[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   22.685922] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   27.710116] random: sshd: uninitialized urandom read (32 bytes read)
[   28.082819] random: sshd: uninitialized urandom read (32 bytes read)
[   28.613072] random: sshd: uninitialized urandom read (32 bytes read)
[   31.942390] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts.
[   37.674097] random: sshd: uninitialized urandom read (32 bytes read)
[   37.776106] IPVS: ftp: loaded support on port[0] = 21
[   37.914952] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.921418] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.929449] device bridge_slave_0 entered promiscuous mode
[   37.947202] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.953610] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.960968] device bridge_slave_1 entered promiscuous mode
[   37.977119] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.994076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   38.038827] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   38.057899] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   38.125840] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   38.133157] team0: Port device team_slave_0 added
[   38.149159] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   38.156461] team0: Port device team_slave_1 added
[   38.171835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   38.190619] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   38.209766] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   38.228116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   38.360323] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.366814] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.373770] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.380148] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   38.836323] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   38.842465] 8021q: adding VLAN 0 to HW filter on device bond0
[   38.874766] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   38.894129] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   38.941702] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   38.948010] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   38.955815] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   38.999026] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   39.281247] BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:425/tfrc_rx_hist_sample_rtt()
[   39.294710] CPU: 1 PID: 4911 Comm: syz-executor773 Not tainted 4.19.0-rc1-next-20180831+ #53
[   39.303287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.312643] Call Trace:
[   39.315210]  <IRQ>
[   39.317351]  dump_stack+0x1c9/0x2b4
[   39.320967]  ? dump_stack_print_info.cold.2+0x52/0x52
[   39.326159]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   39.331708]  ? tfrc_rx_handle_loss+0x67c/0x1eb0
[   39.336375]  ? rcu_is_watching+0x8c/0x150
[   39.340529]  tfrc_rx_hist_sample_rtt.cold.3+0x54/0x5c
[   39.345717]  ccid3_hc_rx_packet_recv+0x5c4/0xeb0
[   39.350463]  ? dccp_parse_options+0x493/0x11f0
[   39.355039]  ? ccid3_hc_tx_send_packet+0x880/0x880
[   39.359960]  dccp_deliver_input_to_ccids+0xf0/0x280
[   39.364985]  dccp_rcv_established+0x87/0xb0
[   39.369308]  dccp_v4_do_rcv+0x153/0x180
[   39.373298]  __sk_receive_skb+0x3e5/0xec0
[   39.377450]  ? sk_free+0x50/0x50
[   39.380831]  ? inet_lhash2_lookup+0x6e0/0x6e0
[   39.385324]  ? reqsk_fastopen_remove+0x680/0x680
[   39.390072]  ? lock_downgrade+0x8f0/0x8f0
[   39.394236]  ? dccp_invalid_packet+0x64/0x890
[   39.398730]  dccp_v4_rcv+0x10f9/0x1f58
