[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 16.776868] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.680185] random: sshd: uninitialized urandom read (32 bytes read) [ 21.073378] random: sshd: uninitialized urandom read (32 bytes read) [ 21.494909] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. [ 27.071455] urandom_read: 1 callbacks suppressed [ 27.071461] random: sshd: uninitialized urandom read (32 bytes read) net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 27.167133] IPVS: ftp: loaded support on port[0] = 21 [ 27.311611] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.318133] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.325184] device bridge_slave_0 entered promiscuous mode [ 27.338113] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.344477] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.351340] device bridge_slave_1 entered promiscuous mode [ 27.364120] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 27.377333] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 27.408527] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 27.423125] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 27.469813] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 27.476926] team0: Port device team_slave_0 added [ 27.488455] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 27.495464] team0: Port device team_slave_1 added [ 27.507856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 27.521934] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 27.536405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.550533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported [ 27.634763] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.641158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.647736] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.654066] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 27.944125] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 27.950476] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.983177] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 28.016429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.023421] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 28.055946] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 28.062045] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 28.237891] BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:425/tfrc_rx_hist_sample_rtt() [ 28.251109] CPU: 0 PID: 4604 Comm: syz-executor448 Not tainted 4.18.0-rc8+ #177 [ 28.258533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.267863] Call Trace: [ 28.270423] [ 28.272561] dump_stack+0x1c9/0x2b4 [ 28.276166] ? dump_stack_print_info.cold.2+0x52/0x52 [ 28.281336] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 28.287053] ? tfrc_rx_handle_loss+0x67c/0x1eb0 [ 28.291723] tfrc_rx_hist_sample_rtt.cold.3+0x54/0x5c [ 28.296895] ccid3_hc_rx_packet_recv+0x5c4/0xeb0 [ 28.301636] ? dccp_parse_options+0x493/0x11f0 [ 28.306194] ? ccid3_hc_tx_send_packet+0x880/0x880 [ 28.311101] dccp_deliver_input_to_ccids+0xf0/0x280 [ 28.316099] dccp_rcv_established+0x87/0xb0 [ 28.320405] dccp_v4_do_rcv+0x153/0x180 [ 28.324373] __sk_receive_skb+0x3c0/0xd90 [ 28.328504] ? __inet_lookup_established+0x462/0x690 [ 28.333585] ? sk_free+0x50/0x50 [ 28.336928] ? inet_lhash2_lookup+0x6e0/0x6e0 [ 28.341400] ? reqsk_fastopen_remove+0x680/0x680 [ 28.346139] ? lock_downgrade+0x8f0/0x8f0 [ 28.350275] ? dccp_invalid_packet+0x64/0x890 [ 28.354772] dccp_v4_rcv+0x10f9/0x1f58 [ 28.358675] ? dccp_v4_err+0x1860/0x1860 [ 28.362733] ? lock_release+0xa30/0xa30 [ 28.366689] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 28.372216] ? ip_local_deliver+0x513/0x750 [ 28.376518] ip_local_deliver_finish+0x2eb/0xda0 [ 28.381255] ? ip_sublist_rcv_finish+0x3e0/0x3e0 [ 28.385992] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 28.391031] ? nf_hook_slow+0x11e/0x1c0 [ 28.395098] ip_local_deliver+0x1e9/0x750 [ 28.399340] ? ip_call_ra_chain+0x730/0x730 [ 28.403643] ? ip_sublist_rcv_finish+0x3e0/0x3e0 [ 28.408381] ? lock_release+0xa30/0xa30 [ 28.412338] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 28.417507] ip_rcv_finish+0x1f9/0x300 [ 28.421373] ip_rcv+0xed/0x610 [ 28.424542] ? ip_local_deliver+0x750/0x750 [ 28.428874] ? ip_rcv_finish_core.isra.16+0x1f10/0x1f10 [ 28.434217] ? lock_acquire+0x1e4/0x540 [ 28.438169] ? process_backlog+0x1a6/0x760 [ 28.442383] __netif_receive_skb_one_core+0x14d/0x200 [ 28.447555] ? __netif_receive_skb_core+0x3af0/0x3af0 [ 28.452734] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 28.457293] __netif_receive_skb+0x2c/0x1e0 [ 28.461596] process_backlog+0x219/0x760 [ 28.465639] ? try_to_wake_up+0x10a/0x12a0 [ 28.469906] net_rx_action+0x7a5/0x1920 [ 28.473870] ? trace_hardirqs_on+0x10/0x10 [ 28.478082] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 28.482643] ? napi_complete_done+0x6d0/0x6d0 [ 28.487121] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 28.492336] ? try_to_wake_up+0x10a/0x12a0 [ 28.496551] ? lock_acquire+0x1e4/0x540 [ 28.500505] ? debug_object_deactivate+0x2eb/0x450 [ 28.505413] ? migrate_swap_stop+0x850/0x850 [ 28.509809] ? kasan_check_read+0x11/0x20 [ 28.513937] ? do_raw_spin_unlock+0xa7/0x2f0 [ 28.518326] ? __hrtimer_run_queues+0x43c/0x10c0 [ 28.523065] ? lock_release+0xa30/0xa30 [ 28.527019] ? kasan_check_read+0x11/0x20 [ 28.531144] ? do_raw_spin_unlock+0xa7/0x2f0 [ 28.535533] ? kasan_check_write+0x14/0x20 [ 28.539744] ? do_raw_spin_lock+0xc1/0x200 [ 28.543974] ? clockevents_program_event+0x158/0x370 [ 28.549058] ? lock_downgrade+0x8f0/0x8f0 [ 28.553194] ? pvclock_read_flags+0x160/0x160 [ 28.557670] ? hrtimer_start_range_ns+0xd20/0xd20 [ 28.562587] ? kvm_clock_read+0x25/0x30 [ 28.566549] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 28.571546] ? ktime_get+0x2e1/0x440 [ 28.575238] ? ktime_get_raw_ts64+0x4f0/0x4f0 [ 28.579717] ? lock_downgrade+0x8f0/0x8f0 [ 28.583849] ? kasan_check_write+0x14/0x20 [ 28.588061] ? rcu_dynticks_eqs_enter+0x22/0x30 [ 28.592703] ? rcu_nmi_exit+0x259/0x2d0 [ 28.596760] ? rcu_idle_enter+0x480/0x480 [ 28.601004] ? clockevents_program_event+0x140/0x370 [ 28.606096] ? tick_program_event+0xb2/0x130 [ 28.610486] ? do_softirq_own_stack+0x2a/0x40 [ 28.614962] __do_softirq+0x2e8/0xb17 [ 28.618743] ? __irqentry_text_end+0x1f97a8/0x1f97a8 [ 28.623824] ? irq_exit+0xbb/0x210 [ 28.627342] ? smp_apic_timer_interrupt+0x186/0x730 [ 28.632335] ? smp_call_function_single_interrupt+0x660/0x660 [ 28.638197] ? _raw_spin_unlock+0x22/0x30 [ 28.642326] ? handle_edge_irq+0x330/0x870 [ 28.646543] ? task_prio+0x50/0x50 [ 28.650068] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.654890] do_softirq_own_stack+0x2a/0x40 [ 28.659189] [ 28.661409] do_softirq.part.18+0x155/0x1a0 [ 28.665710] ? ip_finish_output2+0xa87/0x1860 [ 28.670183] __local_bh_enable_ip+0x1ec/0x230 [ 28.674654] ip_finish_output2+0xaba/0x1860 [ 28.678957] ? nf_conntrack_in+0x9ab/0x1150 [ 28.683255] ? ip_copy_metadata+0xc50/0xc50 [ 28.687564] ? nf_ct_deliver_cached_events+0x558/0x7d0 [ 28.692828] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 28.698346] ? ipv4_mtu+0x37d/0x590 [ 28.701952] ? kasan_unpoison_shadow+0x35/0x50 [ 28.706513] ? kasan_kmalloc+0xc4/0xe0 [ 28.710382] ip_finish_output+0x841/0xfa0 [ 28.714506] ? ip_finish_output+0x841/0xfa0 [ 28.718808] ? ip_fragment.constprop.49+0x240/0x240 [ 