[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.455134] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   20.553664] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.839639] random: sshd: uninitialized urandom read (32 bytes read)
[   21.658872] random: sshd: uninitialized urandom read (32 bytes read)
[   21.825520] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts.
[   27.240263] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   27.333800] ==================================================================
[   27.341294] BUG: KASAN: slab-out-of-bounds in crypto_sha3_final+0x416/0x450
[   27.348376] Write of size 8 at addr ffff8801d4821c5c by task syz-executor306/4525
[   27.355973] 
[   27.357589] CPU: 1 PID: 4525 Comm: syz-executor306 Not tainted 4.17.0+ #92
[   27.364579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.373921] Call Trace:
[   27.376511]  dump_stack+0x1b9/0x294
[   27.380131]  ? dump_stack_print_info.cold.2+0x52/0x52
[   27.385316]  ? printk+0x9e/0xba
[   27.388597]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   27.393348]  ? kasan_check_write+0x14/0x20
[   27.397571]  print_address_description+0x6c/0x20b
[   27.402403]  ? crypto_sha3_final+0x416/0x450
[   27.406797]  kasan_report.cold.7+0x242/0x2fe
[   27.411189]  __asan_report_store8_noabort+0x17/0x20
[   27.416185]  crypto_sha3_final+0x416/0x450
[   27.420404]  crypto_shash_final+0x104/0x260
[   27.424705]  ? crypto_sha3_init+0x170/0x170
[   27.429018]  __keyctl_dh_compute+0x1184/0x1bc0
[   27.433596]  ? copy_overflow+0x30/0x30
[   27.437466]  ? save_stack+0xa9/0xd0
[   27.441087]  ? find_held_lock+0x36/0x1c0
[   27.445133]  ? lock_downgrade+0x8e0/0x8e0
[   27.449270]  ? check_same_owner+0x320/0x320
[   27.453573]  ? trace_hardirqs_off+0xd/0x10
[   27.457800]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   27.462896]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   27.468420]  ? _copy_from_user+0xdf/0x150
[   27.472553]  keyctl_dh_compute+0xb9/0x100
[   27.476695]  ? __keyctl_dh_compute+0x1bc0/0x1bc0
[   27.481436]  ? kzfree+0x28/0x30
[   27.484699]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   27.489871]  __x64_sys_keyctl+0x12a/0x3b0
[   27.494005]  do_syscall_64+0x1b1/0x800
[   27.497881]  ? syscall_return_slowpath+0x5c0/0x5c0
[   27.502793]  ? syscall_return_slowpath+0x30f/0x5c0
[   27.507706]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   27.513056]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.517895]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   27.523080] RIP: 0033:0x440019
[   27.526249] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 45 00 00 c3 66 2e 0f 1f 84 00 00 00 00 
[   27.545432] RSP: 002b:00007ffe45fbd128 EFLAGS: 00000217 ORIG_RAX: 00000000000000fa
[   27.553130] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440019
[   27.560386] RDX: 0000000020000080 RSI: 00000000200001c0 RDI: 0000000000000017
[   27.567646] RBP: 00000000006ca018 R08: 0000000020000200 R09: 00000000004002c8
[   27.574907] R10: 0000000000000059 R11: 0000000000000217 R12: 0000000000401940
[   27.582168] R13: 00000000004019d0 R14: 0000000000000000 R15: 0000000000000000
[   27.589438] 
[   27.591053] Allocated by task 4525:
[   27.594670]  save_stack+0x43/0xd0
[   27.598106]  kasan_kmalloc+0xc4/0xe0
[   27.601798]  __kmalloc+0x14e/0x760
[   27.605320]  __keyctl_dh_compute+0xfe9/0x1bc0
[   27.609814]  keyctl_dh_compute+0xb9/0x100
[   27.613943]  __x64_sys_keyctl+0x12a/0x3b0
[   27.618080]  do_syscall_64+0x1b1/0x800
[   27.621949]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   27.627116] 
[   27.628722] Freed by task 1:
[   27.631721]  save_stack+0x43/0xd0
[   27.635154]  __kasan_slab_free+0x11a/0x170
[   27.639369]  kasan_slab_free+0xe/0x10
[   27.643159]  kfree+0xd9/0x260
[   27.646245]  acpi_ut_evaluate_object+0x40e/0x425
[   27.650992]  acpi_rs_get_method_data+0x92/0x12c
[   27.655645]  acpi_walk_resources+0x118/0x1fc
[   27.660036]  pnpacpi_parse_allocated_resource+0xc8/0x160
[   27.665476]  pnpacpi_add_device_handler+0x668/0x86b
[   27.670481]  acpi_ns_get_device_callback+0x487/0x4c5
[   27.675562]  acpi_ns_walk_namespace+0x224/0x400
[   27.680215]  acpi_get_devices+0x144/0x184
[   27.684350]  pnpacpi_init+0x95/0xeb
[   27.687969]  do_one_initcall+0x127/0x913
[   27.692015]  kernel_init_freeable+0x49b/0x58e
