[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.464079] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   19.893175] random: sshd: uninitialized urandom read (32 bytes read)
[   20.154482] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.885595] random: sshd: uninitialized urandom read (32 bytes read)
[   21.039140] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts.
[   26.502064] random: sshd: uninitialized urandom read (32 bytes read)
2018/05/01 04:48:13 parsed 1 programs
2018/05/01 04:48:13 executed programs: 0
[   26.967759] IPVS: ftp: loaded support on port[0] = 21
[   27.170681] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.177153] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.184807] device bridge_slave_0 entered promiscuous mode
[   27.201245] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.207650] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.214890] device bridge_slave_1 entered promiscuous mode
[   27.230511] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   27.246897] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   27.289388] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   27.308881] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   27.371084] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   27.378534] team0: Port device team_slave_0 added
[   27.393930] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   27.401009] team0: Port device team_slave_1 added
[   27.415953] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   27.433977] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   27.450808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   27.467705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   27.585228] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.591705] bridge0: port 2(bridge_slave_1) entered forwarding state
[   27.598751] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.605131] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.011260] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   28.017399] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.058103] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   28.100957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   28.109779] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   28.147313] 8021q: adding VLAN 0 to HW filter on device team0
2018/05/01 04:48:18 executed programs: 76
[   33.120312] ------------[ cut here ]------------
[   33.125227] kernel BUG at net/ipv4/tcp_output.c:2837!
[   33.130460] invalid opcode: 0000 [#1] SMP KASAN
[   33.135124] Dumping ftrace buffer:
[   33.138638]    (ftrace buffer empty)
[   33.142324] Modules linked in:
[   33.145507] CPU: 0 PID: 5276 Comm: syz-executor0 Not tainted 4.17.0-rc3+ #51
[   33.152674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.162020] RIP: 0010:__tcp_retransmit_skb+0x2992/0x2eb0
[   33.167459] RSP: 0000:ffff8801dae06ff8 EFLAGS: 00010206
[   33.172802] RAX: ffff8801b9fe61c0 RBX: 00000000ffc18a16 RCX: ffffffff864e1a49
[   33.180049] RDX: 0000000000000100 RSI: ffffffff864e2e12 RDI: 0000000000000005
[   33.187298] RBP: ffff8801dae073a0 R08: ffff8801b9fe61c0 R09: ffffed0039c40dd2
[   33.194547] R10: ffffed0039c40dd2 R11: ffff8801ce206e93 R12: 00000000421eeaad
[   33.201795] R13: ffff8801ce206d4e R14: ffff8801ce206cc0 R15: ffff8801cd4f4a80
[   33.209049] FS:  0000000000000000(0000) GS:ffff8801dae00000(0063) knlGS:00000000096bc900
[   33.217256] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   33.223116] CR2: 0000000020000000 CR3: 00000001c47b6000 CR4: 00000000001406f0
[   33.230369] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   33.237619] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   33.244868] Call Trace:
[   33.247440]  <IRQ>
[   33.249581]  ? tcp_skb_collapse_tstamp+0x340/0x340
