[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   30.111953] audit: type=1800 audit(1539634889.257:33): pid=5331 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   30.133362] audit: type=1800 audit(1539634889.257:34): pid=5331 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   47.485872] audit: type=1400 audit(1539634906.627:35): avc:  denied  { map } for  pid=5509 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.127' (ECDSA) to the list of known hosts.
executing program
[   54.042933] audit: type=1400 audit(1539634913.187:36): avc:  denied  { map } for  pid=5521 comm="syz-executor740" path="/root/syz-executor740815426" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   54.051097] ==================================================================
[   54.076628] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7ad/0x880
[   54.083997] Read of size 4 at addr ffff8801c6312654 by task syz-executor740/5521
[   54.091509] 
[   54.093124] CPU: 1 PID: 5521 Comm: syz-executor740 Not tainted 4.19.0-rc8+ #64
[   54.100466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.109802] Call Trace:
[   54.112379]  dump_stack+0x1c4/0x2b4
[   54.116000]  ? dump_stack_print_info.cold.2+0x52/0x52
[   54.121187]  ? printk+0xa7/0xcf
[   54.124501]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   54.129247]  print_address_description.cold.8+0x9/0x1ff
[   54.134596]  kasan_report.cold.9+0x242/0x309
[   54.138991]  ? fscache_alloc_cookie+0x7ad/0x880
[   54.143647]  __asan_report_load4_noabort+0x14/0x20
[   54.148568]  fscache_alloc_cookie+0x7ad/0x880
[   54.153053]  ? fscache_cookie_init_once+0x80/0x80
[   54.157887]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   54.162977]  ? __kmalloc_track_caller+0x14a/0x750
[   54.167803]  ? kstrdup+0x39/0x70
[   54.171155]  ? nfs_alloc_client+0x383/0x760
[   54.175461]  ? nfs_get_client+0x8e8/0x14d0
[   54.179682]  ? nfs_init_server+0x357/0x1010
[   54.183989]  ? nfs_create_server+0x86/0x5f0
[   54.188299]  ? nfs_fs_mount+0x17f8/0x2f1c
[   54.192433]  ? mount_fs+0xae/0x31d
[   54.195959]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   54.200698]  ? do_mount+0x581/0x31f0
[   54.204399]  ? ksys_mount+0x12d/0x140
[   54.208185]  ? __x64_sys_mount+0xbe/0x150
[   54.212316]  ? do_syscall_64+0x1b9/0x820
[   54.216369]  __fscache_acquire_cookie+0x230/0xb60
[   54.221207]  ? fscache_cookie_put+0x880/0x880
[   54.225688]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.231219]  ? check_preemption_disabled+0x48/0x200
[   54.236242]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   54.241798]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   54.247069]  ? rcu_pm_notify+0xc0/0xc0
[   54.250952]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.256480]  nfs_fscache_get_client_cookie+0x463/0x600
[   54.261758]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   54.267636]  nfs_alloc_client+0x563/0x760
[   54.271769]  ? register_nfs_version+0x280/0x280
[   54.276428]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   54.281002]  nfs_get_client+0x8e8/0x14d0
[   54.285047]  ? kmem_cache_alloc_trace+0x152/0x750
[   54.289877]  ? mount_fs+0xae/0x31d
[   54.293413]  ? nfs_put_client+0x30/0x30
[   54.297374]  ? nfs_alloc_server+0x5ca/0x730
[   54.301693]  ? depot_save_stack+0x292/0x470
[   54.306003]  ? nfs_wait_client_init_complete+0x210/0x210
[   54.311443]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.316969]  ? check_preemption_disabled+0x48/0x200
[   54.321984]  ? check_preemption_disabled+0x48/0x200
[   54.326995]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   54.332177]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   54.337706]  nfs_init_server+0x357/0x1010
[   54.341842]  ? nfs_clone_server+0x920/0x920
[   54.346170]  ? nfs_alloc_fattr+0x48/0x1d0
