[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   16.534218] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.895099] random: sshd: uninitialized urandom read (32 bytes read)
[   19.304674] random: sshd: uninitialized urandom read (32 bytes read)
[   20.013414] random: sshd: uninitialized urandom read (32 bytes read)
[   20.147010] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts.
[   25.641367] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   25.734768] IPVS: ftp: loaded support on port[0] = 21
[   25.785105] kasan: CONFIG_KASAN_INLINE enabled
[   25.785127] kasan: CONFIG_KASAN_INLINE enabled
[   25.789760] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   25.794336] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   25.794349] general protection fault: 0000 [#1] SMP KASAN
[   25.794366] CPU: 0 PID: 4463 Comm: syz-executor480 Not tainted 4.18.0-rc4-next-20180713+ #7
[   25.822995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.832342] RIP: 0010:list_lru_count_one+0x156/0x460
[   25.837420] Code: 08 3c 03 0f 8e b5 02 00 00 4d 63 bd d8 0a 00 00 e8 7f 35 d2 ff 48 8d 7b 50 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d8 02 00 00 49 8d 46 c0 4c 8b 6b 50 48 ba 00 00 
[   25.856599] RSP: 0018:ffff8801ac51f1e0 EFLAGS: 00010206
[   25.861943] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81aa3a64
[   25.869193] RDX: 000000000000000a RSI: ffffffff81aa3ad1 RDI: 0000000000000050
[   25.876441] RBP: ffff8801ac51f270 R08: ffff8801af098040 R09: 0000000000000000
[   25.883693] R10: ffffed003ae253e8 R11: ffff8801d7129f47 R12: 1ffff100358a3e3d
[   25.890952] R13: ffff8801d9658900 R14: ffff8801ac51f248 R15: 0000000000000000
[   25.898216] FS:  0000000001004880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[   25.906430] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   25.912300] CR2: 0000000001004b50 CR3: 00000001ac5a0000 CR4: 00000000001406f0
[   25.919560] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   25.926817] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   25.934065] Call Trace:
[   25.936638]  ? list_lru_isolate_move+0x3c0/0x3c0
[   25.941382]  super_cache_count+0x153/0x2e0
[   25.945603]  ? __radix_tree_lookup+0x491/0x610
[   25.950171]  do_shrink_slab+0x148/0xc50
[   25.954130]  ? node_tag_get.constprop.17+0xa0/0xa0
[   25.959043]  ? snapshot_refaults+0x290/0x290
[   25.963438]  ? kasan_check_read+0x11/0x20
[   25.967573]  ? shrink_slab+0x1f3/0xa60
[   25.971443]  ? percpu_ref_put_many+0x131/0x240
[   25.976023]  ? downgrade_write+0x2b0/0x2b0
[   25.980239]  ? throttle_direct_reclaim+0x9f0/0x9f0
[   25.985154]  ? radix_tree_lookup+0x21/0x30
[   25.989372]  shrink_slab+0x861/0xa60
[   25.993070]  ? unregister_memcg_shrinker.isra.39+0x50/0x50
[   25.998692]  ? lock_downgrade+0x8f0/0x8f0
[   26.002827]  ? kasan_check_read+0x11/0x20
[   26.006957]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   26.011527]  shrink_node+0x429/0x16a0
[   26.015328]  ? shrink_node_memcg+0x18f0/0x18f0
[   26.019894]  ? kvm_clock_read+0x25/0x30
[   26.023852]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   26.028852]  ? ktime_get_raw_ts64+0x4f0/0x4f0
[   26.033335]  ? calc_wheel_index+0x260/0x260
[   26.037639]  ? kasan_check_write+0x14/0x20
[   26.041859]  ? trace_hardirqs_off+0xd/0x10
[   26.046200]  do_try_to_free_pages+0x3e7/0x1290
