[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   12.314375] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.055602] random: sshd: uninitialized urandom read (32 bytes read)
[   21.387961] random: sshd: uninitialized urandom read (32 bytes read)
[   21.856047] random: sshd: uninitialized urandom read (32 bytes read)
[   23.120039] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts.
[   28.546925] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   28.624729] ==================================================================
[   28.632135] BUG: KASAN: slab-out-of-bounds in _autofs_dev_ioctl+0x687/0x690
[   28.639213] Read of size 4 at addr ffff8801b78a8948 by task syz-executor567/3799
[   28.646715] 
[   28.648317] CPU: 0 PID: 3799 Comm: syz-executor567 Not tainted 4.9.119-g9dc978d #23
[   28.656082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.665409]  ffff8801b6d5fba0 ffffffff81eb4be9 ffffea0006de2a00 ffff8801b78a8948
[   28.673400]  0000000000000000 ffff8801b78a8948 ffff8801b78a8948 ffff8801b6d5fbd8
[   28.681390]  ffffffff81567f89 ffff8801b78a8948 0000000000000004 0000000000000000
[   28.689378] Call Trace:
[   28.691941]  [<ffffffff81eb4be9>] dump_stack+0xc1/0x128
[   28.697285]  [<ffffffff81567f89>] print_address_description+0x6c/0x234
[   28.703928]  [<ffffffff81568393>] kasan_report.cold.6+0x242/0x2fe
[   28.710134]  [<ffffffff81905967>] ? _autofs_dev_ioctl+0x687/0x690
[   28.716338]  [<ffffffff81905bd0>] ? find_autofs_mount.isra.4+0x200/0x200
[   28.723154]  [<ffffffff8153bef4>] __asan_report_load4_noabort+0x14/0x20
[   28.729882]  [<ffffffff81905967>] _autofs_dev_ioctl+0x687/0x690
[   28.735912]  [<ffffffff819052e0>] ? autofs_dev_ioctl_closemount+0x50/0x50
[   28.742812]  [<ffffffff81905970>] ? _autofs_dev_ioctl+0x690/0x690
[   28.749019]  [<ffffffff8190598b>] autofs_dev_ioctl+0x1b/0x30
[   28.754792]  [<ffffffff815b309c>] do_vfs_ioctl+0x1ac/0x11a0
[   28.760476]  [<ffffffff815b2ef0>] ? ioctl_preallocate+0x220/0x220
[   28.766679]  [<ffffffff815387a4>] ? kmem_cache_free+0x294/0x310
[   28.772712]  [<ffffffff81d08740>] ? selinux_capable+0x40/0x40
[   28.778567]  [<ffffffff815a8fe0>] ? putname+0xe0/0x110
[   28.783814]  [<ffffffff8156e214>] ? do_sys_open+0x224/0x5c0
[   28.789495]  [<ffffffff8156dff0>] ? filp_open+0x70/0x70
[   28.794829]  [<ffffffff8156dff0>] ? filp_open+0x70/0x70
[   28.800165]  [<ffffffff815dfdf6>] ? mntput+0x66/0x90
[   28.805242]  [<ffffffff815916a0>] ? path_put+0x50/0x70
[   28.810564]  [<ffffffff81cf171f>] ? security_file_ioctl+0x8f/0xc0
[   28.816777]  [<ffffffff815b411f>] SyS_ioctl+0x8f/0xc0
[   28.821938]  [<ffffffff815b4090>] ? do_vfs_ioctl+0x11a0/0x11a0
[   28.827884]  [<ffffffff81006316>] do_syscall_64+0x1a6/0x490
[   28.833569]  [<ffffffff839fccd3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   28.840465] 
[   28.842066] Allocated by task 3799:
[   28.845667]  save_stack_trace+0x16/0x20
[   28.849614]  save_stack+0x43/0xd0
[   28.853040]  kasan_kmalloc+0xc7/0xe0
[   28.856728]  kmem_cache_alloc_trace+0xfd/0x2b0
[   28.861286]  ramfs_fill_super+0xcc/0x490
[   28.865322]  mount_nodev+0x5b/0x100
[   28.868919]  ramfs_mount+0x2c/0x40
[   28.872433]  mount_fs+0x28c/0x370
[   28.875860]  vfs_kern_mount.part.29+0xd1/0x3d0
[   28.880411]  do_mount+0x3c9/0x2740
[   28.883921]  SyS_mount+0xfe/0x110
[   28.887344]  do_syscall_64+0x1a6/0x490
[   28.891201]  entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   28.896270] 
[   28.897868] Freed by task 0:
[   28.900857] (stack is not available)
[   28.904537] 
[   28.906139] The buggy address belongs to the object at ffff8801b78a8948
[   28.906139]  which belongs to the cache kmalloc-8 of size 8
[   28.918416] The buggy address is located 0 bytes inside of
[   28.918416]  8-byte region [ffff8801b78a8948, ffff8801b78a8950)
[   28.929911] The buggy address belongs to the page:
[   28.934814] page:ffffea0006de2a00 count:1 mapcount:0 mapping:          (null) index:0xffff8801b78a82a0
[   28.944347] flags: 0x8000000000000080(slab)
[   28.948636] page dumped because: kasan: bad access detected
[   28.954317] 
[   28.955919] Memory state around the buggy address:
[   28.960819]  ffff8801b78a8800: fc fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc
[   28.968158]  ffff8801b78a8880: fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc fc
[   28.975490] >ffff8801b78a8900: 00 fc fc 00 fc fc 00 fc fc 02 fc fc fc fc fc fc
[   28.982824]                                               ^
[   28.988504]  ffff8801b78a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.995840]  ffff8801b78a8a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.003171] ==================================================================
[   29.010501] Disabling lock debugging due to kernel taint
[   29.016153] Kernel panic - not syncing: panic_on_warn set ...
