[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.427971] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   19.581887] random: sshd: uninitialized urandom read (32 bytes read)
[   19.891452] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.718980] random: sshd: uninitialized urandom read (32 bytes read)
[   20.869396] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts.
[   26.419605] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   26.513521] ==================================================================
[   26.520995] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7a9/0x880
[   26.528361] Read of size 4 at addr ffff8801cd68da24 by task syz-executor290/4563
[   26.535886] 
[   26.537515] CPU: 1 PID: 4563 Comm: syz-executor290 Not tainted 4.18.0-rc3+ #40
[   26.544862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.554197] Call Trace:
[   26.556775]  dump_stack+0x1c9/0x2b4
[   26.560389]  ? dump_stack_print_info.cold.2+0x52/0x52
[   26.565565]  ? printk+0xa7/0xcf
[   26.568838]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   26.573592]  ? fscache_alloc_cookie+0x7a9/0x880
[   26.578257]  print_address_description+0x6c/0x20b
[   26.583099]  ? fscache_alloc_cookie+0x7a9/0x880
[   26.587754]  kasan_report.cold.7+0x242/0x2fe
[   26.592158]  __asan_report_load4_noabort+0x14/0x20
[   26.597079]  fscache_alloc_cookie+0x7a9/0x880
[   26.601570]  ? fscache_cookie_init_once+0x80/0x80
[   26.606405]  ? lock_downgrade+0x8f0/0x8f0
[   26.610548]  ? radix_tree_delete_item+0x188/0x310
[   26.615377]  ? kasan_check_read+0x11/0x20
[   26.619507]  ? do_raw_spin_unlock+0xa7/0x2f0
[   26.623899]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   26.628469]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[   26.633562]  __fscache_acquire_cookie+0x230/0xb00
[   26.638400]  ? fscache_cookie_put+0x850/0x850
[   26.642882]  ? p9_client_attach+0x215/0x860
[   26.647190]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   26.652289]  ? debug_check_no_obj_freed+0x30b/0x595
[   26.657290]  ? p9_client_walk+0xab0/0xab0
[   26.661428]  ? trace_hardirqs_off+0xd/0x10
[   26.665652]  ? quarantine_put+0x10d/0x1b0
[   26.669795]  ? kfree+0x111/0x260
[   26.673159]  v9fs_cache_session_get_cookie+0xc4/0x270
[   26.678334]  v9fs_session_init+0x1013/0x1a80
[   26.682731]  ? v9fs_show_options+0x7e0/0x7e0
[   26.687126]  ? kasan_check_read+0x11/0x20
[   26.691255]  ? rcu_is_watching+0x8c/0x150
[   26.695392]  ? rcu_pm_notify+0xc0/0xc0
[   26.699264]  ? rcu_pm_notify+0xc0/0xc0
[   26.703151]  ? v9fs_mount+0x61/0x900
[   26.706850]  ? rcu_read_lock_sched_held+0x108/0x120
[   26.711865]  ? kmem_cache_alloc_trace+0x616/0x780
[   26.716702]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   26.722230]  v9fs_mount+0x7c/0x900
[   26.725761]  mount_fs+0xae/0x328
[   26.729123]  vfs_kern_mount.part.34+0xdc/0x4e0
[   26.733706]  ? may_umount+0xb0/0xb0
[   26.737318]  ? _raw_read_unlock+0x22/0x30
[   26.741459]  ? __get_fs_type+0x97/0xc0
[   26.745332]  do_mount+0x581/0x30e0
[   26.748868]  ? copy_mount_string+0x40/0x40
[   26.753102]  ? copy_mount_options+0x5f/0x380
[   26.757498]  ? rcu_read_lock_sched_held+0x108/0x120
[   26.762507]  ? kmem_cache_alloc_trace+0x616/0x780
[   26.767334]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   26.772855]  ? _copy_from_user+0xdf/0x150
[   26.776990]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   26.782584]  ? copy_mount_options+0x285/0x380
[   26.787066]  __ia32_compat_sys_mount+0x5d5/0x860
[   26.791822]  do_fast_syscall_32+0x34d/0xfb2
[   26.796136]  ? do_int80_syscall_32+0x890/0x890
