[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   26.612572] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   30.336771] random: sshd: uninitialized urandom read (32 bytes read)
[   30.629679] random: sshd: uninitialized urandom read (32 bytes read)
[   31.253977] random: sshd: uninitialized urandom read (32 bytes read)
[   40.428092] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts.
[   46.012288] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   46.140605] IPVS: ftp: loaded support on port[0] = 21
[   46.172663] ==================================================================
[   46.180152] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7ad/0x880
[   46.187520] Read of size 4 at addr ffff8801d7a40854 by task syz-executor170/5334
[   46.195034] 
[   46.196647] CPU: 0 PID: 5334 Comm: syz-executor170 Not tainted 4.19.0-rc3+ #231
[   46.204137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.213486] Call Trace:
[   46.216223]  dump_stack+0x1c4/0x2b4
[   46.219850]  ? dump_stack_print_info.cold.2+0x52/0x52
[   46.225030]  ? printk+0xa7/0xcf
[   46.228307]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   46.233066]  print_address_description.cold.8+0x9/0x1ff
[   46.238437]  kasan_report.cold.9+0x242/0x309
[   46.242883]  ? fscache_alloc_cookie+0x7ad/0x880
[   46.247556]  __asan_report_load4_noabort+0x14/0x20
[   46.252479]  fscache_alloc_cookie+0x7ad/0x880
[   46.256974]  ? fscache_cookie_init_once+0x80/0x80
[   46.261860]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   46.267007]  ? __kmalloc_track_caller+0x14a/0x750
[   46.271894]  ? kstrdup+0x39/0x70
[   46.275257]  ? nfs_alloc_client+0x383/0x760
[   46.279563]  ? nfs_get_client+0x8e8/0x14d0
[   46.283849]  ? nfs_init_server+0x357/0x1010
[   46.288161]  ? nfs_create_server+0x86/0x5f0
[   46.292468]  ? nfs_fs_mount+0x17f8/0x2f1c
[   46.296610]  ? mount_fs+0xae/0x31d
[   46.300137]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   46.304876]  ? do_mount+0x581/0x31f0
[   46.308579]  ? ksys_mount+0x12d/0x140
[   46.312447]  ? __x64_sys_mount+0xbe/0x150
[   46.316674]  ? do_syscall_64+0x1b9/0x820
[   46.320740]  __fscache_acquire_cookie+0x230/0xb60
[   46.325576]  ? fscache_cookie_put+0x880/0x880
[   46.330065]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.335596]  ? check_preemption_disabled+0x48/0x200
[   46.340605]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   46.346189]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   46.351464]  ? rcu_pm_notify+0xc0/0xc0
[   46.355347]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.360879]  nfs_fscache_get_client_cookie+0x463/0x600
[   46.366153]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   46.372040]  nfs_alloc_client+0x563/0x760
[   46.376179]  ? register_nfs_version+0x280/0x280
[   46.380888]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   46.385476]  nfs_get_client+0x8e8/0x14d0
[   46.389533]  ? kmem_cache_alloc_trace+0x152/0x750
[   46.394369]  ? mount_fs+0xae/0x31d
[   46.397911]  ? nfs_put_client+0x30/0x30
[   46.401872]  ? nfs_alloc_server+0x5ca/0x730
[   46.406180]  ? depot_save_stack+0x292/0x470
[   46.410500]  ? nfs_wait_client_init_complete+0x210/0x210
[   46.415960]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.421498]  ? check_preemption_disabled+0x48/0x200
[   46.426620]  ? check_preemption_disabled+0x48/0x200
[   46.431642]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   46.436820]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   46.441936]  nfs_init_server+0x357/0x1010
[   46.446081]  ? nfs_clone_server+0x920/0x920
[   46.450395]  ? nfs_alloc_fattr+0x48/0x1d0
[   46.454532]  ? rcu_read_lock_sched_held+0x108/0x120
[   46.459556]  nfs_create_server+0x86/0x5f0
[   46.463709]  nfs_try_mount+0x180/0xa80
[   46.467589]  ? lock_downgrade+0x900/0x900
