746631]  ? kasan_check_write+0x14/0x20
[   34.750847]  ? do_raw_spin_lock+0xc1/0x200
[   34.755080]  ? _raw_spin_unlock+0x2c/0x50
[   34.759240]  ? find_nfs_version+0x138/0x190
[   34.763547]  nfs_fs_mount+0x17f8/0x2f1c
[   34.767512]  ? nfs_show_options+0x250/0x250
[   34.771820]  ? nfs_clone_super+0x420/0x420
[   34.776038]  ? nfs_parse_mount_options+0x2660/0x2660
[   34.781126]  ? lock_downgrade+0x900/0x900
[   34.785266]  mount_fs+0xae/0x31d
[   34.788628]  vfs_kern_mount.part.35+0xdc/0x4f0
[   34.793202]  ? may_umount+0xb0/0xb0
[   34.796820]  ? _raw_read_unlock+0x2c/0x50
[   34.800965]  ? __get_fs_type+0x97/0xc0
[   34.804839]  do_mount+0x581/0x31f0
[   34.808365]  ? copy_mount_string+0x40/0x40
[   34.812587]  ? copy_mount_options+0x5f/0x380
[   34.816983]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.821988]  ? kmem_cache_alloc_trace+0x353/0x750
[   34.826821]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.832336]  ? copy_mount_options+0x288/0x380
[   34.836830]  ksys_mount+0x12d/0x140
[   34.840453]  __x64_sys_mount+0xbe/0x150
[   34.844450]  do_syscall_64+0x1b9/0x820
[   34.848329]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   34.853681]  ? syscall_return_slowpath+0x5e0/0x5e0
[   34.858595]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.863422]  ? trace_hardirqs_on_caller+0x310/0x310
[   34.868438]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   34.873452]  ? prepare_exit_to_usermode+0x291/0x3b0
[   34.878461]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.883290]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.888462] RIP: 0033:0x440139
[   34.891641] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   34.910540] RSP: 002b:00007ffdd98f6ce8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   34.918234] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440139
[   34.925490] RDX: 0000000020000180 RSI: 0000000020000140 RDI: 0000000020000040
[   34.932745] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   34.939996] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019c0
[   34.947247] R13: 0000000000401a50 R14: 0000000000000000 R15: 0000000000000000
[   34.955401] Kernel Offset: disabled
[   34.959041] Rebooting in 86400 seconds..