[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   25.362600] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   26.538733] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.871060] random: sshd: uninitialized urandom read (32 bytes read)
[   27.467160] random: sshd: uninitialized urandom read (32 bytes read)
[   27.673473] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts.
[   33.412602] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   33.538645] ==================================================================
[   33.546145] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7ad/0x880
[   33.553502] Read of size 4 at addr ffff8801d7aad2d4 by task syz-executor315/5347
[   33.561030] 
[   33.562647] CPU: 0 PID: 5347 Comm: syz-executor315 Not tainted 4.19.0-rc2+ #130
[   33.570075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.579412] Call Trace:
[   33.581985]  dump_stack+0x1c4/0x2b4
[   33.585599]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.590772]  ? printk+0xa7/0xcf
[   33.594037]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   33.598784]  print_address_description.cold.8+0x9/0x1ff
[   33.604132]  kasan_report.cold.9+0x242/0x309
[   33.608526]  ? fscache_alloc_cookie+0x7ad/0x880
[   33.613182]  __asan_report_load4_noabort+0x14/0x20
[   33.618101]  fscache_alloc_cookie+0x7ad/0x880
[   33.622585]  ? fscache_cookie_init_once+0x80/0x80
[   33.627416]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   33.632513]  ? __kmalloc_track_caller+0x14a/0x750
[   33.637342]  ? kstrdup+0x39/0x70
[   33.640721]  ? nfs_alloc_client+0x383/0x760
[   33.645027]  ? nfs_get_client+0x8e8/0x14d0
[   33.649267]  ? nfs_init_server+0x357/0x1010
[   33.653572]  ? nfs_create_server+0x86/0x5f0
[   33.657880]  ? nfs_fs_mount+0x17f8/0x2f1c
[   33.662012]  ? mount_fs+0xae/0x31d
[   33.665539]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   33.670278]  ? do_mount+0x581/0x31f0
[   33.673977]  ? __ia32_compat_sys_mount+0x5d5/0x860
[   33.678892]  ? do_fast_syscall_32+0x34d/0xfb2
[   33.683373]  ? entry_SYSENTER_compat+0x70/0x7f
[   33.687943]  __fscache_acquire_cookie+0x230/0xb60
[   33.692790]  ? fscache_cookie_put+0x880/0x880
[   33.697278]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.702800]  ? check_preemption_disabled+0x48/0x200
[   33.707807]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   33.713330]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   33.718592]  ? rcu_pm_notify+0xc0/0xc0
[   33.722465]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.727995]  nfs_fscache_get_client_cookie+0x463/0x600
[   33.733258]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   33.739136]  nfs_alloc_client+0x563/0x760
[   33.743269]  ? register_nfs_version+0x280/0x280
[   33.747930]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   33.752504]  nfs_get_client+0x8e8/0x14d0
[   33.756576]  ? kmem_cache_alloc_trace+0x152/0x750
[   33.761420]  ? mount_fs+0xae/0x31d
[   33.764945]  ? __lockdep_init_map+0x105/0x590
[   33.769429]  ? nfs_put_client+0x30/0x30
[   33.773388]  ? nfs_alloc_server+0x5ca/0x730
[   33.777707]  ? depot_save_stack+0x292/0x470
[   33.782018]  ? nfs_wait_client_init_complete+0x210/0x210
[   33.787457]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.792979]  ? check_preemption_disabled+0x48/0x200
[   33.797978]  ? check_preemption_disabled+0x48/0x200
[   33.802981]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   33.808157]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   33.813179]  nfs_init_server+0x357/0x1010
[   33.817318]  ? nfs_clone_server+0x920/0x920
[   33.821626]  ? nfs_alloc_fattr+0x48/0x1d0
[   33.825762]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.830769]  nfs_create_server+0x86/0x5f0
[   33.834903]  nfs_try_mount+0x180/0xa80
[   33.838798]  ? lock_downgrade+0x900/0x900
[   33.842935]  ? nfs_request_mount.constprop.18+0x920/0x920