[   46.471730]  ? nfs_request_mount.constprop.18+0x920/0x920
[   46.477370]  ? kasan_check_read+0x11/0x20
[   46.481506]  ? do_raw_spin_unlock+0xa7/0x2f0
[   46.485902]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   46.490529]  ? kasan_check_write+0x14/0x20
[   46.494861]  ? do_raw_spin_lock+0xc1/0x200
[   46.499100]  ? _raw_spin_unlock+0x2c/0x50
[   46.503237]  ? find_nfs_version+0x138/0x190
[   46.507582]  nfs_fs_mount+0x17f8/0x2f1c
[   46.511552]  ? nfs_show_options+0x250/0x250
[   46.515976]  ? nfs_clone_super+0x420/0x420
[   46.520201]  ? nfs_parse_mount_options+0x2660/0x2660
[   46.525295]  ? lock_downgrade+0x900/0x900
[   46.529456]  mount_fs+0xae/0x31d
[   46.532817]  vfs_kern_mount.part.35+0xdc/0x4f0
[   46.537388]  ? may_umount+0xb0/0xb0
[   46.541000]  ? _raw_read_unlock+0x2c/0x50
[   46.545140]  ? __get_fs_type+0x97/0xc0
[   46.549020]  do_mount+0x581/0x31f0
[   46.552548]  ? copy_mount_string+0x40/0x40
[   46.556780]  ? copy_mount_options+0x5f/0x380
[   46.561188]  ? rcu_read_lock_sched_held+0x108/0x120
[   46.566204]  ? kmem_cache_alloc_trace+0x353/0x750
[   46.571050]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   46.576592]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.582124]  ? copy_mount_options+0x288/0x380
[   46.586615]  ksys_mount+0x12d/0x140
[   46.590227]  __x64_sys_mount+0xbe/0x150
[   46.594190]  do_syscall_64+0x1b9/0x820
[   46.598069]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   46.603500]  ? syscall_return_slowpath+0x5e0/0x5e0
[   46.608421]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   46.613362]  ? trace_hardirqs_on_caller+0x310/0x310
[   46.618375]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   46.623508]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.629047]  ? prepare_exit_to_usermode+0x291/0x3b0
[   46.634169]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   46.639011]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   46.644188] RIP: 0033:0x440769
[   46.647370] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   46.666326] RSP: 002b:00007ffe9f3b10f8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   46.674032] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440769
[   46.681289] RDX: 000000002015bffc RSI: 0000000020343ff8 RDI: 0000000020000080
[   46.688549] RBP: 00000000006cb018 R08: 000000002000a000 R09: 0000000000000100
[   46.695808] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000401c50
[   46.703065] R13: 0000000000401ce0 R14: 0000000000000000 R15: 0000000000000000
[   46.710331] 
[   46.711945] Allocated by task 5334:
[   46.715561]  save_stack+0x43/0xd0
[   46.719001]  kasan_kmalloc+0xc7/0xe0
[   46.722747]  __kmalloc+0x14e/0x760
[   46.726283]  fscache_alloc_cookie+0x6f7/0x880
[   46.730768]  __fscache_acquire_cookie+0x230/0xb60
[   46.735598]  nfs_fscache_get_client_cookie+0x463/0x600
[   46.740861]  nfs_alloc_client+0x563/0x760
[   46.745003]  nfs_get_client+0x8e8/0x14d0
[   46.749051]  nfs_init_server+0x357/0x1010
[   46.753181]  nfs_create_server+0x86/0x5f0
[   46.757311]  nfs_try_mount+0x180/0xa80
[   46.761186]  nfs_fs_mount+0x17f8/0x2f1c
[   46.765150]  mount_fs+0xae/0x31d
[   46.768517]  vfs_kern_mount.part.35+0xdc/0x4f0
[   46.773139]  do_mount+0x581/0x31f0
[   46.776670]  ksys_mount+0x12d/0x140
[   46.780285]  __x64_sys_mount+0xbe/0x150
[   46.784252]  do_syscall_64+0x1b9/0x820
[   46.788135]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   46.793384] 
[   46.795004] Freed by task 1:
[   46.798008]  save_stack+0x43/0xd0
[   46.801547]  __kasan_slab_free+0x102/0x150
[   46.805770]  kasan_slab_free+0xe/0x10
[   46.809561]  kfree+0xcf/0x230
[   46.812698]  acpi_add_single_object+0xb57/0x1ed0
[   46.817450]  acpi_bus_check_add+0x5e0/0xb10
[   46.821758]  acpi_ns_walk_namespace+0x224/0x400
[   46.826417]  acpi_walk_namespace+0xf2/0x12c
