[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   25.251802] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   25.595706] random: sshd: uninitialized urandom read (32 bytes read)
[   26.021055] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.703805] random: sshd: uninitialized urandom read (32 bytes read)
[   29.976629] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.210' (ECDSA) to the list of known hosts.
[   35.516886] random: sshd: uninitialized urandom read (32 bytes read)
[   35.655026] ==================================================================
[   35.662627] BUG: KASAN: global-out-of-bounds in mqueue_get_tree+0x2a2/0x2e0
[   35.669716] Read of size 8 at addr ffffffff885cef68 by task syz-executor013/5545
[   35.677243] 
[   35.678857] CPU: 0 PID: 5545 Comm: syz-executor013 Not tainted 4.19.0-rc3-next-20180912+ #72
[   35.687417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.696761] Call Trace:
[   35.699339]  dump_stack+0x1d3/0x2c4
[   35.702960]  ? dump_stack_print_info.cold.2+0x52/0x52
[   35.708145]  ? printk+0xa7/0xcf
[   35.711490]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   35.716248]  print_address_description.cold.8+0x58/0x1ff
[   35.721692]  kasan_report.cold.9+0x242/0x309
[   35.726095]  ? mqueue_get_tree+0x2a2/0x2e0
[   35.730326]  __asan_report_load8_noabort+0x14/0x20
[   35.735262]  mqueue_get_tree+0x2a2/0x2e0
[   35.739319]  vfs_get_tree+0x1cb/0x5c0
[   35.743113]  mq_create_mount+0xe3/0x190
[   35.747076]  mq_init_ns+0x15a/0x210
[   35.750685]  copy_ipcs+0x3d2/0x580
[   35.754213]  ? ipcns_get+0xe0/0xe0
[   35.757759]  ? do_mount+0x1db0/0x1db0
[   35.761552]  ? kmem_cache_alloc+0x33a/0x730
[   35.765961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.771509]  ? perf_event_namespaces+0x136/0x400
[   35.776271]  create_new_namespaces+0x376/0x900
[   35.780847]  ? sys_ni_syscall+0x20/0x20
[   35.784816]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.790345]  ? ns_capable_common+0x13f/0x170
[   35.794760]  unshare_nsproxy_namespaces+0xc3/0x1f0
[   35.799692]  ksys_unshare+0x79c/0x10b0
[   35.803573]  ? walk_process_tree+0x440/0x440
[   35.808080]  ? lock_downgrade+0x900/0x900
[   35.812248]  ? kasan_check_read+0x11/0x20
[   35.816506]  ? do_raw_spin_unlock+0xa7/0x2f0
[   35.820968]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   35.825559]  ? kasan_check_write+0x14/0x20
[   35.829800]  ? do_raw_read_unlock+0x3f/0x60
[   35.834128]  ? do_syscall_64+0x9a/0x820
[   35.838098]  ? do_syscall_64+0x9a/0x820
[   35.842066]  ? lockdep_hardirqs_on+0x421/0x5c0
[   35.846697]  ? trace_hardirqs_on+0xbd/0x310
[   35.851048]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.856423]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   35.861888]  ? __ia32_sys_prlimit64+0x8c0/0x8c0
[   35.866565]  __x64_sys_unshare+0x31/0x40
[   35.870621]  do_syscall_64+0x1b9/0x820
[   35.874501]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   35.879859]  ? syscall_return_slowpath+0x5e0/0x5e0
[   35.884782]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.889629]  ? trace_hardirqs_on_caller+0x310/0x310
[   35.894698]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   35.899726]  ? prepare_exit_to_usermode+0x291/0x3b0
[   35.904754]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.909617]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.914812] RIP: 0033:0x446257
[   35.918002] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   35.936903] RSP: 002b:00007ffe2677e8e8 EFLAGS: 00000217 ORIG_RAX: 0000000000000110
[   35.944624] RAX: ffffffffffffffda RBX: 00007ffe2677f450 RCX: 0000000000446257
[   35.951902] RDX: 0000000000000000 RSI: 00007ffe2677e8f0 RDI: 0000000008000000
[   35.959225] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000018
[   35.966551] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000403ea0
[   35.973838] R13: 0000000000403f30 R14: 0000000000000000 R15: 0000000000000000
[   35.981121] 
[   35.982740] The buggy address belongs to the variable:
[   35.988012]  ipcns_operations+0x68/0xa00
[   35.992052] 
[   35.993668] Memory state around the buggy address:
[   35.998596]  ffffffff885cee00: fa fa fa fa 00 00 00 00 00 02 fa fa fa fa fa fa
[   36.006001]  ffffffff885cee80: 00 00 00 01 fa fa fa fa 04 fa fa fa fa fa fa fa
[   36.013363] >ffffffff885cef00: 00 00 00 00 00 00 00 00 fa fa fa fa 03 fa fa fa
[   36.020762]                                                           ^
[   36.027731]  ffffffff885cef80: fa fa fa fa 07 fa fa fa fa fa fa fa 00 03 fa fa
[   36.035108]  ffffffff885cf000: fa fa fa fa 00 fa fa fa fa fa fa fa 00 04 fa fa
[   36.042575] ==================================================================
[   36.049993] Disabling lock debugging due to kernel taint
[   36.055950] Kernel panic - not syncing: panic_on_warn set ...
