[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 27.619812] kauditd_printk_skb: 7 callbacks suppressed [ 27.619824] audit: type=1800 audit(1540984281.457:29): pid=5555 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 27.645929] audit: type=1800 audit(1540984281.457:30): pid=5555 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 61.277411] sshd (5696) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts. [ 67.854439] IPVS: ftp: loaded support on port[0] = 21 [ 68.012990] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.019768] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.027266] device bridge_slave_0 entered promiscuous mode [ 68.045440] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.051866] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.059074] device bridge_slave_1 entered promiscuous mode [ 68.077175] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 68.096627] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 68.144443] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 68.165117] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 68.238985] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 68.246334] team0: Port device team_slave_0 added [ 68.262392] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 68.269814] team0: Port device team_slave_1 added [ 68.286896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.308023] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.326599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 68.346508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 68.490455] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.496952] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.503788] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.510240] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 69.015574] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.066703] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 69.117350] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 69.123487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 69.130673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.182349] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 69.492823] BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:425/tfrc_rx_hist_sample_rtt() [ 69.506257] CPU: 0 PID: 5952 Comm: syz-executor019 Not tainted 4.19.0+ #89 [ 69.513259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.522601] Call Trace: [ 69.525165] [ 69.527306] dump_stack+0x244/0x39d [ 69.531023] ? dump_stack_print_info.cold.1+0x20/0x20 [ 69.536208] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 69.541734] ? tfrc_rx_handle_loss+0x67b/0x1eb0 [ 69.546403] tfrc_rx_hist_sample_rtt.cold.3+0x54/0x5c [ 69.551587] ccid3_hc_rx_packet_recv+0x5c4/0xeb0 [ 69.556330] ? dccp_parse_options+0x4a1/0x12f0 [ 69.560905] ? ccid3_first_li+0x400/0x400 [ 69.565049] dccp_deliver_input_to_ccids+0xf0/0x280 [ 69.570052] dccp_rcv_established+0x87/0xb0 [ 69.574370] dccp_v4_do_rcv+0x153/0x180 [ 69.578347] __sk_receive_skb+0x3e5/0xec0 [ 69.582592] ? sk_free+0x50/0x50 [ 69.585962] ? inet_lhash2_lookup+0x6e0/0x6e0 [ 69.590446] ? reqsk_fastopen_remove+0x660/0x660 [ 69.595188] ? lock_downgrade+0x900/0x900 [ 69.599319] ? check_preemption_disabled+0x48/0x280 [ 69.604321] ? dccp_invalid_packet+0x64/0x880 [ 69.608808] dccp_v4_rcv+0x10f9/0x1f58 [ 69.612697] ? dccp_v4_err+0x18a0/0x18a0 [ 69.616757] ? __lock_is_held+0xb5/0x140 [ 69.620812] ip_local_deliver_finish+0x2e9/0xda0 [ 69.625558] ? ip_sublist_rcv_finish+0x3a0/0x3a0 [ 