[   33.848471]  ? kasan_check_read+0x11/0x20
[   33.852621]  ? do_raw_spin_unlock+0xa7/0x2f0
[   33.857039]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   33.861609]  ? kasan_check_write+0x14/0x20
[   33.865831]  ? do_raw_spin_lock+0xc1/0x200
[   33.870054]  ? _raw_spin_unlock+0x2c/0x50
[   33.874187]  ? find_nfs_version+0x138/0x190
[   33.878511]  nfs_fs_mount+0x17f8/0x2f1c
[   33.882473]  ? nfs_show_options+0x250/0x250
[   33.886796]  ? nfs_clone_super+0x420/0x420
[   33.891030]  ? nfs_parse_mount_options+0x2660/0x2660
[   33.891048]  ? lock_downgrade+0x900/0x900
[   33.891072]  mount_fs+0xae/0x31d
[   33.903802]  vfs_kern_mount.part.35+0xdc/0x4f0
[   33.908400]  ? may_umount+0xb0/0xb0
[   33.912037]  ? _raw_read_unlock+0x2c/0x50
[   33.916194]  ? __get_fs_type+0x97/0xc0
[   33.920085]  do_mount+0x581/0x31f0
[   33.923620]  ? copy_mount_string+0x40/0x40
[   33.927849]  ? copy_mount_options+0x5f/0x380
[   33.932244]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.937258]  ? kmem_cache_alloc_trace+0x353/0x750
[   33.942101]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   33.947633]  ? _copy_from_user+0xdf/0x150
[   33.951770]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.957293]  ? copy_mount_options+0x288/0x380
[   33.961784]  __ia32_compat_sys_mount+0x5d5/0x860
[   33.966544]  do_fast_syscall_32+0x34d/0xfb2
[   33.970856]  ? do_int80_syscall_32+0x890/0x890
[   33.975433]  ? entry_SYSENTER_compat+0x68/0x7f
[   33.980014]  ? trace_hardirqs_off_caller+0xbb/0x310
[   33.985028]  ? syscall_return_slowpath+0x5e0/0x5e0
[   33.989955]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.994782]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.999610]  ? trace_hardirqs_on_caller+0x310/0x310
[   34.004612]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   34.009616]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.015139]  ? prepare_exit_to_usermode+0x291/0x3b0
[   34.020143]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.025006]  entry_SYSENTER_compat+0x70/0x7f
[   34.029399] RIP: 0023:0xf7f75ca9
[   34.032779] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   34.051665] RSP: 002b:00000000ff87741c EFLAGS: 00000282 ORIG_RAX: 0000000000000015
[   34.059368] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000020343ff8
[   34.066623] RDX: 000000002015bffc RSI: 0000000000000000 RDI: 000000002000a000
[   34.073876] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   34.081168] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   34.088438] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   34.095742] 
[   34.097369] Allocated by task 5347:
[   34.100997]  save_stack+0x43/0xd0
[   34.104432]  kasan_kmalloc+0xc7/0xe0
[   34.108129]  __kmalloc+0x14e/0x760
[   34.111654]  fscache_alloc_cookie+0x6f7/0x880
[   34.116136]  __fscache_acquire_cookie+0x230/0xb60
[   34.120964]  nfs_fscache_get_client_cookie+0x463/0x600
[   34.126243]  nfs_alloc_client+0x563/0x760
[   34.130383]  nfs_get_client+0x8e8/0x14d0
[   34.134447]  nfs_init_server+0x357/0x1010
[   34.138577]  nfs_create_server+0x86/0x5f0
[   34.142715]  nfs_try_mount+0x180/0xa80
[   34.146872]  nfs_fs_mount+0x17f8/0x2f1c
[   34.150829]  mount_fs+0xae/0x31d
[   34.154194]  vfs_kern_mount.part.35+0xdc/0x4f0
[   34.158772]  do_mount+0x581/0x31f0
[   34.162298]  __ia32_compat_sys_mount+0x5d5/0x860
[   34.167059]  do_fast_syscall_32+0x34d/0xfb2
[   34.171378]  entry_SYSENTER_compat+0x70/0x7f
[   34.175765] 
[   34.177376] Freed by task 1:
[   34.180378]  save_stack+0x43/0xd0
[   34.183816]  __kasan_slab_free+0x102/0x150
[   34.188032]  kasan_slab_free+0xe/0x10
[   34.191818]  kfree+0xcf/0x230
[   34.194906]  acpi_ns_get_node_unlocked+0x2b9/0x309
[   34.199819]  acpi_ns_get_node+0x4d/0x6b
[   34.203775]  acpi_get_handle+0x15b/0x263
[   34.207823]  acpi_has_method+0x70/0xb0
[   34.211741]  acpi_bus_check_add+0x6a9/0xb10
[   34.216053]  acpi_ns_walk_namespace+0x224/0x400