[   54.350314]  ? rcu_read_lock_sched_held+0x108/0x120
[   54.355324]  nfs_create_server+0x86/0x5f0
[   54.359460]  nfs_try_mount+0x180/0xa80
[   54.363340]  ? lock_downgrade+0x900/0x900
[   54.367472]  ? nfs_request_mount.constprop.18+0x920/0x920
[   54.372994]  ? kasan_check_read+0x11/0x20
[   54.377127]  ? do_raw_spin_unlock+0xa7/0x2f0
[   54.381534]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   54.386100]  ? kasan_check_write+0x14/0x20
[   54.390319]  ? do_raw_spin_lock+0xc1/0x200
[   54.394690]  ? _raw_spin_unlock+0x2c/0x50
[   54.398847]  ? find_nfs_version+0x138/0x190
[   54.403188]  nfs_fs_mount+0x17f8/0x2f1c
[   54.407162]  ? nfs_show_options+0x250/0x250
[   54.411471]  ? nfs_clone_super+0x420/0x420
[   54.415686]  ? nfs_parse_mount_options+0x2660/0x2660
[   54.420775]  ? lock_downgrade+0x900/0x900
[   54.424911]  mount_fs+0xae/0x31d
[   54.428269]  vfs_kern_mount.part.35+0xdc/0x4f0
[   54.432837]  ? may_umount+0xb0/0xb0
[   54.436449]  ? _raw_read_unlock+0x2c/0x50
[   54.440580]  ? __get_fs_type+0x97/0xc0
[   54.444452]  do_mount+0x581/0x31f0
[   54.447984]  ? copy_mount_string+0x40/0x40
[   54.452231]  ? copy_mount_options+0x5f/0x380
[   54.456627]  ? rcu_read_lock_sched_held+0x108/0x120
[   54.461631]  ? kmem_cache_alloc_trace+0x353/0x750
[   54.466463]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   54.472004]  ? _copy_from_user+0xdf/0x150
[   54.476140]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.481668]  ? copy_mount_options+0x288/0x380
[   54.486149]  ksys_mount+0x12d/0x140
[   54.489768]  __x64_sys_mount+0xbe/0x150
[   54.493738]  do_syscall_64+0x1b9/0x820
[   54.497613]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   54.502963]  ? syscall_return_slowpath+0x5e0/0x5e0
[   54.507876]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   54.512702]  ? trace_hardirqs_on_caller+0x310/0x310
[   54.517705]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   54.522706]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.528227]  ? prepare_exit_to_usermode+0x291/0x3b0
[   54.533229]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   54.538059]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.543229] RIP: 0033:0x440129
[   54.546419] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   54.565330] RSP: 002b:00007ffe3411fa68 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   54.573027] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440129
[   54.580282] RDX: 000000002015bffc RSI: 0000000020343ff8 RDI: 00000000208deff8
[   54.587532] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   54.594786] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019b0
[   54.602039] R13: 0000000000401a40 R14: 0000000000000000 R15: 0000000000000000
[   54.609323] 
[   54.610939] Allocated by task 5521:
[   54.614552]  save_stack+0x43/0xd0
[   54.617987]  kasan_kmalloc+0xc7/0xe0
[   54.621685]  __kmalloc+0x14e/0x760
[   54.625210]  fscache_alloc_cookie+0x6f7/0x880
[   54.629691]  __fscache_acquire_cookie+0x230/0xb60
[   54.634544]  nfs_fscache_get_client_cookie+0x463/0x600
[   54.639809]  nfs_alloc_client+0x563/0x760
[   54.643937]  nfs_get_client+0x8e8/0x14d0
[   54.647982]  nfs_init_server+0x357/0x1010
[   54.652112]  nfs_create_server+0x86/0x5f0
[   54.656252]  nfs_try_mount+0x180/0xa80
[   54.660127]  nfs_fs_mount+0x17f8/0x2f1c
[   54.664084]  mount_fs+0xae/0x31d
[   54.667435]  vfs_kern_mount.part.35+0xdc/0x4f0
[   54.671998]  do_mount+0x581/0x31f0
[   54.675522]  ksys_mount+0x12d/0x140
[   54.679131]  __x64_sys_mount+0xbe/0x150
[   54.683093]  do_syscall_64+0x1b9/0x820
[   54.686968]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   54.692136] 
[   54.693747] Freed by task 3965:
[   54.697012]  save_stack+0x43/0xd0
[   54.700446]  __kasan_slab_free+0x102/0x150
