[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   15.654297] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.492181] random: sshd: uninitialized urandom read (32 bytes read)
[   19.806766] random: sshd: uninitialized urandom read (32 bytes read)
[   20.523415] random: sshd: uninitialized urandom read (32 bytes read)
[   20.663367] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts.
[   26.116233] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   26.204232] IPVS: ftp: loaded support on port[0] = 21
[   26.245298] kasan: CONFIG_KASAN_INLINE enabled
[   26.245360] kasan: CONFIG_KASAN_INLINE enabled
[   26.249991] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   26.254584] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   26.254605] general protection fault: 0000 [#1] SMP KASAN
[   26.274945] CPU: 0 PID: 4428 Comm: syz-executor277 Not tainted 4.18.0-rc4-next-20180713+ #7
[   26.283415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.292814] RIP: 0010:list_lru_count_one+0x156/0x460
[   26.297905] Code: 08 3c 03 0f 8e b5 02 00 00 4d 63 bd d8 0a 00 00 e8 7f 35 d2 ff 48 8d 7b 50 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d8 02 00 00 49 8d 46 c0 4c 8b 6b 50 48 ba 00 00 
[   26.317141] RSP: 0018:ffff8801b39e71e0 EFLAGS: 00010206
[   26.322495] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81aa3a64
[   26.329746] RDX: 000000000000000a RSI: ffffffff81aa3ad1 RDI: 0000000000000050
[   26.337008] RBP: ffff8801b39e7270 R08: ffff8801b69a8040 R09: 0000000000000000
[   26.344258] R10: ffffed003ae0e1b0 R11: ffff8801d7070d87 R12: 1ffff1003673ce3d
[   26.351505] R13: ffff8801b7f78ec0 R14: ffff8801b39e7248 R15: 0000000000000000
[   26.358772] FS:  0000000001308880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[   26.366978] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   26.372840] CR2: 0000000001308b50 CR3: 00000001b796e000 CR4: 00000000001406f0
[   26.380091] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   26.387338] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   26.394594] Call Trace:
[   26.397170]  ? list_lru_isolate_move+0x3c0/0x3c0
[   26.402017]  super_cache_count+0x153/0x2e0
[   26.406570]  ? __radix_tree_lookup+0x491/0x610
[   26.411142]  do_shrink_slab+0x148/0xc50
[   26.415095]  ? node_tag_get.constprop.17+0xa0/0xa0
[   26.420015]  ? snapshot_refaults+0x290/0x290
[   26.424408]  ? kasan_check_read+0x11/0x20
[   26.428541]  ? shrink_slab+0x1f3/0xa60
[   26.432419]  ? percpu_ref_put_many+0x131/0x240
[   26.436985]  ? downgrade_write+0x2b0/0x2b0
[   26.441201]  ? throttle_direct_reclaim+0x9f0/0x9f0
[   26.446125]  ? radix_tree_lookup+0x21/0x30
[   26.450341]  shrink_slab+0x861/0xa60
[   26.454037]  ? unregister_memcg_shrinker.isra.39+0x50/0x50
[   26.459648]  ? lock_downgrade+0x8f0/0x8f0
[   26.463780]  ? kasan_check_read+0x11/0x20
[   26.467908]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   26.472485]  shrink_node+0x429/0x16a0
[   26.476277]  ? shrink_node_memcg+0x18f0/0x18f0
[   26.481385]  ? kvm_clock_read+0x25/0x30
[   26.485344]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   26.490342]  ? ktime_get_raw_ts64+0x4f0/0x4f0
[   26.494816]  ? add_mm_counter_fast+0xd0/0xd0
[   26.499206]  ? kasan_check_write+0x14/0x20
