Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.849055] kauditd_printk_skb: 9 callbacks suppressed [ 28.849069] audit: type=1800 audit(1539487709.352:33): pid=5311 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.877461] audit: type=1800 audit(1539487709.362:34): pid=5311 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.350770] audit: type=1400 audit(1539487713.862:35): avc: denied { map } for pid=5487 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.49' (ECDSA) to the list of known hosts. executing program [ 40.057275] audit: type=1400 audit(1539487720.562:36): avc: denied { map } for pid=5501 comm="syz-executor518" path="/root/syz-executor518795612" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.062395] ================================================================== [ 40.091035] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7ad/0x880 [ 40.098401] Read of size 4 at addr ffff8801c7980c54 by task syz-executor518/5501 [ 40.105911] [ 40.107526] CPU: 1 PID: 5501 Comm: syz-executor518 Not tainted 4.19.0-rc7+ #61 [ 40.114864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.124197] Call Trace: [ 40.126776] dump_stack+0x1c4/0x2b4 [ 40.130395] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.135575] ? printk+0xa7/0xcf [ 40.138837] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 40.143585] print_address_description.cold.8+0x9/0x1ff [ 40.148935] kasan_report.cold.9+0x242/0x309 [ 40.153333] ? fscache_alloc_cookie+0x7ad/0x880 [ 40.157989] __asan_report_load4_noabort+0x14/0x20 [ 40.162905] fscache_alloc_cookie+0x7ad/0x880 [ 40.167386] ? fscache_cookie_init_once+0x80/0x80 [ 40.172220] ? rpcauth_cache_shrink_scan+0x180/0x180 [ 40.177309] ? __kmalloc_track_caller+0x14a/0x750 [ 40.182136] ? kstrdup+0x39/0x70 [ 40.185485] ? nfs_alloc_client+0x383/0x760 [ 40.189798] ? nfs_get_client+0x8e8/0x14d0 [ 40.194024] ? nfs_init_server+0x357/0x1010 [ 40.198333] ? nfs_create_server+0x86/0x5f0 [ 40.202658] ? nfs_fs_mount+0x17f8/0x2f1c [ 40.206791] ? mount_fs+0xae/0x31d [ 40.210323] ? vfs_kern_mount.part.35+0xdc/0x4f0 [ 40.215076] ? do_mount+0x581/0x31f0 [ 40.218772] ? ksys_mount+0x12d/0x140 [ 40.222560] ? __x64_sys_mount+0xbe/0x150 [ 40.226694] ? do_syscall_64+0x1b9/0x820 [ 40.230747] __fscache_acquire_cookie+0x230/0xb60 [ 40.235583] ? fscache_cookie_put+0x880/0x880 [ 40.240074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.245612] ? check_preemption_disabled+0x48/0x200 [ 40.250626] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 40.256147] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 40.261409] ? rcu_pm_notify+0xc0/0xc0 [ 40.265286] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.270814] nfs_fscache_get_client_cookie+0x463/0x600 [ 40.276075] ? nfs_readpage_from_fscache_complete+0x200/0x200 [ 40.281952] nfs_alloc_client+0x563/0x760 [ 40.286085] ? register_nfs_version+0x280/0x280 [ 40.290741] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.295318] nfs_get_client+0x8e8/0x14d0 [ 40.299365] ? kmem_cache_alloc_trace+0x152/0x750 [ 40.304214] ? mount_fs+0xae/0x31d [ 40.307745] ? nfs_put_client+0x30/0x30 [ 40.311705] ? nfs_alloc_server+0x5ca/0x730 [ 40.316011] ? depot_save_stack+0x292/0x470 [ 40.320318] ? nfs_wait_client_init_complete+0x210/0x210 [ 40.325772] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.331299] ? check_preemption_disabled+0x48/0x200 [ 40.336300] ? check_preemption_disabled+0x48/0x200 [ 40.341300] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 40.346474] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 40.351485] nfs_init_server+0x357/0x1010 [ 40.355645] ? nfs_clone_server+0x920/0x920 [ 40.359949] ? nfs_alloc_fattr+0x48/0x1d0 [ 40.364083] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.369093] nfs_create_server+0x86/0x5f0 [ 40.373228] nfs_try_mount+0x180/0xa80 [ 40.377103] ? lock_downgrade+0x900/0x900 [ 40.381238] ? nfs_request_mount.constprop.18+0x920/0x920 [ 40.386761] ? kasan_check_read+0x11/0x20 [ 40.390893] ? do_raw_spin_unlock+0xa7/0x2f0 [ 40.395286] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 40.399848] ? kasan_check_write+0x14/0x20 [ 40.404071] ? do_raw_spin_lock+0xc1/0x200 [ 40.408294] ? _raw_spin_unlock+0x2c/0x50 [ 40.412431] ? find_nfs_version+0x138/0x190 [ 40.416737] nfs_fs_mount+0x17f8/0x2f1c [ 40.420698] ? nfs_show_options+0x250/0x250 [ 40.425003] ? nfs_clone_super+0x420/0x420 [ 40.429219] ? nfs_parse_mount_options+0x2660/0x2660 [ 40.434307] ? lock_downgrade+0x900/0x900 [ 40.438443] mount_fs+0xae/0x31d [ 40.441800] vfs_kern_mount.part.35+0xdc/0x4f0 [ 40.446364] ? may_umount+0xb0/0xb0 [ 40.449976] ? _raw_read_unlock+0x2c/0x50 [ 40.454110] ? __get_fs_type+0x97/0xc0 [ 40.457984] do_mount+0x581/0x31f0 [ 40.461515] ? copy_mount_string+0x40/0x40 [ 40.465738] ? copy_mount_options+0x5f/0x380 [ 40.470129] ? rcu_read_lock_sched_held+0x108/0x120 [ 40.475131] ? kmem_cache_alloc_trace+0x353/0x750 [ 40.479958] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 40.485482] ? _copy_from_user+0xdf/0x150 [ 40.489623] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.495155] ? copy_mount_options+0x288/0x380 [ 40.499635] ksys_mount+0x12d/0x140 [ 40.503246] __x64_sys_mount+0xbe/0x150 [ 40.507208] do_syscall_64+0x1b9/0x820 [ 40.511080] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 40.516426] ? syscall_return_slowpath+0x5e0/0x5e0 [ 40.521338] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.526164] ? trace_hardirqs_on_caller+0x310/0x310 [ 40.531165] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 40.536165] ? prepare_exit_to_usermode+0x291/0x3b0 [ 40.541166] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.545999] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.551175] RIP: 0033:0x440139 [ 40.554354] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.573239] RSP: 002b:00007fffe6ce4e78 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 40.580932] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440139 [ 40.588182] RDX: 0000000020000180 RSI: 0000000020000140 RDI: 0000000020000040 [ 40.595434] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000 [ 40.602686] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019c0 [ 40.609938] R13: 0000000000401a50 R14: 0000000000000000 R15: 0000000000000000 [ 40.617198] [ 40.618806] Allocated by task 5501: [ 40.622421] save_stack+0x43/0xd0 [ 40.625853] kasan_kmalloc+0xc7/0xe0 [ 40.629552] __kmalloc+0x14e/0x760 [ 40.633080] fscache_alloc_cookie+0x6f7/0x880 [ 40.637561] __fscache_acquire_cookie+0x230/0xb60 [ 40.642388] nfs_fscache_get_client_cookie+0x463/0x600 [ 40.647649] nfs_alloc_client+0x563/0x760 [ 40.651780] nfs_get_client+0x8e8/0x14d0 [ 40.655821] nfs_init_server+0x357/0x1010 [ 40.659949] nfs_create_server+0x86/0x5f0 [ 40.664081] nfs_try_mount+0x180/0xa80 [ 40.667951] nfs_fs_mount+0x17f8/0x2f1c [ 40.671909] mount_fs+0xae/0x31d [ 40.675259] vfs_kern_mount.part.35+0xdc/0x4f0 [ 40.679821] do_mount+0x581/0x31f0 [ 40.683343] ksys_mount+0x12d/0x140 [ 40.686951] __x64_sys_mount+0xbe/0x150 [ 40.690920] do_syscall_64+0x1b9/0x820 [ 40.694802] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.699969] [ 40.701584] Freed by task 3399: [ 40.704845] save_stack+0x43/0xd0 [ 