[   33.254495]  ? kasan_check_read+0x11/0x20
[   33.258629]  ? do_raw_spin_unlock+0x9e/0x2e0
[   33.263024]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   33.267591]  ? kasan_check_write+0x14/0x20
[   33.271805]  ? do_raw_spin_lock+0xc1/0x200
[   33.276027]  ? trace_hardirqs_off+0xd/0x10
[   33.280245]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   33.285346]  ? try_to_wake_up+0x102/0x1190
[   33.289561]  ? print_usage_bug+0xc0/0xc0
[   33.293602]  ? print_usage_bug+0xc0/0xc0
[   33.297639]  ? migrate_swap_stop+0x850/0x850
[   33.302030]  ? graph_lock+0x170/0x170
[   33.305812]  ? graph_lock+0x170/0x170
[   33.309598]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   33.315114]  ? tcp_check_oom+0x1b2/0x520
[   33.319157]  ? tcp_free_fastopen_req+0x90/0x90
[   33.323717]  ? graph_lock+0x170/0x170
[   33.327504]  ? __lock_acquire+0x7f5/0x5140
[   33.331722]  ? jiffies_to_msecs+0xd/0x20
[   33.335764]  ? bictcp_state+0x440/0x510
[   33.339719]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.345243]  ? tcp_enter_loss+0xc4b/0x1110
[   33.349461]  tcp_retransmit_skb+0x2e/0x250
[   33.353675]  tcp_retransmit_timer+0xc50/0x3060
[   33.358236]  ? tcp_delack_timer+0x280/0x280
[   33.362539]  ? debug_check_no_locks_freed+0x310/0x310
[   33.367709]  ? __lock_acquire+0x7f5/0x5140
[   33.371925]  ? kasan_check_read+0x11/0x20
[   33.376052]  ? do_raw_spin_unlock+0x9e/0x2e0
[   33.380439]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   33.385002]  ? debug_check_no_locks_freed+0x310/0x310
[   33.390177]  ? graph_lock+0x170/0x170
[   33.393960]  ? pvclock_read_flags+0x160/0x160
[   33.398435]  ? run_posix_cpu_timers+0x6c2/0x2550
[   33.403170]  ? kvm_clock_read+0x25/0x30
[   33.407123]  ? kvm_sched_clock_read+0x9/0x20
[   33.411520]  ? sched_clock+0x31/0x40
[   33.415217]  ? sched_clock_cpu+0x1b/0x180
[   33.419349]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   33.424521]  tcp_write_timer_handler+0x339/0x960
[   33.429255]  ? tcp_retransmit_timer+0x3060/0x3060
[   33.434079]  tcp_write_timer+0x111/0x1d0
[   33.438124]  call_timer_fn+0x230/0x940
[   33.441987]  ? tcp_write_timer_handler+0x960/0x960
[   33.446908]  ? process_timeout+0x40/0x40
[   33.450949]  ? kasan_check_write+0x14/0x20
[   33.455162]  ? lock_downgrade+0x8e0/0x8e0
[   33.459288]  ? trace_hardirqs_off+0xd/0x10
[   33.463500]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   33.468593]  ? mark_held_locks+0xc9/0x160
[   33.472720]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   33.477279]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   33.482272]  ? tcp_write_timer_handler+0x960/0x960
[   33.487182]  ? tcp_write_timer_handler+0x960/0x960
[   33.492091]  __run_timers+0x79e/0xc50
[   33.495876]  ? __bpf_trace_timer_expire_entry+0x30/0x30
[   33.501224]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   33.506219]  ? graph_lock+0x170/0x170
[   33.509999]  ? enqueue_hrtimer+0x18b/0x520
[   33.514220]  ? hrtimer_update_softirq_timer+0xa0/0xa0
[   33.519399]  ? find_held_lock+0x36/0x1c0
[   33.523440]  ? graph_lock+0x170/0x170
[   33.527221]  ? lock_downgrade+0x8e0/0x8e0
[   33.531361]  ? __lock_is_held+0xb5/0x140
[   33.535404]  run_timer_softirq+0x4c/0x70
[   33.539443]  __do_softirq+0x2e0/0xaf5
[   33.543226]  ? __irqentry_text_end+0x1f98a8/0x1f98a8
[   33.548318]  ? kasan_check_read+0x11/0x20
[   33.552441]  ? graph_lock+0x170/0x170
[   33.556222]  ? native_apic_msr_write+0x5b/0x80
[   33.560781]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   33.565341]  ? lapic_next_event+0x5a/0x90
[   33.569471]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.574990]  ? clockevents_program_event+0x140/0x370
[   33.580079]  ? __lock_is_held+0xb5/0x140
[   33.584122]  irq_exit+0x1d1/0x200
[   33.587558]  smp_apic_timer_interrupt+0x17e/0x710