[   29.016153] 
[   29.023501] CPU: 0 PID: 3799 Comm: syz-executor567 Tainted: G    B           4.9.119-g9dc978d #23
[   29.032480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.041814]  ffff8801b6d5fb00 ffffffff81eb4be9 ffffffff843c893f 00000000ffffffff
[   29.049806]  0000000000000000 0000000000000000 ffff8801b78a8948 ffff8801b6d5fbc0
[   29.057796]  ffffffff81421c95 0000000041b58ab3 ffffffff843bc020 ffffffff81421ad6
[   29.065790] Call Trace:
[   29.068417]  [<ffffffff81eb4be9>] dump_stack+0xc1/0x128
[   29.073761]  [<ffffffff81421c95>] panic+0x1bf/0x3bc
[   29.078753]  [<ffffffff81421ad6>] ? add_taint.cold.6+0x16/0x16
[   29.084696]  [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[   29.090904]  [<ffffffff81567ea6>] kasan_end_report+0x47/0x4f
[   29.096673]  [<ffffffff815681c7>] kasan_report.cold.6+0x76/0x2fe
[   29.102799]  [<ffffffff81905967>] ? _autofs_dev_ioctl+0x687/0x690
[   29.109015]  [<ffffffff81905bd0>] ? find_autofs_mount.isra.4+0x200/0x200
[   29.115827]  [<ffffffff8153bef4>] __asan_report_load4_noabort+0x14/0x20
[   29.122608]  [<ffffffff81905967>] _autofs_dev_ioctl+0x687/0x690
[   29.128645]  [<ffffffff819052e0>] ? autofs_dev_ioctl_closemount+0x50/0x50
[   29.135545]  [<ffffffff81905970>] ? _autofs_dev_ioctl+0x690/0x690
[   29.141749]  [<ffffffff8190598b>] autofs_dev_ioctl+0x1b/0x30
[   29.147517]  [<ffffffff815b309c>] do_vfs_ioctl+0x1ac/0x11a0
[   29.153200]  [<ffffffff815b2ef0>] ? ioctl_preallocate+0x220/0x220
[   29.159403]  [<ffffffff815387a4>] ? kmem_cache_free+0x294/0x310
[   29.165481]  [<ffffffff81d08740>] ? selinux_capable+0x40/0x40
[   29.171341]  [<ffffffff815a8fe0>] ? putname+0xe0/0x110
[   29.176588]  [<ffffffff8156e214>] ? do_sys_open+0x224/0x5c0
[   29.182268]  [<ffffffff8156dff0>] ? filp_open+0x70/0x70
[   29.187601]  [<ffffffff8156dff0>] ? filp_open+0x70/0x70
[   29.192937]  [<ffffffff815dfdf6>] ? mntput+0x66/0x90
[   29.198008]  [<ffffffff815916a0>] ? path_put+0x50/0x70
[   29.203256]  [<ffffffff81cf171f>] ? security_file_ioctl+0x8f/0xc0
[   29.209456]  [<ffffffff815b411f>] SyS_ioctl+0x8f/0xc0
[   29.214614]  [<ffffffff815b4090>] ? do_vfs_ioctl+0x11a0/0x11a0
[   29.220563]  [<ffffffff81006316>] do_syscall_64+0x1a6/0x490
[   29.226253]  [<ffffffff839fccd3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   29.233491] Dumping ftrace buffer:
[   29.237011]    (ftrace buffer empty)
[   29.240696] Kernel Offset: disabled
[   29.244295] Rebooting in 86400 seconds..