[....] Starting OpenBSD Secure Shell server: sshd[   25.006417] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   28.542145] random: sshd: uninitialized urandom read (32 bytes read)
[   28.965994] random: sshd: uninitialized urandom read (32 bytes read)
[   29.534943] sshd (5326) used greatest stack depth: 16408 bytes left
[   29.557475] random: sshd: uninitialized urandom read (32 bytes read)
[   30.803964] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.11' (ECDSA) to the list of known hosts.
[   36.508625] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   36.636337] ==================================================================
[   36.643798] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7ad/0x880
[   36.651146] Read of size 4 at addr ffff8801d7b28494 by task syz-executor823/5339
[   36.658661] 
[   36.660281] CPU: 1 PID: 5339 Comm: syz-executor823 Not tainted 4.19.0-rc2+ #229
[   36.667709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.677048] Call Trace:
[   36.679614]  dump_stack+0x1c4/0x2b4
[   36.683246]  ? dump_stack_print_info.cold.2+0x52/0x52
[   36.688429]  ? printk+0xa7/0xcf
[   36.691711]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   36.696562]  print_address_description.cold.8+0x9/0x1ff
[   36.701918]  kasan_report.cold.9+0x242/0x309
[   36.706323]  ? fscache_alloc_cookie+0x7ad/0x880
[   36.710997]  __asan_report_load4_noabort+0x14/0x20
[   36.715916]  fscache_alloc_cookie+0x7ad/0x880
[   36.720400]  ? fscache_cookie_init_once+0x80/0x80
[   36.725233]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   36.730350]  ? __kmalloc_track_caller+0x14a/0x750
[   36.735182]  ? kstrdup+0x39/0x70
[   36.738541]  ? nfs_alloc_client+0x383/0x760
[   36.742854]  ? nfs_get_client+0x8e8/0x14d0
[   36.747096]  ? nfs_init_server+0x357/0x1010
[   36.751418]  ? nfs_create_server+0x86/0x5f0
[   36.755838]  ? nfs_fs_mount+0x17f8/0x2f1c
[   36.760070]  ? mount_fs+0xae/0x31d
[   36.763598]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   36.768338]  ? do_mount+0x581/0x31f0
[   36.772039]  ? ksys_mount+0x12d/0x140
[   36.775823]  ? __x64_sys_mount+0xbe/0x150
[   36.779962]  ? do_syscall_64+0x1b9/0x820
[   36.784021]  __fscache_acquire_cookie+0x230/0xb60
[   36.788862]  ? fscache_cookie_put+0x880/0x880
[   36.793351]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.798881]  ? check_preemption_disabled+0x48/0x200
[   36.803955]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   36.809505]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   36.814872]  ? rcu_pm_notify+0xc0/0xc0
[   36.818749]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.824287]  nfs_fscache_get_client_cookie+0x463/0x600
[   36.829556]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   36.835442]  nfs_alloc_client+0x563/0x760
[   36.839574]  ? register_nfs_version+0x280/0x280
[   36.844265]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   36.848899]  nfs_get_client+0x8e8/0x14d0
[   36.853057]  ? kmem_cache_alloc_trace+0x152/0x750
[   36.858013]  ? mount_fs+0xae/0x31d
[   36.861550]  ? nfs_put_client+0x30/0x30
[   36.865511]  ? kmem_cache_alloc_trace+0x5a2/0x750
[   36.870387]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.875913]  ? check_preemption_disabled+0x48/0x200
[   36.880921]  ? check_preemption_disabled+0x48/0x200
[   36.885937]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   36.891140]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   36.896178]  nfs_init_server+0x357/0x1010
[   36.900386]  ? nfs_clone_server+0x920/0x920
[   36.904698]  ? nfs_alloc_fattr+0x48/0x1d0
[   36.908833]  ? rcu_read_lock_sched_held+0x108/0x120
[   36.913849]  nfs_create_server+0x86/0x5f0
[   36.917984]  nfs_try_mount+0x180/0xa80
[   36.921957]  ? lock_downgrade+0x900/0x900
[   36.926127]  ? nfs_request_mount.constprop.18+0x920/0x920