40.708276] __kasan_slab_free+0x102/0x150 [ 40.712500] kasan_slab_free+0xe/0x10 [ 40.716282] kfree+0xcf/0x230 [ 40.719368] selinux_cred_free+0x51/0x80 [ 40.723412] security_cred_free+0x4a/0x80 [ 40.727544] put_cred_rcu+0x265/0x780 [ 40.731330] rcu_process_callbacks+0xf23/0x2670 [ 40.735981] __do_softirq+0x30b/0xad8 [ 40.739755] [ 40.741382] The buggy address belongs to the object at ffff8801c7980c40 [ 40.741382] which belongs to the cache kmalloc-32 of size 32 [ 40.753852] The buggy address is located 20 bytes inside of [ 40.753852] 32-byte region [ffff8801c7980c40, ffff8801c7980c60) [ 40.765535] The buggy address belongs to the page: [ 40.770451] page:ffffea00071e6000 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801c7980fc1 [ 40.779878] flags: 0x2fffc0000000100(slab) [ 40.784102] raw: 02fffc0000000100 ffffea0006f2a8c8 ffffea0007058288 ffff8801da8001c0 [ 40.791971] raw: ffff8801c7980fc1 ffff8801c7980000 000000010000003e 0000000000000000 [ 40.799831] page dumped because: kasan: bad access detected [ 40.805533] [ 40.807140] Memory state around the buggy address: [ 40.812068] ffff8801c7980b00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 40.819407] ffff8801c7980b80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 40.826746] >ffff8801c7980c00: fb fb fb fb fc fc fc fc 00 00 06 fc fc fc fc fc [ 40.834083] ^ [ 40.840051] ffff8801c7980c80: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc [ 40.847395] ffff8801c7980d00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 40.854733] ================================================================== [ 40.862072] Disabling lock debugging due to kernel taint [ 40.874145] Kernel panic - not syncing: panic_on_warn set ... [ 40.874145] [ 40.881541] CPU: 0 PID: 5501 Comm: syz-executor518 Tainted: G B 4.19.0-rc7+ #61 [ 40.890288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.899623] Call Trace: [ 40.902199] dump_stack+0x1c4/0x2b4 [ 40.905812] ? dump_stack_print_info.cold.2+0x52/0x52 [ 40.910987] panic+0x238/0x4e7 [ 40.914158] ? add_taint.cold.5+0x16/0x16 [ 40.918291] ? preempt_schedule+0x4d/0x60 [ 40.922425] ? ___preempt_schedule+0x16/0x18 [ 40.926814] ? trace_hardirqs_on+0xb4/0x310 [ 40.931205] kasan_end_report+0x47/0x4f [ 40.935159] kasan_report.cold.9+0x76/0x309 [ 40.939461] ? fscache_alloc_cookie+0x7ad/0x880 [ 40.944110] __asan_report_load4_noabort+0x14/0x20 [ 40.949018] fscache_alloc_cookie+0x7ad/0x880 [ 40.953503] ? fscache_cookie_init_once+0x80/0x80 [ 40.958330] ? rpcauth_cache_shrink_scan+0x180/0x180 [ 40.963418] ? __kmalloc_track_caller+0x14a/0x750 [ 40.968242] ? kstrdup+0x39/0x70 [ 40.971590] ? nfs_alloc_client+0x383/0x760 [ 40.975893] ? nfs_get_client+0x8e8/0x14d0 [ 40.980105] ? nfs_init_server+0x357/0x1010 [ 40.984406] ? nfs_create_server+0x86/0x5f0 [ 40.988713] ? nfs_fs_mount+0x17f8/0x2f1c [ 40.992844] ? mount_fs+0xae/0x31d [ 40.996395] ? vfs_kern_mount.part.35+0xdc/0x4f0 [ 41.001130] ? do_mount+0x581/0x31f0 [ 41.004822] ? ksys_mount+0x12d/0x140 [ 41.008601] ? __x64_sys_mount+0xbe/0x150 [ 41.012734] ? do_syscall_64+0x1b9/0x820 [ 41.016783] __fscache_acquire_cookie+0x230/0xb60 [ 41.021612] ? fscache_cookie_put+0x880/0x880 [ 41.026092] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.031615] ? check_preemption_disabled+0x48/0x200 [ 41.036625] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 41.042141] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 41.047400] ? rcu_pm_notify+0xc0/0xc0 [ 41.051279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.056800] nfs_fscache_get_client_cookie+0x463/0x600 [ 41.062063] ? nfs_readpage_from_fscache_complete+0x200/0x200 [ 41.067933] nfs_alloc_client+0x563/0x760 [ 41.072063] ? register_nfs_version+0x280/0x280 [ 41.076720] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.081286] nfs_get_client+0x8e8/0x14d0 [ 41.085329] ? kmem_cache_alloc_trace+0x152/0x750 [ 41.090152] ? mount_fs+0xae/0x31d [ 41.093684] ? nfs_put_client+0x30/0x30 [ 41.097641] ? nfs_alloc_server+0x5ca/0x730 [ 41.101944] ? depot_save_stack+0x292/0x470 [ 41.106245] ? nfs_wait_client_init_complete+0x210/0x210 [ 41.111680] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.117214] ? check_preemption_disabled+0x48/0x200 [ 41.122225] ? check_preemption_disabled+0x48/0x200 [ 41.127235] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 41.132408] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 41.137407] nfs_init_server+0x357/0x1010 [ 41.141541] ? nfs_clone_server+0x920/0x920 [ 41.145856] ? nfs_alloc_fattr+0x48/0x1d0 [ 41.149985] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.154988] nfs_create_server+0x86/0x5f0 [ 41.159117] nfs_try_mount+0x180/0xa80 [ 41.162993] ? lock_downgrade+0x900/0x900 [ 41.167123] ? nfs_request_mount.constprop.18+0x920/0x920 [ 41.172655] ? kasan_check_read+0x11/0x20 [ 41.176786] ? do_raw_spin_unlock+0xa7/0x2f0 [ 41.181177] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 41.185738] ? kasan_check_write+0x14/0x20 [ 41.189950] ? do_raw_spin_lock+0xc1/0x200 [ 41.194170] ? _raw_spin_unlock+0x2c/0x50 [ 41.198299] ? find_nfs_version+0x138/0x190 [ 41.202602] nfs_fs_mount+0x17f8/0x2f1c [ 41.206566] ? nfs_show_options+0x250/0x250 [ 41.210869] ? nfs_clone_super+0x420/0x420 [ 41.215084] ? nfs_parse_mount_options+0x2660/0x2660 [ 41.220166] ? lock_downgrade+0x900/0x900 [ 41.224299] mount_fs+0xae/0x31d [ 41.227652] vfs_kern_mount.part.35+0xdc/0x4f0 [ 41.232216] ? may_umount+0xb0/0xb0 [ 41.235823] ? _raw_read_unlock+0x2c/0x50 [ 41.239949] ? __get_fs_type+0x97/0xc0 [ 41.243822] do_mount+0x581/0x31f0 [ 41.247347] ? copy_mount_string+0x40/0x40 [ 41.251567] ? copy_mount_options+0x5f/0x380 [ 41.255959] ? rcu_read_lock_sched_held+0x108/0x120 [ 41.260958] ? kmem_cache_alloc_trace+0x353/0x750 [ 41.265784] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.271306] ? _copy_from_user+0xdf/0x150 [ 41.275436] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.280955] ? copy_mount_options+0x288/0x380 [ 41.285432] ksys_mount+0x12d/0x140 [ 41.289042] __x64_sys_mount+0xbe/0x150 [ 41.293001] do_syscall_64+0x1b9/0x820 [ 41.296870] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.302217] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.307125] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.311949] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.316946] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.321942] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.326937] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.331764] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.336933] RIP: 0033:0x440139 [ 41.340109] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 41.358992] RSP: 002b:00007fffe6ce4e78 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 41.366682] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000440139 [ 41.373934] RDX: 0000000020000180 RSI: 0000000020000140 RDI: 0000000020000040 [ 41.381212] RBP: 00000000006ca018 R08: 000000002000a000 R09: 0000000000000000 [ 41.388459] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000004019c0 [ 41.395707] R13: 0000000000401a50 R14: 0000000000000000 R15: 0000000000000000 [ 41.403750] Kernel Offset: disabled [ 41.407372] Rebooting in 86400 seconds..