[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   26.153950] kauditd_printk_skb: 7 callbacks suppressed
[   26.153962] audit: type=1800 audit(1539522119.194:29): pid=5229 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   26.186798] audit: type=1800 audit(1539522119.204:30): pid=5229 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.74' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   39.624590] ==================================================================
[   39.632052] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7ad/0x880
[   39.639436] Read of size 4 at addr ffff8801d7a9e6d4 by task syz-executor629/5382
[   39.646951] 
[   39.648582] CPU: 1 PID: 5382 Comm: syz-executor629 Not tainted 4.19.0-rc7+ #283
[   39.656029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.665430] Call Trace:
[   39.668025]  dump_stack+0x1c4/0x2b4
[   39.671640]  ? dump_stack_print_info.cold.2+0x52/0x52
[   39.676821]  ? printk+0xa7/0xcf
[   39.680091]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   39.684836]  print_address_description.cold.8+0x9/0x1ff
[   39.690188]  kasan_report.cold.9+0x242/0x309
[   39.694588]  ? fscache_alloc_cookie+0x7ad/0x880
[   39.699244]  __asan_report_load4_noabort+0x14/0x20
[   39.704162]  fscache_alloc_cookie+0x7ad/0x880
[   39.708646]  ? fscache_cookie_init_once+0x80/0x80
[   39.713481]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   39.718576]  ? __kmalloc_track_caller+0x14a/0x750
[   39.723403]  ? kstrdup+0x39/0x70
[   39.726755]  ? nfs_alloc_client+0x383/0x760
[   39.731070]  ? nfs_get_client+0x8e8/0x14d0
[   39.735290]  ? nfs_init_server+0x357/0x1010
[   39.739598]  ? nfs_create_server+0x86/0x5f0
[   39.743910]  ? nfs_fs_mount+0x17f8/0x2f1c
[   39.748045]  ? mount_fs+0xae/0x31d
[   39.751590]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   39.756364]  ? do_mount+0x581/0x31f0
[   39.760062]  ? ksys_mount+0x12d/0x140
[   39.763847]  ? __x64_sys_mount+0xbe/0x150
[   39.767980]  ? do_syscall_64+0x1b9/0x820
[   39.772038]  __fscache_acquire_cookie+0x230/0xb60
[   39.776875]  ? fscache_cookie_put+0x880/0x880
[   39.781357]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.786884]  ? check_preemption_disabled+0x48/0x200
[   39.791892]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   39.797415]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   39.802675]  ? rcu_pm_notify+0xc0/0xc0
[   39.806569]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.812096]  nfs_fscache_get_client_cookie+0x463/0x600
[   39.817364]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   39.823241]  nfs_alloc_client+0x563/0x760
[   39.827373]  ? register_nfs_version+0x280/0x280
[   39.832032]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   39.836609]  nfs_get_client+0x8e8/0x14d0
[   39.840656]  ? kmem_cache_alloc_trace+0x152/0x750
[   39.845484]  ? mount_fs+0xae/0x31d
[   39.849017]  ? nfs_put_client+0x30/0x30
[   39.852976]  ? nfs_alloc_server+0x5ca/0x730
[   39.857281]  ? depot_save_stack+0x292/0x470
[   39.861588]  ? nfs_wait_client_init_complete+0x210/0x210
[   39.867026]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.872585]  ? check_preemption_disabled+0x48/0x200
[   39.877601]  ? check_preemption_disabled+0x48/0x200
[   39.882631]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   39.887809]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   39.892814]  nfs_init_server+0x357/0x1010
[   39.896949]  ? nfs_clone_server+0x920/0x920
[   39.901319]  ? nfs_alloc_fattr+0x48/0x1d0
[   39.905472]  ? rcu_read_lock_sched_held+0x108/0x120
[   39.910901]  nfs_create_server+0x86/0x5f0
[   39.915240]  nfs_try_mount+0x180/0xa80
[   39.919123]  ? lock_downgrade+0x900/0x900
[   39.923278]  ? nfs_request_mount.constprop.18+0x920/0x920
[   39.928806]  ? kasan_check_read+0x11/0x20
