[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 17.665900] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.984560] random: sshd: uninitialized urandom read (32 bytes read) [ 21.241870] random: sshd: uninitialized urandom read (32 bytes read) [ 21.933008] random: sshd: uninitialized urandom read (32 bytes read) [ 22.086913] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. [ 27.551214] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 27.655051] WARNING: CPU: 0 PID: 4487 at net/ipv4/tcp_input.c:1801 tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.664770] Kernel panic - not syncing: panic_on_warn set ... [ 27.664770] [ 27.672124] CPU: 0 PID: 4487 Comm: syz-executor809 Not tainted 4.17.0-rc2+ #24 [ 27.679548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.688880] Call Trace: [ 27.691464] dump_stack+0x1b9/0x294 [ 27.695078] ? dump_stack_print_info.cold.2+0x52/0x52 [ 27.700264] ? tcp_sacktag_write_queue+0x1a50/0x2d80 [ 27.705356] panic+0x22f/0x4de [ 27.708532] ? add_taint.cold.5+0x16/0x16 [ 27.712663] ? __warn.cold.8+0x148/0x1b3 [ 27.716701] ? __warn.cold.8+0x117/0x1b3 [ 27.720746] ? tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.725829] __warn.cold.8+0x163/0x1b3 [ 27.729700] ? tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.734786] report_bug+0x252/0x2d0 [ 27.738397] do_error_trap+0x1de/0x490 [ 27.742265] ? math_error+0x420/0x420 [ 27.746062] ? tcp_v4_md5_lookup+0x22/0x30 [ 27.750282] ? tcp_sacktag_walk+0xc5d/0x14a0 [ 27.754673] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.759494] do_invalid_op+0x1b/0x20 [ 27.763188] invalid_op+0x14/0x20 [ 27.766623] RIP: 0010:tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.772309] RSP: 0018:ffff8801cf7b7090 EFLAGS: 00010293 [ 27.777651] RAX: ffff8801ad354000 RBX: ffff8801cd4f08b8 RCX: ffffffff8649f944 [ 27.784899] RDX: 0000000000000000 RSI: ffffffff8649f952 RDI: 0000000000000004 [ 27.792151] RBP: ffff8801cf7b71c0 R08: ffff8801ad354000 R09: ffffed0039ef6d9d [ 27.799400] R10: 000000000000020c R11: 0000000000000000 R12: 000000000000000a [ 27.806647] R13: 0000000000000009 R14: ffff8801cd4f0000 R15: 0000000000000001 [ 27.813905] ? tcp_sacktag_write_queue+0x1a94/0x2d80 [ 27.818989] ? tcp_sacktag_write_queue+0x1aa2/0x2d80 [ 27.824088] ? tcp_sacktag_walk+0x14a0/0x14a0 [ 27.828568] tcp_ack+0x3089/0x5500 [ 27.832089] ? __kfree_skb+0x1d/0x20 [ 27.835790] ? tcp_fastretrans_alert+0x2850/0x2850 [ 27.840698] ? skb_scrub_packet+0x580/0x580 [ 27.845005] ? graph_lock+0x170/0x170 [ 27.848794] ? debug_check_no_locks_freed+0x310/0x310 [ 27.853963] ? kasan_check_write+0x14/0x20 [ 27.858182] ? graph_lock+0x170/0x170 [ 27.861966] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 27.867140] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 27.872654] ? tcp_parse_options+0x1c1/0xe30 [ 27.877053] tcp_rcv_established+0x5b1/0x1ef0 [ 27.881529] ? tcp_data_queue+0x44e0/0x44e0 [ 27.885834] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 27.890836] ? ipv4_dst_check+0x1d5/0x260 [ 27.894963] ? ipv4_sysctl_rtcache_flush+0xa0/0xa0 [ 27.899872] ? rcu_note_context_switch+0x710/0x710 [ 27.904788] ? check_same_owner+0x320/0x320 [ 27.909089] tcp_v4_do_rcv+0x615/0x8c0 [ 27.912958] __release_sock+0x12f/0x3a0 [ 27.916912] release_sock+0xa4/0x2b0 [ 27.920603] ? __release_sock+0x3a0/0x3a0 [ 27.924732] ? __local_bh_enable_ip+0x161/0x230 [ 27.929380] ? lock_sock_nested+0xe7/0x120 [ 27.933595] tcp_sendmsg+0x3a/0x50 [ 27.937118] inet_sendmsg+0x19f/0x690 [ 27.940899] ? ipip_gro_receive+0x100/0x100 [ 27.945201] ? security_socket_sendmsg+0x94/0xc0 [ 27.949934] ? ipip_gro_receive+0x100/0x100 [ 27.954236] sock_sendmsg+0xd5/0x120 [ 27.957929] sock_write_iter+0x35a/0x5a0 [ 27.961970] ? sock_sendmsg+0x120/0x120 [ 27.965929] ? __might_sleep+0x95/0x190 [ 27.969886] do_iter_readv_writev+0x859/0xa50 [ 27.974360] ? vfs_dedupe_file_range+0xa00/0xa00 [ 27.979099] ? rw_verify_area+0x118/0x360 [ 27.983224] do_iter_write+0x185/0x5f0 [ 27.987088] ? dup_iter+0x270/0x270 [ 27.990695] ? vfs_writev+0x255/0x330 [ 27.994475] vfs_writev+0x1c7/0x330 [ 27.998081] ? vfs_iter_write+0xb0/0xb0 [ 28.002042] ? lock_downgrade+0x8e0/0x8e0 [ 28.006180] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 28.011701] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.017218] ? __fdget_pos+0xd6/0x1e0 [ 28.021002] ? __fdget_raw+0x20/0x20 [ 28.024707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.030222] ? __sys_setsockopt+0x24f/0x390 [ 28.034523] do_writev+0x112/0x2f0 [ 28.038049] ? vfs_writev+0x330/0x330 [ 28.041831] ? __ia32_sys_fallocate+0xf0/0xf0 [ 28.046306] __x64_sys_writev+0x75/0xb0 [ 28.050261] do_syscall_64+0x1b1/0x800 [ 28.054129] ? syscall_return_slowpath+0x5c0/0x5c0 [ 28.059040] ? syscall_return_slowpath+0x30f/0x5c0 [ 28.063950] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 28.069294] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.074117] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.079282] RIP: 0033:0x440419 [ 28.082451] RSP: 002b:00007ffdc18837d8 EFLAGS: 00000217 ORIG_RAX: 0000000000000014 [ 28.090136] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440419 [ 28.097382] RDX: 0000000000000001 RSI: 00000000200006c0 RDI: 0000000000000003 [ 28.104628] RBP: 00000000006cb018 R08: 0000000000000010 R09: 0000000000000010 [ 28.111874] R10: 0000000000000182 R11: 0000000000000217 R12: 0000000000401d40 [ 28.119121] R13: 0000000000401dd0 R14: 0000000000000000 R15: 0000000000000000 [ 28.126928] Dumping ftrace buffer: [ 28.130547] (ftrace buffer empty) [ 28.134234] Kernel Offset: disabled [ 28.137838] Rebooting in 86400 seconds..