[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.697315] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   20.490226] random: sshd: uninitialized urandom read (32 bytes read)
[   20.769536] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.529980] random: sshd: uninitialized urandom read (32 bytes read)
[   21.685154] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts.
[   27.105006] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   27.199761] ==================================================================
[   27.207222] BUG: KASAN: slab-out-of-bounds in sha1_finup+0x44e/0x4b0
[   27.213697] Write of size 4 at addr ffff8801d97e1ad8 by task syz-executor437/4553
[   27.221288] 
[   27.222904] CPU: 0 PID: 4553 Comm: syz-executor437 Not tainted 4.17.0+ #89
[   27.229891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.239220] Call Trace:
[   27.241791]  dump_stack+0x1b9/0x294
[   27.245402]  ? dump_stack_print_info.cold.2+0x52/0x52
[   27.250569]  ? printk+0x9e/0xba
[   27.253829]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   27.258572]  ? kasan_check_write+0x14/0x20
[   27.262800]  print_address_description+0x6c/0x20b
[   27.267626]  ? sha1_finup+0x44e/0x4b0
[   27.271407]  kasan_report.cold.7+0x242/0x2fe
[   27.275799]  __asan_report_store4_noabort+0x17/0x20
[   27.280792]  sha1_finup+0x44e/0x4b0
[   27.284401]  ? sha1_base_init+0x150/0x150
[   27.288543]  sha1_avx2_final+0x28/0x30
[   27.292425]  crypto_shash_final+0x104/0x260
[   27.296726]  ? sha1_avx2_finup+0x40/0x40
[   27.300772]  __keyctl_dh_compute+0x1184/0x1bc0
[   27.305348]  ? copy_overflow+0x30/0x30
[   27.309221]  ? find_held_lock+0x36/0x1c0
[   27.313273]  ? lock_downgrade+0x8e0/0x8e0
[   27.317421]  ? check_same_owner+0x320/0x320
[   27.321731]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   27.327253]  ? handle_mm_fault+0x55a/0xc70
[   27.331474]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   27.337010]  ? _copy_from_user+0xdf/0x150
[   27.341158]  keyctl_dh_compute+0xb9/0x100
[   27.345290]  ? __keyctl_dh_compute+0x1bc0/0x1bc0
[   27.350077]  ? kzfree+0x28/0x30
[   27.353341]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   27.358523]  __x64_sys_keyctl+0x12a/0x3b0
[   27.362653]  do_syscall_64+0x1b1/0x800
[   27.366520]  ? syscall_return_slowpath+0x5c0/0x5c0
[   27.371428]  ? syscall_return_slowpath+0x30f/0x5c0
[   27.376347]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   27.381873]  ? retint_user+0x18/0x18
[   27.385572]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.390400]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   27.395566] RIP: 0033:0x43ffb9
[   27.398738] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 45 00 00 c3 66 2e 0f 1f 84 00 00 00 00 
[   27.417915] RSP: 002b:00007ffce5fe4808 EFLAGS: 00000217 ORIG_RAX: 00000000000000fa
[   27.425615] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ffb9
[   27.432863] RDX: 0000000020a53ffb RSI: 0000000020000100 RDI: 0000000000000017
[   27.440123] RBP: 00000000006ca018 R08: 0000000020c61fc8 R09: 00000000004002c8
[   27.447378] R10: 0000000000000005 R11: 0000000000000217 R12: 00000000004018e0
[   27.454625] R13: 0000000000401970 R14: 0000000000000000 R15: 0000000000000000
[   27.461879] 
[   27.463485] Allocated by task 4553:
[   27.467093]  save_stack+0x43/0xd0
[   27.470522]  kasan_kmalloc+0xc4/0xe0
[   27.474213]  __kmalloc+0x14e/0x760
[   27.477732]  __keyctl_dh_compute+0xfe9/0x1bc0
[   27.482207]  keyctl_dh_compute+0xb9/0x100
[   27.486333]  __x64_sys_keyctl+0x12a/0x3b0
[   27.490461]  do_syscall_64+0x1b1/0x800
[   27.494333]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   27.499509] 
[   27.501114] Freed by task 2877:
[   27.504372]  save_stack+0x43/0xd0
[   27.507805]  __kasan_slab_free+0x11a/0x170
[   27.512027]  kasan_slab_free+0xe/0x10
[   27.515812]  kfree+0xd9/0x260
[   27.518894]  single_release+0x8f/0xb0
[   27.522670]  __fput+0x353/0x890
[   27.525925]  ____fput+0x15/0x20
[   27.529183]  task_work_run+0x1e4/0x290
[   27.533057]  exit_to_usermode_loop+0x2bd/0x310
[   27.537630]  do_syscall_64+0x6ac/0x800
[   27.541499]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   27.546660] 
[   27.548266] The buggy address belongs to the object at ffff8801d97e1ac0