[   33.592379]  ? smp_call_function_single_interrupt+0x650/0x650
[   33.598246]  ? _raw_spin_lock+0x32/0x40
[   33.602215]  ? _raw_spin_unlock+0x22/0x30
[   33.606353]  ? handle_edge_irq+0x330/0x870
[   33.610570]  ? task_prio+0x50/0x50
[   33.614092]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.618915]  apic_timer_interrupt+0xf/0x20
[   33.623122]  </IRQ>
[   33.625772] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x50
[   33.631115] RSP: 0000:ffff8801a8d17700 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[   33.638799] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81a84c7c
[   33.646047] RDX: 0000000000000141 RSI: 0000000000000000 RDI: 0000000000000004
[   33.653295] RBP: ffff8801a8d17750 R08: ffff8801b9fe61c0 R09: 0000000000000000
[   33.660550] R10: ffff8801b9fe61c0 R11: 0000000000000000 R12: dffffc0000000000
[   33.667807] R13: 0000000000000141 R14: ffffea0006d40000 R15: 0000000000000000
[   33.675079]  ? clear_huge_page+0x17c/0x7b0
[   33.679302]  ? clear_huge_page+0xb6/0x7b0
[   33.683433]  do_huge_pmd_anonymous_page+0x877/0x1cc0
[   33.688522]  ? __lock_acquire+0x7f5/0x5140
[   33.692737]  ? __thp_get_unmapped_area+0x180/0x180
[   33.697647]  ? debug_check_no_locks_freed+0x310/0x310
[   33.702818]  ? find_held_lock+0x36/0x1c0
[   33.706864]  ? page_rmapping+0xd3/0x150
[   33.710834]  ? lock_downgrade+0x8e0/0x8e0
[   33.714963]  ? kasan_check_read+0x11/0x20
[   33.719090]  ? kasan_check_read+0x11/0x20
[   33.723218]  ? do_raw_spin_unlock+0x9e/0x2e0
[   33.727609]  ? do_raw_spin_trylock+0x1b0/0x1b0
[   33.732171]  ? pud_val+0x80/0xf0
[   33.735516]  ? pmd_val+0xf0/0xf0
[   33.738863]  ? graph_lock+0x170/0x170
[   33.742654]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.748171]  __handle_mm_fault+0x2d02/0x4310
[   33.752560]  ? vm_insert_mixed_mkwrite+0x40/0x40
[   33.757304]  ? graph_lock+0x170/0x170
[   33.761087]  ? find_held_lock+0x36/0x1c0
[   33.765130]  ? lock_downgrade+0x8e0/0x8e0
[   33.769266]  ? handle_mm_fault+0x8c0/0xc70
[   33.773481]  handle_mm_fault+0x53a/0xc70
[   33.777524]  ? __handle_mm_fault+0x4310/0x4310
[   33.782094]  ? find_vma+0x34/0x190
[   33.785620]  __do_page_fault+0x60b/0xe40
[   33.789677]  ? mm_fault_error+0x380/0x380
[   33.793816]  ? do_fast_syscall_32+0x148/0xf9b
[   33.798303]  do_page_fault+0xee/0x8a7
[   33.802084]  ? vmalloc_sync_all+0x30/0x30
[   33.806213]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   33.810951]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.816469]  ? syscall_return_slowpath+0x30f/0x5c0
[   33.821380]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.826895]  ? retint_user+0x18/0x18
[   33.830588]  ? page_fault+0x8/0x30
[   33.834111]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.838933]  ? page_fault+0x8/0x30
[   33.842452]  page_fault+0x1e/0x30
[   33.845882] RIP: 0023:0x804c4e0
[   33.849136] RSP: 002b:00000000ff88fc70 EFLAGS: 00010246
[   33.854478] RAX: 0000000020000000 RBX: 0000000000000000 RCX: 0000000000000000
[   33.861725] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
[   33.868972] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   33.876222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   33.883474] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   33.890732] Code: 67 fb e9 20 dc ff ff 48 89 df e8 5a 75 67 fb e9 a5 ee ff ff be 0c 00 00 00 4c 89 ef e8 88 75 67 fb e9 69 ef ff ff e8 2e 11 2b fb <0f> 0b 4c 89 e7 e8 14 75 67 fb e9 77 f2 ff ff 48 89 df e8 67 74 
[   33.909879] RIP: __tcp_retransmit_skb+0x2992/0x2eb0 RSP: ffff8801dae06ff8
[   33.916834] ---[ end trace 54fa741e700e140d ]---
[   33.921621] Kernel panic - not syncing: Fatal exception in interrupt
[   33.928571] Dumping ftrace buffer:
[   33.932102]    (ftrace buffer empty)
[   33.935789] Kernel Offset: disabled
[   33.939392] Rebooting in 86400 seconds..