[   26.050780]  ? shrink_node+0x16a0/0x16a0
[   26.054913]  ? lock_acquire+0x1e4/0x540
[   26.058879]  ? percpu_ref_tryget_live+0x143/0x440
[   26.063704]  ? lock_downgrade+0x8f0/0x8f0
[   26.067881]  try_to_free_mem_cgroup_pages+0x49d/0xc90
[   26.073064]  ? try_to_free_pages+0xb80/0xb80
[   26.077460]  ? kasan_check_read+0x11/0x20
[   26.081599]  ? do_raw_spin_lock+0xc1/0x200
[   26.085818]  ? trace_hardirqs_on+0xd/0x10
[   26.089949]  ? cgroup_file_notify+0x226/0x2f0
[   26.094433]  ? cgroup_procs_write_finish+0xf0/0xf0
[   26.099348]  ? get_mem_cgroup_from_mm+0x209/0x440
[   26.104175]  reclaim_high.constprop.73+0x137/0x1e0
[   26.109093]  ? memcg_oom_wake_function+0x6b0/0x6b0
[   26.114007]  ? vmalloc_sync_all+0x30/0x30
[   26.118137]  ? lock_acquire+0x1e4/0x540
[   26.122095]  mem_cgroup_handle_over_high+0x8d/0x130
[   26.127096]  exit_to_usermode_loop+0x287/0x380
[   26.131667]  ? syscall_slow_exit_work+0x500/0x500
[   26.136493]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.141233]  syscall_return_slowpath+0x533/0x5e0
[   26.145972]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   26.150977]  ? __put_user_4+0x1c/0x30
[   26.154772]  ret_from_fork+0x15/0x50
[   26.158472] RIP: 0033:0x44049a
[   26.161638] Code: Bad RIP value.
[   26.164995] RSP: 002b:00007ffe82b2fa30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   26.172684] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000044049a
[   26.179937] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[   26.187189] RBP: 00007ffe82b2fa50 R08: 0000000000000001 R09: 0000000001004880
[   26.194448] R10: 0000000001004b50 R11: 0000000000000246 R12: 0000000000000001
[   26.201713] R13: 00000000000064a0 R14: 0000000000000000 R15: 0000000000000000
[   26.208975] Modules linked in:
[   26.212151] Dumping ftrace buffer:
[   26.215669]    (ftrace buffer empty)
[   26.219386] general protection fault: 0000 [#2] SMP KASAN
[   26.219443] ---[ end trace 8f845e4d33b4d2e7 ]---
[   26.224997] CPU: 1 PID: 4459 Comm: syz-executor480 Tainted: G      D           4.18.0-rc4-next-20180713+ #7
[   26.225011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.229784] RIP: 0010:list_lru_count_one+0x156/0x460
[   26.239635] RIP: 0010:list_lru_count_one+0x156/0x460
[   26.239638] Code: 08 
[   26.248997] Code: 
[   26.254071] 3c 03 0f 8e b5 
[   26.259172] 08 
[   26.261545] 02 00 00 4d 63 
[   26.263693] 3c 
[   26.266590] bd d8 0a 00 00 
[   26.268486] 03 
[   26.271382] e8 7f 35 d2 ff 
[   26.273267] 0f 
[   26.276162] 48 8d 7b 50 48 
[   26.278046] 8e 
[   26.280945] b8 00 00 00 00 
[   26.282837] b5 
[   26.285733] 00 fc ff df 48 
[   26.287618] 02 
[   26.290519] 89 fa 48 c1 ea 
[   26.292405] 00 
[   26.295299] 03 <80> 3c 02 00 
[   26.297183] 00 
[   26.300076] 0f 85 d8 02 00 
[   26.301964] 4d 
[   26.305035] 00 49 8d 46 c0 
[   26.306923] 63 
[   26.309817] 4c 8b 6b 50 48 
[   26.311705] bd 
[   26.314600] ba 00 00 
[   26.314620] RSP: 0018:ffff8801acfaf198 EFLAGS: 00010206
[   26.316486] d8 
[   26.319387] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81aa3a64
[   26.319394] RDX: 000000000000000a RSI: ffffffff81aa3ad1 RDI: 0000000000000050
[   26.319405] RBP: ffff8801acfaf228 R08: ffff8801aecc2140 R09: 0000000000000000
[   26.321272] 0a 
[   26.323649] R10: ffffed003ae253e8 R11: ffff8801d7129f47 R12: 1ffff100359f5e34
