[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   33.625049] random: sshd: uninitialized urandom read (32 bytes read)
[   33.905510] kauditd_printk_skb: 9 callbacks suppressed
[   33.905518] audit: type=1400 audit(1575380929.587:35): avc:  denied  { map } for  pid=6906 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   33.997638] random: sshd: uninitialized urandom read (32 bytes read)
[   34.525678] random: sshd: uninitialized urandom read (32 bytes read)
[   34.705046] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts.
[   40.264308] random: sshd: uninitialized urandom read (32 bytes read)
[   40.380248] audit: type=1400 audit(1575380936.057:36): avc:  denied  { map } for  pid=6919 comm="syz-executor428" path="/root/syz-executor428217023" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   40.630935] IPVS: ftp: loaded support on port[0] = 21
[   41.424605] audit: type=1400 audit(1575380937.107:37): avc:  denied  { create } for  pid=6920 comm="syz-executor428" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   41.449504] audit: type=1400 audit(1575380937.107:38): avc:  denied  { write } for  pid=6920 comm="syz-executor428" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
executing program
[   41.473786] audit: type=1400 audit(1575380937.107:39): avc:  denied  { read } for  pid=6920 comm="syz-executor428" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   41.680325] ==================================================================
[   41.680346] BUG: KASAN: slab-out-of-bounds in soft_cursor+0x43d/0xa50
[   41.680351] Read of size 9 at addr ffff888099af0bf0 by task kworker/1:2/2568
[   41.680352] 
[   41.680359] CPU: 1 PID: 2568 Comm: kworker/1:2 Not tainted 4.14.157-syzkaller #0
[   41.680362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.680369] Workqueue: events_power_efficient fb_flashcursor
[   41.680373] Call Trace:
[   41.680383]  dump_stack+0x142/0x197
[   41.680389]  ? soft_cursor+0x43d/0xa50
[   41.680396]  print_address_description.cold+0x7c/0x1dc
[   41.680401]  ? soft_cursor+0x43d/0xa50
[   41.680405]  kasan_report.cold+0xa9/0x2af
[   41.680411]  check_memory_region+0x123/0x190
[   41.680416]  memcpy+0x24/0x50
[   41.680421]  soft_cursor+0x43d/0xa50
[   41.680425]  ? kfree+0x183/0x270
[   41.680433]  bit_cursor+0x11be/0x1830
[   41.680441]  ? bit_clear+0x4a0/0x4a0
[   41.680464]  ? fb_get_color_depth+0x5f/0x70
[   41.680469]  ? get_color+0x1bf/0x3b0
[   41.680473]  ? bit_clear+0x4a0/0x4a0
[   41.680479]  fb_flashcursor+0x36d/0x410
[   41.680486]  process_one_work+0x863/0x1600
[   41.680494]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[   41.680502]  worker_thread+0x5d9/0x1050
[   41.680514]  kthread+0x319/0x430
[   41.680518]  ? process_one_work+0x1600/0x1600
[   41.680522]  ? kthread_create_on_node+0xd0/0xd0
[   41.680528]  ret_from_fork+0x24/0x30
[   41.680536] 
[   41.680539] Allocated by task 6922:
[   41.680544]  save_stack_trace+0x16/0x20
[   41.680548]  save_stack+0x45/0xd0
[   41.680551]  kasan_kmalloc+0xce/0xf0
[   41.680554]  __kmalloc+0x15d/0x7a0
[   41.680558]  fbcon_set_font+0x2f8/0x7b0
[   41.680564]  con_font_op+0xc0f/0x1060
[   41.680568]  vt_ioctl+0xb80/0x2170
[   41.680574]  tty_ioctl+0x841/0x1320
[   41.680579]  do_vfs_ioctl+0x7ae/0x1060
[   41.680583]  SyS_ioctl+0x8f/0xc0
[   41.680589]  do_syscall_64+0x1e8/0x640
[   41.680593]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   41.680595] 