[   39.932938]  ? do_raw_spin_unlock+0xa7/0x2f0
[   39.937367]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   39.941956]  ? kasan_check_write+0x14/0x20
[   39.946194]  ? do_raw_spin_lock+0xc1/0x200
[   39.950420]  ? _raw_spin_unlock+0x2c/0x50
[   39.954556]  ? find_nfs_version+0x138/0x190
[   39.958869]  nfs_fs_mount+0x17f8/0x2f1c
[   39.962833]  ? nfs_show_options+0x250/0x250
[   39.967175]  ? nfs_clone_super+0x420/0x420
[   39.971396]  ? nfs_parse_mount_options+0x2660/0x2660
[   39.976487]  ? lock_downgrade+0x900/0x900
[   39.980644]  mount_fs+0xae/0x31d
[   39.984002]  vfs_kern_mount.part.35+0xdc/0x4f0
[   39.988573]  ? may_umount+0xb0/0xb0
[   39.992198]  ? _raw_read_unlock+0x2c/0x50
[   39.996361]  ? __get_fs_type+0x97/0xc0
[   40.000253]  do_mount+0x581/0x31f0
[   40.003789]  ? copy_mount_string+0x40/0x40
[   40.008444]  ? copy_mount_options+0x5f/0x380
[   40.012858]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.017865]  ? kmem_cache_alloc_trace+0x353/0x750
[   40.022694]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   40.028216]  ? _copy_from_user+0xdf/0x150
[   40.032351]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.037878]  ? copy_mount_options+0x288/0x380
[   40.042373]  ksys_mount+0x12d/0x140
[   40.045988]  __x64_sys_mount+0xbe/0x150
[   40.049951]  do_syscall_64+0x1b9/0x820
[   40.053848]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   40.059215]  ? syscall_return_slowpath+0x5e0/0x5e0
[   40.064128]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.068959]  ? trace_hardirqs_on_caller+0x310/0x310
[   40.073975]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   40.078981]  ? prepare_exit_to_usermode+0x291/0x3b0
[   40.083985]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.088819]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.093992] RIP: 0033:0x440139
[   40.097173] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   40.116065] RSP: 002b:00007fffe1065a68 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   40.123766] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440139
[   40.131030] RDX: 0000000020000180 RSI: 0000000020000140 RDI: 0000000020000040
[   40.138293] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   40.138306] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019c0
[   40.138315] R13: 0000000000401a50 R14: 0000000000000000 R15: 0000000000000000
[   40.138339] 
[   40.152962] Allocated by task 5382:
[   40.165469]  save_stack+0x43/0xd0
[   40.168930]  kasan_kmalloc+0xc7/0xe0
[   40.172661]  __kmalloc+0x14e/0x760
[   40.176213]  fscache_alloc_cookie+0x6f7/0x880
[   40.180721]  __fscache_acquire_cookie+0x230/0xb60
[   40.185571]  nfs_fscache_get_client_cookie+0x463/0x600
[   40.190844]  nfs_alloc_client+0x563/0x760
[   40.195015]  nfs_get_client+0x8e8/0x14d0
[   40.199064]  nfs_init_server+0x357/0x1010
[   40.203197]  nfs_create_server+0x86/0x5f0
[   40.207329]  nfs_try_mount+0x180/0xa80
[   40.211200]  nfs_fs_mount+0x17f8/0x2f1c
[   40.215156]  mount_fs+0xae/0x31d
[   40.218508]  vfs_kern_mount.part.35+0xdc/0x4f0
[   40.223073]  do_mount+0x581/0x31f0
[   40.226621]  ksys_mount+0x12d/0x140
[   40.230250]  __x64_sys_mount+0xbe/0x150
[   40.234212]  do_syscall_64+0x1b9/0x820
[   40.238089]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.243256] 
[   40.244865] Freed by task 1:
[   40.247867]  save_stack+0x43/0xd0
[   40.251304]  __kasan_slab_free+0x102/0x150
[   40.255529]  kasan_slab_free+0xe/0x10
[   40.259321]  kfree+0xcf/0x230
[   40.262410]  acpi_ns_get_node_unlocked+0x2b9/0x309
[   40.267322]  acpi_ns_get_node+0x4d/0x6b
[   40.271283]  acpi_get_handle+0x15b/0x263
[   40.275326]  acpi_has_method+0x70/0xb0
[   40.279201]  acpi_device_dep_initialize.isra.10+0x109/0x6f0
[   40.284896]  acpi_bus_check_add+0x816/0xb10
[   40.289202]  acpi_ns_walk_namespace+0x224/0x400