[   36.931730]  ? kasan_check_read+0x11/0x20
[   36.935867]  ? do_raw_spin_unlock+0xa7/0x2f0
[   36.940264]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   36.944956]  ? kasan_check_write+0x14/0x20
[   36.949179]  ? do_raw_spin_lock+0xc1/0x200
[   36.953402]  ? _raw_spin_unlock+0x2c/0x50
[   36.957534]  ? find_nfs_version+0x138/0x190
[   36.961944]  nfs_fs_mount+0x17f8/0x2f1c
[   36.966021]  ? nfs_show_options+0x250/0x250
[   36.970350]  ? nfs_clone_super+0x420/0x420
[   36.974568]  ? nfs_parse_mount_options+0x2660/0x2660
[   36.979783]  ? lock_downgrade+0x900/0x900
[   36.983930]  mount_fs+0xae/0x31d
[   36.987293]  vfs_kern_mount.part.35+0xdc/0x4f0
[   36.991869]  ? may_umount+0xb0/0xb0
[   36.995506]  ? _raw_read_unlock+0x2c/0x50
[   36.999639]  ? __get_fs_type+0x97/0xc0
[   37.003513]  do_mount+0x581/0x31f0
[   37.007106]  ? copy_mount_string+0x40/0x40
[   37.011349]  ? copy_mount_options+0x5f/0x380
[   37.015773]  ? rcu_read_lock_sched_held+0x108/0x120
[   37.020789]  ? kmem_cache_alloc_trace+0x353/0x750
[   37.025621]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   37.031147]  ? _copy_from_user+0xdf/0x150
[   37.035288]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.040811]  ? copy_mount_options+0x288/0x380
[   37.045293]  ksys_mount+0x12d/0x140
[   37.048905]  __x64_sys_mount+0xbe/0x150
[   37.052936]  do_syscall_64+0x1b9/0x820
[   37.056827]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   37.062225]  ? syscall_return_slowpath+0x5e0/0x5e0
[   37.067145]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.071976]  ? trace_hardirqs_on_caller+0x310/0x310
[   37.076977]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   37.081978]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.087497]  ? prepare_exit_to_usermode+0x291/0x3b0
[   37.092502]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.097342]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.102671] RIP: 0033:0x440129
[   37.105856] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   37.124743] RSP: 002b:00007ffe42783c88 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   37.132501] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440129
[   37.139888] RDX: 000000002015bffc RSI: 0000000020343ff8 RDI: 0000000020000080
[   37.147153] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   37.154415] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019b0
[   37.161676] R13: 0000000000401a40 R14: 0000000000000000 R15: 0000000000000000
[   37.168935] 
[   37.170542] Allocated by task 5339:
[   37.174193]  save_stack+0x43/0xd0
[   37.177742]  kasan_kmalloc+0xc7/0xe0
[   37.181450]  __kmalloc+0x14e/0x760
[   37.185035]  fscache_alloc_cookie+0x6f7/0x880
[   37.189520]  __fscache_acquire_cookie+0x230/0xb60
[   37.194374]  nfs_fscache_get_client_cookie+0x463/0x600
[   37.199650]  nfs_alloc_client+0x563/0x760
[   37.203789]  nfs_get_client+0x8e8/0x14d0
[   37.207831]  nfs_init_server+0x357/0x1010
[   37.211965]  nfs_create_server+0x86/0x5f0
[   37.216098]  nfs_try_mount+0x180/0xa80
[   37.220028]  nfs_fs_mount+0x17f8/0x2f1c
[   37.223993]  mount_fs+0xae/0x31d
[   37.227444]  vfs_kern_mount.part.35+0xdc/0x4f0
[   37.232019]  do_mount+0x581/0x31f0
[   37.235556]  ksys_mount+0x12d/0x140
[   37.239167]  __x64_sys_mount+0xbe/0x150
[   37.243134]  do_syscall_64+0x1b9/0x820
[   37.247013]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.252191] 
[   37.253812] Freed by task 1:
[   37.256813]  save_stack+0x43/0xd0
[   37.260264]  __kasan_slab_free+0x102/0x150
[   37.264489]  kasan_slab_free+0xe/0x10
[   37.268277]  kfree+0xcf/0x230
[   37.271381]  acpi_ns_get_node_unlocked+0x2b9/0x309
[   37.276311]  acpi_ns_get_node+0x4d/0x6b
[   37.280325]  acpi_get_handle+0x15b/0x263
[   37.284378]  acpi_has_method+0x70/0xb0
[   37.288251]  acpi_bus_check_add+0x651/0xb10