[   26.800711]  ? do_syscall_64+0x497/0x820
[   26.804769]  ? syscall_return_slowpath+0x5e0/0x5e0
[   26.809744]  ? syscall_return_slowpath+0x31d/0x5e0
[   26.814672]  ? sysret32_from_system_call+0x5/0x46
[   26.819503]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.824332]  entry_SYSENTER_compat+0x70/0x7f
[   26.828729] RIP: 0023:0xf7ff7cb9
[   26.832084] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
[   26.851282] RSP: 002b:00000000ffb5269c EFLAGS: 00000286 ORIG_RAX: 0000000000000015
[   26.858987] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000000
[   26.866247] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000020000080
[   26.873501] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   26.880767] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   26.888030] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   26.895297] 
[   26.896907] Allocated by task 4563:
[   26.900522]  save_stack+0x43/0xd0
[   26.903959]  kasan_kmalloc+0xc4/0xe0
[   26.907654]  __kmalloc+0x14e/0x760
[   26.911180]  fscache_alloc_cookie+0x701/0x880
[   26.915671]  __fscache_acquire_cookie+0x230/0xb00
[   26.920510]  v9fs_cache_session_get_cookie+0xc4/0x270
[   26.925694]  v9fs_session_init+0x1013/0x1a80
[   26.930096]  v9fs_mount+0x7c/0x900
[   26.933616]  mount_fs+0xae/0x328
[   26.936962]  vfs_kern_mount.part.34+0xdc/0x4e0
[   26.941525]  do_mount+0x581/0x30e0
[   26.945058]  __ia32_compat_sys_mount+0x5d5/0x860
[   26.949806]  do_fast_syscall_32+0x34d/0xfb2
[   26.954112]  entry_SYSENTER_compat+0x70/0x7f
[   26.958493] 
[   26.960111] Freed by task 1:
[   26.963116]  save_stack+0x43/0xd0
[   26.966550]  __kasan_slab_free+0x11a/0x170
[   26.970771]  kasan_slab_free+0xe/0x10
[   26.974553]  kfree+0xd9/0x260
[   26.977643]  kobject_uevent_env+0x275/0x1110
[   26.982033]  kobject_uevent+0x1f/0x30
[   26.985829]  driver_register+0x27c/0x320
[   26.989875]  __hda_codec_driver_register+0x1a7/0x210
[   26.994965]  realtek_driver_init+0x1e/0x20
[   26.999195]  do_one_initcall+0x127/0x913
[   27.003237]  kernel_init_freeable+0x49b/0x58e
[   27.007724]  kernel_init+0x11/0x1b3
[   27.011337]  ret_from_fork+0x3a/0x50
[   27.015027] 
[   27.016650] The buggy address belongs to the object at ffff8801cd68da00
[   27.016650]  which belongs to the cache kmalloc-64 of size 64
[   27.029128] The buggy address is located 36 bytes inside of
[   27.029128]  64-byte region [ffff8801cd68da00, ffff8801cd68da40)
[   27.040830] The buggy address belongs to the page:
[   27.045752] page:ffffea000735a340 count:1 mapcount:0 mapping:ffff8801da800340 index:0x0
[   27.053890] flags: 0x2fffc0000000100(slab)
[   27.058113] raw: 02fffc0000000100 ffffea000739b688 ffffea0007383e08 ffff8801da800340
[   27.065982] raw: 0000000000000000 ffff8801cd68d000 0000000100000020 0000000000000000
[   27.073846] page dumped because: kasan: bad access detected
[   27.079536] 
[   27.081145] Memory state around the buggy address:
[   27.086073]  ffff8801cd68d900: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   27.093427]  ffff8801cd68d980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   27.100774] >ffff8801cd68da00: 00 00 00 00 05 fc fc fc fc fc fc fc fc fc fc fc
[   27.108116]                                ^
[   27.112510]  ffff8801cd68da80: 00 00 00 00 06 fc fc fc fc fc fc fc fc fc fc fc
[   27.119862]  ffff8801cd68db00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   27.127214] ==================================================================
[   27.134564] Disabling lock debugging due to kernel taint
[   27.140177] Kernel panic - not syncing: panic_on_warn set ...
