[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   16.032224] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.880179] random: sshd: uninitialized urandom read (32 bytes read)
[   20.357545] random: sshd: uninitialized urandom read (32 bytes read)
[   21.106526] random: sshd: uninitialized urandom read (32 bytes read)
[   21.244429] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.20' (ECDSA) to the list of known hosts.
[   26.713593] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   26.804930] IPVS: ftp: loaded support on port[0] = 21
[   26.839169] kasan: CONFIG_KASAN_INLINE enabled
[   26.839197] kasan: CONFIG_KASAN_INLINE enabled
[   26.843803] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   26.843815] general protection fault: 0000 [#1] SMP KASAN
[   26.843828] CPU: 1 PID: 4460 Comm: syz-executor352 Not tainted 4.18.0-rc4-next-20180713+ #7
[   26.848431] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   26.855757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.855776] RIP: 0010:list_lru_count_one+0x156/0x460
[   26.855785] Code: 08 3c 03 0f 8e b5 02 00 00 4d 63 bd d8 0a 00 00 e8 7f 35 d2 ff 48 8d 7b 50 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d8 02 00 00 49 8d 46 c0 4c 8b 6b 50 48 ba 00 00 
[   26.910666] RSP: 0018:ffff8801bd6cf198 EFLAGS: 00010206
[   26.916030] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81aa3a64
[   26.923280] RDX: 000000000000000a RSI: ffffffff81aa3ad1 RDI: 0000000000000050
[   26.931149] RBP: ffff8801bd6cf228 R08: ffff8801d969e740 R09: 0000000000000000
[   26.938408] R10: ffffed00357e3b40 R11: ffff8801abf1da07 R12: 1ffff10037ad9e34
[   26.945665] R13: ffff8801acce2c00 R14: ffff8801bd6cf200 R15: 0000000000000000
[   26.952912] FS:  000000000181d880(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
[   26.961114] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   26.967256] CR2: 00000000006ce080 CR3: 00000001b4a57000 CR4: 00000000001406e0
[   26.974504] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   26.981750] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   26.988996] Call Trace:
[   26.991570]  ? list_lru_isolate_move+0x3c0/0x3c0
[   26.997120]  ? rcu_note_context_switch+0x730/0x730
[   27.002032]  super_cache_count+0x153/0x2e0
[   27.006245]  ? __radix_tree_lookup+0x491/0x610
[   27.010805]  do_shrink_slab+0x148/0xc50
[   27.014757]  ? node_tag_get.constprop.17+0xa0/0xa0
[   27.019664]  ? snapshot_refaults+0x290/0x290
[   27.024047]  ? inactive_list_is_low+0x2f9/0x850
[   27.028695]  ? shrink_slab+0x1f3/0xa60
[   27.032570]  ? downgrade_write+0x2b0/0x2b0
[   27.036783]  ? throttle_direct_reclaim+0x9f0/0x9f0
[   27.041868]  ? radix_tree_lookup+0x21/0x30
[   27.046097]  shrink_slab+0x861/0xa60
[   27.049792]  ? unregister_memcg_shrinker.isra.39+0x50/0x50
[   27.055401]  ? try_to_wake_up+0x10a/0x12b0
[   27.059701]  ? reweight_entity+0x1100/0x1100
[   27.064100]  ? trace_hardirqs_on+0x10/0x10
[   27.068330]  ? trace_hardirqs_on+0x10/0x10
[   27.072547]  ? __radix_tree_lookup+0x491/0x610
[   27.077113]  shrink_node+0x429/0x16a0
[   27.080904]  ? shrink_node_memcg+0x18f0/0x18f0
[   27.085475]  ? kvm_clock_read+0x25/0x30
[   27.089431]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   27.094442]  ? ktime_get_raw_ts64+0x4f0/0x4f0
