[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   24.683010] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   28.191026] random: sshd: uninitialized urandom read (32 bytes read)
[   28.467638] random: sshd: uninitialized urandom read (32 bytes read)
[   29.233813] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts.
[   35.237058] random: sshd: uninitialized urandom read (32 bytes read)
2018/09/12 06:44:20 fuzzer started
[   36.325775] random: cc1: uninitialized urandom read (8 bytes read)
2018/09/12 06:44:22 dialing manager at 10.128.0.26:42863
2018/09/12 06:44:22 syscalls: 1
2018/09/12 06:44:22 code coverage: enabled
2018/09/12 06:44:22 comparison tracing: enabled
2018/09/12 06:44:22 setuid sandbox: enabled
2018/09/12 06:44:22 namespace sandbox: enabled
2018/09/12 06:44:22 fault injection: enabled
2018/09/12 06:44:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/09/12 06:44:22 net packed injection: enabled
2018/09/12 06:44:22 net device setup: enabled
[   39.083108] random: crng init done
06:47:48 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_ifreq(r1, 0x89f3, &(0x7f0000000000)={'ip6_vti0\x00', @ifru_settings={0x70e000, 0x0, @sync=&(0x7f0000000040)}})

06:47:48 executing program 1:
r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xffa4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
r2 = socket$kcm(0x2, 0x3, 0x2)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000380)="6e7230010060a19ef9d2c673d9a1571cb9e1369bcd61ef7e49793ae18712eceb1daa769497800b7fbbd35b170c10751d39aeb660d863e49b8c4f3b3cad48902b5b2d6cfd0abd372c63bcf5d70df3fd4d2e8d443c88c60fd7140fbc0e5637dd82fc3435bed4de5d693c9a781c863e05d8a6f8689a5be29216061f3ff53f8b6b396678e7ba155ef9152d7e43b1eccb2331eb8eb1ed5586dcf8b3b0b999361a44ff2c22c2abbef42dd24eabe6723346a6e46c0499a21442d8d00dcb57f013ff7595edd0ff076930de3675d34117a44eb0e4f832936da44e")
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={"6e72300100", 0x801})
ioctl$TUNSETLINK(r3, 0x400454cd, 0x308)
recvmsg$kcm(r2, &(0x7f0000001880)={0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000000540)=""/47, 0x2f}, {&(0x7f00000005c0)=""/9, 0x9}, {&(0x7f0000000600)=""/117, 0x75}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x4, &(0x7f0000001840)=""/33, 0x21, 0x1}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r5 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x2, 0x0)
r6 = openat$cgroup_ro(r4, &(0x7f0000000300)='memory.stat\x00', 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000500), 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000400), 0x2c)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000200)={<r7=>0x0, @in={{0x2, 0x4e20, @remote}}, 0x0, 0x3425, 0x6, 0x80000001, 0x80}, &(0x7f00000000c0)=0x98)
setsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={r7, 0xd6b}, 0x8)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={0xffffffffffffffff, 0x3, 0x1, 0x0, &(0x7f0000000340)=[0x0], 0x1}, 0x20)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0xfffffffeffffffff)
setsockopt$inet_mtu(r5, 0x0, 0xa, &(0x7f0000000000)=0x7, 0x4)

06:47:48 executing program 5:
pkey_alloc(0x0, 0x0)
pkey_free(0xffffffffffffffff)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)=@known='trusted.syz\x00')
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000009c0)={{{@in=@dev, @in=@multicast2}}, {{@in=@dev}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000080)=0x185)
getgid()
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000340)='/dev/rfkill\x00', 0x0, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, &(0x7f0000004dc0)=ANY=[], 0x0)
chroot(&(0x7f00000001c0)='./file0/../file0\x00')
accept$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
open(&(0x7f0000000180)='./file0/../file0\x00', 0x0, 0x0)
ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f00000000c0))
fchownat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0)
ioctl$SCSI_IOCTL_DOORUNLOCK(0xffffffffffffffff, 0x5381)
write$vnet(0xffffffffffffffff, &(0x7f0000000280)={0x1, {&(0x7f0000003c40)=""/140, 0x8c, &(0x7f0000003d00)=""/178}}, 0xe4)
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f00000008c0), 0x0, 0x0, 0xfffffffffffffff8)
add_key(&(0x7f0000000ac0)='encrypted\x00', &(0x7f0000000b00), &(0x7f0000000b40), 0x0, 0xfffffffffffffff9)
syz_execute_func(&(0x7f0000000240)="428055a0876969ef69dc00d990c8400f1837370f38211ac4c19086d9f28fd9410feefa4e2179fbe5e54175455d0f2e1a911a01660ff7f031a3b786e2989f7f")

