[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   36.201481] random: sshd: uninitialized urandom read (32 bytes read)
[   36.416227] kauditd_printk_skb: 10 callbacks suppressed
[   36.416237] audit: type=1400 audit(1578601430.513:35): avc:  denied  { map } for  pid=7227 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   36.458970] random: sshd: uninitialized urandom read (32 bytes read)
[   37.108630] random: sshd: uninitialized urandom read (32 bytes read)
[   37.287721] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.148' (ECDSA) to the list of known hosts.
[   42.814013] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   42.931468] audit: type=1400 audit(1578601437.033:36): avc:  denied  { map } for  pid=7239 comm="syz-executor327" path="/root/syz-executor327922673" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   43.013910] ==================================================================
[   43.013936] BUG: KASAN: null-ptr-deref in insert_char+0xce/0x290
[   43.013943] Read of size 4294967294 at addr 0000000000000010 by task syz-executor327/7239
[   43.013945] 
[   43.013954] CPU: 1 PID: 7239 Comm: syz-executor327 Not tainted 4.14.163-syzkaller #0
[   43.013958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.013961] Call Trace:
[   43.013973]  dump_stack+0x142/0x197
[   43.013982]  ? insert_char+0xce/0x290
[   43.013991]  kasan_report.cold+0x127/0x2af
[   43.014002]  check_memory_region+0x123/0x190
[   43.014010]  memmove+0x24/0x50
[   43.014018]  insert_char+0xce/0x290
[   43.014028]  do_con_trol+0x35bd/0x5b40
[   43.014037]  ? reset_palette+0x180/0x180
[   43.014050]  ? __atomic_notifier_call_chain+0xc2/0x150
[   43.014061]  do_con_write.part.0+0xcc7/0x1b50
[   43.014068]  ? add_wait_queue+0x112/0x170
[   43.014098]  ? do_con_trol+0x5b40/0x5b40
[   43.014110]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   43.014119]  con_write+0x38/0xc0
[   43.014127]  n_tty_write+0x38b/0xf20
[   43.014145]  ? process_echoes+0x150/0x150
[   43.014152]  ? do_wait_intr_irq+0x2a0/0x2a0
[   43.014160]  ? kasan_check_write+0x14/0x20
[   43.014168]  ? _copy_from_user+0x99/0x110
[   43.014179]  tty_write+0x3f6/0x700
[   43.014190]  ? process_echoes+0x150/0x150
[   43.014201]  __vfs_write+0x105/0x6b0
[   43.014209]  ? tty_read+0x270/0x270
[   43.014216]  ? kernel_read+0x120/0x120
[   43.014226]  ? __inode_security_revalidate+0xd6/0x130
[   43.014235]  ? avc_policy_seqno+0x9/0x20
[   43.014243]  ? selinux_file_permission+0x85/0x480
[   43.014256]  ? security_file_permission+0x89/0x1f0
[   43.014265]  ? rw_verify_area+0xea/0x2b0
[   43.014273]  ? putname+0xe0/0x120
[   43.014282]  vfs_write+0x198/0x500
[   43.014303]  SyS_write+0xfd/0x230
[   43.014312]  ? SyS_read+0x230/0x230
[   43.014321]  ? do_syscall_64+0x53/0x640
[   43.014329]  ? SyS_read+0x230/0x230
[   43.014339]  do_syscall_64+0x1e8/0x640
[   43.014347]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   43.014360]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   43.014366] RIP: 0033:0x4404f9
[   43.014370] RSP: 002b:00007ffc36b28ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   43.014379] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404f9
[   43.014384] RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004
[   43.014388] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   43.014392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0
[   43.014396] R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000
[   43.014409] ==================================================================
[   43.014412] Disabling lock debugging due to kernel taint
[   43.014416] Kernel panic - not syncing: panic_on_warn set ...
[   43.014416] 
[   43.014422] CPU: 1 PID: 7239 Comm: syz-executor327 Tainted: G    B           4.14.163-syzkaller #0
[   43.014425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.014427] Call Trace:
[   43.014434]  dump_stack+0x142/0x197
[   43.014440]  ? insert_char+0xce/0x290
[   43.014446]  panic+0x1f9/0x42d
[   43.014451]  ? add_taint.cold+0x16/0x16
[   43.014459]  ? lock_downgrade+0x740/0x740
[   43.014467]  kasan_end_report+0x47/0x4f
[   43.014473]  kasan_report.cold+0x130/0x2af
[   43.014480]  check_memory_region+0x123/0x190
[   43.014485]  memmove+0x24/0x50
[   43.014490]  insert_char+0xce/0x290
[   43.014497]  do_con_trol+0x35bd/0x5b40
[   43.014504]  ? reset_palette+0x180/0x180
[   43.014513]  ? __atomic_notifier_call_chain+0xc2/0x150
[   43.014522]  do_con_write.part.0+0xcc7/0x1b50
[   43.014528]  ? add_wait_queue+0x112/0x170
[   43.014540]  ? do_con_trol+0x5b40/0x5b40
[   43.014549]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   43.014555]  con_write+0x38/0xc0
[   43.014562]  n_tty_write+0x38b/0xf20
[   43.014573]  ? process_echoes+0x150/0x150
[   43.014580]  ? do_wait_intr_irq+0x2a0/0x2a0
[   43.014586]  ? kasan_check_write+0x14/0x20
[   43.014592]  ? _copy_from_user+0x99/0x110
[   43.014600]  tty_write+0x3f6/0x700
[   43.014608]  ? process_echoes+0x150/0x150
[   43.014614]  __vfs_write+0x105/0x6b0
[   43.014621]  ? tty_read+0x270/0x270
[   43.014627]  ? kernel_read+0x120/0x120
[   43.014635]  ? __inode_security_revalidate+0xd6/0x130
[   43.014641]  ? avc_policy_seqno+0x9/0x20
[   43.014648]  ? selinux_file_permission+0x85/0x480
[   43.014658]  ? security_file_permission+0x89/0x1f0
[   43.014665]  ? rw_verify_area+0xea/0x2b0
[   43.014671]  ? putname+0xe0/0x120
[   43.014677]  vfs_write+0x198/0x500
[   43.014685]  SyS_write+0xfd/0x230
[   43.014691]  ? SyS_read+0x230/0x230
[   43.014698]  ? do_syscall_64+0x53/0x640
[   43.014704]  ? SyS_read+0x230/0x230
[   43.014711]  do_syscall_64+0x1e8/0x640
[   43.014717]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   43.014725]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   43.014728] RIP: 0033:0x4404f9
[   43.014731] RSP: 002b:00007ffc36b28ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   43.014737] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404f9
[   43.014740] RDX: 0000000000000078 RSI: 0000000020000000 RDI: 0000000000000004
[   43.014743] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   43.014747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0
[   43.014750] R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000
[   43.016208] Kernel Offset: disabled
[   43.529246] Rebooting in 86400 seconds..