[   36.055950] 
[   36.063347] CPU: 0 PID: 5545 Comm: syz-executor013 Tainted: G    B             4.19.0-rc3-next-20180912+ #72
[   36.073424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.082888] Call Trace:
[   36.085479]  dump_stack+0x1d3/0x2c4
[   36.089099]  ? dump_stack_print_info.cold.2+0x52/0x52
[   36.094291]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   36.099061]  panic+0x238/0x4e7
[   36.102315]  ? add_taint.cold.5+0x16/0x16
[   36.106480]  ? trace_hardirqs_on+0x9a/0x310
[   36.110803]  ? trace_hardirqs_on+0xb4/0x310
[   36.115124]  ? trace_hardirqs_on+0xb4/0x310
[   36.119455]  kasan_end_report+0x47/0x4f
[   36.123435]  kasan_report.cold.9+0x76/0x309
[   36.127757]  ? mqueue_get_tree+0x2a2/0x2e0
[   36.131991]  __asan_report_load8_noabort+0x14/0x20
[   36.136922]  mqueue_get_tree+0x2a2/0x2e0
[   36.140972]  vfs_get_tree+0x1cb/0x5c0
[   36.144776]  mq_create_mount+0xe3/0x190
[   36.148853]  mq_init_ns+0x15a/0x210
[   36.152469]  copy_ipcs+0x3d2/0x580
[   36.156043]  ? ipcns_get+0xe0/0xe0
[   36.159582]  ? do_mount+0x1db0/0x1db0
[   36.163430]  ? kmem_cache_alloc+0x33a/0x730
[   36.167762]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.173332]  ? perf_event_namespaces+0x136/0x400
[   36.178168]  create_new_namespaces+0x376/0x900
[   36.182770]  ? sys_ni_syscall+0x20/0x20
[   36.186752]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.192291]  ? ns_capable_common+0x13f/0x170
[   36.196692]  unshare_nsproxy_namespaces+0xc3/0x1f0
[   36.201625]  ksys_unshare+0x79c/0x10b0
[   36.205516]  ? walk_process_tree+0x440/0x440
[   36.210076]  ? lock_downgrade+0x900/0x900
[   36.214226]  ? kasan_check_read+0x11/0x20
[   36.218373]  ? do_raw_spin_unlock+0xa7/0x2f0
[   36.222831]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   36.227413]  ? kasan_check_write+0x14/0x20
[   36.231645]  ? do_raw_read_unlock+0x3f/0x60
[   36.236015]  ? do_syscall_64+0x9a/0x820
[   36.239996]  ? do_syscall_64+0x9a/0x820
[   36.243968]  ? lockdep_hardirqs_on+0x421/0x5c0
[   36.248554]  ? trace_hardirqs_on+0xbd/0x310
[   36.252876]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.258341]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   36.263790]  ? __ia32_sys_prlimit64+0x8c0/0x8c0
[   36.268555]  __x64_sys_unshare+0x31/0x40
[   36.272644]  do_syscall_64+0x1b9/0x820
[   36.276539]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   36.281925]  ? syscall_return_slowpath+0x5e0/0x5e0
[   36.286982]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.291894]  ? trace_hardirqs_on_caller+0x310/0x310
[   36.296924]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   36.302032]  ? prepare_exit_to_usermode+0x291/0x3b0
[   36.307057]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.311916]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.317111] RIP: 0033:0x446257
[   36.320363] Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   36.339318] RSP: 002b:00007ffe2677e8e8 EFLAGS: 00000217 ORIG_RAX: 0000000000000110
[   36.347033] RAX: ffffffffffffffda RBX: 00007ffe2677f450 RCX: 0000000000446257
[   36.354391] RDX: 0000000000000000 RSI: 00007ffe2677e8f0 RDI: 0000000008000000
[   36.361671] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000018
[   36.369048] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000403ea0
[   36.376317] R13: 0000000000403f30 R14: 0000000000000000 R15: 0000000000000000
[   36.384606] Kernel Offset: disabled
[   36.388238] Rebooting in 86400 seconds..