[   26.503434]  ? do_raw_spin_lock+0xc1/0x200
[   26.507664]  do_try_to_free_pages+0x3e7/0x1290
[   26.512228]  ? shrink_node+0x16a0/0x16a0
[   26.516272]  ? lock_acquire+0x1e4/0x540
[   26.520230]  ? percpu_ref_tryget_live+0x143/0x440
[   26.525050]  ? lock_downgrade+0x8f0/0x8f0
[   26.529190]  try_to_free_mem_cgroup_pages+0x49d/0xc90
[   26.534359]  ? try_to_free_pages+0xb80/0xb80
[   26.538747]  ? kasan_check_read+0x11/0x20
[   26.542878]  ? kasan_check_write+0x14/0x20
[   26.547097]  ? do_raw_spin_lock+0xc1/0x200
[   26.551314]  ? trace_hardirqs_on+0xd/0x10
[   26.555452]  ? cgroup_file_notify+0x226/0x2f0
[   26.559929]  ? cgroup_procs_write_finish+0xf0/0xf0
[   26.564843]  ? get_mem_cgroup_from_mm+0x209/0x440
[   26.569676]  reclaim_high.constprop.73+0x137/0x1e0
[   26.574589]  ? memcg_oom_wake_function+0x6b0/0x6b0
[   26.579501]  ? vmalloc_sync_all+0x30/0x30
[   26.583630]  ? lock_acquire+0x1e4/0x540
[   26.587593]  mem_cgroup_handle_over_high+0x8d/0x130
[   26.592591]  exit_to_usermode_loop+0x287/0x380
[   26.597153]  ? syscall_slow_exit_work+0x500/0x500
[   26.601977]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.606721]  syscall_return_slowpath+0x533/0x5e0
[   26.611549]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   26.616554]  ? __put_user_4+0x1c/0x30
[   26.620335]  ret_from_fork+0x15/0x50
[   26.624032] RIP: 0033:0x44021a
[   26.627198] Code: Bad RIP value.
[   26.630554] RSP: 002b:00007ffce2f1b5c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   26.638250] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000044021a
[   26.645509] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[   26.652772] RBP: 00007ffce2f1b5e0 R08: 0000000000000001 R09: 0000000001308880
[   26.660022] R10: 0000000001308b50 R11: 0000000000000246 R12: 0000000000000001
[   26.667280] R13: 0000000000006679 R14: 0000000000000000 R15: 0000000000000000
[   26.674532] Modules linked in:
[   26.677710] Dumping ftrace buffer:
[   26.681223]    (ftrace buffer empty)
[   26.684929] general protection fault: 0000 [#2] SMP KASAN
[   26.684983] ---[ end trace 86181d87f41a078e ]---
[   26.690490] CPU: 1 PID: 4426 Comm: syz-executor277 Tainted: G      D           4.18.0-rc4-next-20180713+ #7
[   26.690501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.695256] RIP: 0010:list_lru_count_one+0x156/0x460
[   26.705724] RIP: 0010:list_lru_count_one+0x156/0x460
[   26.705733] Code: 
[   26.715099] Code: 
[   26.720186] 08 3c 03 0f 
[   26.725315] 08 
[   26.727440] 8e b5 02 00 
[   26.729589] 3c 
[   26.732251] 00 4d 63 bd d8 
[   26.734152] 03 
[   26.736800] 0a 00 00 
[   26.738687] 0f 
[   26.741588] e8 7f 35 d2 ff 
[   26.743754] 8e 
[   26.746156] 48 8d 7b 
[   26.748046] b5 
[   26.750959] 50 48 b8 00 
[   26.752861] 02 
[   26.755234] 00 00 00 00 
[   26.757126] 00 
[   26.759764] fc ff df 48 
[   26.761654] 00 
[   26.764295] 89 fa 48 c1 
[   26.766179] 4d 
[   26.768820] ea 03 <80> 3c 
[   26.770707] 63 
[   26.773351] 02 00 0f 85 
[   26.775335] bd 
[   26.778160] d8 02 00 
[   26.780049] d8 
[   26.782706] 00 49 8d 
[   26.784591] 0a 
[   26.786985] 46 c0 4c 8b 6b 50 
[   26.788871] 00 
[   26.791254] 48 ba 00 00 
[   26.793137] 00 
[   26.796319] RSP: 0018:ffff8801adaaf198 EFLAGS: 00010206
[   26.798195] e8 