[   46.830720]  acpi_bus_scan+0x146/0x170
[   46.834599]  acpi_scan_init+0x403/0x8fe
[   46.838563]  acpi_init+0x941/0xa19
[   46.842097]  do_one_initcall+0x145/0x957
[   46.846152]  kernel_init_freeable+0x4bb/0x5ae
[   46.850640]  kernel_init+0x11/0x1b2
[   46.854257]  ret_from_fork+0x3a/0x50
[   46.857947] 
[   46.859583] The buggy address belongs to the object at ffff8801d7a40840
[   46.859583]  which belongs to the cache kmalloc-32 of size 32
[   46.872168] The buggy address is located 20 bytes inside of
[   46.872168]  32-byte region [ffff8801d7a40840, ffff8801d7a40860)
[   46.883859] The buggy address belongs to the page:
[   46.888828] page:ffffea00075e9000 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801d7a40fc1
[   46.898312] flags: 0x2fffc0000000100(slab)
[   46.902545] raw: 02fffc0000000100 ffffea00075e58c8 ffff8801da801248 ffff8801da8001c0
[   46.910417] raw: ffff8801d7a40fc1 ffff8801d7a40000 000000010000003f 0000000000000000
[   46.918284] page dumped because: kasan: bad access detected
[   46.923981] 
[   46.925607] Memory state around the buggy address:
[   46.930532]  ffff8801d7a40700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   46.937886]  ffff8801d7a40780: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   46.945231] >ffff8801d7a40800: fb fb fb fb fc fc fc fc 00 00 06 fc fc fc fc fc
[   46.952634]                                                  ^
[   46.958603]  ffff8801d7a40880: 01 fc fc fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   46.965951]  ffff8801d7a40900: 01 fc fc fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   46.973294] ==================================================================
[   46.980633] Disabling lock debugging due to kernel taint
[   46.986429] Kernel panic - not syncing: panic_on_warn set ...
[   46.986429] 
[   46.993820] CPU: 0 PID: 5334 Comm: syz-executor170 Tainted: G    B             4.19.0-rc3+ #231
[   47.002652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.011987] Call Trace:
[   47.014563]  dump_stack+0x1c4/0x2b4
[   47.018171]  ? dump_stack_print_info.cold.2+0x52/0x52
[   47.023455]  panic+0x238/0x4e7
[   47.026642]  ? add_taint.cold.5+0x16/0x16
[   47.030777]  ? preempt_schedule+0x4d/0x60
[   47.034959]  ? ___preempt_schedule+0x16/0x18
[   47.039362]  ? trace_hardirqs_on+0xb4/0x310
[   47.043674]  kasan_end_report+0x47/0x4f
[   47.047674]  kasan_report.cold.9+0x76/0x309
[   47.051986]  ? fscache_alloc_cookie+0x7ad/0x880
[   47.056644]  __asan_report_load4_noabort+0x14/0x20
[   47.061555]  fscache_alloc_cookie+0x7ad/0x880
[   47.066037]  ? fscache_cookie_init_once+0x80/0x80
[   47.070959]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   47.076094]  ? __kmalloc_track_caller+0x14a/0x750
[   47.080924]  ? kstrdup+0x39/0x70
[   47.084277]  ? nfs_alloc_client+0x383/0x760
[   47.088580]  ? nfs_get_client+0x8e8/0x14d0
[   47.092796]  ? nfs_init_server+0x357/0x1010
[   47.097108]  ? nfs_create_server+0x86/0x5f0
[   47.101422]  ? nfs_fs_mount+0x17f8/0x2f1c
[   47.105556]  ? mount_fs+0xae/0x31d
[   47.109088]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   47.113967]  ? do_mount+0x581/0x31f0
[   47.117671]  ? ksys_mount+0x12d/0x140
[   47.121503]  ? __x64_sys_mount+0xbe/0x150
[   47.125648]  ? do_syscall_64+0x1b9/0x820
[   47.129695]  __fscache_acquire_cookie+0x230/0xb60
[   47.134525]  ? fscache_cookie_put+0x880/0x880
[   47.139004]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.144529]  ? check_preemption_disabled+0x48/0x200
[   47.149532]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   47.155053]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   47.160317]  ? rcu_pm_notify+0xc0/0xc0
[   47.164369]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.169906]  nfs_fscache_get_client_cookie+0x463/0x600