[   54.704669]  kasan_slab_free+0xe/0x10
[   54.708459]  kfree+0xcf/0x230
[   54.711552]  selinux_cred_free+0x51/0x80
[   54.715598]  security_cred_free+0x4a/0x80
[   54.719733]  put_cred_rcu+0x265/0x780
[   54.723517]  rcu_process_callbacks+0xf23/0x2670
[   54.728180]  __do_softirq+0x30b/0xad8
[   54.731958] 
[   54.733570] The buggy address belongs to the object at ffff8801c6312640
[   54.733570]  which belongs to the cache kmalloc-32 of size 32
[   54.746042] The buggy address is located 20 bytes inside of
[   54.746042]  32-byte region [ffff8801c6312640, ffff8801c6312660)
[   54.757728] The buggy address belongs to the page:
[   54.762642] page:ffffea000718c480 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801c6312fc1
[   54.772072] flags: 0x2fffc0000000100(slab)
[   54.776294] raw: 02fffc0000000100 ffffea000718c288 ffffea000718c948 ffff8801da8001c0
[   54.784180] raw: ffff8801c6312fc1 ffff8801c6312000 000000010000003f 0000000000000000
[   54.792039] page dumped because: kasan: bad access detected
[   54.797724] 
[   54.799334] Memory state around the buggy address:
[   54.804243]  ffff8801c6312500: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   54.811583]  ffff8801c6312580: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   54.818928] >ffff8801c6312600: 00 01 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   54.826275]                                                  ^
[   54.832234]  ffff8801c6312680: fb fb fb fb fc fc fc fc 01 fc fc fc fc fc fc fc
[   54.839577]  ffff8801c6312700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   54.846915] ==================================================================
[   54.854252] Disabling lock debugging due to kernel taint
[   54.860439] Kernel panic - not syncing: panic_on_warn set ...
[   54.860439] 
[   54.867829] CPU: 1 PID: 5521 Comm: syz-executor740 Tainted: G    B             4.19.0-rc8+ #64
[   54.876561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.885895] Call Trace:
[   54.888491]  dump_stack+0x1c4/0x2b4
[   54.892106]  ? dump_stack_print_info.cold.2+0x52/0x52
[   54.897285]  panic+0x238/0x4e7
[   54.900459]  ? add_taint.cold.5+0x16/0x16
[   54.904590]  ? preempt_schedule+0x4d/0x60
[   54.908725]  ? ___preempt_schedule+0x16/0x18
[   54.913117]  ? trace_hardirqs_on+0xb4/0x310
[   54.917425]  kasan_end_report+0x47/0x4f
[   54.921403]  kasan_report.cold.9+0x76/0x309
[   54.925709]  ? fscache_alloc_cookie+0x7ad/0x880
[   54.930363]  __asan_report_load4_noabort+0x14/0x20
[   54.935283]  fscache_alloc_cookie+0x7ad/0x880
[   54.939765]  ? fscache_cookie_init_once+0x80/0x80
[   54.944596]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   54.949690]  ? __kmalloc_track_caller+0x14a/0x750
[   54.954536]  ? kstrdup+0x39/0x70
[   54.957905]  ? nfs_alloc_client+0x383/0x760
[   54.962210]  ? nfs_get_client+0x8e8/0x14d0
[   54.966428]  ? nfs_init_server+0x357/0x1010
[   54.970730]  ? nfs_create_server+0x86/0x5f0
[   54.975032]  ? nfs_fs_mount+0x17f8/0x2f1c
[   54.979168]  ? mount_fs+0xae/0x31d
[   54.982720]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   54.987459]  ? do_mount+0x581/0x31f0
[   54.991154]  ? ksys_mount+0x12d/0x140
[   54.994936]  ? __x64_sys_mount+0xbe/0x150
[   54.999067]  ? do_syscall_64+0x1b9/0x820
[   55.003116]  __fscache_acquire_cookie+0x230/0xb60
[   55.007946]  ? fscache_cookie_put+0x880/0x880
[   55.012425]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   55.017976]  ? check_preemption_disabled+0x48/0x200
[   55.022980]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   55.028504]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   55.033766]  ? rcu_pm_notify+0xc0/0xc0
[   55.037641]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   55.043191]  nfs_fscache_get_client_cookie+0x463/0x600