[   39.402629]  ? dccp_v4_err+0x1860/0x1860
[   39.406681]  ? __lock_is_held+0xb5/0x140
[   39.410735]  ip_local_deliver_finish+0x2eb/0xda0
[   39.415481]  ? ip_sublist_rcv_finish+0x3e0/0x3e0
[   39.420228]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   39.425244]  ? nf_hook_slow+0x11e/0x1c0
[   39.429228]  ip_local_deliver+0x1e9/0x750
[   39.433372]  ? ip_call_ra_chain+0x730/0x730
[   39.437686]  ? ip_sublist_rcv_finish+0x3e0/0x3e0
[   39.442441]  ? kasan_check_read+0x11/0x20
[   39.446577]  ? rcu_is_watching+0x8c/0x150
[   39.450713]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   39.455374]  ip_rcv_finish+0x1f9/0x300
[   39.459254]  ip_rcv+0xed/0x610
[   39.462448]  ? ip_local_deliver+0x750/0x750
[   39.466759]  ? ip_rcv_finish_core.isra.16+0x1f10/0x1f10
[   39.472113]  ? lock_acquire+0x1e4/0x4f0
[   39.476087]  __netif_receive_skb_one_core+0x14d/0x200
[   39.481292]  ? __netif_receive_skb_core+0x39f0/0x39f0
[   39.486478]  ? net_rx_action+0x799/0x1900
[   39.490616]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   39.495292]  __netif_receive_skb+0x2c/0x1e0
[   39.499606]  process_backlog+0x219/0x760
[   39.503658]  net_rx_action+0x799/0x1900
[   39.507625]  ? napi_complete_done+0x6d0/0x6d0
[   39.512107]  ? update_blocked_averages+0x1011/0x1d10
[   39.517194]  ? rcu_is_watching+0x8c/0x150
[   39.521337]  ? find_held_lock+0x36/0x1c0
[   39.525390]  ? lock_downgrade+0x8f0/0x8f0
[   39.529530]  ? kasan_check_read+0x11/0x20
[   39.533667]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   39.538329]  ? rebalance_domains+0x379/0xd90
[   39.542739]  ? load_balance+0x3640/0x3640
[   39.546875]  ? print_usage_bug+0xc0/0xc0
[   39.550937]  ? irq_exit+0x1d6/0x210
[   39.554550]  ? trace_hardirqs_on+0x2c0/0x2c0
[   39.558974]  ? __local_bh_enable+0xef/0x130
[   39.563294]  ? __do_softirq+0x74d/0xa74
[   39.567262]  ? graph_lock+0x170/0x170
[   39.571065]  ? mark_held_locks+0xc9/0x160
[   39.575201]  ? scheduler_ipi+0x1a8/0xa50
[   39.579254]  ? __do_softirq+0x278/0xa74
[   39.583235]  ? __lock_is_held+0xb5/0x140
[   39.587309]  __do_softirq+0x2eb/0xa74
[   39.591109]  ? __irqentry_text_end+0x1f9f00/0x1f9f00
[   39.596202]  ? smp_reschedule_interrupt+0xfd/0x5e0
[   39.601116]  ? smp_thermal_interrupt+0x710/0x710
[   39.605864]  ? ret_from_intr+0xb/0x1e
[   39.609660]  ? trace_hardirqs_off_caller+0xbb/0x2b0
[   39.614664]  ? trace_hardirqs_off+0xb8/0x2b0
[   39.619069]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.623906]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   39.628915]  ? task_prio+0x50/0x50
[   39.632447]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.637294]  do_softirq_own_stack+0x2a/0x40
[   39.641603]  </IRQ>
[   39.643829]  do_softirq.part.18+0x157/0x1a0
[   39.648139]  ? ip_finish_output2+0xa87/0x1860
[   39.652621]  __local_bh_enable_ip+0x1ee/0x230
[   39.657113]  ip_finish_output2+0xaba/0x1860
[   39.661435]  ? ip_copy_metadata+0xe20/0xe20
[   39.665753]  ? graph_lock+0x170/0x170
[   39.669546]  ? nf_ct_deliver_cached_events+0x293/0x7e0
[   39.674812]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.680337]  ? ipv4_mtu+0x37d/0x590
[   39.683955]  ? __lock_is_held+0xb5/0x140
[   39.688010]  ip_finish_output+0x841/0xfa0
[   39.692144]  ? ip_finish_output+0x841/0xfa0
[   39.696458]  ? ip_fragment.constprop.49+0x240/0x240
[   39.701467]  ? kasan_check_read+0x11/0x20
[   39.705618]  ? rcu_is_watching+0x8c/0x150
[   39.709757]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   39.714424]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   39.719438]  ? nf_hook_slow+0x11e/0x1c0
[   39.723410]  ip_output+0x223/0x880
[   39.726946]  ? __ip_local_out+0x5e3/0xb50