[   40.293857]  acpi_walk_namespace+0xf2/0x12c
[   40.298163]  acpi_bus_scan+0x146/0x170
[   40.302055]  acpi_scan_init+0x403/0x8fe
[   40.306016]  acpi_init+0x941/0xa19
[   40.309540]  do_one_initcall+0x145/0x957
[   40.313589]  kernel_init_freeable+0x4bb/0x5ae
[   40.318072]  kernel_init+0x11/0x1b2
[   40.321682]  ret_from_fork+0x3a/0x50
[   40.325379] 
[   40.327001] The buggy address belongs to the object at ffff8801d7a9e6c0
[   40.327001]  which belongs to the cache kmalloc-32 of size 32
[   40.339469] The buggy address is located 20 bytes inside of
[   40.339469]  32-byte region [ffff8801d7a9e6c0, ffff8801d7a9e6e0)
[   40.351170] The buggy address belongs to the page:
[   40.356088] page:ffffea00075ea780 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801d7a9efc1
[   40.365521] flags: 0x2fffc0000000100(slab)
[   40.369743] raw: 02fffc0000000100 ffffea00075ea548 ffff8801da801238 ffff8801da8001c0
[   40.377611] raw: ffff8801d7a9efc1 ffff8801d7a9e000 0000000100000033 0000000000000000
[   40.385476] page dumped because: kasan: bad access detected
[   40.391181] 
[   40.392796] Memory state around the buggy address:
[   40.397711]  ffff8801d7a9e580: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   40.405054]  ffff8801d7a9e600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   40.412396] >ffff8801d7a9e680: fb fb fb fb fc fc fc fc 00 00 06 fc fc fc fc fc
[   40.419765]                                                  ^
[   40.425876]  ffff8801d7a9e700: 01 fc fc fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   40.433216]  ffff8801d7a9e780: 01 fc fc fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   40.440559] ==================================================================
[   40.447928] Disabling lock debugging due to kernel taint
[   40.453510] Kernel panic - not syncing: panic_on_warn set ...
[   40.453510] 
[   40.460889] CPU: 1 PID: 5382 Comm: syz-executor629 Tainted: G    B             4.19.0-rc7+ #283
[   40.469705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.479055] Call Trace:
[   40.481631]  dump_stack+0x1c4/0x2b4
[   40.485246]  ? dump_stack_print_info.cold.2+0x52/0x52
[   40.490439]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.495178]  panic+0x238/0x4e7
[   40.498357]  ? add_taint.cold.5+0x16/0x16
[   40.502504]  ? preempt_schedule+0x4d/0x60
[   40.506637]  ? ___preempt_schedule+0x16/0x18
[   40.511029]  ? trace_hardirqs_on+0xb4/0x310
[   40.515336]  kasan_end_report+0x47/0x4f
[   40.519297]  kasan_report.cold.9+0x76/0x309
[   40.523601]  ? fscache_alloc_cookie+0x7ad/0x880
[   40.528255]  __asan_report_load4_noabort+0x14/0x20
[   40.533167]  fscache_alloc_cookie+0x7ad/0x880
[   40.537649]  ? fscache_cookie_init_once+0x80/0x80
[   40.542479]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   40.547571]  ? __kmalloc_track_caller+0x14a/0x750
[   40.552398]  ? kstrdup+0x39/0x70
[   40.555749]  ? nfs_alloc_client+0x383/0x760
[   40.560062]  ? nfs_get_client+0x8e8/0x14d0
[   40.564279]  ? nfs_init_server+0x357/0x1010
[   40.568584]  ? nfs_create_server+0x86/0x5f0
[   40.572887]  ? nfs_fs_mount+0x17f8/0x2f1c
[   40.577019]  ? mount_fs+0xae/0x31d
[   40.580543]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   40.585281]  ? do_mount+0x581/0x31f0
[   40.588979]  ? ksys_mount+0x12d/0x140
[   40.592759]  ? __x64_sys_mount+0xbe/0x150
[   40.596913]  ? do_syscall_64+0x1b9/0x820
[   40.600960]  __fscache_acquire_cookie+0x230/0xb60
[   40.605809]  ? fscache_cookie_put+0x880/0x880
[   40.610289]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.615813]  ? check_preemption_disabled+0x48/0x200
[   40.620817]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   40.626338]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   40.631597]  ? rcu_pm_notify+0xc0/0xc0
[   40.635471]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.641012]  nfs_fscache_get_client_cookie+0x463/0x600
