[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 34.097596] random: sshd: uninitialized urandom read (32 bytes read)
[ 34.366072] kauditd_printk_skb: 10 callbacks suppressed
[ 34.366081] audit: type=1400 audit(1575374382.637:35): avc: denied { map } for pid=6954 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[ 34.472213] random: sshd: uninitialized urandom read (32 bytes read)
[ 35.055808] random: sshd: uninitialized urandom read (32 bytes read)
[ 35.306769] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.217' (ECDSA) to the list of known hosts.
[ 41.059466] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[ 41.191513] audit: type=1400 audit(1575374389.467:36): avc: denied { map } for pid=6967 comm="syz-executor404" path="/root/syz-executor404919193" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 41.223769] ==================================================================
[ 41.223797] BUG: KASAN: global-out-of-bounds in fbcon_get_font+0x288/0x550
[ 41.223803] Read of size 28 at addr ffffffff87063798 by task syz-executor404/6970
[ 41.223806]
[ 41.223814] CPU: 0 PID: 6970 Comm: syz-executor404 Not tainted 4.14.157-syzkaller #0
[ 41.223818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 41.223822] Call Trace:
[ 41.223833] dump_stack+0x142/0x197
[ 41.223842] ? fbcon_get_font+0x288/0x550
[ 41.223852] print_address_description.cold+0x5/0x1dc
[ 41.223859] ? fbcon_get_font+0x288/0x550
[ 41.223866] kasan_report.cold+0xa9/0x2af
[ 41.223877] check_memory_region+0x123/0x190
[ 41.223885] memcpy+0x24/0x50
[ 41.223893] fbcon_get_font+0x288/0x550
[ 41.223902] ? display_to_var+0x7e0/0x7e0
[ 41.223911] con_font_op+0x1d5/0x1060
[ 41.223920] ? avc_has_extended_perms+0x7b7/0xe40
[ 41.223929] ? con_write+0xc0/0xc0
[ 41.223940] ? security_capable+0x8e/0xc0
[ 41.223951] ? ns_capable_common+0x12c/0x160
[ 41.223962] vt_ioctl+0xb80/0x2170
[ 41.223968] ? avc_has_extended_perms+0x8ec/0xe40
[ 41.223978] ? futex_wake+0x134/0x430
[ 41.223987] ? complete_change_console+0x360/0x360
[ 41.223994] ? avc_ss_reset+0x110/0x110
[ 41.224007] ? tty_jobctrl_ioctl+0x44/0xc10
[ 41.224014] ? complete_change_console+0x360/0x360
[ 41.224024] tty_ioctl+0x841/0x1320
[ 41.224033] ? tty_vhangup+0x30/0x30
[ 41.224050] ? __might_sleep+0x93/0xb0
[ 41.224057] ? __fget+0x210/0x370
[ 41.224069] ? tty_vhangup+0x30/0x30
[ 41.224078] do_vfs_ioctl+0x7ae/0x1060
[ 41.224088] ? selinux_file_mprotect+0x5d0/0x5d0
[ 41.224104] ? lock_downgrade+0x740/0x740
[ 41.224114] ? ioctl_preallocate+0x1c0/0x1c0
[ 41.224121] ? __fget+0x237/0x370
[ 41.224133] ? security_file_ioctl+0x7d/0xb0
[ 41.224140] ? security_file_ioctl+0x89/0xb0
[ 41.224150] SyS_ioctl+0x8f/0xc0
[ 41.224157] ? do_vfs_ioctl+0x1060/0x1060
[ 41.224168] do_syscall_64+0x1e8/0x640
[ 41.224175] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 41.224189] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 41.224196] RIP: 0033:0x44a6f9
[ 41.224200] RSP: 002b:00007fb3ab111ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 41.224207] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 000000000044a6f9
[ 41.224212] RDX: 0000000020000140 RSI: 0000000000004b60 RDI: 0000000000000005
[ 41.224216] RBP: 00000000006dbc30 R08: 0000000000000000 R09: 0000000000000000
[ 41.224220] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc3c
[ 41.224224] R13: 00007ffd7095347f R14: 00007fb3ab1129c0 R15: 20c49ba5e353f7cf
[ 41.224238]
[ 41.224241] The buggy address belongs to the variable:
[ 41.224248] fontdata_8x16+0xff8/0x1120
[ 41.224250]
[ 41.224253] Memory state around the buggy address:
[ 41.224259] ffffffff87063680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.224265] ffffffff87063700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 41.224270] >ffffffff87063780: 00 00 00 00 fa fa fa fa 06 fa fa fa fa fa fa fa
[ 41.224274] ^
[ 41.224279] ffffffff87063800: 05 fa fa fa fa fa fa fa 06 fa fa fa fa fa fa fa
[ 41.224284] ffffffff87063880: 00 00 03 fa fa fa fa fa 00 00 00 00 00 00 00 00
[ 41.224287] ==================================================================
[ 41.224290] Disabling lock debugging due to kernel taint
[ 41.224294] Kernel panic - not syncing: panic_on_warn set ...
