[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   16.180611] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.282719] random: sshd: uninitialized urandom read (32 bytes read)
[   21.765197] random: sshd: uninitialized urandom read (32 bytes read)
[   22.497400] random: sshd: uninitialized urandom read (32 bytes read)
[  355.818288] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts.
[  361.307826] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[  361.394185] IPVS: ftp: loaded support on port[0] = 21
[  361.426137] kasan: CONFIG_KASAN_INLINE enabled
[  361.426141] kasan: CONFIG_KASAN_INLINE enabled
[  361.426149] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  361.430756] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  361.430786] general protection fault: 0000 [#1] SMP KASAN
[  361.455594] CPU: 0 PID: 4477 Comm: syz-executor855 Not tainted 4.18.0-rc4-next-20180713+ #7
[  361.464065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  361.473512] RIP: 0010:list_lru_count_one+0x156/0x460
[  361.478591] Code: 08 3c 03 0f 8e b5 02 00 00 4d 63 bd d8 0a 00 00 e8 7f 35 d2 ff 48 8d 7b 50 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d8 02 00 00 49 8d 46 c0 4c 8b 6b 50 48 ba 00 00 
[  361.497720] RSP: 0018:ffff8801acb47198 EFLAGS: 00010206
[  361.503089] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81aa3a64
[  361.510336] RDX: 000000000000000a RSI: ffffffff81aa3ad1 RDI: 0000000000000050
[  361.517582] RBP: ffff8801acb47228 R08: ffff8801af726740 R09: 0000000000000000
[  361.524827] R10: ffffed003aeff4d0 R11: ffff8801d77fa687 R12: 1ffff10035968e34
[  361.532070] R13: ffff8801ac402100 R14: ffff8801acb47200 R15: 0000000000000000
[  361.539334] FS:  0000000000ecd880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[  361.547545] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  361.553403] CR2: 00000000006ce080 CR3: 00000001c595d000 CR4: 00000000001406f0
[  361.560652] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  361.567902] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  361.575154] Call Trace:
[  361.577734]  ? list_lru_isolate_move+0x3c0/0x3c0
[  361.582515]  ? rcu_note_context_switch+0x730/0x730
[  361.587434]  super_cache_count+0x153/0x2e0
[  361.591712]  ? __radix_tree_lookup+0x491/0x610
[  361.596279]  do_shrink_slab+0x148/0xc50
[  361.600241]  ? node_tag_get.constprop.17+0xa0/0xa0
[  361.605148]  ? snapshot_refaults+0x290/0x290
[  361.609533]  ? inactive_list_is_low+0x2f9/0x850
[  361.614177]  ? shrink_slab+0x1f3/0xa60
[  361.618080]  ? downgrade_write+0x2b0/0x2b0
[  361.622305]  ? throttle_direct_reclaim+0x9f0/0x9f0
[  361.627211]  ? radix_tree_lookup+0x21/0x30
[  361.631423]  shrink_slab+0x861/0xa60
[  361.635123]  ? unregister_memcg_shrinker.isra.39+0x50/0x50
[  361.640736]  ? try_to_wake_up+0x10a/0x12b0
[  361.645013]  ? reweight_entity+0x1100/0x1100
[  361.649407]  ? trace_hardirqs_on+0x10/0x10
[  361.653617]  ? trace_hardirqs_on+0x10/0x10
[  361.657841]  ? __radix_tree_lookup+0x491/0x610
[  361.662399]  shrink_node+0x429/0x16a0
[  361.666185]  ? shrink_node_memcg+0x18f0/0x18f0
[  361.670774]  ? kvm_clock_read+0x25/0x30
[  361.674735]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  361.679744]  ? ktime_get_raw_ts64+0x4f0/0x4f0
[  361.684220]  ? kasan_check_read+0x11/0x20
[  361.688346]  ? do_raw_spin_unlock+0xa7/0x2f0
[  361.692729]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  361.697310]  ? kasan_check_write+0x14/0x20
[  361.701553]  ? do_raw_spin_lock+0xc1/0x200
[  361.705769]  do_try_to_free_pages+0x3e7/0x1290
[  361.710333]  ? shrink_node+0x16a0/0x16a0