[   27.098917]  ? kasan_check_read+0x11/0x20
[   27.103060]  ? do_raw_spin_unlock+0xa7/0x2f0
[   27.107461]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   27.112136]  ? kasan_check_write+0x14/0x20
[   27.116354]  ? do_raw_spin_lock+0xc1/0x200
[   27.120590]  do_try_to_free_pages+0x3e7/0x1290
[   27.125171]  ? shrink_node+0x16a0/0x16a0
[   27.129230]  ? lock_acquire+0x1e4/0x540
[   27.133188]  ? lock_acquire+0x1e4/0x540
[   27.137146]  ? lock_downgrade+0x8f0/0x8f0
[   27.141281]  try_to_free_mem_cgroup_pages+0x49d/0xc90
[   27.146457]  ? kasan_check_read+0x11/0x20
[   27.150604]  ? try_to_free_pages+0xb80/0xb80
[   27.154997]  ? kasan_check_read+0x11/0x20
[   27.159132]  ? trace_hardirqs_off+0xd/0x10
[   27.163356]  ? trace_hardirqs_on+0xd/0x10
[   27.167504]  ? cgroup_file_notify+0x226/0x2f0
[   27.171989]  ? cgroup_procs_write_finish+0xf0/0xf0
[   27.176908]  ? do_raw_spin_lock+0xc1/0x200
[   27.181139]  ? get_mem_cgroup_from_mm+0x209/0x440
[   27.185963]  reclaim_high.constprop.73+0x137/0x1e0
[   27.190870]  ? memcg_oom_wake_function+0x6b0/0x6b0
[   27.195778]  ? done_path_create+0xcc/0x110
[   27.200006]  mem_cgroup_handle_over_high+0x8d/0x130
[   27.205031]  exit_to_usermode_loop+0x287/0x380
[   27.209596]  ? syscall_slow_exit_work+0x500/0x500
[   27.214426]  do_syscall_64+0x6be/0x820
[   27.218293]  ? syscall_return_slowpath+0x5e0/0x5e0
[   27.223221]  ? syscall_return_slowpath+0x31d/0x5e0
[   27.228148]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   27.233160]  ? prepare_exit_to_usermode+0x291/0x3b0
[   27.238159]  ? perf_trace_sys_enter+0xb10/0xb10
[   27.242829]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.247653]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   27.252832] RIP: 0033:0x44021a
[   27.256001] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 
[   27.275132] RSP: 002b:00007ffe74e0f700 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   27.282831] RAX: 0000000000000003 RBX: 0000000000000000 RCX: 000000000044021a
[   27.290092] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[   27.297342] RBP: 00007ffe74e0f720 R08: 0000000000000001 R09: 000000000181d880
[   27.304592] R10: 000000000181db50 R11: 0000000000000246 R12: 0000000000000001
[   27.311835] R13: 00000000000068cd R14: 0000000000000000 R15: 0000000000000000
[   27.319186] Modules linked in:
[   27.322379] Dumping ftrace buffer:
[   27.325891]    (ftrace buffer empty)
[   27.329597] general protection fault: 0000 [#2] SMP KASAN
[   27.329833] ---[ end trace d3744e6401565d49 ]---
[   27.335152] CPU: 0 PID: 4462 Comm: syz-executor352 Tainted: G      D           4.18.0-rc4-next-20180713+ #7
[   27.335157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.335172] RIP: 0010:list_lru_count_one+0x156/0x460
[   27.335180] Code: 
[   27.339945] RIP: 0010:list_lru_count_one+0x156/0x460
[   27.349790] 08 3c 03 
[   27.359155] Code: 
[   27.364251] 0f 8e b5 
[   27.366406] 08 
[   27.371916] 02 00 00 
[   27.374332] 3c 
[   27.376455] 4d 63 bd d8 
[   27.378884] 03 
[   27.380748] 0a 00 00 e8 
[   27.383168] 0f 
[   27.385088] 7f 35 d2 ff 
[   27.387763] 8e 
[   27.389643] 48 8d 7b 50 48 
[   27.392323] b5 
[   27.394183] b8 00 00 00 
[   27.396859] 02 