[   37.292584]  acpi_ns_walk_namespace+0x224/0x400
[   37.297250]  acpi_walk_namespace+0xf2/0x12c
[   37.301559]  acpi_bus_scan+0x146/0x170
[   37.305437]  acpi_scan_init+0x403/0x8fe
[   37.309396]  acpi_init+0x941/0xa19
[   37.312923]  do_one_initcall+0x145/0x957
[   37.316976]  kernel_init_freeable+0x4bb/0x5ae
[   37.321561]  kernel_init+0x11/0x1b2
[   37.325173]  ret_from_fork+0x3a/0x50
[   37.328967] 
[   37.330583] The buggy address belongs to the object at ffff8801d7b28480
[   37.330583]  which belongs to the cache kmalloc-32 of size 32
[   37.343051] The buggy address is located 20 bytes inside of
[   37.343051]  32-byte region [ffff8801d7b28480, ffff8801d7b284a0)
[   37.354737] The buggy address belongs to the page:
[   37.359737] page:ffffea00075eca00 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801d7b28fc1
[   37.369183] flags: 0x2fffc0000000100(slab)
[   37.373517] raw: 02fffc0000000100 ffffea00075eca88 ffff8801da801238 ffff8801da8001c0
[   37.381391] raw: ffff8801d7b28fc1 ffff8801d7b28000 0000000100000023 0000000000000000
[   37.389258] page dumped because: kasan: bad access detected
[   37.394953] 
[   37.396568] Memory state around the buggy address:
[   37.401490]  ffff8801d7b28380: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   37.408843]  ffff8801d7b28400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   37.416190] >ffff8801d7b28480: 00 00 06 fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   37.423626]                          ^
[   37.427511]  ffff8801d7b28500: 01 fc fc fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   37.434855]  ffff8801d7b28580: 01 fc fc fc fc fc fc fc 04 fc fc fc fc fc fc fc
[   37.442198] ==================================================================
[   37.449538] Disabling lock debugging due to kernel taint
[   37.455780] Kernel panic - not syncing: panic_on_warn set ...
[   37.455780] 
[   37.463164] CPU: 1 PID: 5339 Comm: syz-executor823 Tainted: G    B             4.19.0-rc2+ #229
[   37.471999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.481344] Call Trace:
[   37.483915]  dump_stack+0x1c4/0x2b4
[   37.487527]  ? dump_stack_print_info.cold.2+0x52/0x52
[   37.492703]  panic+0x238/0x4e7
[   37.495892]  ? add_taint.cold.5+0x16/0x16
[   37.500170]  ? preempt_schedule+0x4d/0x60
[   37.504305]  ? ___preempt_schedule+0x16/0x18
[   37.508702]  ? trace_hardirqs_on+0xb4/0x310
[   37.513111]  kasan_end_report+0x47/0x4f
[   37.517193]  kasan_report.cold.9+0x76/0x309
[   37.521501]  ? fscache_alloc_cookie+0x7ad/0x880
[   37.526153]  __asan_report_load4_noabort+0x14/0x20
[   37.531081]  fscache_alloc_cookie+0x7ad/0x880
[   37.535578]  ? fscache_cookie_init_once+0x80/0x80
[   37.540478]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   37.545575]  ? __kmalloc_track_caller+0x14a/0x750
[   37.550400]  ? kstrdup+0x39/0x70
[   37.553811]  ? nfs_alloc_client+0x383/0x760
[   37.558160]  ? nfs_get_client+0x8e8/0x14d0
[   37.562382]  ? nfs_init_server+0x357/0x1010
[   37.566699]  ? nfs_create_server+0x86/0x5f0
[   37.571017]  ? nfs_fs_mount+0x17f8/0x2f1c
[   37.575155]  ? mount_fs+0xae/0x31d
[   37.578698]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   37.583432]  ? do_mount+0x581/0x31f0
[   37.587127]  ? ksys_mount+0x12d/0x140
[   37.590923]  ? __x64_sys_mount+0xbe/0x150
[   37.595085]  ? do_syscall_64+0x1b9/0x820
[   37.599162]  __fscache_acquire_cookie+0x230/0xb60
[   37.603993]  ? fscache_cookie_put+0x880/0x880
[   37.608478]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.614006]  ? check_preemption_disabled+0x48/0x200
[   37.619033]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   37.624558]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   37.629927]  ? rcu_pm_notify+0xc0/0xc0
[   37.633803]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.639331]  nfs_fscache_get_client_cookie+0x463/0x600
