[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.950185] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.006278] random: sshd: uninitialized urandom read (32 bytes read)
[   26.298166] random: sshd: uninitialized urandom read (32 bytes read)
[   26.771129] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.15.200' (ECDSA) to the list of known hosts.
[   32.387994] urandom_read: 1 callbacks suppressed
[   32.387999] random: sshd: uninitialized urandom read (32 bytes read)
net.ipv6.conf.syz_tun.accept_dad = 0
[   32.489631] IPVS: ftp: loaded support on port[0] = 21
net.ipv6.conf.syz_tun.router_solicitations = 0
[   32.689512] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.696078] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.703486] device bridge_slave_0 entered promiscuous mode
[   32.720447] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.726957] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.734124] device bridge_slave_1 entered promiscuous mode
[   32.750312] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   32.766238] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   32.808192] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   32.826143] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   32.889413] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   32.896652] team0: Port device team_slave_0 added
[   32.911194] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   32.918293] team0: Port device team_slave_1 added
[   32.933650] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   32.949132] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   32.967226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   32.983431] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   33.106832] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.113290] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.120275] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.126642] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   33.558957] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   33.565096] 8021q: adding VLAN 0 to HW filter on device bond0
[   33.607411] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   33.652269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.660604] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   33.699616] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   33.941017] BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:425/tfrc_rx_hist_sample_rtt()
[   33.954522] CPU: 0 PID: 4662 Comm: syz-executor103 Not tainted 4.18.0-rc8-next-20180810+ #36
[   33.963089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.972432] Call Trace:
[   33.975012]  <IRQ>
[   33.977170]  dump_stack+0x1c9/0x2b4
[   33.980800]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.985991]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   33.991518]  ? tfrc_rx_handle_loss+0x67c/0x1eb0
[   33.996258]  ? rcu_is_watching+0x8c/0x150
[   34.000401]  tfrc_rx_hist_sample_rtt.cold.3+0x54/0x5c
[   34.005587]  ccid3_hc_rx_packet_recv+0x5c4/0xeb0
[   34.010336]  ? dccp_parse_options+0x493/0x11f0
[   34.014910]  ? ccid3_hc_tx_send_packet+0x880/0x880
[   34.019853]  dccp_deliver_input_to_ccids+0xf0/0x280
[   34.024863]  dccp_rcv_established+0x87/0xb0
[   34.029182]  dccp_v4_do_rcv+0x153/0x180
[   34.033148]  __sk_receive_skb+0x3e5/0xec0
[   34.037287]  ? sk_free+0x50/0x50
[   34.040651]  ? inet_lhash2_lookup+0x6e0/0x6e0
[   34.045136]  ? reqsk_fastopen_remove+0x680/0x680
[   34.049886]  ? lock_downgrade+0x8f0/0x8f0
[   34.054057]  ? dccp_invalid_packet+0x64/0x890
[   34.058562]  dccp_v4_rcv+0x10f9/0x1f58
[   34.062449]  ? dccp_v4_err+0x1860/0x1860
[   34.066509]  ? __lock_is_held+0xb5/0x140
[   34.070631]  ip_local_deliver_finish+0x2eb/0xda0
[   34.075382]  ? ip_sublist_rcv_finish+0x3e0/0x3e0
[   34.080201]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   34.085211]  ? nf_hook_slow+0x11e/0x1c0
[   34.089178]  ip_local_deliver+0x1e9/0x750
[   34.093318]  ? ip_call_ra_chain+0x730/0x730
[   34.097634]  ? ip_sublist_rcv_finish+0x3e0/0x3e0
[   34.102380]  ? kasan_check_read+0x11/0x20
[   34.106518]  ? rcu_is_watching+0x8c/0x150
[   34.110656]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   34.115319]  ip_rcv_finish+0x1f9/0x300
[   34.119204]  ip_rcv+0xed/0x610
[   34.122389]  ? trace_hardirqs_on+0xd/0x10
[   34.126529]  ? ip_local_deliver+0x750/0x750
[   34.130845]  ? ip_rcv_finish_core.isra.16+0x1f10/0x1f10
[   34.136203]  ? lock_acquire+0x1e4/0x540
[   34.140171]  ? process_backlog+0x1a6/0x760