[  361.714369]  ? lock_acquire+0x1e4/0x540
[  361.718321]  ? lock_acquire+0x1e4/0x540
[  361.722272]  ? lock_downgrade+0x8f0/0x8f0
[  361.726398]  try_to_free_mem_cgroup_pages+0x49d/0xc90
[  361.731567]  ? kasan_check_read+0x11/0x20
[  361.735702]  ? try_to_free_pages+0xb80/0xb80
[  361.740084]  ? kasan_check_read+0x11/0x20
[  361.744211]  ? trace_hardirqs_off+0xd/0x10
[  361.748434]  ? trace_hardirqs_on+0xd/0x10
[  361.752581]  ? cgroup_file_notify+0x226/0x2f0
[  361.757053]  ? cgroup_procs_write_finish+0xf0/0xf0
[  361.761959]  ? do_raw_spin_lock+0xc1/0x200
[  361.766187]  ? get_mem_cgroup_from_mm+0x209/0x440
[  361.771008]  reclaim_high.constprop.73+0x137/0x1e0
[  361.775922]  ? memcg_oom_wake_function+0x6b0/0x6b0
[  361.780844]  ? done_path_create+0xcc/0x110
[  361.785055]  mem_cgroup_handle_over_high+0x8d/0x130
[  361.790079]  exit_to_usermode_loop+0x287/0x380
[  361.794647]  ? syscall_slow_exit_work+0x500/0x500
[  361.799471]  do_syscall_64+0x6be/0x820
[  361.803336]  ? syscall_return_slowpath+0x5e0/0x5e0
[  361.808244]  ? syscall_return_slowpath+0x31d/0x5e0
[  361.813152]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  361.818150]  ? prepare_exit_to_usermode+0x291/0x3b0
[  361.823149]  ? perf_trace_sys_enter+0xb10/0xb10
[  361.827793]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  361.832664]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  361.837828] RIP: 0033:0x44020a
[  361.840990] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 
[  361.860106] RSP: 002b:00007ffd39f9feb0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  361.867792] RAX: 0000000000000003 RBX: 0000000000000000 RCX: 000000000044020a
[  361.875038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  361.882292] RBP: 00007ffd39f9fed0 R08: 0000000000000001 R09: 0000000000ecd880
[  361.889549] R10: 0000000000ecdb50 R11: 0000000000000246 R12: 0000000000000001
[  361.896798] R13: 00000000000583cc R14: 0000000000000000 R15: 0000000000000000
[  361.904391] Modules linked in:
[  361.907565] Dumping ftrace buffer:
[  361.911076]    (ftrace buffer empty)
[  361.914779] general protection fault: 0000 [#2] SMP KASAN
[  361.914975] ---[ end trace d557a78e32e09ba1 ]---
[  361.920328] CPU: 1 PID: 4479 Comm: syz-executor855 Tainted: G      D           4.18.0-rc4-next-20180713+ #7
[  361.920333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  361.920347] RIP: 0010:list_lru_count_one+0x156/0x460
[  361.920355] Code: 
[  361.925113] RIP: 0010:list_lru_count_one+0x156/0x460
[  361.934970] 08 3c 
[  361.944348] Code: 
[  361.949423] 03 0f 8e b5 
[  361.951571] 08 
[  361.956648] 02 00 00 4d 63 
[  361.958796] 3c 
[  361.960912] bd d8 0a 00 00 e8 7f 
[  361.963598] 03 
[  361.965454] 35 d2 ff 48 8d 
[  361.968382] 0f 
[  361.970241] 7b 50 48 b8 
[  361.973689] 8e 
[  361.975547] 00 00 00 00 
[  361.978496] b5 
[  361.980364] 00 fc ff 
[  361.983033] 02 
[  361.984913] df 48 89 fa 48 
[  361.987581] 00 
[  361.989449] c1 ea 03 <80> 
[  361.991858] 00 
[  361.993711] 3c 02 00 0f 85 d8 
[  361.996642] 4d 
[  361.998511] 02 00 00 49 8d 
[  362.001358] 63 
[  362.003229] 46 c0 4c 8b 6b 
[  362.006430] bd 
[  362.008289] 50 48 ba 00 00 
[  362.011218] d8 
[  362.013081] RSP: 0018:ffff8801ac0371e0 EFLAGS: 00010206
[  362.016021] 0a 
[  362.017886] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81aa3a64
[  362.017891] RDX: 000000000000000a RSI: ffffffff81aa3ad1 RDI: 0000000000000050
[  362.017901] RBP: ffff8801ac037270 R08: ffff8801ac496040 R09: 0000000000000000
[  362.021691] 00 
[  362.023553] R10: ffffed003aeff4d0 R11: ffff8801d77fa687 R12: 1ffff10035806e3d