06:47:48 executing program 2:
clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
set_robust_list(&(0x7f0000000100)={&(0x7f0000000040), 0x0, &(0x7f00000000c0)={&(0x7f0000000080)}}, 0x18)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000000))
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcs\x00', 0x0, 0x0)
io_setup(0x0, &(0x7f00000001c0))
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, &(0x7f0000000280)}}], 0x1, 0x0, &(0x7f0000003280))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000400)={<r3=>0x0, 0x90}, &(0x7f0000000540)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000580)={0x9, 0xfffffffffffffc00, 0x0, 0x3, 0x3, 0x10000, 0x9, 0x1, r3}, &(0x7f00000005c0)=0x20)
r4 = shmget(0xffffffffffffffff, 0x2000, 0x780000a0, &(0x7f0000ffe000/0x2000)=nil)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000840)=ANY=[@ANYBLOB], &(0x7f0000000000)=0x1)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000040), 0x8)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000e00)=ANY=[@ANYBLOB="dc000000e87c86b567470d8452ba8cb8f91e3ebb2a19cf2ac8f27757898dacbdf103e7f6e534ef956c2292264725646a8e9f7428b00925d4e215c8f96bbc8420ea331cc20bd7c940170b50467fd04c9706e60a58836e45ebf7b2c00c3bbac337e36df7cc2c01838d66bad4427e99ba6c43b5cb32cdae0431c322b0540b242caeedd8cb9beb0b653d8b6610622fb5402fd065c86593ccb5478bffbb8064ba5a6c164f614477ea4a5e0359471056adc954ead01822e3515a6b30c8b4dd889ebc47a90255faf581aa73991e6dc2223e9dd5606e684944dff8ef399fe278cd40f923ee9d9360c7ec700000000000000052cc96ddbe"], &(0x7f0000000080)=0x1)
shmat(r4, &(0x7f0000ffb000/0x4000)=nil, 0x5000)
r5 = syz_open_procfs(0x0, &(0x7f0000000280)='syscall\x00')
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f00000002c0)={0x0, 0x0, 0x8, 0x0, 0x6}, &(0x7f0000000300)=0x20)
ioctl$TUNGETFILTER(r1, 0x801054db, &(0x7f0000000680)=""/172)
preadv(r5, &(0x7f0000000cc0)=[{&(0x7f0000000340)=""/104, 0x68}, {&(0x7f0000000980)=""/165, 0xa5}, {&(0x7f0000000b40)=""/182, 0xb6}, {&(0x7f0000000d40)=""/136, 0x88}], 0x4, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(0xffffffffffffffff, 0x40045731, &(0x7f0000000140))
preadv(r5, &(0x7f00000017c0), 0x1d0, 0x0)
io_setup(0x100000001, &(0x7f0000000200))
io_getevents(0x0, 0x40, 0x0, &(0x7f0000000240), 0x0)
write$P9_RWALK(0xffffffffffffffff, &(0x7f0000000600)=ANY=[], 0x0)

06:47:48 executing program 3:
r0 = inotify_init()
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
inotify_add_watch(r0, &(0x7f0000000040)='.\x00', 0x80000003)
write$binfmt_elf64(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="eb"], 0x1)
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000000))

06:47:48 executing program 4:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0)
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]})
syz_execute_func(&(0x7f0000000400)="428055a08e6969ef69dc00d990c841ff0f1837c4c3397c2a060f38211a40a5c19086d9f28fc9410feefae5e54175455d0f2e1a1a010d64ac1e5d31a3b786e2989f7f")