[   47.175170]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   47.181043]  nfs_alloc_client+0x563/0x760
[   47.185182]  ? register_nfs_version+0x280/0x280
[   47.189836]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   47.194411]  nfs_get_client+0x8e8/0x14d0
[   47.198453]  ? kmem_cache_alloc_trace+0x152/0x750
[   47.203287]  ? mount_fs+0xae/0x31d
[   47.206822]  ? nfs_put_client+0x30/0x30
[   47.210890]  ? nfs_alloc_server+0x5ca/0x730
[   47.215198]  ? depot_save_stack+0x292/0x470
[   47.219509]  ? nfs_wait_client_init_complete+0x210/0x210
[   47.224951]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.230475]  ? check_preemption_disabled+0x48/0x200
[   47.235542]  ? check_preemption_disabled+0x48/0x200
[   47.240561]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   47.245743]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   47.250747]  nfs_init_server+0x357/0x1010
[   47.254924]  ? nfs_clone_server+0x920/0x920
[   47.259246]  ? nfs_alloc_fattr+0x48/0x1d0
[   47.263380]  ? rcu_read_lock_sched_held+0x108/0x120
[   47.268427]  nfs_create_server+0x86/0x5f0
[   47.272605]  nfs_try_mount+0x180/0xa80
[   47.276609]  ? lock_downgrade+0x900/0x900
[   47.280743]  ? nfs_request_mount.constprop.18+0x920/0x920
[   47.286353]  ? kasan_check_read+0x11/0x20
[   47.290491]  ? do_raw_spin_unlock+0xa7/0x2f0
[   47.294889]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   47.299501]  ? kasan_check_write+0x14/0x20
[   47.303726]  ? do_raw_spin_lock+0xc1/0x200
[   47.307952]  ? _raw_spin_unlock+0x2c/0x50
[   47.312087]  ? find_nfs_version+0x138/0x190
[   47.316396]  nfs_fs_mount+0x17f8/0x2f1c
[   47.320361]  ? nfs_show_options+0x250/0x250
[   47.324671]  ? nfs_clone_super+0x420/0x420
[   47.328887]  ? nfs_parse_mount_options+0x2660/0x2660
[   47.333979]  ? lock_downgrade+0x900/0x900
[   47.338113]  mount_fs+0xae/0x31d
[   47.341472]  vfs_kern_mount.part.35+0xdc/0x4f0
[   47.346041]  ? may_umount+0xb0/0xb0
[   47.349657]  ? _raw_read_unlock+0x2c/0x50
[   47.353790]  ? __get_fs_type+0x97/0xc0
[   47.357708]  do_mount+0x581/0x31f0
[   47.361276]  ? copy_mount_string+0x40/0x40
[   47.365513]  ? copy_mount_options+0x5f/0x380
[   47.369908]  ? rcu_read_lock_sched_held+0x108/0x120
[   47.374912]  ? kmem_cache_alloc_trace+0x353/0x750
[   47.379739]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   47.385258]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.390778]  ? copy_mount_options+0x288/0x380
[   47.395256]  ksys_mount+0x12d/0x140
[   47.398864]  __x64_sys_mount+0xbe/0x150
[   47.402833]  do_syscall_64+0x1b9/0x820
[   47.406939]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   47.412290]  ? syscall_return_slowpath+0x5e0/0x5e0
[   47.417205]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   47.422085]  ? trace_hardirqs_on_caller+0x310/0x310
[   47.427095]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   47.432096]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.437622]  ? prepare_exit_to_usermode+0x291/0x3b0
[   47.442625]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   47.447458]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.452635] RIP: 0033:0x440769
[   47.455814] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   47.474708] RSP: 002b:00007ffe9f3b10f8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   47.482409] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440769
[   47.489671] RDX: 000000002015bffc RSI: 0000000020343ff8 RDI: 0000000020000080
[   47.496993] RBP: 00000000006cb018 R08: 000000002000a000 R09: 0000000000000100
[   47.504263] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000401c50
[   47.511519] R13: 0000000000401ce0 R14: 0000000000000000 R15: 0000000000000000
[   47.519101] Dumping ftrace buffer:
[   47.522636]    (ftrace buffer empty)
[   47.527012] Kernel Offset: disabled
[   47.530642] Rebooting in 86400 seconds..