[   26.800855] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81aa3a64
[   26.800866] RDX: 000000000000000a RSI: ffffffff81aa3ad1 RDI: 0000000000000050
[   26.802750] 7f 
[   26.808100] RBP: ffff8801adaaf228 R08: ffff8801b39aa700 R09: 0000000000000000
[   26.808106] R10: ffffed003ae0e1b0 R11: ffff8801d7070d87 R12: 1ffff10035b55e34
[   26.808116] R13: ffff8801b7f78ec0 R14: ffff8801adaaf200 R15: 0000000000000000
[   26.810017] 35 
[   26.817244] FS:  0000000001308880(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
[   26.817250] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   26.817261] CR2: 00000000006ce080 CR3: 00000001c0957000 CR4: 00000000001406e0
[   26.824524] d2 
[   26.826386] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   26.826396] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   26.833669] ff 
[   26.840930] Call Trace:
[   26.840955]  ? list_lru_isolate_move+0x3c0/0x3c0
[   26.840974]  ? trace_hardirqs_on+0x10/0x10
[   26.848252] 48 
[   26.850129]  ? copy_process.part.41+0x3c4/0x73f0
[   26.850145]  super_cache_count+0x153/0x2e0
[   26.858361] 8d 
[   26.864262]  ? __radix_tree_lookup+0x491/0x610
[   26.864278]  do_shrink_slab+0x148/0xc50
[   26.871535] 7b 
[   26.873430]  ? node_tag_get.constprop.17+0xa0/0xa0
[   26.873443]  ? snapshot_refaults+0x290/0x290
[   26.880701] 50 
[   26.887966]  ? inactive_list_is_low+0x2f9/0x850
[   26.887980]  ? shrink_slab+0x1f3/0xa60
[   26.889869] 48 
[   26.892435]  ? downgrade_write+0x2b0/0x2b0
[   26.892448]  ? throttle_direct_reclaim+0x9f0/0x9f0
[   26.897190] b8 
[   26.901411]  ? radix_tree_lookup+0x21/0x30
[   26.901425]  shrink_slab+0x861/0xa60
[   26.903294] 00 
[   26.908043]  ? unregister_memcg_shrinker.isra.39+0x50/0x50
[   26.908058]  ? reweight_entity+0x1100/0x1100
[   26.912280] 00 
[   26.914154]  ? trace_hardirqs_on+0x10/0x10
[   26.914167]  ? trace_hardirqs_on+0x10/0x10
[   26.918746] 00 
[   26.922717]  shrink_node+0x429/0x16a0
[   26.922733]  ? shrink_node_memcg+0x18f0/0x18f0
[   26.924600] 00 
[   26.929507]  ? kvm_clock_read+0x25/0x30
[   26.929521]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   26.933921] 00 
[   26.935850]  ? ktime_get_raw_ts64+0x4f0/0x4f0
[   26.935866]  ? calc_wheel_index+0x260/0x260
[   26.940520] fc 
[   26.944398]  ? trace_hardirqs_off+0xd/0x10
[   26.944413]  do_try_to_free_pages+0x3e7/0x1290
[   26.946278] ff 
[   26.950496]  ? shrink_node+0x16a0/0x16a0
[   26.950510]  ? lock_acquire+0x1e4/0x540
[   26.955427] df 
[   26.957302]  ? percpu_ref_tryget_live+0x143/0x440
[   26.957315]  try_to_free_mem_cgroup_pages+0x49d/0xc90
[   26.961524] 48 
[   26.965212]  ? try_to_free_pages+0xb80/0xb80
[   26.965225]  ? kasan_check_read+0x11/0x20
[   26.967094] 89 
[   26.972712]  ? do_raw_spin_lock+0xc1/0x200
[   26.972727]  ? trace_hardirqs_on+0xd/0x10
[   26.977128] fa 
[   26.979019]  ? cgroup_file_notify+0x226/0x2f0
[   26.979031]  ? cgroup_procs_write_finish+0xf0/0xf0
[   26.983261] 48 
[   26.987490]  ? do_raw_spin_lock+0xc1/0x200
[   26.987507]  ? get_mem_cgroup_from_mm+0x209/0x440
[   26.989378] c1 
[   26.993159]  reclaim_high.constprop.73+0x137/0x1e0
[   26.993171]  ? memcg_oom_wake_function+0x6b0/0x6b0
[   26.993184]  ? done_path_create+0xcc/0x110
[   26.997760] ea 
[   26.999613]  mem_cgroup_handle_over_high+0x8d/0x130
