[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.038952] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.470622] random: sshd: uninitialized urandom read (32 bytes read) [ 20.805980] random: sshd: uninitialized urandom read (32 bytes read) [ 21.493956] random: sshd: uninitialized urandom read (32 bytes read) [ 21.650479] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.49' (ECDSA) to the list of known hosts. [ 27.121143] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 27.212172] WARNING: CPU: 0 PID: 4491 at net/ipv4/tcp_input.c:1801 tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.221880] Kernel panic - not syncing: panic_on_warn set ... [ 27.221880] [ 27.229222] CPU: 0 PID: 4491 Comm: syz-executor591 Not tainted 4.17.0-rc2+ #24 [ 27.236556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.245903] Call Trace: [ 27.248471] dump_stack+0x1b9/0x294 [ 27.252078] ? dump_stack_print_info.cold.2+0x52/0x52 [ 27.257251] ? tcp_sacktag_write_queue+0x1a50/0x2d80 [ 27.262333] panic+0x22f/0x4de [ 27.265516] ? add_taint.cold.5+0x16/0x16 [ 27.269644] ? __warn.cold.8+0x148/0x1b3 [ 27.273683] ? __warn.cold.8+0x117/0x1b3 [ 27.277723] ? tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.282803] __warn.cold.8+0x163/0x1b3 [ 27.286669] ? tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.291751] report_bug+0x252/0x2d0 [ 27.295366] do_error_trap+0x1de/0x490 [ 27.299231] ? math_error+0x420/0x420 [ 27.303012] ? tcp_v4_md5_lookup+0x22/0x30 [ 27.307226] ? tcp_sacktag_walk+0xc5d/0x14a0 [ 27.311617] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.316438] do_invalid_op+0x1b/0x20 [ 27.320139] invalid_op+0x14/0x20 [ 27.323571] RIP: 0010:tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.329257] RSP: 0018:ffff8801d9717090 EFLAGS: 00010293 [ 27.334597] RAX: ffff8801d9b745c0 RBX: ffff8801af2b9338 RCX: ffffffff8649f944 [ 27.341844] RDX: 0000000000000000 RSI: ffffffff8649f952 RDI: 0000000000000004 [ 27.349093] RBP: ffff8801d97171c0 R08: ffff8801d9b745c0 R09: ffffed003b2e2d9d [ 27.356340] R10: 000000000000020c R11: 0000000000000000 R12: 000000000000000a [ 27.363586] R13: 0000000000000009 R14: ffff8801af2b8a80 R15: 0000000000000001 [ 27.370843] ? tcp_sacktag_write_queue+0x1a94/0x2d80 [ 27.375928] ? tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.381019] ? tcp_sacktag_walk+0x14a0/0x14a0 [ 27.385495] tcp_ack+0x3089/0x5500 [ 27.389019] ? __kfree_skb+0x1d/0x20 [ 27.392718] ? tcp_fastretrans_alert+0x2850/0x2850 [ 27.397625] ? skb_scrub_packet+0x580/0x580 [ 27.401930] ? graph_lock+0x170/0x170 [ 27.405710] ? debug_check_no_locks_freed+0x310/0x310 [ 27.410880] ? kasan_check_write+0x14/0x20 [ 27.415101] ? graph_lock+0x170/0x170 [ 27.418884] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 27.424053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.429570] ? tcp_parse_options+0x1c1/0xe30 [ 27.433963] tcp_rcv_established+0x5b1/0x1ef0 [ 27.438438] ? tcp_data_queue+0x44e0/0x44e0 [ 27.442741] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 27.447737] ? ipv4_dst_check+0x1d5/0x260 [ 27.451863] ? ipv4_sysctl_rtcache_flush+0xa0/0xa0 [ 27.456775] ? rcu_note_context_switch+0x710/0x710 [ 27.461684] ? check_same_owner+0x320/0x320 [ 27.465985] tcp_v4_do_rcv+0x615/0x8c0 [ 27.469852] __release_sock+0x12f/0x3a0 [ 27.473809] release_sock+0xa4/0x2b0 [ 27.477502] ? __release_sock+0x3a0/0x3a0 [ 27.481631] ? __local_bh_enable_ip+0x161/0x230 [ 27.486278] ? lock_sock_nested+0xe7/0x120 [ 27.490493] tcp_sendmsg+0x3a/0x50 [ 27.494011] inet_sendmsg+0x19f/0x690 [ 27.497791] ? ipip_gro_receive+0x100/0x100 [ 27.502095] ? security_socket_sendmsg+0x94/0xc0 [ 27.506828] ? ipip_gro_receive+0x100/0x100 [ 27.511129] sock_sendmsg+0xd5/0x120 [ 27.514822] sock_write_iter+0x35a/0x5a0 [ 27.518861] ? sock_sendmsg+0x120/0x120 [ 27.522816] ? __might_sleep+0x95/0x190 [ 27.526771] do_iter_readv_writev+0x859/0xa50 [ 27.531245] ? vfs_dedupe_file_range+0xa00/0xa00 [ 27.535981] ? rw_verify_area+0x118/0x360 [ 27.540106] do_iter_write+0x185/0x5f0 [ 27.543974] ? dup_iter+0x270/0x270 [ 27.547579] ? vfs_writev+0x255/0x330 [ 27.551358] vfs_writev+0x1c7/0x330 [ 27.554965] ? vfs_iter_write+0xb0/0xb0 [ 27.558923] ? lock_downgrade+0x8e0/0x8e0 [ 27.563051] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 27.568569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.574085] ? __fdget_pos+0xd6/0x1e0 [ 27.577865] ? __fdget_raw+0x20/0x20 [ 27.581560] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.587087] ? __sys_setsockopt+0x24f/0x390 [ 27.591386] do_writev+0x112/0x2f0 [ 27.594908] ? vfs_writev+0x330/0x330 [ 27.598687] ? __ia32_sys_fallocate+0xf0/0xf0 [ 27.603164] __x64_sys_writev+0x75/0xb0 [ 27.607120] do_syscall_64+0x1b1/0x800 [ 27.610997] ? syscall_return_slowpath+0x5c0/0x5c0 [ 27.615908] ? syscall_return_slowpath+0x30f/0x5c0 [ 27.620817] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 27.626171] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.630993] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.636159] RIP: 0033:0x440419 [ 27.639326] RSP: 002b:00007ffe7a8c7bb8 EFLAGS: 00000217 ORIG_RAX: 0000000000000014 [ 27.647023] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440419 [ 27.654288] RDX: 0000000000000001 RSI: 00000000200006c0 RDI: 0000000000000003 [ 27.661535] RBP: 00000000006cb018 R08: 0000000000000010 R09: 0000000000000010 [ 27.668787] R10: 0000000000000182 R11: 0000000000000217 R12: 0000000000401d40 [ 27.676033] R13: 0000000000401dd0 R14: 0000000000000000 R15: 0000000000000000 [ 27.683813] Dumping ftrace buffer: [ 27.687408] (ftrace buffer empty) [ 27.691093] Kernel Offset: disabled [ 27.694701] Rebooting in 86400 seconds..