[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.885826] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.677378] random: sshd: uninitialized urandom read (32 bytes read) [ 28.042939] random: sshd: uninitialized urandom read (32 bytes read) [ 28.559294] random: sshd: uninitialized urandom read (32 bytes read) [ 28.727947] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. [ 34.208631] random: sshd: uninitialized urandom read (32 bytes read) [ 34.313504] IPVS: ftp: loaded support on port[0] = 21 [ 34.442471] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.448887] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.456472] device bridge_slave_0 entered promiscuous mode [ 34.473126] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.479478] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.486787] device bridge_slave_1 entered promiscuous mode [ 34.502310] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 34.518572] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 34.560417] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 34.579094] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 34.640248] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 34.647508] team0: Port device team_slave_0 added [ 34.662060] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 34.669205] team0: Port device team_slave_1 added [ 34.684516] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 34.701810] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 34.717938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 34.733527] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 34.855218] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.861630] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.868474] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.874837] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 35.295959] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 35.302073] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.346608] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 35.384307] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 35.402503] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 35.408756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 35.417184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.458626] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 35.698093] BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:425/tfrc_rx_hist_sample_rtt() [ 35.711410] CPU: 0 PID: 4699 Comm: syz-executor467 Not tainted 4.18.0-next-20180813+ #37 [ 35.719622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.728978] Call Trace: [ 35.731579] [ 35.733733] dump_stack+0x1c9/0x2b4 [ 35.737367] ? dump_stack_print_info.cold.2+0x52/0x52 [ 35.742553] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 35.748080] ? tfrc_rx_handle_loss+0x67c/0x1eb0 [ 35.752740] ? rcu_is_watching+0x8c/0x150 [ 35.756899] tfrc_rx_hist_sample_rtt.cold.3+0x54/0x5c [ 35.762077] ccid3_hc_rx_packet_recv+0x5c4/0xeb0 [ 35.766821] ? dccp_parse_options+0x493/0x11f0 [ 35.771413] ? ccid3_hc_tx_send_packet+0x880/0x880 [ 35.776348] dccp_deliver_input_to_ccids+0xf0/0x280 [ 35.781357] dccp_rcv_established+0x87/0xb0 [ 35.785684] dccp_v4_do_rcv+0x153/0x180 [ 35.789653] __sk_receive_skb+0x3e5/0xec0 [ 35.793821] ? sk_free+0x50/0x50 [ 35.797190] ? inet_lhash2_lookup+0x6e0/0x6e0 [ 35.801681] ? reqsk_fastopen_remove+0x680/0x680 [ 35.806454] ? lock_downgrade+0x8f0/0x8f0 [ 35.810590] ? dccp_invalid_packet+0x64/0x890 [ 35.815086] dccp_v4_rcv+0x10f9/0x1f58 [ 35.818981] ? dccp_v4_err+0x1860/0x1860 [ 35.823044] ? __lock_is_held+0xb5/0x140 [ 