[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.923837] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   21.079077] random: sshd: uninitialized urandom read (32 bytes read)
[   21.475103] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.225150] random: sshd: uninitialized urandom read (32 bytes read)
[   22.386088] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts.
[   27.919716] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   28.034522] ==================================================================
[   28.042011] BUG: KASAN: slab-out-of-bounds in strlen+0x83/0xa0
[   28.047986] Read of size 1 at addr ffff8801d91937d8 by task syz-executor934/4547
[   28.055512] 
[   28.057132] CPU: 0 PID: 4547 Comm: syz-executor934 Not tainted 4.17.0-rc3+ #25
[   28.064474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.073814] Call Trace:
[   28.076396]  dump_stack+0x1b9/0x294
[   28.080014]  ? dump_stack_print_info.cold.2+0x52/0x52
[   28.085209]  ? printk+0x9e/0xba
[   28.088470]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   28.093212]  ? kasan_check_write+0x14/0x20
[   28.097435]  print_address_description+0x6c/0x20b
[   28.102265]  ? strlen+0x83/0xa0
[   28.105534]  kasan_report.cold.7+0x242/0x2fe
[   28.109931]  __asan_report_load1_noabort+0x14/0x20
[   28.114842]  strlen+0x83/0xa0
[   28.117934]  getname_kernel+0x24/0x370
[   28.121810]  kern_path_mountpoint+0x23/0x40
[   28.126127]  find_autofs_mount.isra.5+0x8c/0x2b0
[   28.130876]  ? autofs_dev_ioctl_protosubver+0x80/0x80
[   28.136064]  ? autofs_dev_ioctl_compat+0x30/0x30
[   28.140816]  ? retint_kernel+0x10/0x10
[   28.144714]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.149729]  autofs_dev_ioctl_openmount+0x183/0x340
[   28.154755]  ? autofs_dev_ioctl_requester+0x5a0/0x5a0
[   28.159934]  ? autofs_dev_ioctl_requester+0x5a0/0x5a0
[   28.165124]  ? _autofs_dev_ioctl+0x387/0x890
[   28.169524]  ? autofs_dev_ioctl_requester+0x5a0/0x5a0
[   28.174704]  _autofs_dev_ioctl+0x67a/0x890
[   28.179036]  ? autofs_dev_ioctl_closemount+0x90/0x90
[   28.184133]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.188878]  ? _autofs_dev_ioctl+0x890/0x890
[   28.193274]  autofs_dev_ioctl+0x1b/0x30
[   28.197239]  do_vfs_ioctl+0x1cf/0x16a0
[   28.201120]  ? rcu_pm_notify+0xc0/0xc0
[   28.204995]  ? ioctl_preallocate+0x2e0/0x2e0
[   28.209406]  ? fget_raw+0x20/0x20
[   28.212853]  ? kmem_cache_free+0x25c/0x2d0
[   28.217082]  ? putname+0xf7/0x130
[   28.220523]  ? do_sys_open+0x3c3/0x740
[   28.224400]  ? security_file_ioctl+0x94/0xc0
[   28.228801]  ksys_ioctl+0xa9/0xd0
[   28.232247]  __x64_sys_ioctl+0x73/0xb0
[   28.236134]  do_syscall_64+0x1b1/0x800
[   28.240014]  ? syscall_return_slowpath+0x5c0/0x5c0
[   28.244967]  ? syscall_return_slowpath+0x30f/0x5c0
[   28.249891]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   28.255250]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.260091]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   28.265275] RIP: 0033:0x43fe09
[   28.268451] RSP: 002b:00007ffc2e327e78 EFLAGS: 00000217 ORIG_RAX: 0000000000000010
[   28.276148] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe09
[   28.283416] RDX: 0000000020000040 RSI: 8000000000009374 RDI: 0000000000000004
[   28.290672] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   28.297937] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401730
[   28.305195] R13: 00000000004017c0 R14: 0000000000000000 R15: 0000000000000000
[   28.312457] 
[   28.314068] Allocated by task 4547:
[   28.317690]  save_stack+0x43/0xd0
[   28.321144]  kasan_kmalloc+0xc4/0xe0
[   28.324862]  __kmalloc_track_caller+0x14a/0x760
[   28.329518]  memdup_user+0x2c/0xa0
[   28.333053]  _autofs_dev_ioctl+0x1a8/0x890
[   28.337281]  autofs_dev_ioctl+0x1b/0x30
[   28.341255]  do_vfs_ioctl+0x1cf/0x16a0
[   28.345138]  ksys_ioctl+0xa9/0xd0
[   28.348582]  __x64_sys_ioctl+0x73/0xb0
[   28.352473]  do_syscall_64+0x1b1/0x800
[   28.356350]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   28.361518] 
[   28.363147] Freed by task 2860:
[   28.366522]  save_stack+0x43/0xd0
[   28.369966]  __kasan_slab_free+0x11a/0x170
[   28.374185]  kasan_slab_free+0xe/0x10
[   28.377969]  kfree+0xd9/0x260
[   28.381073]  single_release+0x8f/0xb0
[   28.384860]  __fput+0x34d/0x890
[   28.388122]  ____fput+0x15/0x20
[   28.391389]  task_work_run+0x1e4/0x290
[   28.395261]  exit_to_usermode_loop+0x2bd/0x310
[   28.399825]  do_syscall_64+0x6ac/0x800
[   28.403697]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   28.408866] 
[   28.410476] The buggy address belongs to the object at ffff8801d91937c0
[   28.410476]  which belongs to the cache kmalloc-32 of size 32
[   28.422941] The buggy address is located 24 bytes inside of
[   28.422941]  32-byte region [ffff8801d91937c0, ffff8801d91937e0)
[   28.434623] The buggy address belongs to the page:
[   28.439556] page:ffffea00076464c0 count:1 mapcount:0 mapping:ffff8801d9193000 index:0xffff8801d9193fc1
[   28.448996] flags: 0x2fffc0000000100(slab)
[   28.453226] raw: 02fffc0000000100 ffff8801d9193000 ffff8801d9193fc1 0000000100000016
[   28.461108] raw: ffffea0007646060 ffffea00076449a0 ffff8801da8001c0 0000000000000000
[   28.468972] page dumped because: kasan: bad access detected
[   28.474664] 
[   28.476272] Memory state around the buggy address:
[   28.481205]  ffff8801d9193680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   28.489160]  ffff8801d9193700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   28.496504] >ffff8801d9193780: fb fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   28.503852]                                                     ^
[   28.510072]  ffff8801d9193800: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   28.517418]  ffff8801d9193880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   28.524765] ==================================================================
[   28.532111] Disabling lock debugging due to kernel taint
[   28.538091] Kernel panic - not syncing: panic_on_warn set ...
