[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 26.481510] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.466921] random: sshd: uninitialized urandom read (32 bytes read) [ 30.785933] random: sshd: uninitialized urandom read (32 bytes read) [ 31.493884] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts. [ 37.094620] random: sshd: uninitialized urandom read (32 bytes read) 2018/09/12 19:18:08 fuzzer started [ 38.223768] random: cc1: uninitialized urandom read (8 bytes read) 2018/09/12 19:18:10 dialing manager at 10.128.0.26:45425 2018/09/12 19:18:10 syscalls: 1 2018/09/12 19:18:10 code coverage: enabled 2018/09/12 19:18:10 comparison tracing: enabled 2018/09/12 19:18:10 setuid sandbox: enabled 2018/09/12 19:18:10 namespace sandbox: enabled 2018/09/12 19:18:10 fault injection: enabled 2018/09/12 19:18:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/09/12 19:18:10 net packed injection: enabled 2018/09/12 19:18:10 net device setup: enabled [ 41.006473] random: crng init done 19:22:14 executing program 0: eventfd2(0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x4000000000058fe4}]}) syz_execute_func(&(0x7f0000000200)="42805da07e0fef69dc644f1750710000ce0ecf4130410f3805de660f3825cf260f4fb6fd000000a33d062900770f789933d23d674141b1d8c70b00000244fe80cc39390f383065f047fe06bae5e5e575450f2e1ac4010d64ac7d5d31a3b7c44379dfb9d6adbe90dfe2989f3f") accept4(0xffffffffffffffff, &(0x7f0000000340)=@pppoe={0x18, 0x0, {0x0, @random}}, &(0x7f0000000080)=0x80, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000740)='./file0\x00', 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) creat(&(0x7f00000004c0)='./file0\x00', 0x0) fstat(0xffffffffffffffff, &(0x7f0000000140)) getgid() write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000280)={0xa0}, 0xa0) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000040)) ioctl$RTC_AIE_OFF(0xffffffffffffffff, 0x7002) 19:22:14 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r2, &(0x7f0000004380)=[{{&(0x7f00000001c0)=@sco, 0x80, &(0x7f0000000500), 0x0, &(0x7f0000000580)=""/246, 0xf6}}], 0x1, 0x0, &(0x7f00000044c0)) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000040)=""/11) close(r1) 19:22:14 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00004c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x10000200003) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f000087dffe)='F', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, &(0x7f0000da8ffc), 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0x2, 0x0, 0x0, @empty={[0x500, 0x0, 0x0, 0x0, 0x78]}}}, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x98) 19:22:14 executing program 5: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f0000000040)) tkill(r1, 0x15) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'bpq0\x00', 0x4013}) ptrace$setregset(0x4209, r1, 0x20000004, &(0x7f0000000100)={&(0x7f0000000040)}) 19:22:14 executing program 3: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000080)=0xc) getpid() sched_setscheduler(0x0, 0x5, &(0x7f0000000200)) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0x4) 19:22:14 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000000)) ioctl$RTC_UIE_ON(r0, 0x8994) ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8004700d, &(0x7f0000000080)) [ 283.661629] IPVS: ftp: loaded support on port[0] = 21 [ 283.674476] IPVS: ftp: loaded support on port[0] = 21 [ 283.675502] IPVS: ftp: loaded support on port[0] = 21 [ 283.711718] kasan: CONFIG_KASAN_INLINE enabled [ 283.716447] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 283.723998] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 283.730237] CPU: 0 PID: 5596 Comm: syz-executor5 Not tainted 4.19.0-rc3-next-20180912+ #72 [ 283.738633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 283.747998] RIP: 0010:mqueue_get_tree+0xba/0x2e0 [ 283.752754] Code: 4c 8d b3 98 00 00 00 4d 85 ed 0f 84 d1 00 00 00 e8 6b 44 3f fe 49 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e3 01 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b [ 283.771656] RSP: 0018:ffff880159307928 EFLAGS: 00010202 [ 283.777022] RAX: dffffc0000000000 RBX: ffff8801ca991340 RCX: ffffffff8160aca1 [ 283.784292] RDX: 0000001800000019 RSI: ffffffff833deb15 RDI: 000000c0000000c8 [ 283.791561] RBP: ffff880159307948 R08: fffffbfff13555fd R09: fffffbfff13555fc [ 283.798829] R10: fffffbfff13555fc R11: ffffffff89aaafe3 R12: ffff8801d7ac3500 [ 283.806096] R13: 000000c0000000c0 R14: ffff8801ca9913d8 R15: ffff8801ca9913d8 [ 283.813362] FS: 00000000017b7940(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000 [ 283.821582] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 283.827464] CR2: 0000000000482e00 CR3: 00000001592d1000 CR4: 00000000001406f0 [ 283.834729] Call Trace: [ 283.837321] vfs_get_tree+0x1cb/0x5c0 [ 283.841128] mq_create_mount+0xe3/0x190 [ 283.845099] mq_init_ns+0x15a/0x210 [ 283.848720] copy_ipcs+0x3d2/0x580 [ 283.852256] ? ipcns_get+0xe0/0xe0 [ 283.855807] ? do_mount+0x1db0/0x1db0 [ 283.859604] ? kmem_cache_alloc+0x33a/0x730 [ 283.863926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 283.869465] ? perf_event_namespaces+0x136/0x400 [ 283.874227] create_new_namespaces+0x376/0x900 [ 283.879280] ? sys_ni_syscall+0x20/0x20 [ 283.883259] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 283.888793] ? ns_capable_common+0x13f/0x170 [ 283.893207] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 283.898139] ksys_unshare+0x79c/0x10b0 [ 283.902029] ? walk_process_tree+0x440/0x440 [ 283.906436] ? lock_downgrade+0x900/0x900 [ 283.910589] ? kasan_check_read+0x11/0x20 [ 283.914733] ? do_raw_spin_unlock+0xa7/0x2f0 [ 283.919142] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 283.923728] ? kasan_check_write+0x14/0x20 [ 283.927959] ? do_raw_read_unlock+0x3f/0x60 [ 283.932283] ? do_syscall_64+0x9a/0x820 [ 283.936259] ? do_syscall_64+0x9a/0x820 [ 283.940232] ? lockdep_hardirqs_on+0x421/0x5c0 [ 283.944814] ? trace_hardirqs_on+0xbd/0x310 [ 283.949229] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 283.954600] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 283.960054] ? __ia32_sys_prlimit64+0x8c0/0x8c0 [ 283.964725] __x64_sys_unshare+0x31/0x40 [ 283.968784] do_syscall_64+0x1b9/0x820 [ 283.972669] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 283.978033] ? syscall_return_slowpath+0x5e0/0x5e0 [ 283.982957] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 283.987802] ? trace_hardirqs_on_caller+0x310/0x310 [ 283.992814] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 283.997832] ? prepare_exit_to_usermode+0x291/0x3b0 [ 284.002850] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 284.007701] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 284.012888] RIP: 0033:0x459d87 [ 284.016087] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 3d 8a fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 1d 8a fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 284.035092] RSP: 002b:00007ffdabe3a7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 284.042803] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459d87 [ 284.050068] RDX: 0000000000000000 RSI: 00007ffdabe3a7c0 RDI: 0000000008000000 [ 284.057335] RBP: 0000000000930b28 R08: 0000000000000000 R09: 0000000000000018 [ 284.064600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000010 [ 284.071869] R13: 0000000000412cc0 R14: 0000000000000000 R15: 0000000000000000 [ 284.079141] Modules linked in: [ 284.082425] ---[ end trace 173cb38844f1bec4 ]--- [ 284.087208] RIP: 0010:mqueue_get_tree+0xba/0x2e0 [ 284.091989] Code: 4c 8d b3 98 00 00 00 4d 85 ed 0f 84 d1 00 00 00 e8 6b 44 3f fe 49 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e3 01 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b [ 284.110923] RSP: 0018:ffff880159307928 EFLAGS: 00010202 [ 284.116291] RAX: dffffc0000000000 RBX: ffff8801ca991340 RCX: ffffffff8160aca1 [ 284.123580] RDX: 0000001800000019 RSI: ffffffff833deb15 RDI: 000000c0000000c8 [ 284.130882] RBP: ffff880159307948 R08: fffffbfff13555fd R09: fffffbfff13555fc [ 284.138172] R10: fffffbfff13555fc R11: ffffffff89aaafe3 R12: ffff8801d7ac3500 [ 284.145455] R13: 000000c0000000c0 R14: ffff8801ca9913d8 R15: ffff8801ca9913d8 [ 284.152767] FS: 00000000017b7940(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000 [ 284.161016] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 284.166893] CR2: 0000000000482e00 CR3: 00000001592d1000 CR4: 00000000001406f0 [ 284.174196] Kernel panic - not syncing: Fatal exception [ 284.180435] Kernel Offset: disabled [ 284.184075] Rebooting in 86400 seconds..