[   40.646291]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   40.652164]  nfs_alloc_client+0x563/0x760
[   40.656299]  ? register_nfs_version+0x280/0x280
[   40.660952]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   40.665522]  nfs_get_client+0x8e8/0x14d0
[   40.669571]  ? kmem_cache_alloc_trace+0x152/0x750
[   40.674398]  ? mount_fs+0xae/0x31d
[   40.677943]  ? nfs_put_client+0x30/0x30
[   40.681897]  ? nfs_alloc_server+0x5ca/0x730
[   40.686213]  ? depot_save_stack+0x292/0x470
[   40.690530]  ? nfs_wait_client_init_complete+0x210/0x210
[   40.695972]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.701495]  ? check_preemption_disabled+0x48/0x200
[   40.706494]  ? check_preemption_disabled+0x48/0x200
[   40.711493]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   40.716679]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   40.721679]  nfs_init_server+0x357/0x1010
[   40.725812]  ? nfs_clone_server+0x920/0x920
[   40.730118]  ? nfs_alloc_fattr+0x48/0x1d0
[   40.734254]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.739258]  nfs_create_server+0x86/0x5f0
[   40.743413]  nfs_try_mount+0x180/0xa80
[   40.747292]  ? lock_downgrade+0x900/0x900
[   40.751433]  ? nfs_request_mount.constprop.18+0x920/0x920
[   40.756969]  ? kasan_check_read+0x11/0x20
[   40.761104]  ? do_raw_spin_unlock+0xa7/0x2f0
[   40.765496]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   40.770082]  ? kasan_check_write+0x14/0x20
[   40.774301]  ? do_raw_spin_lock+0xc1/0x200
[   40.778540]  ? _raw_spin_unlock+0x2c/0x50
[   40.782687]  ? find_nfs_version+0x138/0x190
[   40.786998]  nfs_fs_mount+0x17f8/0x2f1c
[   40.790973]  ? nfs_show_options+0x250/0x250
[   40.795281]  ? nfs_clone_super+0x420/0x420
[   40.799497]  ? nfs_parse_mount_options+0x2660/0x2660
[   40.804587]  ? lock_downgrade+0x900/0x900
[   40.808727]  mount_fs+0xae/0x31d
[   40.812090]  vfs_kern_mount.part.35+0xdc/0x4f0
[   40.816658]  ? may_umount+0xb0/0xb0
[   40.820285]  ? _raw_read_unlock+0x2c/0x50
[   40.824417]  ? __get_fs_type+0x97/0xc0
[   40.828292]  do_mount+0x581/0x31f0
[   40.831822]  ? copy_mount_string+0x40/0x40
[   40.836045]  ? copy_mount_options+0x5f/0x380
[   40.840443]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.845451]  ? kmem_cache_alloc_trace+0x353/0x750
[   40.850279]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   40.855833]  ? _copy_from_user+0xdf/0x150
[   40.860000]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.865521]  ? copy_mount_options+0x288/0x380
[   40.870004]  ksys_mount+0x12d/0x140
[   40.873616]  __x64_sys_mount+0xbe/0x150
[   40.877579]  do_syscall_64+0x1b9/0x820
[   40.881452]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   40.886809]  ? syscall_return_slowpath+0x5e0/0x5e0
[   40.891722]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.896557]  ? trace_hardirqs_on_caller+0x310/0x310
[   40.901580]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   40.906584]  ? prepare_exit_to_usermode+0x291/0x3b0
[   40.911586]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.916420]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.921592] RIP: 0033:0x440139
[   40.924768] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   40.943682] RSP: 002b:00007fffe1065a68 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[   40.951393] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440139
[   40.958652] RDX: 0000000020000180 RSI: 0000000020000140 RDI: 0000000020000040
[   40.965905] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000
[   40.973158] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019c0
[   40.980416] R13: 0000000000401a50 R14: 0000000000000000 R15: 0000000000000000
[   40.988493] Kernel Offset: disabled
[   40.992117] Rebooting in 86400 seconds..