[   34.220712]  acpi_walk_namespace+0xf2/0x12c
[   34.225013]  acpi_bus_scan+0x146/0x170
[   34.228886]  acpi_scan_init+0x403/0x8fe
[   34.232855]  acpi_init+0x941/0xa19
[   34.236380]  do_one_initcall+0x145/0x957
[   34.240426]  kernel_init_freeable+0x4bb/0x5ae
[   34.244906]  kernel_init+0x11/0x1b2
[   34.248516]  ret_from_fork+0x3a/0x50
[   34.252207] 
[   34.253816] The buggy address belongs to the object at ffff8801d7aad2c0
[   34.253816]  which belongs to the cache kmalloc-32 of size 32
[   34.266285] The buggy address is located 20 bytes inside of
[   34.266285]  32-byte region [ffff8801d7aad2c0, ffff8801d7aad2e0)
[   34.277983] The buggy address belongs to the page:
[   34.282909] page:ffffea00075eab40 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801d7aadfc1
[   34.292341] flags: 0x2fffc0000000100(slab)
[   34.296562] raw: 02fffc0000000100 ffff8801da801238 ffffea00075ead48 ffff8801da8001c0
[   34.304426] raw: ffff8801d7aadfc1 ffff8801d7aad000 0000000100000027 0000000000000000
[   34.312283] page dumped because: kasan: bad access detected
[   34.318010] 
[   34.319647] Memory state around the buggy address:
[   34.324706]  ffff8801d7aad180: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   34.332049]  ffff8801d7aad200: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   34.339392] >ffff8801d7aad280: fb fb fb fb fc fc fc fc 00 00 06 fc fc fc fc fc
[   34.346744]                                                  ^
[   34.352717]  ffff8801d7aad300: 01 fc fc fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   34.360057]  ffff8801d7aad380: 01 fc fc fc fc fc fc fc 01 fc fc fc fc fc fc fc
[   34.367396] ==================================================================
[   34.374746] Disabling lock debugging due to kernel taint
[   34.380418] Kernel panic - not syncing: panic_on_warn set ...
[   34.380418] 
[   34.387817] CPU: 0 PID: 5347 Comm: syz-executor315 Tainted: G    B             4.19.0-rc2+ #130
[   34.396643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.405979] Call Trace:
[   34.408567]  dump_stack+0x1c4/0x2b4
[   34.412192]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.417383]  panic+0x238/0x4e7
[   34.420561]  ? add_taint.cold.5+0x16/0x16
[   34.424707]  ? preempt_schedule+0x4d/0x60
[   34.428858]  ? ___preempt_schedule+0x16/0x18
[   34.433251]  ? trace_hardirqs_on+0xb4/0x310
[   34.437559]  kasan_end_report+0x47/0x4f
[   34.441514]  kasan_report.cold.9+0x76/0x309
[   34.445825]  ? fscache_alloc_cookie+0x7ad/0x880
[   34.450478]  __asan_report_load4_noabort+0x14/0x20
[   34.455389]  fscache_alloc_cookie+0x7ad/0x880
[   34.459881]  ? fscache_cookie_init_once+0x80/0x80
[   34.464723]  ? rpcauth_cache_shrink_scan+0x180/0x180
[   34.469813]  ? __kmalloc_track_caller+0x14a/0x750
[   34.474638]  ? kstrdup+0x39/0x70
[   34.478003]  ? nfs_alloc_client+0x383/0x760
[   34.482305]  ? nfs_get_client+0x8e8/0x14d0
[   34.486520]  ? nfs_init_server+0x357/0x1010
[   34.490855]  ? nfs_create_server+0x86/0x5f0
[   34.495156]  ? nfs_fs_mount+0x17f8/0x2f1c
[   34.499310]  ? mount_fs+0xae/0x31d
[   34.502851]  ? vfs_kern_mount.part.35+0xdc/0x4f0
[   34.507586]  ? do_mount+0x581/0x31f0
[   34.511284]  ? __ia32_compat_sys_mount+0x5d5/0x860
[   34.516195]  ? do_fast_syscall_32+0x34d/0xfb2
[   34.520696]  ? entry_SYSENTER_compat+0x70/0x7f
[   34.525268]  __fscache_acquire_cookie+0x230/0xb60
[   34.530098]  ? fscache_cookie_put+0x880/0x880
[   34.534576]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.540097]  ? check_preemption_disabled+0x48/0x200
[   34.545099]  ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0
[   34.550626]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[   34.555903]  ? rcu_pm_notify+0xc0/0xc0
[   34.559827]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.565349]  nfs_fscache_get_client_cookie+0x463/0x600
[   34.570620]  ? nfs_readpage_from_fscache_complete+0x200/0x200
[   34.576490]  nfs_alloc_client+0x563/0x760
