[ 14.014620] random: sshd: uninitialized urandom read (32 bytes read, 31 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.410610] random: sshd: uninitialized urandom read (32 bytes read, 45 bits of entropy available) [ 36.725332] random: sshd: uninitialized urandom read (32 bytes read, 45 bits of entropy available) [ 37.251473] random: sshd: uninitialized urandom read (32 bytes read, 105 bits of entropy available) [ 40.993792] random: sshd: uninitialized urandom read (32 bytes read, 113 bits of entropy available) Warning: Permanently added 'ci-android-44-kasan-gce-1,10.128.15.224' (ECDSA) to the list of known hosts. [ 46.378034] random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available) executing program [ 46.490477] device gre0 entered promiscuous mode [ 46.510771] ================================================================== [ 46.518137] BUG: KASAN: stack-out-of-bounds in iov_iter_advance+0x406/0x490 at addr ffff8800b8a2fd48 [ 46.527368] Read of size 8 by task syzkaller147879/3324 [ 46.532691] page:ffffea0002e28bc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 46.540797] flags: 0x4000000000000000() [ 46.544844] page dumped because: kasan: bad access detected [ 46.550514] CPU: 1 PID: 3324 Comm: syzkaller147879 Not tainted 4.4.104-ged884eb #2 [ 46.558181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.567586] 0000000000000000 e0f28c3d166fbdbc ffff8800b8a2f978 ffffffff81cc9b0f [ 46.575543] ffffed0017145fa9 ffffed0017145fa9 ffff8800b8a2fa00 ffffffff814db3d5 [ 46.583481] 0000000000000001 ffff8800b8a2fc4a ffffffff81d03d36 0000000000000286 [ 46.591418] Call Trace: [ 46.593968] [] dump_stack+0x8e/0xcf [ 46.599207] [] kasan_report.part.2+0x445/0x530 [ 46.605401] [] ? iov_iter_advance+0x406/0x490 [ 46.611505] [] ? __check_object_size+0x100/0x2b0 [ 46.617871] [] __asan_report_load8_noabort+0x29/0x30 [ 46.624584] [] iov_iter_advance+0x406/0x490 [ 46.630515] [] tun_do_read+0x6cd/0x10b0 [ 46.636107] [] ? tun_sock_write_space+0x170/0x170 [ 46.642561] [] ? netdev_run_todo+0xf7/0x620 [ 46.648492] [] ? dev_set_rx_mode+0x29/0x30 [ 46.654337] [] ? register_netdev+0x30/0x30 [ 46.660181] [] ? __lock_is_held+0xa1/0xf0 [ 46.665941] [] tun_chr_read_iter+0xd6/0x1e0 [ 46.671875] [] __vfs_read+0x29e/0x3e0 [ 46.677286] [] ? vfs_iter_write+0x2d0/0x2d0 [ 46.683217] [] ? fsnotify+0xe40/0xe40 [ 46.688634] [] ? rw_verify_area+0xbb/0x2c0 [ 46.694479] [] vfs_read+0xe1/0x340 [ 46.699637] [] SyS_read+0xd3/0x1c0 [ 46.704797] [] ? do_sendfile+0xf40/0xf40 [ 46.710472] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 46.716929] [] entry_SYSCALL_64_fastpath+0x16/0x76 [ 46.723494] Memory state around the buggy address: [ 46.728384] ffff8800b8a2fc00: 04 f2 f2 f2 f2 f2 f2 f2 00 02 f2 f2 00 00 00 00 [ 46.735705] ffff8800b8a2fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.743035] >ffff8800b8a2fd00: 00 00 f1 f1 f1 f1 00 00 f2 f2 f2 f2 f2 f2 00 00 [ 46.750353] ^ [ 46.756035] ffff8800b8a2fd80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 f2 [ 46.763355] ffff8800b8a2fe00: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.770673] ================================================================== [ 46.777993] Disabling lock debugging due to kernel taint