[   27.398750] 00 00 fc ff df 
[   27.401702] 00 
[   27.403560] 48 89 fa 48 c1 
[   27.406228] 00 
[   27.408089] ea 03 <80> 3c 
[   27.411024] 4d 
[   27.412884] 02 00 0f 85 
[   27.415815] 63 
[   27.417682] d8 02 00 00 49 
[   27.420529] bd 
[   27.422389] 8d 46 c0 4c 
[   27.425060] d8 
[   27.426932] 8b 6b 50 
[   27.429875] 0a 
[   27.431737] 48 ba 00 00 
[   27.434410] 00 
[   27.436274] RSP: 0018:ffff8801ab6371e0 EFLAGS: 00010206
[   27.438678] 00 
[   27.440543] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81aa3a64
[   27.440548] RDX: 000000000000000a RSI: ffffffff81aa3ad1 RDI: 0000000000000050
[   27.440558] RBP: ffff8801ab637270 R08: ffff8801abbb2040 R09: 0000000000000000
[   27.443214] e8 
[   27.445077] R10: ffffed00357e3b40 R11: ffff8801abf1da07 R12: 1ffff100356c6e3d
[   27.445082] R13: ffff8801acce2c00 R14: ffff8801ab637248 R15: 0000000000000000
[   27.445093] FS:  000000000181d880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[   27.450438] 7f 
[   27.452313] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.452318] CR2: 000000000181db50 CR3: 00000001d96b3000 CR4: 00000000001406f0
[   27.452327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.459590] 35 
[   27.466870] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   27.466885] Call Trace:
[   27.474312] d2 
[   27.476193]  ? list_lru_isolate_move+0x3c0/0x3c0
[   27.476208]  super_cache_count+0x153/0x2e0
[   27.483466] ff 
[   27.490731]  ? __radix_tree_lookup+0x491/0x610
[   27.490746]  do_shrink_slab+0x148/0xc50
[   27.498958] 48 
[   27.500828]  ? node_tag_get.constprop.17+0xa0/0xa0
[   27.500839]  ? snapshot_refaults+0x290/0x290
[   27.506724] 8d 
[   27.514153]  ? kasan_check_read+0x11/0x20
[   27.514171]  ? shrink_slab+0x1f3/0xa60
[   27.521449] 7b 
[   27.523414]  ? percpu_ref_put_many+0x131/0x240
[   27.523434]  ? downgrade_write+0x2b0/0x2b0
[   27.530835] 50 
[   27.533406]  ? throttle_direct_reclaim+0x9f0/0x9f0
[   27.533420]  ? radix_tree_lookup+0x21/0x30
[   27.535295] 48 
[   27.540387]  shrink_slab+0x861/0xa60
[   27.540402]  ? unregister_memcg_shrinker.isra.39+0x50/0x50
[   27.544642] b8 
[   27.546517]  ? lock_downgrade+0x8f0/0x8f0
[   27.546529]  ? kasan_check_read+0x11/0x20
[   27.551108] 00 
[   27.555073]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   27.555087]  shrink_node+0x429/0x16a0
[   27.556965] 00 
[   27.561969]  ? shrink_node_memcg+0x18f0/0x18f0
[   27.561987]  ? kvm_clock_read+0x25/0x30
[   27.566384] 00 
[   27.568260]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   27.568279]  ? ktime_get_raw_ts64+0x4f0/0x4f0
[   27.572767] 00 
[   27.576646]  ? calc_wheel_index+0x260/0x260
[   27.576661]  ? kasan_check_write+0x14/0x20
[   27.578547] 00 
[   27.583112]  ? trace_hardirqs_off+0xd/0x10
[   27.583126]  do_try_to_free_pages+0x3e7/0x1290
[   27.587361] fc 
[   27.589237]  ? shrink_node+0x16a0/0x16a0
[   27.589251]  ? lock_acquire+0x1e4/0x540
[   27.594182] ff 
[   27.598396]  ? percpu_ref_tryget_live+0x143/0x440
[   27.598410]  ? lock_downgrade+0x8f0/0x8f0
[   27.600283] df 
[   27.603989]  try_to_free_mem_cgroup_pages+0x49d/0xc90
[   27.604002]  ? try_to_free_pages+0xb80/0xb80
[   27.609621] 48 
[   27.611499]  ? kasan_check_read+0x11/0x20
[   27.611511]  ? do_raw_spin_lock+0xc1/0x200