[   27.696498]  kernel_init+0x11/0x1b3
[   27.700104]  ret_from_fork+0x3a/0x50
[   27.703793] 
[   27.705403] The buggy address belongs to the object at ffff8801d4821c00
[   27.705403]  which belongs to the cache kmalloc-96 of size 96
[   27.717887] The buggy address is located 92 bytes inside of
[   27.717887]  96-byte region [ffff8801d4821c00, ffff8801d4821c60)
[   27.729578] The buggy address belongs to the page:
[   27.734510] page:ffffea0007520840 count:1 mapcount:0 mapping:ffff8801da8004c0 index:0x0
[   27.742645] flags: 0x2fffc0000000100(slab)
[   27.746885] raw: 02fffc0000000100 ffffea00075b7c48 ffffea0007522e48 ffff8801da8004c0
[   27.754785] raw: 0000000000000000 ffff8801d4821000 0000000100000020 0000000000000000
[   27.762647] page dumped because: kasan: bad access detected
[   27.768333] 
[   27.769940] Memory state around the buggy address:
[   27.774864]  ffff8801d4821b00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   27.782226]  ffff8801d4821b80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   27.789584] >ffff8801d4821c00: 00 00 00 00 00 00 00 00 00 00 00 04 fc fc fc fc
[   27.796940]                                                     ^
[   27.803176]  ffff8801d4821c80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   27.810534]  ffff8801d4821d00: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[   27.817873] ==================================================================
[   27.825206] Disabling lock debugging due to kernel taint
[   27.830748] Kernel panic - not syncing: panic_on_warn set ...
[   27.830748] 
[   27.838113] CPU: 1 PID: 4525 Comm: syz-executor306 Tainted: G    B             4.17.0+ #92
[   27.846499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.855844] Call Trace:
[   27.858432]  dump_stack+0x1b9/0x294
[   27.862048]  ? dump_stack_print_info.cold.2+0x52/0x52
[   27.867218]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.871963]  ? crypto_sha3_final+0x3b0/0x450
[   27.876355]  panic+0x22f/0x4de
[   27.879532]  ? add_taint.cold.5+0x16/0x16
[   27.883669]  ? do_raw_spin_unlock+0x9e/0x2e0
[   27.888065]  ? do_raw_spin_unlock+0x9e/0x2e0
[   27.892458]  ? crypto_sha3_final+0x416/0x450
[   27.896851]  kasan_end_report+0x47/0x4f
[   27.900808]  kasan_report.cold.7+0x76/0x2fe
[   27.905110]  __asan_report_store8_noabort+0x17/0x20
[   27.910109]  crypto_sha3_final+0x416/0x450
[   27.914335]  crypto_shash_final+0x104/0x260
[   27.918641]  ? crypto_sha3_init+0x170/0x170
[   27.922949]  __keyctl_dh_compute+0x1184/0x1bc0
[   27.927515]  ? copy_overflow+0x30/0x30
[   27.931381]  ? save_stack+0xa9/0xd0
[   27.934998]  ? find_held_lock+0x36/0x1c0
[   27.939051]  ? lock_downgrade+0x8e0/0x8e0
[   27.943185]  ? check_same_owner+0x320/0x320
[   27.947489]  ? trace_hardirqs_off+0xd/0x10
[   27.951712]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   27.956804]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   27.962324]  ? _copy_from_user+0xdf/0x150
[   27.966454]  keyctl_dh_compute+0xb9/0x100
[   27.970582]  ? __keyctl_dh_compute+0x1bc0/0x1bc0
[   27.975318]  ? kzfree+0x28/0x30
[   27.978575]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   27.983751]  __x64_sys_keyctl+0x12a/0x3b0
[   27.987879]  do_syscall_64+0x1b1/0x800
[   27.991756]  ? syscall_return_slowpath+0x5c0/0x5c0
[   27.996666]  ? syscall_return_slowpath+0x30f/0x5c0
[   28.001583]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   28.006937]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.011773]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   28.016945] RIP: 0033:0x440019
[   28.020110] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 45 00 00 c3 66 2e 0f 1f 84 00 00 00 00 
[   28.039318] RSP: 002b:00007ffe45fbd128 EFLAGS: 00000217 ORIG_RAX: 00000000000000fa
[   28.047011] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440019
[   28.054270] RDX: 0000000020000080 RSI: 00000000200001c0 RDI: 0000000000000017
[   28.061524] RBP: 00000000006ca018 R08: 0000000020000200 R09: 00000000004002c8
[   28.068781] R10: 0000000000000059 R11: 0000000000000217 R12: 0000000000401940
[   28.076036] R13: 00000000004019d0 R14: 0000000000000000 R15: 0000000000000000
[   28.083941] Dumping ftrace buffer:
[   28.087458]    (ftrace buffer empty)
[   28.091148] Kernel Offset: disabled
[   28.094789] Rebooting in 86400 seconds..