[   27.548266]  which belongs to the cache kmalloc-32 of size 32
[   27.560738] The buggy address is located 24 bytes inside of
[   27.560738]  32-byte region [ffff8801d97e1ac0, ffff8801d97e1ae0)
[   27.572414] The buggy address belongs to the page:
[   27.577324] page:ffffea000765f840 count:1 mapcount:0 mapping:ffff8801d97e1000 index:0xffff8801d97e1fc1
[   27.586769] flags: 0x2fffc0000000100(slab)
[   27.590985] raw: 02fffc0000000100 ffff8801d97e1000 ffff8801d97e1fc1 0000000100000016
[   27.598966] raw: ffffea00076540e0 ffffea000736cda0 ffff8801da8001c0 0000000000000000
[   27.606831] page dumped because: kasan: bad access detected
[   27.612518] 
[   27.614124] Memory state around the buggy address:
[   27.619040]  ffff8801d97e1980: 00 00 00 00 fc fc fc fc 00 fc fc fc fc fc fc fc
[   27.626385]  ffff8801d97e1a00: 00 00 00 00 fc fc fc fc fb fb fb fb fc fc fc fc
[   27.633731] >ffff8801d97e1a80: fb fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   27.641071]                                                     ^
[   27.647541]  ffff8801d97e1b00: fb fb fb fb fc fc fc fc 00 fc fc fc fc fc fc fc
[   27.654882]  ffff8801d97e1b80: 00 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   27.662233] ==================================================================
[   27.669575] Disabling lock debugging due to kernel taint
[   27.675102] Kernel panic - not syncing: panic_on_warn set ...
[   27.675102] 
[   27.682462] CPU: 0 PID: 4553 Comm: syz-executor437 Tainted: G    B             4.17.0+ #89
[   27.690843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.700170] Call Trace:
[   27.702739]  dump_stack+0x1b9/0x294
[   27.706350]  ? dump_stack_print_info.cold.2+0x52/0x52
[   27.711527]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.716259]  ? sha1_finup+0x3a0/0x4b0
[   27.720044]  panic+0x22f/0x4de
[   27.723217]  ? add_taint.cold.5+0x16/0x16
[   27.727345]  ? do_raw_spin_unlock+0x9e/0x2e0
[   27.731730]  ? do_raw_spin_unlock+0x9e/0x2e0
[   27.736113]  ? sha1_finup+0x44e/0x4b0
[   27.739894]  kasan_end_report+0x47/0x4f
[   27.743845]  kasan_report.cold.7+0x76/0x2fe
[   27.748146]  __asan_report_store4_noabort+0x17/0x20
[   27.753140]  sha1_finup+0x44e/0x4b0
[   27.756745]  ? sha1_base_init+0x150/0x150
[   27.760879]  sha1_avx2_final+0x28/0x30
[   27.764743]  crypto_shash_final+0x104/0x260
[   27.769047]  ? sha1_avx2_finup+0x40/0x40
[   27.773097]  __keyctl_dh_compute+0x1184/0x1bc0
[   27.777661]  ? copy_overflow+0x30/0x30
[   27.781529]  ? find_held_lock+0x36/0x1c0
[   27.785568]  ? lock_downgrade+0x8e0/0x8e0
[   27.789694]  ? check_same_owner+0x320/0x320
[   27.793992]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   27.799511]  ? handle_mm_fault+0x55a/0xc70
[   27.803724]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   27.809239]  ? _copy_from_user+0xdf/0x150
[   27.813366]  keyctl_dh_compute+0xb9/0x100
[   27.817501]  ? __keyctl_dh_compute+0x1bc0/0x1bc0
[   27.822245]  ? kzfree+0x28/0x30
[   27.825503]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   27.830673]  __x64_sys_keyctl+0x12a/0x3b0
[   27.834811]  do_syscall_64+0x1b1/0x800
[   27.838685]  ? syscall_return_slowpath+0x5c0/0x5c0
[   27.843593]  ? syscall_return_slowpath+0x30f/0x5c0
[   27.848501]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   27.854021]  ? retint_user+0x18/0x18
[   27.857717]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.862978]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   27.868143] RIP: 0033:0x43ffb9
[   27.871305] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 45 00 00 c3 66 2e 0f 1f 84 00 00 00 00 
[   27.890423] RSP: 002b:00007ffce5fe4808 EFLAGS: 00000217 ORIG_RAX: 00000000000000fa
[   27.898110] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ffb9
[   27.905364] RDX: 0000000020a53ffb RSI: 0000000020000100 RDI: 0000000000000017
[   27.912619] RBP: 00000000006ca018 R08: 0000000020c61fc8 R09: 00000000004002c8
[   27.919867] R10: 0000000000000005 R11: 0000000000000217 R12: 00000000004018e0
[   27.927113] R13: 0000000000401970 R14: 0000000000000000 R15: 0000000000000000
[   27.934990] Dumping ftrace buffer:
[   27.938525]    (ftrace buffer empty)
[   27.942219] Kernel Offset: disabled
[   27.945829] Rebooting in 86400 seconds..