[   27.615641] 89 
[   27.619793]  ? trace_hardirqs_on+0xd/0x10
[   27.619808]  ? cgroup_file_notify+0x226/0x2f0
[   27.621679] fa 
[   27.626356]  ? cgroup_procs_write_finish+0xf0/0xf0
[   27.626371]  ? get_mem_cgroup_from_mm+0x209/0x440
[   27.630180] 48 
[   27.632060]  reclaim_high.constprop.73+0x137/0x1e0
[   27.632073]  ? memcg_oom_wake_function+0x6b0/0x6b0
[   27.636648] c1 
[   27.640610]  ? vmalloc_sync_all+0x30/0x30
[   27.640626]  ? lock_acquire+0x1e4/0x540
[   27.642503] ea 
[   27.647597]  mem_cgroup_handle_over_high+0x8d/0x130
[   27.647609]  exit_to_usermode_loop+0x287/0x380
[   27.647623]  ? syscall_slow_exit_work+0x500/0x500
[   27.652123] 03 
[   27.654000]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.654011]  syscall_return_slowpath+0x533/0x5e0
[   27.654021]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   27.654036]  ? __put_user_4+0x1c/0x30
[   27.658371] <80> 
[   27.662596]  ret_from_fork+0x15/0x50
[   27.662609] RIP: 0033:0x44021a
[   27.665018] 3c 
[   27.669221] Code: Bad RIP value.
[   27.669252] RSP: 002b:00007ffe74e0f700 EFLAGS: 00000246
[   27.673842] 02 
[   27.676060]  ORIG_RAX: 0000000000000038
[   27.676066] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000044021a
[   27.676070] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[   27.676080] RBP: 00007ffe74e0f720 R08: 0000000000000001 R09: 000000000181d880
[   27.680133] 00 
[   27.684088] R10: 000000000181db50 R11: 0000000000000246 R12: 0000000000000001
[   27.684093] R13: 00000000000068cd R14: 0000000000000000 R15: 0000000000000000
[   27.684101] Modules linked in:
[   27.685987] 0f 
[   27.690807] Dumping ftrace buffer:
[   27.690817]    (ftrace buffer empty)
[   27.694966] 85 
[   27.696895] ---[ end trace d3744e6401565d4a ]---
[   27.702037] d8 02 
[   27.706488] RIP: 0010:list_lru_count_one+0x156/0x460
[   27.708357] 00 00 
[   27.712524] Code: 
[   27.716786] 49 8d 
[   27.718710] 08 
[   27.722863] 46 c0 
[   27.727385] 3c 
[   27.729280] 4c 8b 
[   27.734246] 03 
[   27.739119] 6b 50 
[   27.741030] 0f 
[   27.745965] 48 ba 00 00 
[   27.745978] RSP: 0018:ffff8801bd6cf198 EFLAGS: 00010206
[   27.750947] 8e 
[   27.752839] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff81aa3a64
[   27.752848] RDX: 000000000000000a RSI: ffffffff81aa3ad1 RDI: 0000000000000050
[   27.757028] b5 
[   27.760998] RBP: ffff8801bd6cf228 R08: ffff8801d969e740 R09: 0000000000000000
[   27.761012] R10: ffffed00357e3b40 R11: ffff8801abf1da07 R12: 1ffff10037ad9e34
[   27.762904] 02 
[   27.767927] R13: ffff8801acce2c00 R14: ffff8801bd6cf200 R15: 0000000000000000
[   27.767941] FS:  000000000181d880(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
[   27.772538] 00 
[   27.777387] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.777398] CR2: 00000000006ce080 CR3: 00000001b4a57000 CR4: 00000000001406e0
[   27.779310] 00 
[   27.784088] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.788854] 4d 
[   27.793885] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   27.793895] Kernel panic - not syncing: Fatal exception
[   27.797709] 63 
[   27.800538] Dumping ftrace buffer:
[   27.800544]    (ftrace buffer empty)
[   27.800547] Kernel Offset: disabled
[   28.018657] Rebooting in 86400 seconds..