[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   32.580161] random: sshd: uninitialized urandom read (32 bytes read)
[   32.863270] kauditd_printk_skb: 9 callbacks suppressed
[   32.863278] audit: type=1400 audit(1582360473.163:35): avc:  denied  { map } for  pid=7132 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   32.939840] random: sshd: uninitialized urandom read (32 bytes read)
[   33.657628] random: sshd: uninitialized urandom read (32 bytes read)
[   33.853126] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.1.15' (ECDSA) to the list of known hosts.
[   39.400137] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   39.530146] audit: type=1400 audit(1582360479.823:36): avc:  denied  { map } for  pid=7145 comm="syz-executor813" path="/root/syz-executor813650321" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   39.549184] sp0: Synchronizing with TNC
[   39.565748] ==================================================================
[   39.573208] BUG: KASAN: slab-out-of-bounds in decode_data.part.0+0x23b/0x270
[   39.580409] Write of size 1 at addr ffff8880a0d8994e by task kworker/u4:1/22
[   39.587586] 
[   39.589212] CPU: 1 PID: 22 Comm: kworker/u4:1 Not tainted 4.14.171-syzkaller #0
[   39.596649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.606005] Workqueue: events_unbound flush_to_ldisc
[   39.611101] Call Trace:
[   39.613685]  dump_stack+0x142/0x197
[   39.617310]  ? decode_data.part.0+0x23b/0x270
[   39.621892]  print_address_description.cold+0x7c/0x1dc
[   39.627174]  ? decode_data.part.0+0x23b/0x270
[   39.631671]  kasan_report.cold+0xa9/0x2af
[   39.635816]  __asan_report_store1_noabort+0x17/0x20
[   39.640826]  decode_data.part.0+0x23b/0x270
[   39.645144]  sixpack_receive_buf+0xaf7/0x1170
[   39.649644]  ? decode_data.part.0+0x270/0x270
[   39.654136]  tty_ldisc_receive_buf+0x14d/0x1a0
[   39.658829]  tty_port_default_receive_buf+0x73/0xa0
[   39.663842]  flush_to_ldisc+0x1ec/0x400
[   39.667929]  process_one_work+0x863/0x1600
[   39.672173]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[   39.676849]  worker_thread+0x5d9/0x1050
[   39.680832]  kthread+0x319/0x430
[   39.684191]  ? process_one_work+0x1600/0x1600
[   39.688663]  ? kthread_create_on_node+0xd0/0xd0
[   39.693311]  ret_from_fork+0x24/0x30
[   39.697005] 
[   39.698608] Allocated by task 7145:
[   39.702216]  save_stack_trace+0x16/0x20
[   39.706166]  save_stack+0x45/0xd0
[   39.709595]  kasan_kmalloc+0xce/0xf0
[   39.713413]  __kmalloc_node+0x51/0x80
[   39.717192]  kvmalloc_node+0x4e/0xe0
[   39.720886]  alloc_netdev_mqs+0x7b/0xbc0
[   39.724925]  sixpack_open+0xdf/0xc85
[   39.728629]  tty_ldisc_open.isra.0+0x73/0xb0
[   39.733015]  tty_set_ldisc+0x28e/0x600
[   39.736879]  tty_ioctl+0x95b/0x1320
[   39.740485]  do_vfs_ioctl+0x7ae/0x1060
[   39.744348]  SyS_ioctl+0x8f/0xc0
[   39.747738]  do_syscall_64+0x1e8/0x640
[   39.751616]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   39.756776] 
[   39.758389] Freed by task 5599:
[   39.761647]  save_stack_trace+0x16/0x20
[   39.765597]  save_stack+0x45/0xd0
[   39.769023]  kasan_slab_free+0x75/0xc0
[   39.772886]  kfree+0xcc/0x270
[   39.775968]  kfree_link+0x16/0x20
[   39.779394]  walk_component+0x3db/0x1d00
[   39.783432]  link_path_walk+0x4d0/0x10a0
[   39.787467]  path_openat+0x194/0x3e50
[   39.791241]  do_filp_open+0x18e/0x250
[   39.795017]  do_sys_open+0x2c5/0x430
[   39.798818]  SyS_open+0x2d/0x40
[   39.802079]  do_syscall_64+0x1e8/0x640
[   39.805944]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   39.811147] 
[   39.812798] The buggy address belongs to the object at ffff8880a0d885c0
[   39.812798]  which belongs to the cache kmalloc-4096 of size 4096
[   39.825602] The buggy address is located 910 bytes to the right of
[   39.825602]  4096-byte region [ffff8880a0d885c0, ffff8880a0d895c0)
[   39.838061] The buggy address belongs to the page:
[   39.842969] page:ffffea0002836200 count:1 mapcount:0 mapping:ffff8880a0d885c0 index:0x0 compound_mapcount: 0
[   39.852912] flags: 0xfffe0000008100(slab|head)
[   39.857471] raw: 00fffe0000008100 ffff8880a0d885c0 0000000000000000 0000000100000001
[   39.865976] raw: ffffea000284c620 ffffea0002820320 ffff8880aa800dc0 0000000000000000
[   39.873829] page dumped because: kasan: bad access detected
[   39.879513] 
[   39.881120] Memory state around the buggy address:
[   39.886027]  ffff8880a0d89800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.893373]  ffff8880a0d89880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.900708] >ffff8880a0d89900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.908041]                                               ^
[   39.913738]  ffff8880a0d89980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.921074]  ffff8880a0d89a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.928415] ==================================================================
[   39.935756] Disabling lock debugging due to kernel taint
[   39.941825] Kernel panic - not syncing: panic_on_warn set ...
[   39.941825] 
[   39.949187] CPU: 1 PID: 22 Comm: kworker/u4:1 Tainted: G    B           4.14.171-syzkaller #0
[   39.957826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.967164] Workqueue: events_unbound flush_to_ldisc
[   39.972248] Call Trace:
[   39.974814]  dump_stack+0x142/0x197
[   39.978414]  ? decode_data.part.0+0x23b/0x270
[   39.982886]  panic+0x1f9/0x42d
[   39.986053]  ? add_taint.cold+0x16/0x16
[   39.990001]  ? ___preempt_schedule+0x16/0x18
[   39.994390]  kasan_end_report+0x47/0x4f
[   39.998337]  kasan_report.cold+0x130/0x2af
[   40.002581]  __asan_report_store1_noabort+0x17/0x20
[   40.007573]  decode_data.part.0+0x23b/0x270
[   40.011869]  sixpack_receive_buf+0xaf7/0x1170
[   40.016341]  ? decode_data.part.0+0x270/0x270
[   40.020813]  tty_ldisc_receive_buf+0x14d/0x1a0
[   40.025382]  tty_port_default_receive_buf+0x73/0xa0
[   40.030374]  flush_to_ldisc+0x1ec/0x400
[   40.034335]  process_one_work+0x863/0x1600
[   40.038592]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[   40.043238]  worker_thread+0x5d9/0x1050
[   40.047190]  kthread+0x319/0x430
[   40.050531]  ? process_one_work+0x1600/0x1600
[   40.054998]  ? kthread_create_on_node+0xd0/0xd0
[   40.059640]  ret_from_fork+0x24/0x30
[   40.065221] Kernel Offset: disabled
[   40.068839] Rebooting in 86400 seconds..