[   26.323656] R13: ffff8801d9658900 R14: ffff8801acfaf200 R15: 0000000000000000
[   26.323669] FS:  0000000001004880(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
[   26.329013] 00 
[   26.330864] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   26.330871] CR2: 00000000006ce080 CR3: 00000001b5c10000 CR4: 00000000001406e0
[   26.330881] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   26.338131] 00 
[   26.345369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   26.345373] Call Trace:
[   26.345395]  ? list_lru_isolate_move+0x3c0/0x3c0
[   26.352643] e8 
[   26.354507]  ? trace_hardirqs_on+0x10/0x10
[   26.354523]  ? copy_process.part.41+0x3c4/0x73f0
[   26.361770] 7f 
[   26.369019]  super_cache_count+0x153/0x2e0
[   26.369037]  ? __radix_tree_lookup+0x491/0x610
[   26.377240] 35 
[   26.379102]  do_shrink_slab+0x148/0xc50
[   26.379119]  ? node_tag_get.constprop.17+0xa0/0xa0
[   26.385538] d2 
[   26.392788]  ? snapshot_refaults+0x290/0x290
[   26.392803]  ? inactive_list_is_low+0x2f9/0x850
[   26.400048] ff 
[   26.401916]  ? shrink_slab+0x1f3/0xa60
[   26.401933]  ? downgrade_write+0x2b0/0x2b0
[   26.409179] 48 
[   26.411740]  ? throttle_direct_reclaim+0x9f0/0x9f0
[   26.411758]  ? radix_tree_lookup+0x21/0x30
[   26.416484] 8d 
[   26.418350]  shrink_slab+0x861/0xa60
[   26.418369]  ? unregister_memcg_shrinker.isra.39+0x50/0x50
[   26.422573] 7b 
[   26.427305]  ? try_to_wake_up+0x10a/0x12b0
[   26.427321]  ? reweight_entity+0x1100/0x1100
[   26.429211] 50 
[   26.433427]  ? trace_hardirqs_on+0x10/0x10
[   26.433444]  ? trace_hardirqs_on+0x10/0x10
[   26.438000] 48 
[   26.439870]  ? __radix_tree_lookup+0x491/0x610
[   26.439886]  shrink_node+0x429/0x16a0
[   26.443835] b8 
[   26.448751]  ? shrink_node_memcg+0x18f0/0x18f0
[   26.450614] 00 
[   26.455005]  ? kvm_clock_read+0x25/0x30
[   26.455019]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   26.455037]  ? ktime_get_raw_ts64+0x4f0/0x4f0
[   26.459676] 00 
[   26.461540]  ? kasan_check_read+0x11/0x20
[   26.461555]  ? do_raw_spin_unlock+0xa7/0x2f0
[   26.465424] 00 
[   26.469633]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   26.469649]  ? kasan_check_write+0x14/0x20
[   26.471512] 00 
[   26.476417]  ? do_raw_spin_lock+0xc1/0x200
[   26.476434]  do_try_to_free_pages+0x3e7/0x1290
[   26.480914] 00 
[   26.482795]  ? shrink_node+0x16a0/0x16a0
[   26.482811]  ? lock_acquire+0x1e4/0x540
[   26.486507] fc 
[   26.492114]  ? lock_acquire+0x1e4/0x540
[   26.492131]  ? lock_downgrade+0x8f0/0x8f0
[   26.493995] ff 
[   26.498205]  try_to_free_mem_cgroup_pages+0x49d/0xc90
[   26.498221]  ? kasan_check_read+0x11/0x20
[   26.502599] df 
[   26.504471]  ? try_to_free_pages+0xb80/0xb80
[   26.504487]  ? kasan_check_read+0x11/0x20
[   26.508694] 48 
[   26.512905]  ? trace_hardirqs_off+0xd/0x10
[   26.512921]  ? trace_hardirqs_on+0xd/0x10
[   26.514783] 89 
[   26.519342]  ? cgroup_file_notify+0x226/0x2f0
[   26.519358]  ? cgroup_procs_write_finish+0xf0/0xf0
[   26.523131] fa 
[   26.525000]  ? do_raw_spin_lock+0xc1/0x200
[   26.525019]  ? get_mem_cgroup_from_mm+0x209/0x440
[   26.529573] 48 
[   26.531436]  reclaim_high.constprop.73+0x137/0x1e0
[   26.531451]  ? memcg_oom_wake_function+0x6b0/0x6b0
[   26.535401] c1 
[   26.540391]  ? done_path_create+0xcc/0x110
[   26.540408]  mem_cgroup_handle_over_high+0x8d/0x130