[   26.999625]  exit_to_usermode_loop+0x287/0x380
[   27.003570] 03 
[   27.008566]  ? syscall_slow_exit_work+0x500/0x500
[   27.008577]  do_syscall_64+0x6be/0x820
[   27.010445] <80> 
[   27.014918]  ? syscall_return_slowpath+0x5e0/0x5e0
[   27.014931]  ? syscall_return_slowpath+0x31d/0x5e0
[   27.019223] 3c 
[   27.021097]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   27.021108]  ? prepare_exit_to_usermode+0x291/0x3b0
[   27.025315] 02 
[   27.029875]  ? perf_trace_sys_enter+0xb10/0xb10
[   27.029887]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.031752] 00 
[   27.035804]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   27.035816] RIP: 0033:0x44021a
[   27.039773] 0f 
[   27.041650] Code: f7 
[   27.046483] 85 
[   27.051656] d8 64 89 
[   27.053536] d8 
[   27.057913] 04 25 d4 02 
[   27.062081] 02 
[   27.063942] 00 00 64 4c 
[   27.068178] 00 
[   27.072309] 8b 0c 25 10 
[   27.074192] 00 
[   27.078656] 00 00 00 31 d2 
[   27.083585] 49 
[   27.085443] 4d 8d 91 d0 
[   27.089682] 8d 
[   27.094507] 02 00 00 31 f6 
[   27.096396] 46 
[   27.101293] bf 11 00 20 01 
[   27.106231] c0 
[   27.110456] b8 38 00 
[   27.112340] 4c 
[   27.117347] 00 00 0f 05 
[   27.121928] 8b 
[   27.123804] <48> 3d 00 
[   27.128638] 6b 
[   27.132504] f0 ff ff 
[   27.134558] 50 
[   27.139458] 0f 87 f5 00 00 00 85 c0 41 89 c5 
[   27.144443] 48 
[   27.146289] 0f 85 fc 00 00 
[   27.151301] ba 
[   27.156301] RSP: 002b:00007ffce2f1b5c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   27.158180] 00 
[   27.162817] RAX: 0000000000000003 RBX: 0000000000000000 RCX: 000000000044021a
[   27.162822] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[   27.162832] RBP: 00007ffce2f1b5e0 R08: 0000000000000001 R09: 0000000001308880
[   27.167667] 00 
[   27.169544] R10: 0000000001308b50 R11: 0000000000000246 R12: 0000000000000001
[   27.169554] R13: 0000000000006679 R14: 0000000000000000 R15: 0000000000000000
[   27.177916] Modules linked in:
[   27.179791] RSP: 0018:ffff8801b39e71e0 EFLAGS: 00010206
[   27.182187] Dumping ftrace buffer:
[   27.186447]    (ftrace buffer empty)
[   27.186865] ---[ end trace 86181d87f41a078f ]---
[   27.188333] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81aa3a64
[   27.188338] RDX: 000000000000000a RSI: ffffffff81aa3ad1 RDI: 0000000000000050
[   27.188348] RBP: ffff8801b39e7270 R08: ffff8801b69a8040 R09: 0000000000000000
[   27.191036] RIP: 0010:list_lru_count_one+0x156/0x460
[   27.192888] R10: ffffed003ae0e1b0 R11: ffff8801d7070d87 R12: 1ffff1003673ce3d
[   27.192897] R13: ffff8801b7f78ec0 R14: ffff8801b39e7248 R15: 0000000000000000
[   27.195558] Code: 
[   27.197439] FS:  0000000001308880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[   27.197450] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.200123] 08 
[   27.201994] CR2: 00000000004401f0 CR3: 00000001b796e000 CR4: 00000000001406f0
[   27.202004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.204955] 3c 
[   27.206820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   27.206828] Kernel panic - not syncing: Fatal exception
[   27.209487] 03 
[   27.211769] Dumping ftrace buffer:
[   27.211773]    (ftrace buffer empty)
[   27.211776] Kernel Offset: disabled
[   27.419484] Rebooting in 86400 seconds..