35.827117] ip_local_deliver_finish+0x2eb/0xda0 [ 35.831874] ? ip_sublist_rcv_finish+0x3e0/0x3e0 [ 35.836624] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 35.841632] ? nf_hook_slow+0x11e/0x1c0 [ 35.845601] ip_local_deliver+0x1e9/0x750 [ 35.849763] ? ip_call_ra_chain+0x730/0x730 [ 35.854084] ? ip_sublist_rcv_finish+0x3e0/0x3e0 [ 35.858832] ? kasan_check_read+0x11/0x20 [ 35.862964] ? rcu_is_watching+0x8c/0x150 [ 35.867101] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.871758] ip_rcv_finish+0x1f9/0x300 [ 35.875630] ip_rcv+0xed/0x610 [ 35.878819] ? ip_local_deliver+0x750/0x750 [ 35.883123] ? ip_rcv_finish_core.isra.16+0x1f10/0x1f10 [ 35.888468] ? lock_acquire+0x1e4/0x4f0 [ 35.892429] __netif_receive_skb_one_core+0x14d/0x200 [ 35.897654] ? __netif_receive_skb_core+0x39f0/0x39f0 [ 35.902863] ? net_rx_action+0x799/0x1900 [ 35.907003] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.911687] __netif_receive_skb+0x2c/0x1e0 [ 35.916023] process_backlog+0x219/0x760 [ 35.920076] net_rx_action+0x799/0x1900 [ 35.924041] ? napi_complete_done+0x6d0/0x6d0 [ 35.928534] ? kasan_check_write+0x14/0x20 [ 35.932768] ? do_raw_spin_lock+0xc1/0x200 [ 35.937004] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.941497] ? __run_timers+0x9f6/0xc60 [ 35.945462] ? __bpf_trace_timer_expire_entry+0x30/0x30 [ 35.950812] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 35.955818] ? graph_lock+0x170/0x170 [ 35.959602] ? print_usage_bug+0xc0/0xc0 [ 35.963653] ? lock_release+0x9f0/0x9f0 [ 35.967630] ? hrtimer_update_softirq_timer+0xa0/0xa0 [ 35.972832] ? find_held_lock+0x36/0x1c0 [ 35.976883] ? graph_lock+0x170/0x170 [ 35.980676] ? mark_held_locks+0xc9/0x160 [ 35.984846] ? lock_downgrade+0x8f0/0x8f0 [ 35.988979] ? __do_softirq+0x275/0xa6d [ 35.992950] ? print_usage_bug+0xc0/0xc0 [ 35.996996] ? irq_exit+0x1d4/0x210 [ 36.000609] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.005017] ? __local_bh_enable+0xef/0x130 [ 36.009347] ? __do_softirq+0x746/0xa6d [ 36.013302] ? graph_lock+0x170/0x170 [ 36.017088] ? mark_held_locks+0xc9/0x160 [ 36.021217] ? __do_softirq+0x275/0xa6d [ 36.025187] ? __lock_is_held+0xb5/0x140 [ 36.029242] __do_softirq+0x2e8/0xa6d [ 36.033029] ? __irqentry_text_end+0x1f9f98/0x1f9f98 [ 36.038112] ? irq_exit+0xbb/0x210 [ 36.041644] ? smp_apic_timer_interrupt+0x186/0x690 [ 36.046656] ? smp_call_function_single_interrupt+0x5c0/0x5c0 [ 36.052552] ? ret_from_intr+0xb/0x1e [ 36.056363] ? trace_hardirqs_off_caller+0xbb/0x2b0 [ 36.061359] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.065767] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.070592] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.075597] ? task_prio+0x50/0x50 [ 36.079133] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.083961] do_softirq_own_stack+0x2a/0x40 [ 36.088287] [ 36.090538] do_softirq.part.18+0x155/0x1a0 [ 36.094851] ? ip_finish_output2+0xa87/0x1860 [ 36.099330] __local_bh_enable_ip+0x1ec/0x230 [ 36.103819] ip_finish_output2+0xaba/0x1860 [ 36.108148] ? ip_copy_metadata+0xe20/0xe20 [ 36.112455] ? graph_lock+0x170/0x170 [ 36.116256] ? nf_ct_deliver_cached_events+0x293/0x7e0 [ 36.121521] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.127055] ? ipv4_mtu+0x37d/0x590 [ 36.130681] ? __lock_is_held+0xb5/0x140 [ 36.134734] ip_finish_output+0x841/0xfa0 [ 36.138871] ? ip_finish_output+0x841/0xfa0 [ 36.143178] ? ip_fragment.constprop.49+0x240/0x240 [ 36.148179] ? kasan_check_read+0x11/0x20 [ 36.152326] ? rcu_is_watching+0x8c/0x150 [ 36.156459] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 36.161113] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 36.166125] ? nf_hook_slow+0x11e/0x1c0 [ 36.170101] ip_output+0x223/0x880 [ 36.173627] ? __ip_local_out+0x5e3/0xb50 [ 36.177771] ? ip_mc_output+0x15d0/0x15d0 [ 36.181907] ? ip_fragment.constprop.49+0x240/0x240 [ 36.186908] ? __lock_is_held+0xb5/0x140 [ 36.190956] ip_local_out+0xc5/0x1b0 [ 36.194660] __ip_queue_xmit+0x9b6/0x1f20 [ 36.198824] ? ip_build_and_send_pkt+0xc80/0xc80 [ 36.203608] ? __skb_checksum+0x8f0/0x8f0 [ 36.207753] ? skb_send_sock+0x50/0x50 [ 36.211633] ? reqsk_fastopen_remove+0x680/0x680 [ 36.216390] ? dccp_insert_option_padding+0xbc/0xe0 [ 36.221410] ip_queue_xmit+0x56/0x70 [ 36.225116] dccp_transmit_skb+0x999/0x12e0 [ 36.229445] dccp_xmit_packet+0x25e/0x7b0 [ 36.233588] ? kasan_check_write+0x14/0x20 [ 36.237803] ? do_raw_spin_lock+0xc1/0x200 [ 36.242039] ? dccp_send_sync+0x270/0x270 [ 36.246180] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 36.251192] ? ccid3_hc_tx_send_packet+0x35a/0x880 [ 36.256107] dccp_write_xmit+0x190/0x1f0 [ 36.260167] dccp_sendmsg+0xd32/0xf90 [ 36.263953] ? dccp_getsockopt+0xf0/0xf0 [ 36.268011] ? rw_copy_check_uvector+0x30d/0x3e0 [ 36.272754] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.278275] ? import_iovec+0x269/0x470 [ 36.282244] ? dup_iter+0x270/0x270 [ 36.285858] inet_sendmsg+0x1a1/0x690 [ 36.289655] ? copy_msghdr_from_user+0x3c4/0x580 [ 36.294404] ? ipip_gro_receive+0x100/0x100 [ 36.298714] ? move_addr_to_kernel.part.18+0x100/0x100 [ 36.303979] ? security_socket_sendmsg+0x94/0xc0 [ 36.308718] ? ipip_gro_receive+0x100/0x100 [ 36.313023] sock_sendmsg+0xd5/0x120 [ 36.316745] ___sys_sendmsg+0x7fd/0x930 [ 36.320721] ? copy_msghdr_from_user+0x580/0x580 [ 36.325479] ? kasan_check_write+0x14/0x20 [ 36.329722] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.334117] ? __fget_light+0x2f7/0x440 [ 36.338084] ? kfree+0x111/0x210 [ 36.341434] ? fget_raw+0x20/0x20 [ 36.344871] ? do_dccp_setsockopt.isra.11+0x1fc/0x7b0 [ 36.350045] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.355134] ? __kasan_slab_free+0x131/0x170 [ 36.359551] ? do_dccp_setsockopt.isra.11+0x1fc/0x7b0 [ 36.364730] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 36.370278] ? sockfd_lookup_light+0xc5/0x160 [ 36.374786] __sys_sendmsg+0x11d/0x290 [ 36.378669] ? __ia32_sys_shutdown+0x80/0x80 [ 36.383067] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.388587] ? fput+0x130/0x1a0 [ 36.391855] ? __x64_sys_futex+0x47f/0x6a0 [ 36.396099] ? do_syscall_64+0x9a/0x820 [ 36.400058] ? do_syscall_64+0x9a/0x820 [ 36.404034] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.409138] __x64_sys_sendmsg+0x78/0xb0 [ 36.413183] do_syscall_64+0x1b9/0x820 [ 36.417067] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.422428] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.427341] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.432457] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.437458] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.442458] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.447474] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.452323] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.457496] RIP: 0033:0x446a49 [ 36.460686] Code: e8 cc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 36.479593] RSP: 002b:00007ff592bb5da8 EFLAGS: 00000293 ORIG_RAX: 000000000000002e [ 36.487302] RAX: ffffffffffffffda RBX: 00000000006dec48 RCX: 0000000000446a49 [ 36.494561] RDX: 0000000004000080 RSI: 00000000200030c0 RDI: 0000000000000005 [ 36.501818] RBP: 00000000006dec40 R08: 0000000000000000 R09: 0000000000000000 [ 36.509067] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000006dec4c [ 36.516318] R13: 00000000004b01d0 R14: 0000000020001f80 R15: 0000000000000000 [