[   41.680597] Freed by task 3606:
[   41.680600]  save_stack_trace+0x16/0x20
[   41.680603]  save_stack+0x45/0xd0
[   41.680607]  kasan_slab_free+0x75/0xc0
[   41.680610]  kfree+0xcc/0x270
[   41.680615]  kernfs_fop_release+0x112/0x180
[   41.680619]  __fput+0x275/0x7a0
[   41.680622]  ____fput+0x16/0x20
[   41.680625]  task_work_run+0x114/0x190
[   41.680630]  exit_to_usermode_loop+0x1da/0x220
[   41.680633]  do_syscall_64+0x4bc/0x640
[   41.680637]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   41.680639] 
[   41.680642] The buggy address belongs to the object at ffff888099af0ac0
[   41.680642]  which belongs to the cache kmalloc-512 of size 512
[   41.680646] The buggy address is located 304 bytes inside of
[   41.680646]  512-byte region [ffff888099af0ac0, ffff888099af0cc0)
[   41.680647] The buggy address belongs to the page:
[   41.680651] page:ffffea000266bc00 count:1 mapcount:0 mapping:ffff888099af00c0 index:0x0
[   41.680657] flags: 0xfffe0000000100(slab)
[   41.680663] raw: 00fffe0000000100 ffff888099af00c0 0000000000000000 0000000100000006
[   41.680668] raw: ffffea0002a63be0 ffffea0002644aa0 ffff8880aa800940 0000000000000000
[   41.680670] page dumped because: kasan: bad access detected
[   41.680671] 
[   41.680673] Memory state around the buggy address:
[   41.680676]  ffff888099af0a80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   41.680679]  ffff888099af0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.680682] >ffff888099af0b80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   41.680684]                                                              ^
[   41.680687]  ffff888099af0c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.680690]  ffff888099af0c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.680692] ==================================================================
[   41.680694] Disabling lock debugging due to kernel taint
[   41.680697] Kernel panic - not syncing: panic_on_warn set ...
[   41.680697] 
[   41.680701] CPU: 1 PID: 2568 Comm: kworker/1:2 Tainted: G    B           4.14.157-syzkaller #0
[   41.680703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.680706] Workqueue: events_power_efficient fb_flashcursor
[   41.680709] Call Trace:
[   41.680713]  dump_stack+0x142/0x197
[   41.680718]  ? soft_cursor+0x43d/0xa50
[   41.680721]  panic+0x1f9/0x42d
[   41.680725]  ? add_taint.cold+0x16/0x16
[   41.680731]  ? lock_downgrade+0x740/0x740
[   41.680737]  kasan_end_report+0x47/0x4f
[   41.680740]  kasan_report.cold+0x130/0x2af
[   41.680745]  check_memory_region+0x123/0x190
[   41.680748]  memcpy+0x24/0x50
[   41.680752]  soft_cursor+0x43d/0xa50
[   41.680756]  ? kfree+0x183/0x270
[   41.680761]  bit_cursor+0x11be/0x1830
[   41.680767]  ? bit_clear+0x4a0/0x4a0
[   41.680772]  ? fb_get_color_depth+0x5f/0x70
[   41.680776]  ? get_color+0x1bf/0x3b0
[   41.680779]  ? bit_clear+0x4a0/0x4a0
[   41.680783]  fb_flashcursor+0x36d/0x410
[   41.680788]  process_one_work+0x863/0x1600
[   41.680793]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[   41.680799]  worker_thread+0x5d9/0x1050
[   41.680805]  kthread+0x319/0x430
[   41.680809]  ? process_one_work+0x1600/0x1600
[   41.680812]  ? kthread_create_on_node+0xd0/0xd0
[   41.680816]  ret_from_fork+0x24/0x30
[   41.682127] Kernel Offset: disabled
[   42.174232] Rebooting in 86400 seconds..