[ 41.224294]
[ 41.224300] CPU: 0 PID: 6970 Comm: syz-executor404 Tainted: G B 4.14.157-syzkaller #0
[ 41.224303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 41.224305] Call Trace:
[ 41.224311] dump_stack+0x142/0x197
[ 41.224317] ? fbcon_get_font+0x288/0x550
[ 41.224322] panic+0x1f9/0x42d
[ 41.224326] ? add_taint.cold+0x16/0x16
[ 41.224332] ? lock_downgrade+0x740/0x740
[ 41.224339] kasan_end_report+0x47/0x4f
[ 41.224344] kasan_report.cold+0x130/0x2af
[ 41.224350] check_memory_region+0x123/0x190
[ 41.224354] memcpy+0x24/0x50
[ 41.224359] fbcon_get_font+0x288/0x550
[ 41.224365] ? display_to_var+0x7e0/0x7e0
[ 41.224370] con_font_op+0x1d5/0x1060
[ 41.224374] ? avc_has_extended_perms+0x7b7/0xe40
[ 41.224380] ? con_write+0xc0/0xc0
[ 41.224385] ? security_capable+0x8e/0xc0
[ 41.224391] ? ns_capable_common+0x12c/0x160
[ 41.224397] vt_ioctl+0xb80/0x2170
[ 41.224401] ? avc_has_extended_perms+0x8ec/0xe40
[ 41.224406] ? futex_wake+0x134/0x430
[ 41.224412] ? complete_change_console+0x360/0x360
[ 41.224417] ? avc_ss_reset+0x110/0x110
[ 41.224424] ? tty_jobctrl_ioctl+0x44/0xc10
[ 41.224428] ? complete_change_console+0x360/0x360
[ 41.224434] tty_ioctl+0x841/0x1320
[ 41.224439] ? tty_vhangup+0x30/0x30
[ 41.224447] ? __might_sleep+0x93/0xb0
[ 41.224451] ? __fget+0x210/0x370
[ 41.224458] ? tty_vhangup+0x30/0x30
[ 41.224462] do_vfs_ioctl+0x7ae/0x1060
[ 41.224467] ? selinux_file_mprotect+0x5d0/0x5d0
[ 41.224472] ? lock_downgrade+0x740/0x740
[ 41.224477] ? ioctl_preallocate+0x1c0/0x1c0
[ 41.224483] ? __fget+0x237/0x370
[ 41.224489] ? security_file_ioctl+0x7d/0xb0
[ 41.224494] ? security_file_ioctl+0x89/0xb0
[ 41.224499] SyS_ioctl+0x8f/0xc0
[ 41.224505] ? do_vfs_ioctl+0x1060/0x1060
[ 41.224512] do_syscall_64+0x1e8/0x640
[ 41.224519] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 41.224528] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 41.224532] RIP: 0033:0x44a6f9
[ 41.224535] RSP: 002b:00007fb3ab111ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 41.224541] RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 000000000044a6f9
[ 41.224544] RDX: 0000000020000140 RSI: 0000000000004b60 RDI: 0000000000000005
[ 41.224548] RBP: 00000000006dbc30 R08: 0000000000000000 R09: 0000000000000000
[ 41.224552] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc3c
[ 41.224555] R13: 00007ffd7095347f R14: 00007fb3ab1129c0 R15: 20c49ba5e353f7cf
[ 41.225844] Kernel Offset: disabled
[ 41.784977] Rebooting in 86400 seconds..