[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.439156] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 20.543925] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.817195] random: sshd: uninitialized urandom read (32 bytes read) [ 21.521479] random: sshd: uninitialized urandom read (32 bytes read) [ 21.678067] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts. [ 27.172417] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 27.265918] WARNING: CPU: 0 PID: 4507 at net/ipv4/tcp_input.c:1803 tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.275648] Kernel panic - not syncing: panic_on_warn set ... [ 27.275648] [ 27.283011] CPU: 0 PID: 4507 Comm: syz-executor950 Not tainted 4.17.0-rc2+ #24 [ 27.290351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.299684] Call Trace: [ 27.302255] dump_stack+0x1b9/0x294 [ 27.305862] ? dump_stack_print_info.cold.2+0x52/0x52 [ 27.311040] ? tcp_sacktag_write_queue+0x19b0/0x2d80 [ 27.316124] panic+0x22f/0x4de [ 27.319297] ? add_taint.cold.5+0x16/0x16 [ 27.323440] ? __warn.cold.8+0x148/0x1b3 [ 27.327481] ? __warn.cold.8+0x117/0x1b3 [ 27.331524] ? tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.336620] __warn.cold.8+0x163/0x1b3 [ 27.340503] ? tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.345599] report_bug+0x252/0x2d0 [ 27.349226] do_error_trap+0x1de/0x490 [ 27.353109] ? math_error+0x420/0x420 [ 27.356898] ? tcp_select_initial_window+0x3a0/0x3a0 [ 27.362000] ? tcp_sacktag_walk+0xc5d/0x14a0 [ 27.366398] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.371255] do_invalid_op+0x1b/0x20 [ 27.374975] invalid_op+0x14/0x20 [ 27.378430] RIP: 0010:tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.384130] RSP: 0018:ffff8801b157f090 EFLAGS: 00010293 [ 27.389486] RAX: ffff8801ac480180 RBX: ffff8801ac971dc0 RCX: ffffffff864b1de4 [ 27.396736] RDX: 0000000000000000 RSI: ffffffff864b1df2 RDI: 0000000000000004 [ 27.403986] RBP: ffff8801b157f1c0 R08: ffff8801ac480180 R09: ffffed00362afd9d [ 27.411234] R10: 000000000000020c R11: 0000000000000000 R12: 000000000000000a [ 27.418483] R13: 0000000000000009 R14: ffff8801ac971500 R15: 0000000000000001 [ 27.425746] ? tcp_sacktag_write_queue+0x1a94/0x2d80 [ 27.430829] ? tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.435921] ? tcp_sacktag_walk+0x14a0/0x14a0 [ 27.440400] tcp_ack+0x3093/0x5510 [ 27.443924] ? __kfree_skb+0x1d/0x20 [ 27.447644] ? tcp_fastretrans_alert+0x2850/0x2850 [ 27.452571] ? skb_scrub_packet+0x580/0x580 [ 27.456875] ? graph_lock+0x170/0x170 [ 27.460656] ? debug_check_no_locks_freed+0x310/0x310 [ 27.465836] ? kasan_check_write+0x14/0x20 [ 27.470057] ? graph_lock+0x170/0x170 [ 27.473838] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 27.479011] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.484529] ? tcp_parse_options+0x1c1/0xe30 [ 27.488928] tcp_rcv_established+0x5b1/0x2010 [ 27.493417] ? tcp_data_queue+0x45e0/0x45e0 [ 27.497722] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 27.502720] ? ipv4_dst_check+0x1d5/0x260 [ 27.506870] ? ipv4_sysctl_rtcache_flush+0xa0/0xa0 [ 27.511810] ? rcu_note_context_switch+0x710/0x710 [ 27.516748] ? check_same_owner+0x320/0x320 [ 27.521062] tcp_v4_do_rcv+0x615/0x8c0 [ 27.524936] __release_sock+0x12f/0x3a0 [ 27.528907] release_sock+0xa4/0x2b0 [ 27.532601] ? __release_sock+0x3a0/0x3a0 [ 27.536733] ? __local_bh_enable_ip+0x161/0x230 [ 27.541383] ? lock_sock_nested+0xe7/0x120 [ 27.545602] tcp_sendmsg+0x3a/0x50 [ 27.549125] inet_sendmsg+0x19f/0x690 [ 27.552908] ? ipip_gro_receive+0x100/0x100 [ 27.557215] ? security_socket_sendmsg+0x94/0xc0 [ 27.561961] ? ipip_gro_receive+0x100/0x100 [ 27.566284] sock_sendmsg+0xd5/0x120 [ 27.569983] sock_write_iter+0x35a/0x5a0 [ 27.574032] ? sock_sendmsg+0x120/0x120 [ 27.578003] ? __might_sleep+0x95/0x190 [ 27.582234] do_iter_readv_writev+0x859/0xa50 [ 27.586728] ? vfs_dedupe_file_range+0xa00/0xa00 [ 27.591474] ? rw_verify_area+0x118/0x360 [ 27.595607] do_iter_write+0x185/0x5f0 [ 27.599646] ? dup_iter+0x270/0x270 [ 27.603270] ? vfs_writev+0x255/0x330 [ 27.607062] vfs_writev+0x1c7/0x330 [ 27.610678] ? vfs_iter_write+0xb0/0xb0 [ 27.614646] ? lock_downgrade+0x8e0/0x8e0 [ 27.618798] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 27.624326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.629848] ? __fdget_pos+0xd6/0x1e0 [ 27.633628] ? __fdget_raw+0x20/0x20 [ 27.637332] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.642857] ? __sys_setsockopt+0x24f/0x390 [ 27.647162] do_writev+0x112/0x2f0 [ 27.650686] ? vfs_writev+0x330/0x330 [ 27.654467] ? __ia32_sys_fallocate+0xf0/0xf0 [ 27.658947] __x64_sys_writev+0x75/0xb0 [ 27.662904] do_syscall_64+0x1b1/0x800 [ 27.666794] ? syscall_return_slowpath+0x5c0/0x5c0 [ 27.671732] ? syscall_return_slowpath+0x30f/0x5c0 [ 27.676646] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 27.681994] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.686820] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.691994] RIP: 0033:0x440419 [ 27.695163] RSP: 002b:00007ffeed5e9508 EFLAGS: 00000217 ORIG_RAX: 0000000000000014 [ 27.702857] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440419 [ 27.710110] RDX: 0000000000000001 RSI: 00000000200006c0 RDI: 0000000000000003 [ 27.717364] RBP: 00000000006cb018 R08: 0000000000000010 R09: 0000000000000010 [ 27.724615] R10: 0000000000000182 R11: 0000000000000217 R12: 0000000000401d40 [ 27.731868] R13: 0000000000401dd0 R14: 0000000000000000 R15: 0000000000000000 [ 27.739689] Dumping ftrace buffer: [ 27.743299] (ftrace buffer empty) [ 27.747003] Kernel Offset: disabled [ 27.750613] Rebooting in 86400 seconds..