[   26.544873] ea 
[   26.546740]  exit_to_usermode_loop+0x287/0x380
[   26.546757]  ? syscall_slow_exit_work+0x500/0x500
[   26.550876] 03 
[   26.555260]  do_syscall_64+0x6be/0x820
[   26.555277]  ? syscall_return_slowpath+0x5e0/0x5e0
[   26.557137] <80> 
[   26.561693]  ? syscall_return_slowpath+0x31d/0x5e0
[   26.561709]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   26.565916] 3c 
[   26.567779]  ? prepare_exit_to_usermode+0x291/0x3b0
[   26.567795]  ? perf_trace_sys_enter+0xb10/0xb10
[   26.571999] 02 
[   26.576554]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.576573]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   26.578437] 00 
[   26.582464] RIP: 0033:0x44049a
[   26.582467] Code: f7 
[   26.586433] 0f 
[   26.588281] d8 64 89 04 25 
[   26.592248] 85 
[   26.596359] d4 02 00 00 64 
[   26.598245] d8 
[   26.603399] 4c 8b 0c 25 10 
[   26.607544] 02 
[   26.609400] 00 00 00 31 d2 
[   26.613805] 00 
[   26.617918] 4d 8d 91 d0 
[   26.619802] 00 
[   26.623998] 02 00 00 31 f6 bf 11 00 
[   26.628153] 49 
[   26.630008] 20 01 b8 38 00 
[   26.634501] 8d 
[   26.639394] 00 00 0f 05 <48> 
[   26.641293] 46 
[   26.645491] 3d 00 f0 ff ff 
[   26.650329] c0 
[   26.652179] 0f 87 f5 00 00 
[   26.657105] 4c 
[   26.661999] 00 85 c0 41 89 c5 0f 
[   26.663890] 8b 
[   26.668089] 85 fc 00 00 
[   26.673101] 6b 
[   26.674957] RSP: 002b:00007ffe82b2fa30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   26.674973] RAX: 0000000000000003 RBX: 0000000000000000 RCX: 000000000044049a
[   26.679529] 50 
[   26.684339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[   26.684346] RBP: 00007ffe82b2fa50 R08: 0000000000000001 R09: 0000000001004880
[   26.684357] R10: 0000000001004b50 R11: 0000000000000246 R12: 0000000000000001
[   26.686223] 48 
[   26.690080] R13: 00000000000064a0 R14: 0000000000000000 R15: 0000000000000000
[   26.690091] Modules linked in:
[   26.695000] ba 
[   26.697035] Dumping ftrace buffer:
[   26.697042]    (ftrace buffer empty)
[   26.701950] 00 
[   26.707216] ---[ end trace 8f845e4d33b4d2e8 ]---
[   26.708829] 00 
[   26.713849] RIP: 0010:list_lru_count_one+0x156/0x460
[   26.720372] Code: 
[   26.725217] RSP: 0018:ffff8801ac51f1e0 EFLAGS: 00010206
[   26.730389] 08 
[   26.732270] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81aa3a64
[   26.735445] 3c 
[   26.737843] RDX: 000000000000000a RSI: ffffffff81aa3ad1 RDI: 0000000000000050
[   26.737854] RBP: ffff8801ac51f270 R08: ffff8801af098040 R09: 0000000000000000
[   26.739725] 03 
[   26.742643] R10: ffffed003ae253e8 R11: ffff8801d7129f47 R12: 1ffff100358a3e3d
[   26.742654] R13: ffff8801d9658900 R14: ffff8801ac51f248 R15: 0000000000000000
[   26.744528] 0f 
[   26.747453] FS:  0000000001004880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[   26.747464] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   26.749349] 8e 
[   26.752265] CR2: 0000000000440470 CR3: 00000001ac5a0000 CR4: 00000000001406f0
[   26.752276] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   26.754149] b5 
[   26.757064] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   26.757072] Kernel panic - not syncing: Fatal exception
[   26.758942] 02 
[   26.762226] Dumping ftrace buffer:
[   26.762231]    (ftrace buffer empty)
[   26.762235] Kernel Offset: disabled
[   26.980571] Rebooting in 86400 seconds..