[ 15.996149] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.614617] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 20.972491] random: sshd: uninitialized urandom read (32 bytes read, 36 bits of entropy available) [ 21.683915] random: sshd: uninitialized urandom read (32 bytes read, 76 bits of entropy available) [ 21.854420] random: sshd: uninitialized urandom read (32 bytes read, 80 bits of entropy available) Warning: Permanently added 'ci-android-44-kasan-gce-386-1,10.128.0.5' (ECDSA) to the list of known hosts. [ 27.227593] random: sshd: uninitialized urandom read (32 bytes read, 88 bits of entropy available) executing program [ 27.335781] device eql entered promiscuous mode [ 27.353857] ================================================================== [ 27.361249] BUG: KASAN: stack-out-of-bounds in iov_iter_advance+0x4c0/0x4f0 [ 27.368327] Read of size 8 at addr ffff8800b41afcc0 by task syzkaller493065/3320 [ 27.375836] [ 27.377445] CPU: 1 PID: 3320 Comm: syzkaller493065 Not tainted 4.4.107-g610c835 #4 [ 27.385127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.394455] 0000000000000000 42adcece8bd377d1 ffff8800b41af900 ffffffff81d0457d [ 27.402443] ffffea0002d06bc0 ffff8800b41afcc0 0000000000000000 ffff8800b41afcc0 [ 27.410435] ffff8800b41afcb8 ffff8800b41af938 ffffffff814fbb23 ffff8800b41afcc0 [ 27.418417] Call Trace: [ 27.420983] [] dump_stack+0xc1/0x124 [ 27.426326] [] print_address_description+0x73/0x260 [ 27.432969] [] kasan_report+0x285/0x370 [ 27.438578] [] ? iov_iter_advance+0x4c0/0x4f0 [ 27.444708] [] __asan_report_load8_noabort+0x14/0x20 [ 27.451446] [] iov_iter_advance+0x4c0/0x4f0 [ 27.457398] [] tun_do_read+0xa7b/0xcc0 [ 27.462993] [] ? devinet_ioctl+0x389/0x1490 [ 27.468930] [] ? tun_sock_write_space+0x1a0/0x1a0 [ 27.475388] [] ? rtnl_unlock+0xe/0x10 [ 27.480803] [] tun_chr_read_iter+0xe2/0x1e0 [ 27.486739] [] __vfs_read+0x339/0x440 [ 27.492154] [] ? vfs_iter_write+0x2d0/0x2d0 [ 27.498091] [] ? fsnotify+0xee0/0xee0 [ 27.503506] [] ? compat_SyS_ioctl+0x117/0x2540 [ 27.509719] [] ? avc_policy_seqno+0x9/0x20 [ 27.515572] [] ? selinux_file_permission+0x348/0x460 [ 27.522287] [] ? rw_verify_area+0x100/0x2f0 [ 27.528220] [] vfs_read+0x123/0x3a0 [ 27.533463] [] SyS_read+0xd9/0x1b0 [ 27.538614] [] ? do_sendfile+0xd30/0xd30 [ 27.544290] [] ? do_fast_syscall_32+0xd7/0x890 [ 27.550488] [] ? do_sendfile+0xd30/0xd30 [ 27.556163] [] do_fast_syscall_32+0x314/0x890 [ 27.562282] [] sysenter_flags_fixed+0xd/0x17 [ 27.568300] [ 27.569891] The buggy address belongs to the page: [ 27.574788] page:ffffea0002d06bc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 27.582895] flags: 0x4000000000000000() [ 27.586945] page dumped because: kasan: bad access detected [ 27.592615] [ 27.594205] Memory state around the buggy address: [ 27.599099] ffff8800b41afb80: f2 f2 f2 f2 f2 f2 00 02 f2 f2 00 00 00 00 00 00 [ 27.606422] ffff8800b41afc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.613744] >ffff8800b41afc80: 00 f1 f1 f1 f1 00 00 f2 f2 f2 f2 f2 f2 00 00 00 [ 27.621065] ^ [ 27.626477] ffff8800b41afd00: 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 f2 f2 [ 27.633798] ffff8800b41afd80: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.641117] ================================================================== [ 27.648438] Disabling lock debugging due to kernel taint [ 27.655102] Kernel panic - not syncing: panic_on_warn set ... [ 27.655102] [ 27.662451] CPU: 1 PID: 3320 Comm: syzkaller493065 Tainted: G B 4.4.107-g610c835 #4 [ 27.671339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.680657] 0000000000000000 42adcece8bd377d1 ffff8800b41af858 ffffffff81d0457d [ 27.688600] ffffffff83fb2cde ffff8800b41af930 0000000000000000 ffff8800b41afcc0 [ 27.696537] ffff8800b41afcb8 ffff8800b41af920 ffffffff8141774a 0000000041b58ab3 [ 27.704490] Call Trace: [ 27.707043] [] dump_stack+0xc1/0x124 [ 27.712373] [] panic+0x1aa/0x388 [ 27.717354] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 27.724244] [] ? preempt_schedule_common+0x42/0x70 [ 27.730785] [] ? preempt_schedule+0x24/0x30 [ 27.736719] [] ? ___preempt_schedule+0x12/0x14 [ 27.742913] [] kasan_end_report+0x50/0x50 [ 27.748671] [] kasan_report+0x15c/0x370 [ 27.754265] [] ? iov_iter_advance+0x4c0/0x4f0 [ 27.760374] [] __asan_report_load8_noabort+0x14/0x20 [ 27.767088] [] iov_iter_advance+0x4c0/0x4f0 [ 27.773029] [] tun_do_read+0xa7b/0xcc0 [ 27.778531] [] ? devinet_ioctl+0x389/0x1490 [ 27.784467] [] ? tun_sock_write_space+0x1a0/0x1a0 [ 27.790924] [] ? rtnl_unlock+0xe/0x10 [ 27.796337] [] tun_chr_read_iter+0xe2/0x1e0 [ 27.802272] [] __vfs_read+0x339/0x440 [ 27.807686] [] ? vfs_iter_write+0x2d0/0x2d0 [ 27.813626] [] ? fsnotify+0xee0/0xee0 [ 27.819040] [] ? compat_SyS_ioctl+0x117/0x2540 [ 27.825236] [] ? avc_policy_seqno+0x9/0x20 [ 27.831083] [] ? selinux_file_permission+0x348/0x460 [ 27.837796] [] ? rw_verify_area+0x100/0x2f0 [ 27.843729] [] vfs_read+0x123/0x3a0 [ 27.848968] [] SyS_read+0xd9/0x1b0 [ 27.854121] [] ? do_sendfile+0xd30/0xd30 [ 27.859793] [] ? do_fast_syscall_32+0xd7/0x890 [ 27.865989] [] ? do_sendfile+0xd30/0xd30 [ 27.871660] [] do_fast_syscall_32+0x314/0x890 [ 27.877767] [] sysenter_flags_fixed+0xd/0x17 [ 27.883822] Dumping ftrace buffer: [ 27.887327] (ftrace buffer empty) [ 27.891001] Kernel Offset: disabled [ 27.894590] Rebooting in 86400 seconds..