[  362.023558] R13: ffff8801ac402100 R14: ffff8801ac037248 R15: 0000000000000000
[  362.023570] FS:  0000000000ecd880(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
[  362.028917] 00 
[  362.030779] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  362.030784] CR2: 0000000000ecdb50 CR3: 00000001ac912000 CR4: 00000000001406e0
[  362.030793] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  362.038052] e8 
[  362.045312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  362.045316] Call Trace:
[  362.045339]  ? list_lru_isolate_move+0x3c0/0x3c0
[  362.052595] 7f 
[  362.054466]  super_cache_count+0x153/0x2e0
[  362.054482]  ? __radix_tree_lookup+0x491/0x610
[  362.061736] 35 
[  362.068997]  do_shrink_slab+0x148/0xc50
[  362.069017]  ? node_tag_get.constprop.17+0xa0/0xa0
[  362.077226] d2 
[  362.079103]  ? snapshot_refaults+0x290/0x290
[  362.079117]  ? kasan_check_read+0x11/0x20
[  362.084976] ff 
[  362.092238]  ? shrink_slab+0x1f3/0xa60
[  362.092251]  ? percpu_ref_put_many+0x131/0x240
[  362.099507] 48 
[  362.101385]  ? downgrade_write+0x2b0/0x2b0
[  362.101399]  ? throttle_direct_reclaim+0x9f0/0x9f0
[  362.108653] 8d 
[  362.111222]  ? radix_tree_lookup+0x21/0x30
[  362.111234]  shrink_slab+0x861/0xa60
[  362.115981] 7b 
[  362.117866]  ? unregister_memcg_shrinker.isra.39+0x50/0x50
[  362.117881]  ? lock_downgrade+0x8f0/0x8f0
[  362.122094] 50 
[  362.126657]  ? kasan_check_read+0x11/0x20
[  362.126669]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  362.128541] 48 
[  362.132492]  shrink_node+0x429/0x16a0
[  362.132507]  ? shrink_node_memcg+0x18f0/0x18f0
[  362.137419] b8 
[  362.139287]  ? kvm_clock_read+0x25/0x30
[  362.139301]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  362.143687] 00 
[  362.147817]  ? ktime_get_raw_ts64+0x4f0/0x4f0
[  362.147829]  ? calc_wheel_index+0x260/0x260
[  362.149714] 00 
[  362.153585]  ? kasan_check_write+0x14/0x20
[  362.153599]  ? trace_hardirqs_off+0xd/0x10
[  362.158160] 00 
[  362.160038]  do_try_to_free_pages+0x3e7/0x1290
[  362.160050]  ? shrink_node+0x16a0/0x16a0
[  362.164270] 00 
[  362.169181]  ? lock_acquire+0x1e4/0x540
[  362.169194]  ? percpu_ref_tryget_live+0x143/0x440
[  362.171064] 00 
[  362.175272]  ? lock_downgrade+0x8f0/0x8f0
[  362.175285]  try_to_free_mem_cgroup_pages+0x49d/0xc90
[  362.178977] fc 
[  362.180853]  ? try_to_free_pages+0xb80/0xb80
[  362.180865]  ? kasan_check_read+0x11/0x20
[  362.186475] ff 
[  362.190597]  ? do_raw_spin_lock+0xc1/0x200
[  362.190610]  ? trace_hardirqs_on+0xd/0x10
[  362.192478] df 
[  362.196601]  ? cgroup_file_notify+0x226/0x2f0
[  362.196615]  ? cgroup_procs_write_finish+0xf0/0xf0
[  362.201179] 48 
[  362.203048]  ? get_mem_cgroup_from_mm+0x209/0x440
[  362.203061]  reclaim_high.constprop.73+0x137/0x1e0
[  362.206841] 89 
[  362.211403]  ? memcg_oom_wake_function+0x6b0/0x6b0
[  362.211440]  ? vmalloc_sync_all+0x30/0x30
[  362.213285] fa 
[  362.217236]  ? lock_acquire+0x1e4/0x540
[  362.217249]  mem_cgroup_handle_over_high+0x8d/0x130
[  362.222248] 48 
[  362.224114]  exit_to_usermode_loop+0x287/0x380
[  362.224127]  ? syscall_slow_exit_work+0x500/0x500
[  362.228601] c1 
[  362.232906]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  362.232920]  syscall_return_slowpath+0x533/0x5e0
[  362.234789] ea 
[  362.239000]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  362.239017]  ? __put_user_4+0x1c/0x30
[  362.243246] 03 
[  362.245111]  ret_from_fork+0x15/0x50
[  362.245123] RIP: 0033:0x44020a
[  362.249687] <80> 
[  362.253720] Code: Bad RIP value.
