[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.950185] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.006278] random: sshd: uninitialized urandom read (32 bytes read) [ 26.298166] random: sshd: uninitialized urandom read (32 bytes read) [ 26.771129] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.200' (ECDSA) to the list of known hosts. [ 32.387994] urandom_read: 1 callbacks suppressed [ 32.387999] random: sshd: uninitialized urandom read (32 bytes read) net.ipv6.conf.syz_tun.accept_dad = 0 [ 32.489631] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 32.689512] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.696078] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.703486] device bridge_slave_0 entered promiscuous mode [ 32.720447] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.726957] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.734124] device bridge_slave_1 entered promiscuous mode [ 32.750312] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 32.766238] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 32.808192] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 32.826143] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 32.889413] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 32.896652] team0: Port device team_slave_0 added [ 32.911194] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 32.918293] team0: Port device team_slave_1 added [ 32.933650] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 32.949132] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 32.967226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 32.983431] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 33.106832] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.113290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.120275] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.126642] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 33.558957] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.565096] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.607411] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.652269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.660604] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 33.699616] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 33.941017] BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:425/tfrc_rx_hist_sample_rtt() [ 33.954522] CPU: 0 PID: 4662 Comm: syz-executor103 Not tainted 4.18.0-rc8-next-20180810+ #36 [ 33.963089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.972432] Call Trace: [ 33.975012] [ 33.977170] dump_stack+0x1c9/0x2b4 [ 33.980800] ? dump_stack_print_info.cold.2+0x52/0x52 [ 33.985991] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 33.991518] ? tfrc_rx_handle_loss+0x67c/0x1eb0 [ 33.996258] ? rcu_is_watching+0x8c/0x150 [ 34.000401] tfrc_rx_hist_sample_rtt.cold.3+0x54/0x5c [ 34.005587] ccid3_hc_rx_packet_recv+0x5c4/0xeb0 [ 34.010336] ? dccp_parse_options+0x493/0x11f0 [ 34.014910] ? ccid3_hc_tx_send_packet+0x880/0x880 [ 34.019853] dccp_deliver_input_to_ccids+0xf0/0x280 [ 34.024863] dccp_rcv_established+0x87/0xb0 [ 34.029182] dccp_v4_do_rcv+0x153/0x180 [ 34.033148] __sk_receive_skb+0x3e5/0xec0 [ 34.037287] ? sk_free+0x50/0x50 [ 34.040651] ? inet_lhash2_lookup+0x6e0/0x6e0 [ 34.045136] ? reqsk_fastopen_remove+0x680/0x680 [ 34.049886] ? lock_downgrade+0x8f0/0x8f0 [ 34.054057] ? dccp_invalid_packet+0x64/0x890 [ 34.058562] dccp_v4_rcv+0x10f9/0x1f58 [ 34.062449] ? dccp_v4_err+0x1860/0x1860 [ 34.066509] ? __lock_is_held+0xb5/0x140 [ 34.070631] ip_local_deliver_finish+0x2eb/0xda0 [ 34.075382] ? ip_sublist_rcv_finish+0x3e0/0x3e0 [ 34.080201] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 34.085211] ? nf_hook_slow+0x11e/0x1c0 [ 34.089178] ip_local_deliver+0x1e9/0x750 [ 34.093318] ? ip_call_ra_chain+0x730/0x730 [ 34.097634] ? ip_sublist_rcv_finish+0x3e0/0x3e0 [ 34.102380] ? kasan_check_read+0x11/0x20 [ 34.106518] ? rcu_is_watching+0x8c/0x150 [ 34.110656] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.115319] ip_rcv_finish+0x1f9/0x300 [ 34.119204] ip_rcv+0xed/0x610 [ 34.122389] ? trace_hardirqs_on+0xd/0x10 [ 34.126529] ? ip_local_deliver+0x750/0x750 [ 34.130845] ? ip_rcv_finish_core.isra.16+0x1f10/0x1f10 [ 34.136203] ? lock_acquire+0x1e4/0x540 [ 34.140171] ? process_backlog+0x1a6/0x760 [ 34.144400] __netif_receive_skb_one_core+0x14d/0x200 [ 34.149582] ? __netif_receive_skb_core+0x3af0/0x3af0 [ 34.154771] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.159506] __netif_receive_skb+0x2c/0x1e0 [ 34.163839] process_backlog+0x219/0x760 [ 34.167895] net_rx_action+0x7a5/0x1920 [ 34.171885] ? napi_complete_done+0x6d0/0x6d0 [ 34.176438] ? kasan_check_read+0x11/0x20 [ 34.180584] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.185250] ? rebalance_domains+0x379/0xd90 [ 34.189656] ? load_balance+0x3640/0x3640 [ 34.193801] ? enqueue_hrtimer+0x18e/0x540 [ 34.198033] ? rcu_is_watching+0x8c/0x150 [ 34.202216] ? find_held_lock+0x36/0x1c0 [ 34.206276] ? run_rebalance_domains+0x365/0x4c0 [ 34.211024] ? kasan_check_read+0x11/0x20 [ 34.215215] ? rcu_is_watching+0x8c/0x150 [ 34.219357] ? rcu_pm_notify+0xc0/0xc0 [ 34.223240] ? print_usage_bug+0xc0/0xc0 [ 34.227292] ? __do_softirq+0x780/0xb17 [ 34.231258] ? graph_lock+0x170/0x170 [ 34.235057] ? kasan_check_write+0x14/0x20 [ 34.239325] ? __lock_is_held+0xb5/0x140 [ 34.243389] __do_softirq+0x2e8/0xb17 [ 34.247189] ? __irqentry_text_end+0x1f97a8/0x1f97a8 [ 34.252803] ? irq_exit+0xbb/0x210 [ 34.256342] ? smp_apic_timer_interrupt+0x186/0x730 [ 34.261353] ? smp_call_function_single_interrupt+0x660/0x660 [ 34.267236] ? kvm_sched_clock_read+0x18/0x30 [ 34.271731] ? sched_clock+0x31/0x40 [ 34.275445] ? sched_clock_cpu+0x1b/0x170 [ 34.279587] ? task_prio+0x50/0x50 [ 34.283122] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.287962] do_softirq_own_stack+0x2a/0x40 [ 34.292271] [ 34.294505] do_softirq.part.18+0x155/0x1a0 [ 34.298862] ? ip_finish_output2+0xa87/0x1860 [ 34.303351] __local_bh_enable_ip+0x1ec/0x230 [ 34.307839] ip_finish_output2+0xaba/0x1860 [ 34.312155] ? ip_copy_metadata+0xe20/0xe20 [ 34.316470] ? graph_lock+0x170/0x170 [ 34.320272] ? nf_ct_deliver_cached_events+0x293/0x7e0 [ 34.325548] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 34.331079] ? ipv4_mtu+0x37d/0x590 [ 34.334700] ? __lock_is_held+0xb5/0x140 [ 34.338775] ip_finish_output+0x841/0xfa0 [ 34.342935] ? ip_finish_output+0x841/0xfa0 [ 34.347247] ? ip_fragment.constprop.49+0x240/0x240 [ 34.352256] ? kasan_check_read+0x11/0x20 [ 34.356395] ? rcu_is_watching+0x8c/0x150 [ 34.360534] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 34.365196] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 34.370209] ? nf_hook_slow+0x11e/0x1c0 [ 34.374219] ip_output+0x223/0x880 [ 