[   39.731088]  ? ip_mc_output+0x15d0/0x15d0
[   39.735225]  ? ip_fragment.constprop.49+0x240/0x240
[   39.740234]  ? __lock_is_held+0xb5/0x140
[   39.744307]  ip_local_out+0xc5/0x1b0
[   39.748015]  __ip_queue_xmit+0x9b6/0x1f20
[   39.752158]  ? ip_build_and_send_pkt+0xc80/0xc80
[   39.756916]  ? __skb_checksum+0x8f0/0x8f0
[   39.761053]  ? skb_send_sock+0x50/0x50
[   39.764929]  ? reqsk_fastopen_remove+0x680/0x680
[   39.769676]  ? dccp_insert_option_padding+0xbc/0xe0
[   39.774688]  ip_queue_xmit+0x56/0x70
[   39.778393]  dccp_transmit_skb+0x999/0x12e0
[   39.782726]  dccp_xmit_packet+0x25e/0x7d0
[   39.786875]  ? kasan_check_write+0x14/0x20
[   39.791106]  ? do_raw_spin_lock+0xc1/0x200
[   39.795332]  ? dccp_send_sync+0x270/0x270
[   39.799472]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   39.804478]  ? ccid3_hc_tx_send_packet+0x35a/0x880
[   39.809433]  dccp_write_xmit+0x190/0x1f0
[   39.813499]  dccp_sendmsg+0xd32/0xf90
[   39.817340]  ? dccp_getsockopt+0xf0/0xf0
[   39.821396]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   39.826322]  ? aa_sk_perm+0x20c/0x8a0
[   39.830110]  ? import_iovec+0x269/0x470
[   39.834072]  ? aa_af_perm+0x5a0/0x5a0
[   39.837901]  inet_sendmsg+0x1a1/0x690
[   39.841701]  ? ipip_gro_receive+0x100/0x100
[   39.846039]  ? apparmor_socket_sendmsg+0x29/0x30
[   39.850785]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.856320]  ? security_socket_sendmsg+0x94/0xc0
[   39.861069]  ? ipip_gro_receive+0x100/0x100
[   39.865386]  sock_sendmsg+0xd5/0x120
[   39.869098]  ___sys_sendmsg+0x7fd/0x930
[   39.873063]  ? copy_msghdr_from_user+0x580/0x580
[   39.877814]  ? _raw_spin_unlock_bh+0x30/0x40
[   39.882236]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   39.887336]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   39.891915]  ? __fget_light+0x2f7/0x440
[   39.895887]  ? fget_raw+0x20/0x20
[   39.899333]  ? release_sock+0x1ec/0x2c0
[   39.903302]  ? kasan_check_write+0x14/0x20
[   39.907542]  ? __release_sock+0x3a0/0x3a0
[   39.911678]  ? __local_bh_enable_ip+0x161/0x230
[   39.916343]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   39.921867]  ? sockfd_lookup_light+0xc5/0x160
[   39.926374]  __sys_sendmsg+0x11d/0x290
[   39.930278]  ? __ia32_sys_shutdown+0x80/0x80
[   39.934686]  ? __x64_sys_futex+0x47f/0x6a0
[   39.938913]  ? do_syscall_64+0x9a/0x820
[   39.942874]  ? do_syscall_64+0x9a/0x820
[   39.946848]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   39.951940]  ? trace_hardirqs_off+0xb8/0x2b0
[   39.956336]  __x64_sys_sendmsg+0x78/0xb0
[   39.960389]  do_syscall_64+0x1b9/0x820
[   39.964289]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   39.969664]  ? syscall_return_slowpath+0x5e0/0x5e0
[   39.974582]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   39.979591]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   39.984595]  ? recalc_sigpending_tsk+0x180/0x180
[   39.989341]  ? kasan_check_write+0x14/0x20
[   39.993583]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.998424]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.003599] RIP: 0033:0x446e29
[   40.006781] Code: e8 cc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   40.025681] RSP: 002b:00007fd6ccea6da8 EFLAGS: 00000293 ORIG_RAX: 000000000000002e
[   40.033416] RAX: ffffffffffffffda RBX: 00000000006dcc58 RCX: 0000000000446e29
[   40.040697] RDX: 0000000000000800 RSI: 00000000200004c0 RDI: 0000000000000005
[   40.047960] RBP: 00000000006dcc50 R08: 0000000000000000 R09: 0000000000000000
[   40.055221] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000006dcc5c
[   40.063014] R13: 00000000004af520 R14: 0000000020000780 R15: 0000000000000001
[