[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   32.604276] random: sshd: uninitialized urandom read (32 bytes read)
[   32.975686] audit: type=1400 audit(1536504380.511:6): avc:  denied  { map } for  pid=5434 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   33.033352] random: sshd: uninitialized urandom read (32 bytes read)
[   33.676188] random: sshd: uninitialized urandom read (32 bytes read)
[   33.919208] random: sshd: uninitialized urandom read (32 bytes read)
[   34.105875] sshd (5442) used greatest stack depth: 16408 bytes left
Warning: Permanently added '10.128.0.3' (ECDSA) to the list of known hosts.
[   39.514094] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   39.651014] audit: type=1400 audit(1536504387.191:7): avc:  denied  { map } for  pid=5448 comm="syz-executor041" path="/root/syz-executor041539494" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   39.658119] ==================================================================
[   39.684617] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7ad/0x880
[   39.691963] Read of size 4 at addr ffff8801c9353ed4 by task syz-executor041/5448
[   39.699473] 
[   39.701084] CPU: 0 PID: 5448 Comm: syz-executor041 Not tainted 4.19.0-rc2+ #8
[   39.708337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.717671] Call Trace:
[   39.720252]  dump_stack+0x1c4/0x2b4
[   39.723864]  ? dump_stack_print_info.cold.2+0x52/0x52
[   39.729044]  ? printk+0xa7/0xcf
[   39.732309]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   39.737059]  print_address_description.cold.8+0x9/0x1ff
[   39.742406]  kasan_report.cold.9+0x242/0x309
[   39.746799]  ? fscache_alloc_cookie+0x7ad/0x880
[   39.751471]  __asan_report_load4_noabort+0x14/0x20
[   39.756385]  fscache_alloc_cookie+0x7ad/0x880
[   39.760867]  ? fscache_cookie_init_once+0x80/0x80
[   39.765697]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   39.770785]  ? __kmalloc_track_caller+0x14a/0x750
[   39.775610]  ? kstrdup+0x39/0x70
[   39.778963]  ? nfs_alloc_client+0x383/0x760
[   39.783265]  ? nfs_get_client+0x8e8/0x14d0
[   39.787477]  ? nfs_init_server+0x357/0x1010
[   39.791783]  ? nfs_create_server+0x86/0x5f0
[   39.796089]  ? nfs_fs_mount+0x17f8/0x2f1c
[   39.800220]  ? mount_fs+0xae/0x31d
[   39.803741]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   39.808476]  ? do_mount+0x581/0x31f0
[   39.812169]  ? ksys_mount+0x12d/0x140
[   39.815946]  ? __x64_sys_mount+0xbe/0x150
[   39.820078]  ? do_syscall_64+0x1b9/0x820
[   39.824125]  __fscache_acquire_cookie+0x230/0xb60
[   39.828954]  ? fscache_cookie_put+0x880/0x880
[   39.833436]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.838956]  ? check_preemption_disabled+0x48/0x200
[   39.843959]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   39.849478]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   39.854736]  ? rcu_pm_notify+0xc0/0xc0
[   39.858612]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.864136]  nfs_fscache_get_client_cookie+0x463/0x600
[   39.869401]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   39.875277]  nfs_alloc_client+0x563/0x760
[   39.879408]  ? register_nfs_version+0x280/0x280
[   39.884081]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   39.888655]  nfs_get_client+0x8e8/0x14d0
[   39.892699]  ? kmem_cache_alloc_trace+0x152/0x750
[   39.897527]  ? mount_fs+0xae/0x31d
[   39.901065]  ? nfs_put_client+0x30/0x30
[   39.905020]  ? nfs_alloc_server+0x5ca/0x730
[   39.909338]  ? depot_save_stack+0x292/0x470
[   39.913643]  ? nfs_wait_client_init_complete+0x210/0x210
[   39.919095]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.924612]  ? check_preemption_disabled+0x48/0x200
[   39.929610]  ? check_preemption_disabled+0x48/0x200
[   39.934610]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   39.939785]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   39.944789]  nfs_init_server+0x357/0x1010
[   39.948939]  ? nfs_clone_server+0x920/0x920
[   39.953244]  ? nfs_alloc_fattr+0x48/0x1d0
[   39.957390]  ? rcu_read_lock_sched_held+0x108/0x120
[   39.962400]  nfs_create_server+0x86/0x5f0
[   39.966533]  nfs_try_mount+0x180/0xa80
[   39.970582]  ? lock_downgrade+0x900/0x900
[   39.974713]  ? nfs_request_mount.constprop.18+0x920/0x920
[   39.980237]  ? kasan_check_read+0x11/0x20
[   39.984381]  ? do_raw_spin_unlock+0xa7/0x2f0
[   39.988774]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   39.993339]  ? kasan_check_write+0x14/0x20
[   39.997559]  ? do_raw_spin_lock+0xc1/0x200
[   40.001785]  ? _raw_spin_unlock+0x2c/0x50
[   40.005915]  ? find_nfs_version+0x138/0x190
[   40.010224]  nfs_fs_mount+0x17f8/0x2f1c
[   40.014186]  ? nfs_show_options+0x250/0x250
[   40.018494]  ? nfs_clone_super+0x420/0x420
[   40.022727]  ? nfs_parse_mount_options+0x2660/0x2660
[   40.027841]  ? lock_downgrade+0x900/0x900
[   40.031980]  mount_fs+0xae/0x31d
[   40.035333]  vfs_kern_mount.part.35+0xdc/0x4f0
[   40.039901]  ? may_umount+0xb0/0xb0
[   40.043513]  ? _raw_read_unlock+0x2c/0x50
[   40.047656]  ? __get_fs_type+0x97/0xc0
[   40.051530]  do_mount+0x581/0x31f0
[   40.055062]  ? copy_mount_string+0x40/0x40
[   40.059283]  ? copy_mount_options+0x5f/0x380
[   40.063678]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.068678]  ? kmem_cache_alloc_trace+0x353/0x750
[   40.073505]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   40.079060]  ? _copy_from_user+0xdf/0x150
[   40.083196]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.088718]  ? copy_mount_options+0x288/0x380
[   40.093198]  ksys_mount+0x12d/0x140
[   40.096808]  __x64_sys_mount+0xbe/0x150
[   40.100769]  do_syscall_64+0x1b9/0x820
[   40.104642]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   40.109991]  ? syscall_return_slowpath+0x5e0/0x5e0
[   40.114902]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.119729]  ? trace_hardirqs_on_caller+0x310/0x310
[   40.124727]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   40.129727]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.135263]  ? prepare_exit_to_usermode+0x291/0x3b0
[   40.140282]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.145116]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.150291] RIP: 0033:0x440129
[   40.153469] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   40.172350] RSP: 002b:00007ffd1743b398 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   40.180045] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440129
[   40.187303] RDX: 000000002015bffc RSI: 0000000020343ff8 RDI: 0000000020000080
[   40.194554] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   40.201804] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019b0
[   40.209058] R13: 0000000000401a40 R14: 0000000000000000 R15: 0000000000000000
[   40.216318] 
[   40.217926] Allocated by task 5448:
[   40.221536]  save_stack+0x43/0xd0
[   40.224973]  kasan_kmalloc+0xc7/0xe0
[   40.228669]  __kmalloc+0x14e/0x760
[   40.232193]  fscache_alloc_cookie+0x6f7/0x880
[   40.236692]  __fscache_acquire_cookie+0x230/0xb60
[   40.241520]  nfs_fscache_get_client_cookie+0x463/0x600
[   40.246781]  nfs_alloc_client+0x563/0x760
[   40.250911]  nfs_get_client+0x8e8/0x14d0
[   40.254954]  nfs_init_server+0x357/0x1010
[   40.259085]  nfs_create_server+0x86/0x5f0
[   40.263214]  nfs_try_mount+0x180/0xa80
[   40.267086]  nfs_fs_mount+0x17f8/0x2f1c
[   40.271067]  mount_fs+0xae/0x31d
[   40.274417]  vfs_kern_mount.part.35+0xdc/0x4f0
[   40.278981]  do_mount+0x581/0x31f0
[   40.282498]  ksys_mount+0x12d/0x140
[   40.286103]  __x64_sys_mount+0xbe/0x150
[   40.290069]  do_syscall_64+0x1b9/0x820
[   40.290089]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.299130] 
[   40.299138] Freed by task 3752:
[   40.299152]  save_stack+0x43/0xd0
[   40.299163]  __kasan_slab_free+0x102/0x150
[   40.299174]  kasan_slab_free+0xe/0x10
[   40.299187]  kfree+0xcf/0x230
[   40.299202]  selinux_cred_free+0x51/0x80
[   40.299217]  security_cred_free+0x4a/0x80
[   40.299233]  put_cred_rcu+0x265/0x780
[   40.330640]  rcu_process_callbacks+0xf23/0x2670
[   40.335292]  __do_softirq+0x30b/0xad8
[   40.339068] 
[   40.340679] The buggy address belongs to the object at ffff8801c9353ec0
[   40.340679]  which belongs to the cache kmalloc-32 of size 32
[   40.353230] The buggy address is located 20 bytes inside of
[   40.353230]  32-byte region [ffff8801c9353ec0, ffff8801c9353ee0)
[   40.364907] The buggy address belongs to the page:
[   40.369820] page:ffffea000724d4c0 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801c9353fc1
[   40.379248] flags: 0x2fffc0000000100(slab)
[   40.383466] raw: 02fffc0000000100 ffffea0007188608 ffffea0007187dc8 ffff8801da8001c0
[   40.391332] raw: ffff8801c9353fc1 ffff8801c9353000 000000010000003c 0000000000000000
[   40.399190] page dumped because: kasan: bad access detected
[   40.404874] 
[   40.406477] Memory state around the buggy address:
[   40.411386]  ffff8801c9353d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   40.418724]  ffff8801c9353e00: 01 fc fc fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   40.426083] >ffff8801c9353e80: 01 fc fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   40.433423]                                                  ^
[   40.439374]  ffff8801c9353f00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   40.446720]  ffff8801c9353f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   40.454057] ==================================================================
[   40.461395] Disabling lock debugging due to kernel taint
[   40.467838] Kernel panic - not syncing: panic_on_warn set ...
[   40.467838] 
[   40.475212] CPU: 0 PID: 5448 Comm: syz-executor041 Tainted: G    B             4.19.0-rc2+ #8
[   40.483864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.493198] Call Trace:
[   40.495769]  dump_stack+0x1c4/0x2b4
[   40.499379]  ? dump_stack_print_info.cold.2+0x52/0x52
[   40.504554]  panic+0x238/0x4e7
[   40.507737]  ? add_taint.cold.5+0x16/0x16
[   40.511880]  ? preempt_schedule+0x4d/0x60
[   40.516007]  ? ___preempt_schedule+0x16/0x18
[   40.520404]  ? trace_hardirqs_on+0xb4/0x310
[   40.524708]  kasan_end_report+0x47/0x4f
[   40.528662]  kasan_report.cold.9+0x76/0x309
[   40.532963]  ? fscache_alloc_cookie+0x7ad/0x880
[   40.537629]  __asan_report_load4_noabort+0x14/0x20
[   40.542557]  fscache_alloc_cookie+0x7ad/0x880
[   40.547046]  ? fscache_cookie_init_once+0x80/0x80
[   40.551875]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   40.556958]  ? __kmalloc_track_caller+0x14a/0x750
[   40.561780]  ? kstrdup+0x39/0x70
[   40.565246]  ? nfs_alloc_client+0x383/0x760
[   40.569547]  ? nfs_get_client+0x8e8/0x14d0
[   40.573765]  ? nfs_init_server+0x357/0x1010
[   40.578071]  ? nfs_create_server+0x86/0x5f0
[   40.582372]  ? nfs_fs_mount+0x17f8/0x2f1c
[   40.586501]  ? mount_fs+0xae/0x31d
[   40.590029]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   40.594766]  ? do_mount+0x581/0x31f0
[   40.598460]  ? ksys_mount+0x12d/0x140
[   40.602237]  ? __x64_sys_mount+0xbe/0x150
[   40.606367]  ? do_syscall_64+0x1b9/0x820
[   40.610414]  __fscache_acquire_cookie+0x230/0xb60
[   40.615242]  ? fscache_cookie_put+0x880/0x880
[   40.619723]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.625241]  ? check_preemption_disabled+0x48/0x200
[   40.630244]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   40.635762]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   40.641101]  ? rcu_pm_notify+0xc0/0xc0
[   40.644979]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.650516]  nfs_fscache_get_client_cookie+0x463/0x600
[   40.655773]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   40.661657]  nfs_alloc_client+0x563/0x760
[   40.665785]  ? register_nfs_version+0x280/0x280
[   40.670436]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   40.675016]  nfs_get_client+0x8e8/0x14d0
[   40.679070]  ? kmem_cache_alloc_trace+0x152/0x750
[   40.683910]  ? mount_fs+0xae/0x31d
[   40.687435]  ? nfs_put_client+0x30/0x30
[   40.691391]  ? nfs_alloc_server+0x5ca/0x730
[   40.695691]  ? depot_save_stack+0x292/0x470
[   40.699992]  ? nfs_wait_client_init_complete+0x210/0x210
[   40.705425]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.710940]  ? check_preemption_disabled+0x48/0x200
[   40.715934]  ? check_preemption_disabled+0x48/0x200
[   40.720964]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   40.726135]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   40.731132]  nfs_init_server+0x357/0x1010
[   40.735263]  ? nfs_clone_server+0x920/0x920
[   40.739568]  ? nfs_alloc_fattr+0x48/0x1d0
[   40.743697]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.748699]  nfs_create_server+0x86/0x5f0
[   40.752830]  nfs_try_mount+0x180/0xa80
[   40.756697]  ? lock_downgrade+0x900/0x900
[   40.760825]  ? nfs_request_mount.constprop.18+0x920/0x920
[   40.766367]  ? kasan_check_read+0x11/0x20
[   40.770496]  ? do_raw_spin_unlock+0xa7/0x2f0
[   40.774884]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   40.779446]  ? kasan_check_write+0x14/0x20
[   40.783677]  ? do_raw_spin_lock+0xc1/0x200
[   40.787906]  ? _raw_spin_unlock+0x2c/0x50
[   40.792041]  ? find_nfs_version+0x138/0x190
[   40.796350]  nfs_fs_mount+0x17f8/0x2f1c
[   40.800314]  ? nfs_show_options+0x250/0x250
[   40.804617]  ? nfs_clone_super+0x420/0x420
[   40.808832]  ? nfs_parse_mount_options+0x2660/0x2660
[   40.813913]  ? lock_downgrade+0x900/0x900
[   40.818056]  mount_fs+0xae/0x31d
[   40.821408]  vfs_kern_mount.part.35+0xdc/0x4f0
[   40.825969]  ? may_umount+0xb0/0xb0
[   40.829580]  ? _raw_read_unlock+0x2c/0x50
[   40.833707]  ? __get_fs_type+0x97/0xc0
[   40.837574]  do_mount+0x581/0x31f0
[   40.841098]  ? copy_mount_string+0x40/0x40
[   40.845315]  ? copy_mount_options+0x5f/0x380
[   40.849705]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.854701]  ? kmem_cache_alloc_trace+0x353/0x750
[   40.859529]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   40.865051]  ? _copy_from_user+0xdf/0x150
[   40.869182]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.874698]  ? copy_mount_options+0x288/0x380
[   40.879175]  ksys_mount+0x12d/0x140
[   40.882796]  __x64_sys_mount+0xbe/0x150
[   40.886755]  do_syscall_64+0x1b9/0x820
[   40.890638]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   40.895983]  ? syscall_return_slowpath+0x5e0/0x5e0
[   40.900891]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.905716]  ? trace_hardirqs_on_caller+0x310/0x310
[   40.910727]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   40.915722]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.921240]  ? prepare_exit_to_usermode+0x291/0x3b0
[   40.926237]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.931067]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.936234] RIP: 0033:0x440129
[   40.939412] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   40.958294] RSP: 002b:00007ffd1743b398 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   40.966156] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440129
[   40.973406] RDX: 000000002015bffc RSI: 0000000020343ff8 RDI: 0000000020000080
[   40.980656] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   40.987903] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019b0
[   40.995151] R13: 0000000000401a40 R14: 0000000000000000 R15: 0000000000000000
[   41.002776] Dumping ftrace buffer:
[   41.006301]    (ftrace buffer empty)
[   41.010634] Kernel Offset: disabled
[   41.014263] Rebooting in 86400 seconds..