34.377761] ? __ip_local_out+0x5e3/0xb50 [ 34.381929] ? ip_mc_output+0x15d0/0x15d0 [ 34.386068] ? ip_fragment.constprop.49+0x240/0x240 [ 34.391076] ? __lock_is_held+0xb5/0x140 [ 34.395136] ? blkfront_setup_indirect+0x570/0x3090 [ 34.400154] ip_local_out+0xc5/0x1b0 [ 34.403867] __ip_queue_xmit+0x9b6/0x1f20 [ 34.408030] ? ip_build_and_send_pkt+0xc80/0xc80 [ 34.412839] ? __skb_checksum+0x8f0/0x8f0 [ 34.416996] ? skb_send_sock+0x50/0x50 [ 34.420877] ? reqsk_fastopen_remove+0x680/0x680 [ 34.425644] ? dccp_insert_option_padding+0xbc/0xe0 [ 34.430658] ip_queue_xmit+0x56/0x70 [ 34.434365] dccp_transmit_skb+0x999/0x12e0 [ 34.438682] dccp_xmit_packet+0x25e/0x7b0 [ 34.442822] ? dccp_send_sync+0x270/0x270 [ 34.446982] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 34.451990] ? ccid3_hc_tx_send_packet+0x35a/0x880 [ 34.456928] dccp_write_xmit+0x190/0x1f0 [ 34.460987] dccp_sendmsg+0x8db/0x1030 [ 34.464869] ? dccp_getsockopt+0xf0/0xf0 [ 34.468949] ? rw_copy_check_uvector+0x30d/0x3e0 [ 34.473701] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.479231] ? import_iovec+0x269/0x470 [ 34.483240] ? dup_iter+0x270/0x270 [ 34.486867] inet_sendmsg+0x1a1/0x690 [ 34.490677] ? copy_msghdr_from_user+0x3c4/0x580 [ 34.495427] ? ipip_gro_receive+0x100/0x100 [ 34.499747] ? move_addr_to_kernel.part.18+0x100/0x100 [ 34.505032] ? security_socket_sendmsg+0x94/0xc0 [ 34.509791] ? ipip_gro_receive+0x100/0x100 [ 34.514109] sock_sendmsg+0xd5/0x120 [ 34.517819] ___sys_sendmsg+0x7fd/0x930 [ 34.521793] ? copy_msghdr_from_user+0x580/0x580 [ 34.526544] ? kasan_check_write+0x14/0x20 [ 34.530783] ? trace_hardirqs_off+0xd/0x10 [ 34.535016] ? __fget_light+0x2f7/0x440 [ 34.538985] ? fget_raw+0x20/0x20 [ 34.542430] ? trace_hardirqs_off+0xd/0x10 [ 34.546658] ? quarantine_put+0x10d/0x1b0 [ 34.550801] ? kfree+0x111/0x260 [ 34.554162] ? do_dccp_setsockopt.isra.11+0x1fc/0x7b0 [ 34.559346] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 34.564363] ? trace_hardirqs_on+0xd/0x10 [ 34.568511] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 34.574087] ? sockfd_lookup_light+0xc5/0x160 [ 34.578594] __sys_sendmsg+0x11d/0x290 [ 34.582491] ? __ia32_sys_shutdown+0x80/0x80 [ 34.586940] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 34.592484] ? fput+0x130/0x1a0 [ 34.595773] ? __x64_sys_futex+0x47f/0x6a0 [ 34.600013] ? syscall_slow_exit_work+0x500/0x500 [ 34.604859] __x64_sys_sendmsg+0x78/0xb0 [ 34.608963] do_syscall_64+0x1b9/0x820 [ 34.612902] ? finish_task_switch+0x1d3/0x870 [ 34.617391] ? syscall_return_slowpath+0x5e0/0x5e0 [ 34.622312] ? syscall_return_slowpath+0x31d/0x5e0 [ 34.627279] ? __switch_to_asm+0x34/0x70 [ 34.631357] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 34.636732] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 34.641621] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.646811] RIP: 0033:0x446f79 [ 34.649997] Code: e8 cc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 34.668979] RSP: 002b:00007f7cea395da8 EFLAGS: 00000293 ORIG_RAX: 000000000000002e [ 34.676679] RAX: ffffffffffffffda RBX: 00000000006dec58 RCX: 0000000000446f79 [ 34.683940] RDX: 0000000004000080 RSI: 00000000200030c0 RDI: 0000000000000005 [ 34.691376] RBP: 00000000006dec50 R08: 0000000000000000 R09: 0000000000000000 [ 34.698642] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000006dec5c [ 34.705906] R13: 00000000004b0678 R14: 0000000020001f80 R15: 0000000000000001