[  362.255611] 3c 
[  362.259556] RSP: 002b:00007ffd39f9feb0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  362.259570] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000044020a
[  362.264398] 02 
[  362.266259] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  362.266264] RBP: 00007ffd39f9fed0 R08: 0000000000000001 R09: 0000000000ecd880
[  362.266273] R10: 0000000000ecdb50 R11: 0000000000000246 R12: 0000000000000001
[  362.270402] 00 
[  362.275565] R13: 00000000000583cc R14: 0000000000000000 R15: 0000000000000000
[  362.275574] Modules linked in:
[  362.277448] 0f 
[  362.281830] Dumping ftrace buffer:
[  362.281839]    (ftrace buffer empty)
[  362.285973] 85 
[  362.287943] ---[ end trace d557a78e32e09ba2 ]---
[  362.292080] d8 
[  362.296245] RIP: 0010:list_lru_count_one+0x156/0x460
[  362.298109] 02 
[  362.302602] Code: 
[  362.307534] 00 
[  362.309416] 08 
[  362.314259] 00 
[  362.319192] 3c 
[  362.321087] 49 
[  362.326028] 03 
[  362.330169] 8d 
[  362.332050] 0f 
[  362.336021] 46 
[  362.341033] 8e 
[  362.342914] c0 
[  362.347499] b5 
[  362.352339] 4c 
[  362.354218] 02 
[  362.358972] 8b 
[  362.363745] 00 
[  362.365627] 6b 
[  362.370643] 00 
[  362.374435] 50 
[  362.376317] 4d 
[  362.380027] 48 
[  362.383216] 63 
[  362.385272] ba 
[  362.388634] bd 
[  362.390525] 00 
[  362.398236] d8 
[  362.405512] 00 
[  362.407393] 0a 
[  362.421958] 00 
[  362.429244] RSP: 0018:ffff8801acb47198 EFLAGS: 00010206
[  362.431127] 00 
[  362.441601] e8 
[  362.443492] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81aa3a64
[  362.447028] 7f 
[  362.450751] RDX: 000000000000000a RSI: ffffffff81aa3ad1 RDI: 0000000000000050
[  362.452631] 35 
[  362.457418] RBP: ffff8801acb47228 R08: ffff8801af726740 R09: 0000000000000000
[  362.459301] d2 
[  362.464401] R10: ffffed003aeff4d0 R11: ffff8801d77fa687 R12: 1ffff10035968e34
[  362.464412] R13: ffff8801ac402100 R14: ffff8801acb47200 R15: 0000000000000000
[  362.466299] ff 
[  362.468449] FS:  0000000000ecd880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[  362.470335] 48 
[  362.472231] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  362.474109] 8d 7b 
[  362.476007] CR2: 00000000006ce080 CR3: 00000001c595d000 CR4: 00000000001406f0
[  362.477896] 50 
[  362.479786] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  362.481671] 48 
[  362.483552] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  362.485427] b8 
[  362.487309] Kernel panic - not syncing: Fatal exception
[  362.489188] 00 
[  362.491454] Dumping ftrace buffer:
[  362.491458]    (ftrace buffer empty)
[  362.491461] Kernel Offset: disabled
[  362.639250] Rebooting in 86400 seconds..