69.630305] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 69.635308] ? nf_hook_slow+0x11e/0x1c0 [ 69.639273] ip_local_deliver+0x1e9/0x750 [ 69.643406] ? ip_call_ra_chain+0x730/0x730 [ 69.647712] ? ip_sublist_rcv_finish+0x3a0/0x3a0 [ 69.652452] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 69.657364] ? kasan_check_read+0x11/0x20 [ 69.661493] ? rcu_softirq_qs+0x20/0x20 [ 69.665563] ip_rcv_finish+0x1f9/0x300 [ 69.669445] ip_rcv+0xed/0x600 [ 69.672629] ? ip_local_deliver+0x750/0x750 [ 69.676950] ? ip_rcv_finish_core.isra.16+0x1f40/0x1f40 [ 69.682313] ? lock_acquire+0x1ed/0x520 [ 69.686269] ? process_backlog+0x1dd/0x7a0 [ 69.690526] __netif_receive_skb_one_core+0x14d/0x200 [ 69.695711] ? __netif_receive_skb_core+0x3b30/0x3b30 [ 69.700985] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 69.706245] ? rcu_softirq_qs+0x20/0x20 [ 69.710206] ? trace_hardirqs_off_caller+0x310/0x310 [ 69.715398] __netif_receive_skb+0x2c/0x1e0 [ 69.719815] process_backlog+0x24e/0x7a0 [ 69.723872] net_rx_action+0x7fa/0x19b0 [ 69.727851] ? napi_complete_done+0x7a0/0x7a0 [ 69.732332] ? zap_class+0x640/0x640 [ 69.736034] ? __run_timers+0xa4a/0xc70 [ 69.740005] ? timer_fixup_init+0x70/0x70 [ 69.744157] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 69.749165] ? zap_class+0x640/0x640 [ 69.752866] ? enqueue_hrtimer+0x1a5/0x560 [ 69.757091] ? find_held_lock+0x36/0x1c0 [ 69.761144] ? pvclock_read_flags+0x160/0x160 [ 69.765639] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.771165] ? check_preemption_disabled+0x48/0x280 [ 69.776170] ? print_usage_bug+0xc0/0xc0 [ 69.780230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.785753] ? check_preemption_disabled+0x48/0x280 [ 69.790759] ? __local_bh_enable+0xf6/0x140 [ 69.795071] ? zap_class+0x640/0x640 [ 69.798771] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.804293] ? check_preemption_disabled+0x48/0x280 [ 69.809299] ? __lock_is_held+0xb5/0x140 [ 69.813352] __do_softirq+0x308/0xb7e [ 69.817162] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.822694] ? __irqentry_text_end+0x1f9658/0x1f9658 [ 69.827786] ? smp_reschedule_interrupt+0x109/0x650 [ 69.832791] ? smp_thermal_interrupt+0x850/0x850 [ 69.837535] ? ret_from_intr+0xb/0x1e [ 69.841321] ? trace_hardirqs_off_caller+0xbb/0x310 [ 69.846323] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 69.851154] ? trace_hardirqs_on_caller+0x310/0x310 [ 69.856154] ? task_prio+0x50/0x50 [ 69.859681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.865221] ? check_preemption_disabled+0x48/0x280 [ 69.870230] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 69.875063] ? ip_finish_output2+0xa83/0x1860 [ 69.879547] do_softirq_own_stack+0x2a/0x40 [ 69.883847] [ 69.886073] do_softirq.part.14+0x126/0x160 [ 69.890377] __local_bh_enable_ip+0x21d/0x260 [ 69.894857] ip_finish_output2+0xab6/0x1860 [ 69.899162] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 69.904077] ? ip_copy_metadata+0xe10/0xe10 [ 69.908386] ? zap_class+0x640/0x640 [ 69.912104] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.917627] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.923151] ? ipv4_mtu+0x39f/0x590 [ 69.926766] ? __lock_is_held+0xb5/0x140 [ 69.930814] ip_finish_output+0x7fd/0xfa0 [ 69.934952] ? ip_finish_output+0x7fd/0xfa0 [ 69.939261] ? ip_fragment.constprop.50+0x240/0x240 [ 69.944263] ? kasan_check_read+0x11/0x20 [ 69.948400] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 69.953669] ? rcu_softirq_qs+0x20/0x20 [ 69.957639] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 69.962637] ? nf_hook_slow+0x11e/0x1c0 [ 69.966599] ip_output+0x21d/0x8d0 [ 69.970126] ? ip_mc_output+0x15b0/0x15b0 [ 69.974261] ? ip_fragment.constprop.50+0x240/0x240 [ 69.979262] ? __lock_is_held+0xb5/0x140 [ 69.983315] ip_local_out+0xc5/0x1b0 [ 69.987031] __ip_queue_xmit+0x9af/0x1f30 [ 69.991174] ? ip_build_and_send_pkt+0xc90/0xc90 [ 69.995919] ? __skb_checksum+0x920/0x920 [ 70.000056] ? skb_send_sock+0x50/0x50 [ 70.003941] ? reqsk_fastopen_remove+0x660/0x660 [ 70.008686] ? dccp_insert_option_padding+0xbc/0xe0 [ 70.013699] ip_queue_xmit+0x56/0x70 [ 70.017402] dccp_transmit_skb+0x98c/0x12e0 [ 70.021713] dccp_xmit_packet+0x25e/0x7d0 [ 70.025848] ? _copy_from_iter_full+0x2b8/0xc20 [ 70.030504] ? dccp_send_sync+0x270/0x270 [ 70.034640] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 70.039639] ? ccid3_hc_tx_send_packet+0x358/0x876 [ 70.044561] dccp_write_xmit+0x190/0x1f0 [ 70.048623] dccp_sendmsg+0xdc8/0x1020 [ 70.052504] ? dccp_setsockopt_cscov.part.10+0x290/0x290 [ 70.057951] ? rw_copy_check_uvector+0x310/0x3e0 [ 70.062713] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.068239] ? smack_ipv6host_label+0x2b3/0x500 [ 70.072892] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 70.078417] ? smack_socket_getpeersec_stream+0x1d0/0x1d0 [ 70.083962] inet_sendmsg+0x1a1/0x690 [ 70.087751] ? ipip_gro_receive+0x100/0x100 [ 70.092058] ? smack_socket_sendmsg+0xb0/0x190 [ 70.096625] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.102152] ? security_socket_sendmsg+0x94/0xc0 [ 70.106894] ? ipip_gro_receive+0x100/0x100 [ 70.111202] sock_sendmsg+0xd5/0x120 [ 70.114899] ___sys_sendmsg+0x7fd/0x930 [ 70.118862] ? copy_msghdr_from_user+0x580/0x580 [ 70.123607] ? __fget_light+0x2e9/0x430 [ 70.127568] ? fget_raw+0x20/0x20 [ 70.131009] ? do_dccp_setsockopt.isra.11+0x1fc/0x7b0 [ 70.136199] ? trace_hardirqs_off_caller+0x310/0x310 [ 70.141305] ? __kasan_slab_free+0x119/0x150 [ 70.145706] ? do_dccp_setsockopt.isra.11+0x1fc/0x7b0 [ 70.150892] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 70.156415] ? sockfd_lookup_light+0xc5/0x160 [ 70.160893] __sys_sendmsg+0x11d/0x280 [ 70.164767] ? __ia32_sys_shutdown+0x80/0x80 [ 70.169159] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 70.174681] ? fput+0x130/0x1a0 [ 70.177966] ? __x64_sys_futex+0x47f/0x6a0 [ 70.182188] ? do_syscall_64+0x9a/0x820 [ 70.186151] ? do_syscall_64+0x9a/0x820 [ 70.190118] ? trace_hardirqs_off_caller+0x310/0x310 [ 70.195210] __x64_sys_sendmsg+0x78/0xb0 [ 70.199271] do_syscall_64+0x1b9/0x820 [ 70.203150] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 70.208517] ? syscall_return_slowpath+0x5e0/0x5e0 [ 70.213445] ? trace_hardirqs_on_caller+0x310/0x310 [ 70.218464] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 70.223484] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 70.230136] ? __switch_to_asm+0x40/0x70 [ 70.234198] ? __switch_to_asm+0x34/0x70 [ 70.238249] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 70.243082] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.248255] RIP: 0033:0x446a69 [ 70.251436] Code: e8 cc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 70.270327] RSP: 002b:00007f841bcbada8 EFLAGS: 00000293 ORIG_RAX: 000000000000002e [ 70.278032] RAX: ffffffffffffffda RBX: 00000000006dcc58 RCX: 0000000000446a69 [ 70.285288] RDX: 0000000000000800 RSI: 00000000200004c0 RDI: 0000000000000005 [ 70.292555] RBP: 00000000006dcc50 R08: 0000000000000000 R09: 0000000000000000 [ 70.299810] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000006dcc5c [ 70.307064] R13: b8f0db312c1fe558 R14: d6bf4eea9265b264 R15: 0000000000000001