[   27.140177] 
[   27.147550] CPU: 1 PID: 4563 Comm: syz-executor290 Tainted: G    B             4.18.0-rc3+ #40
[   27.156290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.165640] Call Trace:
[   27.168214]  dump_stack+0x1c9/0x2b4
[   27.171825]  ? dump_stack_print_info.cold.2+0x52/0x52
[   27.176997]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.181738]  panic+0x238/0x4e7
[   27.184912]  ? add_taint.cold.5+0x16/0x16
[   27.189044]  ? do_raw_spin_unlock+0xa7/0x2f0
[   27.193438]  ? fscache_alloc_cookie+0x7a9/0x880
[   27.198099]  kasan_end_report+0x47/0x4f
[   27.202065]  kasan_report.cold.7+0x76/0x2fe
[   27.206369]  __asan_report_load4_noabort+0x14/0x20
[   27.211283]  fscache_alloc_cookie+0x7a9/0x880
[   27.216123]  ? fscache_cookie_init_once+0x80/0x80
[   27.220967]  ? lock_downgrade+0x8f0/0x8f0
[   27.225099]  ? radix_tree_delete_item+0x188/0x310
[   27.229927]  ? kasan_check_read+0x11/0x20
[   27.234058]  ? do_raw_spin_unlock+0xa7/0x2f0
[   27.238453]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   27.243027]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[   27.248115]  __fscache_acquire_cookie+0x230/0xb00
[   27.252951]  ? fscache_cookie_put+0x850/0x850
[   27.257427]  ? p9_client_attach+0x215/0x860
[   27.261731]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   27.266823]  ? debug_check_no_obj_freed+0x30b/0x595
[   27.271818]  ? p9_client_walk+0xab0/0xab0
[   27.276820]  ? trace_hardirqs_off+0xd/0x10
[   27.281039]  ? quarantine_put+0x10d/0x1b0
[   27.285173]  ? kfree+0x111/0x260
[   27.288551]  v9fs_cache_session_get_cookie+0xc4/0x270
[   27.293731]  v9fs_session_init+0x1013/0x1a80
[   27.298133]  ? v9fs_show_options+0x7e0/0x7e0
[   27.302541]  ? kasan_check_read+0x11/0x20
[   27.306672]  ? rcu_is_watching+0x8c/0x150
[   27.310799]  ? rcu_pm_notify+0xc0/0xc0
[   27.314665]  ? rcu_pm_notify+0xc0/0xc0
[   27.318547]  ? v9fs_mount+0x61/0x900
[   27.322242]  ? rcu_read_lock_sched_held+0x108/0x120
[   27.327241]  ? kmem_cache_alloc_trace+0x616/0x780
[   27.332081]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   27.337599]  v9fs_mount+0x7c/0x900
[   27.341124]  mount_fs+0xae/0x328
[   27.344479]  vfs_kern_mount.part.34+0xdc/0x4e0
[   27.349043]  ? may_umount+0xb0/0xb0
[   27.352666]  ? _raw_read_unlock+0x22/0x30
[   27.356792]  ? __get_fs_type+0x97/0xc0
[   27.360661]  do_mount+0x581/0x30e0
[   27.364181]  ? copy_mount_string+0x40/0x40
[   27.368399]  ? copy_mount_options+0x5f/0x380
[   27.372789]  ? rcu_read_lock_sched_held+0x108/0x120
[   27.377812]  ? kmem_cache_alloc_trace+0x616/0x780
[   27.382653]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   27.388186]  ? _copy_from_user+0xdf/0x150
[   27.392317]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   27.397839]  ? copy_mount_options+0x285/0x380
[   27.402325]  __ia32_compat_sys_mount+0x5d5/0x860
[   27.407070]  do_fast_syscall_32+0x34d/0xfb2
[   27.411374]  ? do_int80_syscall_32+0x890/0x890
[   27.415946]  ? do_syscall_64+0x497/0x820
[   27.419993]  ? syscall_return_slowpath+0x5e0/0x5e0
[   27.424907]  ? syscall_return_slowpath+0x31d/0x5e0
[   27.429821]  ? sysret32_from_system_call+0x5/0x46
[   27.434655]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.439491]  entry_SYSENTER_compat+0x70/0x7f
[   27.443897] RIP: 0023:0xf7ff7cb9
[   27.447238] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
[   27.466393] RSP: 002b:00000000ffb5269c EFLAGS: 00000286 ORIG_RAX: 0000000000000015
[   27.474086] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020000000
[   27.481350] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000020000080
[   27.488621] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   27.496052] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   27.503314] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   27.511179] Dumping ftrace buffer:
[   27.514705]    (ftrace buffer empty)
[   27.518403] Kernel Offset: disabled
[   27.522019] Rebooting in 86400 seconds..