[  242.983822] IPVS: ftp: loaded support on port[0] = 21
[  243.140357] IPVS: ftp: loaded support on port[0] = 21
[  243.192211] IPVS: ftp: loaded support on port[0] = 21
[  243.228231] IPVS: ftp: loaded support on port[0] = 21
[  243.238932] kasan: CONFIG_KASAN_INLINE enabled
[  243.243710] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  243.251172] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  243.257413] CPU: 1 PID: 5586 Comm: syz-executor3 Not tainted 4.19.0-rc3-next-20180912+ #72
[  243.265809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  243.275318] RIP: 0010:mqueue_get_tree+0xba/0x2e0
[  243.280099] Code: 4c 8d b3 98 00 00 00 4d 85 ed 0f 84 d1 00 00 00 e8 6b 44 3f fe 49 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e3 01 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b
[  243.299021] RSP: 0018:ffff880169917928 EFLAGS: 00010202
[  243.304389] RAX: dffffc0000000000 RBX: ffff8801d8a92a80 RCX: ffffffff8160aca1
[  243.311671] RDX: 0000001800000019 RSI: ffffffff833deb15 RDI: 000000c0000000c8
[  243.318950] RBP: ffff880169917948 R08: fffffbfff13555fd R09: fffffbfff13555fc
[  243.326218] R10: fffffbfff13555fc R11: ffffffff89aaafe3 R12: ffff8801d7b62dc0
[  243.333502] R13: 000000c0000000c0 R14: ffff8801d8a92b18 R15: ffff8801d8a92b18
[  243.340775] FS:  0000000001b87940(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
[  243.349004] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  243.354882] CR2: 0000000000482e00 CR3: 00000001698e8000 CR4: 00000000001406e0
[  243.362151] Call Trace:
[  243.364847]  vfs_get_tree+0x1cb/0x5c0
[  243.368659]  mq_create_mount+0xe3/0x190
[  243.372641]  mq_init_ns+0x15a/0x210
[  243.376274]  copy_ipcs+0x3d2/0x580
[  243.379811]  ? ipcns_get+0xe0/0xe0
[  243.383382]  ? do_mount+0x1db0/0x1db0
[  243.387220]  ? kmem_cache_alloc+0x33a/0x730
[  243.391603]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  243.397170]  ? perf_event_namespaces+0x136/0x400
[  243.401967]  create_new_namespaces+0x376/0x900
[  243.406560]  ? sys_ni_syscall+0x20/0x20
[  243.410548]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  243.416164]  ? ns_capable_common+0x13f/0x170
[  243.420601]  unshare_nsproxy_namespaces+0xc3/0x1f0
[  243.425592]  ksys_unshare+0x79c/0x10b0
[  243.429486]  ? walk_process_tree+0x440/0x440
[  243.433954]  ? lock_downgrade+0x900/0x900
[  243.438118]  ? kasan_check_read+0x11/0x20
[  243.442263]  ? do_raw_spin_unlock+0xa7/0x2f0
[  243.446668]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  243.451256]  ? kasan_check_write+0x14/0x20
[  243.455490]  ? do_raw_read_unlock+0x3f/0x60
[  243.459845]  ? do_syscall_64+0x9a/0x820
[  243.463818]  ? do_syscall_64+0x9a/0x820
[  243.467791]  ? lockdep_hardirqs_on+0x421/0x5c0
[  243.472457]  ? trace_hardirqs_on+0xbd/0x310
[  243.476860]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  243.482230]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  243.487706]  ? __ia32_sys_prlimit64+0x8c0/0x8c0
[  243.492389]  __x64_sys_unshare+0x31/0x40
[  243.496452]  do_syscall_64+0x1b9/0x820
[  243.500346]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  243.505711]  ? syscall_return_slowpath+0x5e0/0x5e0
[  243.510639]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  243.515482]  ? trace_hardirqs_on_caller+0x310/0x310
[  243.520509]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  243.525531]  ? prepare_exit_to_usermode+0x291/0x3b0
[  243.530552]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  243.535414]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  243.540606] RIP: 0033:0x459d87
[  243.543809] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 3d 8a fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 1d 8a fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  243.562715] RSP: 002b:00007ffdce649718 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  243.570424] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459d87
[  243.577703] RDX: 0000000000000000 RSI: 00007ffdce649720 RDI: 0000000008000000
[  243.585002] RBP: 0000000000930b28 R08: 0000000000000000 R09: 0000000000000018
[  243.592272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000010
[  243.599537] R13: 0000000000412cc0 R14: 0000000000000000 R15: 0000000000000000
[  243.606811] Modules linked in:
[  243.610130] ---[ end trace 8f9e9f96cff5e26b ]---
[  243.614931] RIP: 0010:mqueue_get_tree+0xba/0x2e0
[  243.619691] Code: 4c 8d b3 98 00 00 00 4d 85 ed 0f 84 d1 00 00 00 e8 6b 44 3f fe 49 8d 7d 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e3 01 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b
[  243.638668] RSP: 0018:ffff880169917928 EFLAGS: 00010202
[  243.644078] RAX: dffffc0000000000 RBX: ffff8801d8a92a80 RCX: ffffffff8160aca1
[  243.651385] RDX: 0000001800000019 RSI: ffffffff833deb15 RDI: 000000c0000000c8
[  243.658659] RBP: ffff880169917948 R08: fffffbfff13555fd R09: fffffbfff13555fc
[  243.665960] R10: fffffbfff13555fc R11: ffffffff89aaafe3 R12: ffff8801d7b62dc0
[  243.673265] R13: 000000c0000000c0 R14: ffff8801d8a92b18 R15: ffff8801d8a92b18
[  243.680547] FS:  0000000001b87940(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
[  243.688821] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  243.694728] CR2: 0000000000482e00 CR3: 00000001698e8000 CR4: 00000000001406e0
[  243.702087] Kernel panic - not syncing: Fatal exception
[  243.708485] Kernel Offset: disabled
[  243.712160] Rebooting in 86400 seconds..