[   28.538091] 
[   28.545467] CPU: 0 PID: 4547 Comm: syz-executor934 Tainted: G    B             4.17.0-rc3+ #25
[   28.554209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.563542] Call Trace:
[   28.566131]  dump_stack+0x1b9/0x294
[   28.569749]  ? dump_stack_print_info.cold.2+0x52/0x52
[   28.574924]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.579661]  ? strlen+0x20/0xa0
[   28.582920]  panic+0x22f/0x4de
[   28.586099]  ? add_taint.cold.5+0x16/0x16
[   28.590248]  ? do_raw_spin_unlock+0x9e/0x2e0
[   28.594640]  ? do_raw_spin_unlock+0x9e/0x2e0
[   28.599033]  ? strlen+0x83/0xa0
[   28.602296]  kasan_end_report+0x47/0x4f
[   28.606252]  kasan_report.cold.7+0x76/0x2fe
[   28.610558]  __asan_report_load1_noabort+0x14/0x20
[   28.615475]  strlen+0x83/0xa0
[   28.618571]  getname_kernel+0x24/0x370
[   28.622446]  kern_path_mountpoint+0x23/0x40
[   28.626755]  find_autofs_mount.isra.5+0x8c/0x2b0
[   28.631498]  ? autofs_dev_ioctl_protosubver+0x80/0x80
[   28.636675]  ? autofs_dev_ioctl_compat+0x30/0x30
[   28.641420]  ? retint_kernel+0x10/0x10
[   28.645295]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.650303]  autofs_dev_ioctl_openmount+0x183/0x340
[   28.655308]  ? autofs_dev_ioctl_requester+0x5a0/0x5a0
[   28.660501]  ? autofs_dev_ioctl_requester+0x5a0/0x5a0
[   28.665674]  ? _autofs_dev_ioctl+0x387/0x890
[   28.670074]  ? autofs_dev_ioctl_requester+0x5a0/0x5a0
[   28.675258]  _autofs_dev_ioctl+0x67a/0x890
[   28.679481]  ? autofs_dev_ioctl_closemount+0x90/0x90
[   28.684575]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.689312]  ? _autofs_dev_ioctl+0x890/0x890
[   28.693703]  autofs_dev_ioctl+0x1b/0x30
[   28.697664]  do_vfs_ioctl+0x1cf/0x16a0
[   28.701533]  ? rcu_pm_notify+0xc0/0xc0
[   28.705402]  ? ioctl_preallocate+0x2e0/0x2e0
[   28.709795]  ? fget_raw+0x20/0x20
[   28.713231]  ? kmem_cache_free+0x25c/0x2d0
[   28.717443]  ? putname+0xf7/0x130
[   28.720878]  ? do_sys_open+0x3c3/0x740
[   28.724751]  ? security_file_ioctl+0x94/0xc0
[   28.729157]  ksys_ioctl+0xa9/0xd0
[   28.732598]  __x64_sys_ioctl+0x73/0xb0
[   28.736476]  do_syscall_64+0x1b1/0x800
[   28.740359]  ? syscall_return_slowpath+0x5c0/0x5c0
[   28.745277]  ? syscall_return_slowpath+0x30f/0x5c0
[   28.750198]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   28.755553]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.760387]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   28.765557] RIP: 0033:0x43fe09
[   28.768723] RSP: 002b:00007ffc2e327e78 EFLAGS: 00000217 ORIG_RAX: 0000000000000010
[   28.776413] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe09
[   28.783665] RDX: 0000000020000040 RSI: 8000000000009374 RDI: 0000000000000004
[   28.790915] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   28.798167] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401730
[   28.805419] R13: 00000000004017c0 R14: 0000000000000000 R15: 0000000000000000
[   28.813233] Dumping ftrace buffer:
[   28.816757]    (ftrace buffer empty)
[   28.820462] Kernel Offset: disabled
[   28.824071] Rebooting in 86400 seconds..