[   34.580640]  ? register_nfs_version+0x280/0x280
[   34.585309]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.589879]  nfs_get_client+0x8e8/0x14d0
[   34.593924]  ? kmem_cache_alloc_trace+0x152/0x750
[   34.598793]  ? mount_fs+0xae/0x31d
[   34.602321]  ? __lockdep_init_map+0x105/0x590
[   34.606802]  ? nfs_put_client+0x30/0x30
[   34.610758]  ? nfs_alloc_server+0x5ca/0x730
[   34.615080]  ? depot_save_stack+0x292/0x470
[   34.619386]  ? nfs_wait_client_init_complete+0x210/0x210
[   34.624836]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.630356]  ? check_preemption_disabled+0x48/0x200
[   34.635353]  ? check_preemption_disabled+0x48/0x200
[   34.640354]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   34.645534]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   34.650534]  nfs_init_server+0x357/0x1010
[   34.654667]  ? nfs_clone_server+0x920/0x920
[   34.658980]  ? nfs_alloc_fattr+0x48/0x1d0
[   34.663111]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.668116]  nfs_create_server+0x86/0x5f0
[   34.672250]  nfs_try_mount+0x180/0xa80
[   34.676125]  ? lock_downgrade+0x900/0x900
[   34.680254]  ? nfs_request_mount.constprop.18+0x920/0x920
[   34.685776]  ? kasan_check_read+0x11/0x20
[   34.689906]  ? do_raw_spin_unlock+0xa7/0x2f0
[   34.694297]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   34.698862]  ? kasan_check_write+0x14/0x20
[   34.703078]  ? do_raw_spin_lock+0xc1/0x200
[   34.707301]  ? _raw_spin_unlock+0x2c/0x50
[   34.711435]  ? find_nfs_version+0x138/0x190
[   34.715753]  nfs_fs_mount+0x17f8/0x2f1c
[   34.719729]  ? nfs_show_options+0x250/0x250
[   34.724034]  ? nfs_clone_super+0x420/0x420
[   34.728249]  ? nfs_parse_mount_options+0x2660/0x2660
[   34.733335]  ? lock_downgrade+0x900/0x900
[   34.737470]  mount_fs+0xae/0x31d
[   34.740842]  vfs_kern_mount.part.35+0xdc/0x4f0
[   34.745417]  ? may_umount+0xb0/0xb0
[   34.749040]  ? _raw_read_unlock+0x2c/0x50
[   34.753169]  ? __get_fs_type+0x97/0xc0
[   34.757038]  do_mount+0x581/0x31f0
[   34.760562]  ? copy_mount_string+0x40/0x40
[   34.764783]  ? copy_mount_options+0x5f/0x380
[   34.769192]  ? rcu_read_lock_sched_held+0x108/0x120
[   34.774194]  ? kmem_cache_alloc_trace+0x353/0x750
[   34.779030]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.784548]  ? _copy_from_user+0xdf/0x150
[   34.788680]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.794211]  ? copy_mount_options+0x288/0x380
[   34.798705]  __ia32_compat_sys_mount+0x5d5/0x860
[   34.803449]  do_fast_syscall_32+0x34d/0xfb2
[   34.807765]  ? do_int80_syscall_32+0x890/0x890
[   34.812330]  ? entry_SYSENTER_compat+0x68/0x7f
[   34.816916]  ? trace_hardirqs_off_caller+0xbb/0x310
[   34.821917]  ? syscall_return_slowpath+0x5e0/0x5e0
[   34.826831]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.831687]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.836526]  ? trace_hardirqs_on_caller+0x310/0x310
[   34.841524]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   34.846523]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.852042]  ? prepare_exit_to_usermode+0x291/0x3b0
[   34.857042]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.861872]  entry_SYSENTER_compat+0x70/0x7f
[   34.866264] RIP: 0023:0xf7f75ca9
[   34.869614] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   34.888499] RSP: 002b:00000000ff87741c EFLAGS: 00000282 ORIG_RAX: 0000000000000015
[   34.896189] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000020343ff8
[   34.903458] RDX: 000000002015bffc RSI: 0000000000000000 RDI: 000000002000a000
[   34.910716] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   34.917969] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   34.925218] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   34.932892] Dumping ftrace buffer:
[   34.936419]    (ftrace buffer empty)
[   34.940733] Kernel Offset: disabled
[   34.944354] Rebooting in 86400 seconds..