[ 15.750905] random: sshd: uninitialized urandom read (32 bytes read, 33 bits of entropy available) [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.066338] random: sshd: uninitialized urandom read (32 bytes read, 38 bits of entropy available) [ 21.452098] random: sshd: uninitialized urandom read (32 bytes read, 39 bits of entropy available) [ 22.236749] random: sshd: uninitialized urandom read (32 bytes read, 98 bits of entropy available) [ 28.939871] random: sshd: uninitialized urandom read (32 bytes read, 108 bits of entropy available) Warning: Permanently added 'ci-android-44-kasan-gce-4,10.128.0.58' (ECDSA) to the list of known hosts. [ 34.346026] random: sshd: uninitialized urandom read (32 bytes read, 116 bits of entropy available) executing program [ 34.444074] device eql entered promiscuous mode [ 34.468527] ================================================================== [ 34.475902] BUG: KASAN: stack-out-of-bounds in iov_iter_advance+0x4c0/0x4f0 [ 34.482967] Read of size 8 at addr ffff8800b6377d38 by task syzkaller806650/3316 [ 34.490462] [ 34.492059] CPU: 1 PID: 3316 Comm: syzkaller806650 Not tainted 4.4.107-g610c835 #12 [ 34.499814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.509132] 0000000000000000 49616298a582e995 ffff8800b6377978 ffffffff81d0457d [ 34.517080] ffffea0002d8ddc0 ffff8800b6377d38 0000000000000000 ffff8800b6377d38 [ 34.525028] ffff8800b6377d30 ffff8800b63779b0 ffffffff814fbb23 ffff8800b6377d38 [ 34.532979] Call Trace: [ 34.535533] [] dump_stack+0xc1/0x124 [ 34.540868] [] print_address_description+0x73/0x260 [ 34.547504] [] kasan_report+0x285/0x370 [ 34.553096] [] ? iov_iter_advance+0x4c0/0x4f0 [ 34.559204] [] __asan_report_load8_noabort+0x14/0x20 [ 34.565921] [] iov_iter_advance+0x4c0/0x4f0 [ 34.571859] [] tun_do_read+0xa7b/0xcc0 [ 34.577360] [] ? tun_sock_write_space+0x1a0/0x1a0 [ 34.583817] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 34.590795] [] ? netdev_run_todo+0x4c5/0x6a0 [ 34.596816] [] ? dev_change_name+0x910/0x910 [ 34.602840] [] ? register_netdev+0x30/0x30 [ 34.608686] [] tun_chr_read_iter+0xe2/0x1e0 [ 34.614621] [] __vfs_read+0x339/0x440 [ 34.620041] [] ? vfs_iter_write+0x2d0/0x2d0 [ 34.625977] [] ? fsnotify+0xee0/0xee0 [ 34.631393] [] ? sock_do_ioctl+0x73/0xb0 [ 34.637069] [] ? avc_policy_seqno+0x9/0x20 [ 34.642919] [] ? selinux_file_permission+0x348/0x460 [ 34.649637] [] ? rw_verify_area+0x100/0x2f0 [ 34.655573] [] vfs_read+0x123/0x3a0 [ 34.660815] [] SyS_read+0xd9/0x1b0 [ 34.665968] [] ? do_sendfile+0xd30/0xd30 [ 34.671646] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 34.678105] [] entry_SYSCALL_64_fastpath+0x16/0x76 [ 34.684646] [ 34.686236] The buggy address belongs to the page: [ 34.691131] page:ffffea0002d8ddc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 34.699233] flags: 0x4000000000000000() [ 34.703279] page dumped because: kasan: bad access detected [ 34.708949] [ 34.710540] Memory state around the buggy address: [ 34.715433] ffff8800b6377c00: f2 f2 f2 f2 f2 00 02 f2 f2 00 00 00 00 00 00 00 [ 34.722757] ffff8800b6377c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.730078] >ffff8800b6377d00: f1 f1 f1 f1 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 [ 34.737402] ^ [ 34.742556] ffff8800b6377d80: 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 f2 f2 f2 [ 34.749880] ffff8800b6377e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.757202] ================================================================== [ 34.764522] Disabling lock debugging due to kernel taint [ 34.770572] Kernel panic - not syncing: panic_on_warn set ... [ 34.770572] [ 34.777911] CPU: 1 PID: 3316 Comm: syzkaller806650 Tainted: G B 4.4.107-g610c835 #12 [ 34.786884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.796201] 0000000000000000 49616298a582e995 ffff8800b63778d0 ffffffff81d0457d [ 34.804147] ffffffff83fb2cde ffff8800b63779a8 0000000000000000 ffff8800b6377d38 [ 34.812090] ffff8800b6377d30 ffff8800b6377998 ffffffff8141774a 0000000041b58ab3 [ 34.820037] Call Trace: [ 34.822592] [] dump_stack+0xc1/0x124 [ 34.827921] [] panic+0x1aa/0x388 [ 34.832902] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 34.839796] [] ? preempt_schedule_common+0x42/0x70 [ 34.846341] [] ? preempt_schedule+0x24/0x30 [ 34.852279] [] ? ___preempt_schedule+0x12/0x14 [ 34.858479] [] kasan_end_report+0x50/0x50 [ 34.864240] [] kasan_report+0x15c/0x370 [ 34.869831] [] ? iov_iter_advance+0x4c0/0x4f0 [ 34.875941] [] __asan_report_load8_noabort+0x14/0x20 [ 34.882656] [] iov_iter_advance+0x4c0/0x4f0 [ 34.888591] [] tun_do_read+0xa7b/0xcc0 [ 34.894093] [] ? tun_sock_write_space+0x1a0/0x1a0 [ 34.900551] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 34.907529] [] ? netdev_run_todo+0x4c5/0x6a0 [ 34.913549] [] ? dev_change_name+0x910/0x910 [ 34.919569] [] ? register_netdev+0x30/0x30 [ 34.925418] [] tun_chr_read_iter+0xe2/0x1e0 [ 34.931359] [] __vfs_read+0x339/0x440 [ 34.936775] [] ? vfs_iter_write+0x2d0/0x2d0 [ 34.942713] [] ? fsnotify+0xee0/0xee0 [ 34.948128] [] ? sock_do_ioctl+0x73/0xb0 [ 34.953804] [] ? avc_policy_seqno+0x9/0x20 [ 34.959657] [] ? selinux_file_permission+0x348/0x460 [ 34.966378] [] ? rw_verify_area+0x100/0x2f0 [ 34.972315] [] vfs_read+0x123/0x3a0 [ 34.977555] [] SyS_read+0xd9/0x1b0 [ 34.982711] [] ? do_sendfile+0xd30/0xd30 [ 34.988387] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 34.994844] [] entry_SYSCALL_64_fastpath+0x16/0x76 [ 35.001423] Dumping ftrace buffer: [ 35.004931] (ftrace buffer empty) [ 35.008605] Kernel Offset: disabled [ 35.012197] Rebooting in 86400 seconds..