[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [[ 16.197577] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) ....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.979292] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.247100] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available) [ 21.996655] random: sshd: uninitialized urandom read (32 bytes read, 81 bits of entropy available) [ 22.158780] random: sshd: uninitialized urandom read (32 bytes read, 85 bits of entropy available) Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts. [ 27.518345] random: sshd: uninitialized urandom read (32 bytes read, 93 bits of entropy available) executing program [ 27.621674] device gre0 entered promiscuous mode [ 27.645903] ================================================================== [ 27.653285] BUG: KASAN: stack-out-of-bounds in iov_iter_advance+0x4c0/0x4f0 [ 27.660390] Read of size 8 at addr ffff8800b4027cc0 by task syzkaller142637/3316 [ 27.667885] [ 27.669483] CPU: 0 PID: 3316 Comm: syzkaller142637 Not tainted 4.4.107-g610c835 #4 [ 27.677152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.686472] 0000000000000000 9e1bd450b5d201d4 ffff8800b4027900 ffffffff81d0457d [ 27.694427] ffffea0002d009c0 ffff8800b4027cc0 0000000000000000 ffff8800b4027cc0 [ 27.702382] ffff8800b4027cb8 ffff8800b4027938 ffffffff814fbb23 ffff8800b4027cc0 [ 27.710331] Call Trace: [ 27.712886] [] dump_stack+0xc1/0x124 [ 27.718214] [] print_address_description+0x73/0x260 [ 27.724845] [] kasan_report+0x285/0x370 [ 27.730442] [] ? iov_iter_advance+0x4c0/0x4f0 [ 27.736551] [] __asan_report_load8_noabort+0x14/0x20 [ 27.743269] [] iov_iter_advance+0x4c0/0x4f0 [ 27.749206] [] tun_do_read+0xa7b/0xcc0 [ 27.754708] [] ? devinet_ioctl+0x389/0x1490 [ 27.760660] [] ? tun_sock_write_space+0x1a0/0x1a0 [ 27.767132] [] ? rtnl_unlock+0xe/0x10 [ 27.772552] [] tun_chr_read_iter+0xe2/0x1e0 [ 27.778489] [] __vfs_read+0x339/0x440 [ 27.783905] [] ? vfs_iter_write+0x2d0/0x2d0 [ 27.789843] [] ? fsnotify+0xee0/0xee0 [ 27.795263] [] ? compat_SyS_ioctl+0x117/0x2540 [ 27.801464] [] ? avc_policy_seqno+0x9/0x20 [ 27.807314] [] ? selinux_file_permission+0x348/0x460 [ 27.814032] [] ? rw_verify_area+0x100/0x2f0 [ 27.819968] [] vfs_read+0x123/0x3a0 [ 27.825224] [] SyS_read+0xd9/0x1b0 [ 27.830380] [] ? do_sendfile+0xd30/0xd30 [ 27.836058] [] ? do_fast_syscall_32+0xd7/0x890 [ 27.842254] [] ? do_sendfile+0xd30/0xd30 [ 27.847935] [] do_fast_syscall_32+0x314/0x890 [ 27.854043] [] sysenter_flags_fixed+0xd/0x17 [ 27.860061] [ 27.861653] The buggy address belongs to the page: [ 27.866546] page:ffffea0002d009c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 27.874647] flags: 0x4000000000000000() [ 27.878696] page dumped because: kasan: bad access detected [ 27.884366] [ 27.885958] Memory state around the buggy address: [ 27.890851] ffff8800b4027b80: f2 f2 f2 f2 f2 f2 00 02 f2 f2 00 00 00 00 00 00 [ 27.898174] ffff8800b4027c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.905496] >ffff8800b4027c80: 00 f1 f1 f1 f1 00 00 f2 f2 f2 f2 f2 f2 00 00 00 [ 27.912815] ^ [ 27.918230] ffff8800b4027d00: 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 f2 f2 [ 27.925553] ffff8800b4027d80: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.932875] ================================================================== [ 27.940198] Disabling lock debugging due to kernel taint [ 27.945908] Kernel panic - not syncing: panic_on_warn set ... [ 27.945908] [ 27.953246] CPU: 0 PID: 3316 Comm: syzkaller142637 Tainted: G B 4.4.107-g610c835 #4 [ 27.962133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.971454] 0000000000000000 9e1bd450b5d201d4 ffff8800b4027858 ffffffff81d0457d [ 27.979406] ffffffff83fb2cde ffff8800b4027930 0000000000000000 ffff8800b4027cc0 [ 27.987354] ffff8800b4027cb8 ffff8800b4027920 ffffffff8141774a 0000000041b58ab3 [ 27.995303] Call Trace: [ 27.997859] [] dump_stack+0xc1/0x124 [ 28.003188] [] panic+0x1aa/0x388 [ 28.008169] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 28.015062] [] ? preempt_schedule_common+0x42/0x70 [ 28.021606] [] ? preempt_schedule+0x24/0x30 [ 28.027541] [] ? ___preempt_schedule+0x12/0x14 [ 28.033735] [] kasan_end_report+0x50/0x50 [ 28.039497] [] kasan_report+0x15c/0x370 [ 28.045086] [] ? iov_iter_advance+0x4c0/0x4f0 [ 28.051199] [] __asan_report_load8_noabort+0x14/0x20 [ 28.057916] [] iov_iter_advance+0x4c0/0x4f0 [ 28.063853] [] tun_do_read+0xa7b/0xcc0 [ 28.069357] [] ? devinet_ioctl+0x389/0x1490 [ 28.075294] [] ? tun_sock_write_space+0x1a0/0x1a0 [ 28.081753] [] ? rtnl_unlock+0xe/0x10 [ 28.087168] [] tun_chr_read_iter+0xe2/0x1e0 [ 28.093103] [] __vfs_read+0x339/0x440 [ 28.098517] [] ? vfs_iter_write+0x2d0/0x2d0 [ 28.104453] [] ? fsnotify+0xee0/0xee0 [ 28.109870] [] ? compat_SyS_ioctl+0x117/0x2540 [ 28.116066] [] ? avc_policy_seqno+0x9/0x20 [ 28.121916] [] ? selinux_file_permission+0x348/0x460 [ 28.128635] [] ? rw_verify_area+0x100/0x2f0 [ 28.134572] [] vfs_read+0x123/0x3a0 [ 28.139815] [] SyS_read+0xd9/0x1b0 [ 28.144969] [] ? do_sendfile+0xd30/0xd30 [ 28.150645] [] ? do_fast_syscall_32+0xd7/0x890 [ 28.156840] [] ? do_sendfile+0xd30/0xd30 [ 28.162513] [] do_fast_syscall_32+0x314/0x890 [ 28.168622] [] sysenter_flags_fixed+0xd/0x17 [ 28.174681] Dumping ftrace buffer: [ 28.178186] (ftrace buffer empty) [ 28.181878] Kernel Offset: disabled [ 28.185471] Rebooting in 86400 seconds..