[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 22.925939] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.198708] random: sshd: uninitialized urandom read (32 bytes read) [ 26.416599] random: sshd: uninitialized urandom read (32 bytes read) [ 26.975769] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. [ 32.799475] urandom_read: 1 callbacks suppressed [ 32.799484] random: sshd: uninitialized urandom read (32 bytes read) [ 32.906030] IPVS: ftp: loaded support on port[0] = 21 [ 33.043345] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.049901] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.057442] device bridge_slave_0 entered promiscuous mode [ 33.065390] ip (4435) used greatest stack depth: 17096 bytes left [ 33.077416] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.083883] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.091136] device bridge_slave_1 entered promiscuous mode [ 33.107708] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 33.125009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 33.168911] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 33.188207] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 33.256498] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 33.263766] team0: Port device team_slave_0 added [ 33.279092] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 33.286303] team0: Port device team_slave_1 added [ 33.302118] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 33.318235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 33.335096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 33.348615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 33.477604] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.484061] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.491104] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.497488] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 33.955762] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.962036] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.007376] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.015663] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 34.059428] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 34.065661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 34.073699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.119360] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 34.381149] BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:425/tfrc_rx_hist_sample_rtt() [ 34.394716] CPU: 0 PID: 4657 Comm: syz-executor895 Not tainted 4.18.0-next-20180814+ #39 [ 34.403085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.412440] Call Trace: [ 34.415021] [ 34.417172] dump_stack+0x1c9/0x2b4 [ 34.420808] ? dump_stack_print_info.cold.2+0x52/0x52 [ 34.426014] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.431548] ? tfrc_rx_handle_loss+0x67c/0x1eb0 [ 34.436216] ? rcu_is_watching+0x8c/0x150 [ 34.440393] tfrc_rx_hist_sample_rtt.cold.3+0x54/0x5c [ 34.445589] ccid3_hc_rx_packet_recv+0x5c4/0xeb0 [ 34.450351] ? dccp_parse_options+0x493/0x11f0 [ 34.454938] ? ccid3_hc_tx_send_packet+0x880/0x880 [ 34.459898] dccp_deliver_input_to_ccids+0xf0/0x280 [ 34.464915] dccp_rcv_established+0x87/0xb0 [ 34.469239] dccp_v4_do_rcv+0x153/0x180 [ 34.473217] __sk_receive_skb+0x3e5/0xec0 [ 34.477367] ? sk_free+0x50/0x50 [ 34.480740] ? inet_lhash2_lookup+0x6e0/0x6e0 [ 34.485399] ? reqsk_fastopen_remove+0x680/0x680 [ 34.490274] ? lock_downgrade+0x8f0/0x8f0 [ 34.494498] ? dccp_invalid_packet+0x64/0x890 [ 