28.723805] ? ip_vs_remote_request4+0xc0/0xc0 [ 28.728367] ? ip_vs_remote_request4+0x86/0xc0 [ 28.732934] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 28.738104] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 28.743100] ? nf_hook_slow+0x11e/0x1c0 [ 28.747052] ip_output+0x223/0x880 [ 28.750574] ? __ip_local_out+0x5e3/0xb50 [ 28.754702] ? ip_mc_output+0x15d0/0x15d0 [ 28.758832] ? ip_fragment.constprop.49+0x240/0x240 [ 28.763831] ? sock_alloc_send_skb+0x40/0x40 [ 28.768219] ? csum_partial+0x21/0x30 [ 28.771998] ip_local_out+0xc5/0x1b0 [ 28.775747] __ip_queue_xmit+0x9b6/0x1f20 [ 28.779886] ? ip_build_and_send_pkt+0xc80/0xc80 [ 28.784628] ? __skb_checksum+0x8f0/0x8f0 [ 28.788807] ? skb_send_sock+0x50/0x50 [ 28.792674] ? reqsk_fastopen_remove+0x680/0x680 [ 28.797420] ? dccp_insert_option_padding+0xbc/0xe0 [ 28.802421] ip_queue_xmit+0x56/0x70 [ 28.806113] dccp_transmit_skb+0x999/0x12e0 [ 28.810413] dccp_xmit_packet+0x25e/0x7b0 [ 28.814540] ? kasan_check_write+0x14/0x20 [ 28.818767] ? do_raw_spin_lock+0xc1/0x200 [ 28.822993] ? dccp_send_sync+0x270/0x270 [ 28.827120] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 28.832132] ? ccid3_hc_tx_send_packet+0x35a/0x880 [ 28.837051] dccp_write_xmit+0x190/0x1f0 [ 28.841099] dccp_sendmsg+0x8db/0x1030 [ 28.844971] ? dccp_getsockopt+0xf0/0xf0 [ 28.849126] ? rw_copy_check_uvector+0x30d/0x3e0 [ 28.853870] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 28.859388] ? import_iovec+0x269/0x470 [ 28.863343] ? dup_iter+0x270/0x270 [ 28.866982] inet_sendmsg+0x1a1/0x690 [ 28.870777] ? copy_msghdr_from_user+0x3c4/0x580 [ 28.875521] ? ipip_gro_receive+0x100/0x100 [ 28.879841] ? move_addr_to_kernel.part.18+0x100/0x100 [ 28.885103] ? security_socket_sendmsg+0x94/0xc0 [ 28.889967] ? ipip_gro_receive+0x100/0x100 [ 28.894283] sock_sendmsg+0xd5/0x120 [ 28.898003] ___sys_sendmsg+0x7fd/0x930 [ 28.901979] ? copy_msghdr_from_user+0x580/0x580 [ 28.906721] ? __sched_text_start+0x8/0x8 [ 28.910854] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 28.915422] ? __fget_light+0x2f7/0x440 [ 28.919396] ? trace_hardirqs_on+0xd/0x10 [ 28.923525] ? fget_raw+0x20/0x20 [ 28.926978] ? release_sock+0x1ec/0x2c0 [ 28.930944] ? kasan_check_write+0x14/0x20 [ 28.935160] ? __release_sock+0x3a0/0x3a0 [ 28.939290] ? __local_bh_enable_ip+0x161/0x230 [ 28.943961] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 28.949480] ? sockfd_lookup_light+0xc5/0x160 [ 28.953978] __sys_sendmsg+0x11d/0x290 [ 28.957851] ? __ia32_sys_shutdown+0x80/0x80 [ 28.962246] ? __x64_sys_futex+0x47f/0x6a0 [ 28.966462] ? __sys_listen+0x23e/0x380 [ 28.970439] ? syscall_slow_exit_work+0x500/0x500 [ 28.975262] __x64_sys_sendmsg+0x78/0xb0 [ 28.979461] do_syscall_64+0x1b9/0x820 [ 28.983332] ? finish_task_switch+0x1d3/0x870 [ 28.988070] ? syscall_return_slowpath+0x5e0/0x5e0 [ 28.992987] ? syscall_return_slowpath+0x31d/0x5e0 [ 28.998061] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 29.003140] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.007972] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.013145] RIP: 0033:0x446f99 [ 29.016317] Code: e8 fc bd 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 29.035444] RSP: 002b:00007fcbf899dda8 EFLAGS: 00000293 ORIG_RAX: 000000000000002e [ 29.043142] RAX: ffffffffffffffda RBX: 00000000006dfc58 RCX: 0000000000446f99 [ 29.050394] RDX: 0000000004000080 RSI: 00000000200030c0 RDI: 0000000000000005 [ 29.057855] RBP: 00000000006dfc50 R08: 0000000000000000 R09: 0000000000000000 [ 29.065257] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000006dfc5c [ 29.072542] R13: 00000000004b0d30 R14: 0000000020001f80 R15: 0000000000000001 [ 29.081064] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready