[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   18.623752] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   19.299282] random: sshd: uninitialized urandom read (32 bytes read)
[   19.498079] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.298772] random: sshd: uninitialized urandom read (32 bytes read)
[   20.461051] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.23' (ECDSA) to the list of known hosts.
[   25.981066] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   26.072899] ==================================================================
[   26.080360] BUG: KASAN: slab-out-of-bounds in sha256_finup+0x4bf/0x540
[   26.087015] Write of size 4 at addr ffff8801b39b2ca0 by task syz-executor364/4468
[   26.094625] 
[   26.096241] CPU: 0 PID: 4468 Comm: syz-executor364 Not tainted 4.17.0+ #88
[   26.103234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.112565] Call Trace:
[   26.115132]  dump_stack+0x1b9/0x294
[   26.118741]  ? dump_stack_print_info.cold.2+0x52/0x52
[   26.123909]  ? printk+0x9e/0xba
[   26.127167]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   26.131903]  ? kasan_check_write+0x14/0x20
[   26.136120]  print_address_description+0x6c/0x20b
[   26.140939]  ? sha256_finup+0x4bf/0x540
[   26.144891]  kasan_report.cold.7+0x242/0x2fe
[   26.149281]  __asan_report_store4_noabort+0x17/0x20
[   26.154276]  sha256_finup+0x4bf/0x540
[   26.158054]  ? done_hash+0xe/0xe
[   26.161402]  sha256_avx_final+0x28/0x30
[   26.165359]  crypto_shash_final+0x104/0x260
[   26.169660]  ? sha256_avx_finup+0x40/0x40
[   26.173788]  __keyctl_dh_compute+0x1184/0x1bc0
[   26.178357]  ? copy_overflow+0x30/0x30
[   26.182224]  ? find_held_lock+0x36/0x1c0
[   26.186268]  ? lock_downgrade+0x8e0/0x8e0
[   26.190395]  ? check_same_owner+0x320/0x320
[   26.194702]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   26.200219]  ? handle_mm_fault+0x55a/0xc70
[   26.204439]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   26.209956]  ? _copy_from_user+0xdf/0x150
[   26.214083]  keyctl_dh_compute+0xb9/0x100
[   26.218210]  ? __keyctl_dh_compute+0x1bc0/0x1bc0
[   26.222948]  ? kzfree+0x28/0x30
[   26.226206]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   26.231374]  __x64_sys_keyctl+0x12a/0x3b0
[   26.235502]  do_syscall_64+0x1b1/0x800
[   26.239367]  ? syscall_return_slowpath+0x5c0/0x5c0
[   26.244276]  ? syscall_return_slowpath+0x30f/0x5c0
[   26.249187]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   26.254700]  ? retint_user+0x18/0x18
[   26.258393]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.263220]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   26.268385] RIP: 0033:0x440019
[   26.271549] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 45 00 00 c3 66 2e 0f 1f 84 00 00 00 00 
[   26.290713] RSP: 002b:00007ffcb5a0db48 EFLAGS: 00000217 ORIG_RAX: 00000000000000fa
[   26.298401] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440019
[   26.305653] RDX: 0000000020a53ffb RSI: 0000000020000100 RDI: 0000000000000017
[   26.312900] RBP: 00000000006ca018 R08: 0000000020c61fc8 R09: 00000000004002c8
[   26.320146] R10: 0000000000000005 R11: 0000000000000217 R12: 0000000000401940
[   26.327397] R13: 00000000004019d0 R14: 0000000000000000 R15: 0000000000000000
[   26.334913] 
[   26.336519] Allocated by task 4468:
[   26.340125]  save_stack+0x43/0xd0
[   26.343557]  kasan_kmalloc+0xc4/0xe0
[   26.347249]  __kmalloc+0x14e/0x760
[   26.350765]  __keyctl_dh_compute+0xfe9/0x1bc0
[   26.355236]  keyctl_dh_compute+0xb9/0x100
[   26.359362]  __x64_sys_keyctl+0x12a/0x3b0
[   26.363488]  do_syscall_64+0x1b1/0x800
[   26.367387]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   26.372558] 
[   26.374163] Freed by task 2842:
[   26.377423]  save_stack+0x43/0xd0
[   26.380860]  __kasan_slab_free+0x11a/0x170
[   26.385072]  kasan_slab_free+0xe/0x10
[   26.388848]  kfree+0xd9/0x260
[   26.391933]  single_release+0x8f/0xb0
[   26.395711]  __fput+0x353/0x890
[   26.398968]  ____fput+0x15/0x20
[   26.402224]  task_work_run+0x1e4/0x290
[   26.406087]  exit_to_usermode_loop+0x2bd/0x310
[   26.410646]  do_syscall_64+0x6ac/0x800
[   26.414513]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   26.419674] 
[   26.421284] The buggy address belongs to the object at ffff8801b39b2c80
[   26.421284]  which belongs to the cache kmalloc-32 of size 32
[   26.433741] The buggy address is located 0 bytes to the right of
[   26.433741]  32-byte region [ffff8801b39b2c80, ffff8801b39b2ca0)
[   26.445849] The buggy address belongs to the page:
[   26.450754] page:ffffea0006ce6c80 count:1 mapcount:0 mapping:ffff8801b39b2000 index:0xffff8801b39b2fc1
[   26.460174] flags: 0x2fffc0000000100(slab)
[   26.464394] raw: 02fffc0000000100 ffff8801b39b2000 ffff8801b39b2fc1 0000000100000039
[   26.472250] raw: ffffea00075c03a0 ffffea000764c620 ffff8801da8001c0 0000000000000000
[   26.480111] page dumped because: kasan: bad access detected
[   26.485807] 
[   26.487413] Memory state around the buggy address:
[   26.492319]  ffff8801b39b2b80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   26.499656]  ffff8801b39b2c00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   26.506989] >ffff8801b39b2c80: 00 00 00 00 fc fc fc fc fb fb fb fb fc fc fc fc
[   26.514324]                                ^
[   26.518709]  ffff8801b39b2d00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   26.526043]  ffff8801b39b2d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   26.533374] ==================================================================
[   26.540708] Disabling lock debugging due to kernel taint
[   26.546186] Kernel panic - not syncing: panic_on_warn set ...
[   26.546186] 
[   26.553538] CPU: 0 PID: 4468 Comm: syz-executor364 Tainted: G    B             4.17.0+ #88
[   26.561911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.571241] Call Trace:
[   26.573805]  dump_stack+0x1b9/0x294
[   26.577413]  ? dump_stack_print_info.cold.2+0x52/0x52
[   26.582584]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.587315]  ? sha256_finup+0x480/0x540
[   26.591265]  panic+0x22f/0x4de
[   26.594432]  ? add_taint.cold.5+0x16/0x16
[   26.598560]  ? do_raw_spin_unlock+0x9e/0x2e0
[   26.602943]  ? do_raw_spin_unlock+0x9e/0x2e0
[   26.607329]  ? sha256_finup+0x4bf/0x540
[   26.611282]  kasan_end_report+0x47/0x4f
[   26.615231]  kasan_report.cold.7+0x76/0x2fe
[   26.619539]  __asan_report_store4_noabort+0x17/0x20
[   26.624533]  sha256_finup+0x4bf/0x540
[   26.628317]  ? done_hash+0xe/0xe
[   26.631660]  sha256_avx_final+0x28/0x30
[   26.635614]  crypto_shash_final+0x104/0x260
[   26.639913]  ? sha256_avx_finup+0x40/0x40
[   26.644041]  __keyctl_dh_compute+0x1184/0x1bc0
[   26.648605]  ? copy_overflow+0x30/0x30
[   26.652469]  ? find_held_lock+0x36/0x1c0
[   26.656509]  ? lock_downgrade+0x8e0/0x8e0
[   26.660635]  ? check_same_owner+0x320/0x320
[   26.664937]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   26.670449]  ? handle_mm_fault+0x55a/0xc70
[   26.674663]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   26.680192]  ? _copy_from_user+0xdf/0x150
[   26.684326]  keyctl_dh_compute+0xb9/0x100
[   26.688451]  ? __keyctl_dh_compute+0x1bc0/0x1bc0
[   26.693185]  ? kzfree+0x28/0x30
[   26.696441]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   26.701609]  __x64_sys_keyctl+0x12a/0x3b0
[   26.705734]  do_syscall_64+0x1b1/0x800
[   26.709597]  ? syscall_return_slowpath+0x5c0/0x5c0
[   26.714504]  ? syscall_return_slowpath+0x30f/0x5c0
[   26.719413]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   26.724927]  ? retint_user+0x18/0x18
[   26.728623]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.733443]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   26.738608] RIP: 0033:0x440019
[   26.741769] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 45 00 00 c3 66 2e 0f 1f 84 00 00 00 00 
[   26.760883] RSP: 002b:00007ffcb5a0db48 EFLAGS: 00000217 ORIG_RAX: 00000000000000fa
[   26.768567] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440019
[   26.775813] RDX: 0000000020a53ffb RSI: 0000000020000100 RDI: 0000000000000017
[   26.783060] RBP: 00000000006ca018 R08: 0000000020c61fc8 R09: 00000000004002c8
[   26.790307] R10: 0000000000000005 R11: 0000000000000217 R12: 0000000000401940
[   26.797550] R13: 00000000004019d0 R14: 0000000000000000 R15: 0000000000000000
[   26.805239] Dumping ftrace buffer:
[   26.808758]    (ftrace buffer empty)
[   26.812440] Kernel Offset: disabled
[   26.816040] Rebooting in 86400 seconds..