34.499059] dccp_v4_rcv+0x10f9/0x1f58 [ 34.502979] ? dccp_v4_err+0x1860/0x1860 [ 34.507050] ? __lock_is_held+0xb5/0x140 [ 34.511203] ip_local_deliver_finish+0x2eb/0xda0 [ 34.515985] ? ip_sublist_rcv_finish+0x3e0/0x3e0 [ 34.520744] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 34.525761] ? nf_hook_slow+0x11e/0x1c0 [ 34.529742] ip_local_deliver+0x1e9/0x750 [ 34.533889] ? ip_call_ra_chain+0x730/0x730 [ 34.538212] ? ip_sublist_rcv_finish+0x3e0/0x3e0 [ 34.543049] ? kasan_check_read+0x11/0x20 [ 34.547198] ? rcu_is_watching+0x8c/0x150 [ 34.551345] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.556020] ip_rcv_finish+0x1f9/0x300 [ 34.559986] ip_rcv+0xed/0x610 [ 34.563191] ? ip_local_deliver+0x750/0x750 [ 34.567514] ? ip_rcv_finish_core.isra.16+0x1f10/0x1f10 [ 34.573193] ? lock_acquire+0x1e4/0x4f0 [ 34.577186] __netif_receive_skb_one_core+0x14d/0x200 [ 34.582376] ? __netif_receive_skb_core+0x39f0/0x39f0 [ 34.587613] ? net_rx_action+0x799/0x1900 [ 34.591900] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.596574] __netif_receive_skb+0x2c/0x1e0 [ 34.600899] process_backlog+0x219/0x760 [ 34.604987] net_rx_action+0x799/0x1900 [ 34.608994] ? napi_complete_done+0x6d0/0x6d0 [ 34.613489] ? mark_held_locks+0x160/0x160 [ 34.617728] ? _raw_spin_unlock_irq+0x27/0x70 [ 34.622223] ? __run_timers+0x9f6/0xc60 [ 34.626254] ? __bpf_trace_timer_expire_entry+0x30/0x30 [ 34.631841] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 34.636876] ? graph_lock+0x170/0x170 [ 34.640684] ? enqueue_hrtimer+0x187/0x4e0 [ 34.644916] ? lock_release+0x9f0/0x9f0 [ 34.648892] ? hrtimer_update_softirq_timer+0xa0/0xa0 [ 34.654173] ? graph_lock+0x170/0x170 [ 34.658003] ? lock_downgrade+0x8f0/0x8f0 [ 34.662212] ? find_held_lock+0x36/0x1c0 [ 34.666274] ? print_usage_bug+0xc0/0xc0 [ 34.670389] ? lock_downgrade+0x8f0/0x8f0 [ 34.674541] ? graph_lock+0x170/0x170 [ 34.678341] ? mark_held_locks+0xc9/0x160 [ 34.682544] ? scheduler_ipi+0x1a8/0xa50 [ 34.686610] ? __do_softirq+0x275/0xa6d [ 34.690636] ? __lock_is_held+0xb5/0x140 [ 34.694762] __do_softirq+0x2e8/0xa6d [ 34.698574] ? __irqentry_text_end+0x1f9f98/0x1f9f98 [ 34.703692] ? smp_reschedule_interrupt+0xf5/0x5d0 [ 34.708679] ? smp_thermal_interrupt+0x710/0x710 [ 34.713437] ? ret_from_intr+0xb/0x1e [ 34.717309] ? trace_hardirqs_off_caller+0xbb/0x2b0 [ 34.722325] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.726910] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.731755] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 34.736773] ? task_prio+0x50/0x50 [ 34.740329] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.745174] do_softirq_own_stack+0x2a/0x40 [ 34.749491] [ 34.751731] do_softirq.part.18+0x155/0x1a0 [ 34.756054] ? ip_finish_output2+0xa87/0x1860 [ 34.760547] __local_bh_enable_ip+0x1ec/0x230 [ 34.765045] ip_finish_output2+0xaba/0x1860 [ 34.769372] ? ip_copy_metadata+0xe20/0xe20 [ 34.773698] ? graph_lock+0x170/0x170 [ 34.777502] ? nf_ct_deliver_cached_events+0x293/0x7e0 [ 34.782790] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.788527] ? ipv4_mtu+0x37d/0x590 [ 34.792161] ? __lock_is_held+0xb5/0x140 [ 34.796349] ip_finish_output+0x841/0xfa0 [ 34.800495] ? ip_finish_output+0x841/0xfa0 [ 34.804828] ? ip_fragment.constprop.49+0x240/0x240 [ 34.809867] ? kasan_check_read+0x11/0x20 [ 34.814021] ? rcu_is_watching+0x8c/0x150 [ 34.818169] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.822852] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 34.827880] ? nf_hook_slow+0x11e/0x1c0 [ 34.831871] ip_output+0x223/0x880 [ 34.835412] ? __ip_local_out+0x5e3/0xb50 [ 34.839562] ? ip_mc_output+0x15d0/0x15d0 [ 34.843711] ? ip_fragment.constprop.49+0x240/0x240 [ 34.848835] ? __lock_is_held+0xb5/0x140 [ 34.852914] ip_local_out+0xc5/0x1b0 [ 34.856675] __ip_queue_xmit+0x9b6/0x1f20 [ 34.860841] ? ip_build_and_send_pkt+0xc80/0xc80 [ 34.865707] ? __skb_checksum+0x8f0/0x8f0 [ 34.869868] ? skb_send_sock+0x50/0x50 [ 34.873802] ? reqsk_fastopen_remove+0x680/0x680 [ 34.878569] ? dccp_insert_option_padding+0xbc/0xe0 [ 34.883591] ip_queue_xmit+0x56/0x70 [ 34.887651] dccp_transmit_skb+0x999/0x12e0 [ 34.892006] dccp_xmit_packet+0x25e/0x7b0 [ 34.896293] ? kasan_check_write+0x14/0x20 [ 34.900532] ? do_raw_spin_lock+0xc1/0x200 [ 34.904765] ? dccp_send_sync+0x270/0x270 [ 34.908921] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 34.914202] ? ccid3_hc_tx_send_packet+0x35a/0x880 [ 34.919134] dccp_write_xmit+0x190/0x1f0 [ 34.923255] dccp_sendmsg+0xd32/0xf90 [ 34.927062] ? dccp_getsockopt+0xf0/0xf0 [ 34.931123] ? rw_copy_check_uvector+0x30d/0x3e0 [ 34.935886] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.941424] ? import_iovec+0x269/0x470 [ 34.945398] ? dup_iter+0x270/0x270 [ 34.949076] inet_sendmsg+0x1a1/0x690 [ 34.952880] ? copy_msghdr_from_user+0x3c4/0x580 [ 34.957637] ? ipip_gro_receive+0x100/0x100 [ 34.961985] ? move_addr_to_kernel.part.18+0x100/0x100 [ 34.967318] ? security_socket_sendmsg+0x94/0xc0 [ 34.972124] ? ipip_gro_receive+0x100/0x100 [ 34.976449] sock_sendmsg+0xd5/0x120 [ 34.980307] ___sys_sendmsg+0x7fd/0x930 [ 34.984286] ? copy_msghdr_from_user+0x580/0x580 [ 34.989177] ? kasan_check_write+0x14/0x20 [ 34.993410] ? trace_hardirqs_off+0xb8/0x2b0 [ 34.997831] ? __fget_light+0x2f7/0x440 [ 35.001825] ? kfree+0x111/0x210 [ 35.005204] ? fget_raw+0x20/0x20 [ 35.008660] ? do_dccp_setsockopt.isra.11+0x1fc/0x7b0 [ 35.013858] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.018993] ? __kasan_slab_free+0x131/0x170 [ 35.023405] ? do_dccp_setsockopt.isra.11+0x1fc/0x7b0 [ 35.028602] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.034269] ? sockfd_lookup_light+0xc5/0x160 [ 35.038766] __sys_sendmsg+0x11d/0x290 [ 35.042665] ? __ia32_sys_shutdown+0x80/0x80 [ 35.047075] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 35.052662] ? fput+0x130/0x1a0 [ 35.055972] ? __x64_sys_futex+0x47f/0x6a0 [ 35.060212] ? do_syscall_64+0x9a/0x820 [ 35.064185] ? do_syscall_64+0x9a/0x820 [ 35.068163] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 35.073268] __x64_sys_sendmsg+0x78/0xb0 [ 35.077331] do_syscall_64+0x1b9/0x820 [ 35.081217] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.086581] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.091515] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.096533] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.101636] ? recalc_sigpending_tsk+0x180/0x180 [ 35.106642] ? kasan_check_write+0x14/0x20 [ 35.110982] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.116710] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.121899] RIP: 0033:0x446a49 [ 35.125099] Code: e8 cc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 35.144223] RSP: 002b:00007f858b2d0da8 EFLAGS: 00000293 ORIG_RAX: 000000000000002e [ 35.152010] RAX: ffffffffffffffda RBX: 00000000006dec58 RCX: 0000000000446a49 [ 35.159393] RDX: 0000000004000080 RSI: 00000000200030c0 RDI: 0000000000000005 [ 35.166661] RBP: 00000000006dec50 R08: 0000000000000000 R09: 0000000000000000 [ 35.174056] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000006dec5c [ 35.181327] R13: 00000000004b01c0 R14: 0000000020001f80 R15: 0000000000000001