[   37.644595]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   37.650469]  nfs_alloc_client+0x563/0x760
[   37.654602]  ? register_nfs_version+0x280/0x280
[   37.659254]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   37.663825]  nfs_get_client+0x8e8/0x14d0
[   37.667873]  ? kmem_cache_alloc_trace+0x152/0x750
[   37.672701]  ? mount_fs+0xae/0x31d
[   37.676227]  ? nfs_put_client+0x30/0x30
[   37.680183]  ? kmem_cache_alloc_trace+0x5a2/0x750
[   37.685010]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.690529]  ? check_preemption_disabled+0x48/0x200
[   37.695530]  ? check_preemption_disabled+0x48/0x200
[   37.700533]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   37.705822]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   37.710838]  nfs_init_server+0x357/0x1010
[   37.714970]  ? nfs_clone_server+0x920/0x920
[   37.719290]  ? nfs_alloc_fattr+0x48/0x1d0
[   37.723427]  ? rcu_read_lock_sched_held+0x108/0x120
[   37.728428]  nfs_create_server+0x86/0x5f0
[   37.732568]  nfs_try_mount+0x180/0xa80
[   37.736448]  ? lock_downgrade+0x900/0x900
[   37.740586]  ? nfs_request_mount.constprop.18+0x920/0x920
[   37.746211]  ? kasan_check_read+0x11/0x20
[   37.750403]  ? do_raw_spin_unlock+0xa7/0x2f0
[   37.754803]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   37.759386]  ? kasan_check_write+0x14/0x20
[   37.763605]  ? do_raw_spin_lock+0xc1/0x200
[   37.767838]  ? _raw_spin_unlock+0x2c/0x50
[   37.771973]  ? find_nfs_version+0x138/0x190
[   37.776300]  nfs_fs_mount+0x17f8/0x2f1c
[   37.780260]  ? nfs_show_options+0x250/0x250
[   37.784569]  ? nfs_clone_super+0x420/0x420
[   37.788794]  ? nfs_parse_mount_options+0x2660/0x2660
[   37.793885]  ? lock_downgrade+0x900/0x900
[   37.798076]  mount_fs+0xae/0x31d
[   37.801499]  vfs_kern_mount.part.35+0xdc/0x4f0
[   37.806199]  ? may_umount+0xb0/0xb0
[   37.809809]  ? _raw_read_unlock+0x2c/0x50
[   37.813942]  ? __get_fs_type+0x97/0xc0
[   37.817816]  do_mount+0x581/0x31f0
[   37.821344]  ? copy_mount_string+0x40/0x40
[   37.825572]  ? copy_mount_options+0x5f/0x380
[   37.829959]  ? rcu_read_lock_sched_held+0x108/0x120
[   37.834987]  ? kmem_cache_alloc_trace+0x353/0x750
[   37.839821]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   37.845346]  ? _copy_from_user+0xdf/0x150
[   37.849539]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.855064]  ? copy_mount_options+0x288/0x380
[   37.859541]  ksys_mount+0x12d/0x140
[   37.863170]  __x64_sys_mount+0xbe/0x150
[   37.867126]  do_syscall_64+0x1b9/0x820
[   37.870996]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   37.876357]  ? syscall_return_slowpath+0x5e0/0x5e0
[   37.881269]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.886098]  ? trace_hardirqs_on_caller+0x310/0x310
[   37.891119]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   37.896122]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.901646]  ? prepare_exit_to_usermode+0x291/0x3b0
[   37.906662]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.911492]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.916667] RIP: 0033:0x440129
[   37.919847] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   37.938728] RSP: 002b:00007ffe42783c88 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   37.946420] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440129
[   37.953682] RDX: 000000002015bffc RSI: 0000000020343ff8 RDI: 0000000020000080
[   37.961049] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   37.968305] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019b0
[   37.975555] R13: 0000000000401a40 R14: 0000000000000000 R15: 0000000000000000
[   37.983125] Dumping ftrace buffer:
[   37.986653]    (ftrace buffer empty)
[   37.990958] Kernel Offset: disabled
[   37.994583] Rebooting in 86400 seconds..