[   55.048454]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   55.054330]  nfs_alloc_client+0x563/0x760
[   55.058465]  ? register_nfs_version+0x280/0x280
[   55.063122]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   55.067695]  nfs_get_client+0x8e8/0x14d0
[   55.071742]  ? kmem_cache_alloc_trace+0x152/0x750
[   55.076568]  ? mount_fs+0xae/0x31d
[   55.080095]  ? nfs_put_client+0x30/0x30
[   55.084053]  ? nfs_alloc_server+0x5ca/0x730
[   55.088360]  ? depot_save_stack+0x292/0x470
[   55.092667]  ? nfs_wait_client_init_complete+0x210/0x210
[   55.098105]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   55.103627]  ? check_preemption_disabled+0x48/0x200
[   55.108624]  ? check_preemption_disabled+0x48/0x200
[   55.113625]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   55.118799]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   55.124333]  nfs_init_server+0x357/0x1010
[   55.128470]  ? nfs_clone_server+0x920/0x920
[   55.132786]  ? nfs_alloc_fattr+0x48/0x1d0
[   55.136921]  ? rcu_read_lock_sched_held+0x108/0x120
[   55.141923]  nfs_create_server+0x86/0x5f0
[   55.146054]  nfs_try_mount+0x180/0xa80
[   55.149927]  ? lock_downgrade+0x900/0x900
[   55.154055]  ? nfs_request_mount.constprop.18+0x920/0x920
[   55.159575]  ? kasan_check_read+0x11/0x20
[   55.163705]  ? do_raw_spin_unlock+0xa7/0x2f0
[   55.168099]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   55.172665]  ? kasan_check_write+0x14/0x20
[   55.176882]  ? do_raw_spin_lock+0xc1/0x200
[   55.181103]  ? _raw_spin_unlock+0x2c/0x50
[   55.185231]  ? find_nfs_version+0x138/0x190
[   55.189538]  nfs_fs_mount+0x17f8/0x2f1c
[   55.193494]  ? nfs_show_options+0x250/0x250
[   55.197799]  ? nfs_clone_super+0x420/0x420
[   55.202015]  ? nfs_parse_mount_options+0x2660/0x2660
[   55.207101]  ? lock_downgrade+0x900/0x900
[   55.211234]  mount_fs+0xae/0x31d
[   55.214589]  vfs_kern_mount.part.35+0xdc/0x4f0
[   55.219155]  ? may_umount+0xb0/0xb0
[   55.222773]  ? _raw_read_unlock+0x2c/0x50
[   55.226906]  ? __get_fs_type+0x97/0xc0
[   55.230775]  do_mount+0x581/0x31f0
[   55.234298]  ? copy_mount_string+0x40/0x40
[   55.238518]  ? copy_mount_options+0x5f/0x380
[   55.242907]  ? rcu_read_lock_sched_held+0x108/0x120
[   55.247911]  ? kmem_cache_alloc_trace+0x353/0x750
[   55.252742]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   55.258448]  ? _copy_from_user+0xdf/0x150
[   55.262602]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   55.268121]  ? copy_mount_options+0x288/0x380
[   55.272596]  ksys_mount+0x12d/0x140
[   55.276214]  __x64_sys_mount+0xbe/0x150
[   55.280185]  do_syscall_64+0x1b9/0x820
[   55.284055]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   55.289419]  ? syscall_return_slowpath+0x5e0/0x5e0
[   55.294332]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   55.299166]  ? trace_hardirqs_on_caller+0x310/0x310
[   55.304167]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   55.309172]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   55.314692]  ? prepare_exit_to_usermode+0x291/0x3b0
[   55.319696]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   55.324520]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   55.329689] RIP: 0033:0x440129
[   55.332885] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   55.351767] RSP: 002b:00007ffe3411fa68 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   55.359471] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440129
[   55.366725] RDX: 000000002015bffc RSI: 0000000020343ff8 RDI: 00000000208deff8
[   55.373976] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   55.381227] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019b0
[   55.388476] R13: 0000000000401a40 R14: 0000000000000000 R15: 0000000000000000
[   55.396615] Kernel Offset: disabled
[   55.400237] Rebooting in 86400 seconds..