[   34.144400]  __netif_receive_skb_one_core+0x14d/0x200
[   34.149582]  ? __netif_receive_skb_core+0x3af0/0x3af0
[   34.154771]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   34.159506]  __netif_receive_skb+0x2c/0x1e0
[   34.163839]  process_backlog+0x219/0x760
[   34.167895]  net_rx_action+0x7a5/0x1920
[   34.171885]  ? napi_complete_done+0x6d0/0x6d0
[   34.176438]  ? kasan_check_read+0x11/0x20
[   34.180584]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   34.185250]  ? rebalance_domains+0x379/0xd90
[   34.189656]  ? load_balance+0x3640/0x3640
[   34.193801]  ? enqueue_hrtimer+0x18e/0x540
[   34.198033]  ? rcu_is_watching+0x8c/0x150
[   34.202216]  ? find_held_lock+0x36/0x1c0
[   34.206276]  ? run_rebalance_domains+0x365/0x4c0
[   34.211024]  ? kasan_check_read+0x11/0x20
[   34.215215]  ? rcu_is_watching+0x8c/0x150
[   34.219357]  ? rcu_pm_notify+0xc0/0xc0
[   34.223240]  ? print_usage_bug+0xc0/0xc0
[   34.227292]  ? __do_softirq+0x780/0xb17
[   34.231258]  ? graph_lock+0x170/0x170
[   34.235057]  ? kasan_check_write+0x14/0x20
[   34.239325]  ? __lock_is_held+0xb5/0x140
[   34.243389]  __do_softirq+0x2e8/0xb17
[   34.247189]  ? __irqentry_text_end+0x1f97a8/0x1f97a8
[   34.252803]  ? irq_exit+0xbb/0x210
[   34.256342]  ? smp_apic_timer_interrupt+0x186/0x730
[   34.261353]  ? smp_call_function_single_interrupt+0x660/0x660
[   34.267236]  ? kvm_sched_clock_read+0x18/0x30
[   34.271731]  ? sched_clock+0x31/0x40
[   34.275445]  ? sched_clock_cpu+0x1b/0x170
[   34.279587]  ? task_prio+0x50/0x50
[   34.283122]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.287962]  do_softirq_own_stack+0x2a/0x40
[   34.292271]  </IRQ>
[   34.294505]  do_softirq.part.18+0x155/0x1a0
[   34.298862]  ? ip_finish_output2+0xa87/0x1860
[   34.303351]  __local_bh_enable_ip+0x1ec/0x230
[   34.307839]  ip_finish_output2+0xaba/0x1860
[   34.312155]  ? ip_copy_metadata+0xe20/0xe20
[   34.316470]  ? graph_lock+0x170/0x170
[   34.320272]  ? nf_ct_deliver_cached_events+0x293/0x7e0
[   34.325548]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.331079]  ? ipv4_mtu+0x37d/0x590
[   34.334700]  ? __lock_is_held+0xb5/0x140
[   34.338775]  ip_finish_output+0x841/0xfa0
[   34.342935]  ? ip_finish_output+0x841/0xfa0
[   34.347247]  ? ip_fragment.constprop.49+0x240/0x240
[   34.352256]  ? kasan_check_read+0x11/0x20
[   34.356395]  ? rcu_is_watching+0x8c/0x150
[   34.360534]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   34.365196]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   34.370209]  ? nf_hook_slow+0x11e/0x1c0
[   34.374219]  ip_output+0x223/0x880
[   34.377761]  ? __ip_local_out+0x5e3/0xb50
[   34.381929]  ? ip_mc_output+0x15d0/0x15d0
[   34.386068]  ? ip_fragment.constprop.49+0x240/0x240
[   34.391076]  ? __lock_is_held+0xb5/0x140
[   34.395136]  ? blkfront_setup_indirect+0x570/0x3090
[   34.400154]  ip_local_out+0xc5/0x1b0
[   34.403867]  __ip_queue_xmit+0x9b6/0x1f20
[   34.408030]  ? ip_build_and_send_pkt+0xc80/0xc80
[   34.412839]  ? __skb_checksum+0x8f0/0x8f0
[   34.416996]  ? skb_send_sock+0x50/0x50
[   34.420877]  ? reqsk_fastopen_remove+0x680/0x680
[   34.425644]  ? dccp_insert_option_padding+0xbc/0xe0
[   34.430658]  ip_queue_xmit+0x56/0x70
[   34.434365]  dccp_transmit_skb+0x999/0x12e0
[   34.438682]  dccp_xmit_packet+0x25e/0x7b0
[   34.442822]  ? dccp_send_sync+0x270/0x270
[   34.446982]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   34.451990]  ? ccid3_hc_tx_send_packet+0x35a/0x880
[   34.456928]  dccp_write_xmit+0x190/0x1f0
[   34.460987]  dccp_sendmsg+0x8db/0x1030
[   34.464869]  ? dccp_getsockopt+0xf0/0xf0
[   34.468949]  ? rw_copy_check_uvector+0x30d/0x3e0
[   34.473701]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.479231]  ? import_iovec+0x269/0x470
[   34.483240]  ? dup_iter+0x270/0x270
[   34.486867]  inet_sendmsg+0x1a1/0x690
[   34.490677]  ? copy_msghdr_from_user+0x3c4/0x580
[   34.495427]  ? ipip_gro_receive+0x100/0x100
[   34.499747]  ? move_addr_to_kernel.part.18+0x100/0x100
[   34.505032]  ? security_socket_sendmsg+0x94/0xc0
[   34.509791]  ? ipip_gro_receive+0x100/0x100
[   34.514109]  sock_sendmsg+0xd5/0x120
[   34.517819]  ___sys_sendmsg+0x7fd/0x930
[   34.521793]  ? copy_msghdr_from_user+0x580/0x580
[   34.526544]  ? kasan_check_write+0x14/0x20
[   34.530783]  ? trace_hardirqs_off+0xd/0x10
[   34.535016]  ? __fget_light+0x2f7/0x440
[   34.538985]  ? fget_raw+0x20/0x20
[   34.542430]  ? trace_hardirqs_off+0xd/0x10
[   34.546658]  ? quarantine_put+0x10d/0x1b0
[   34.550801]  ? kfree+0x111/0x260
[   34.554162]  ? do_dccp_setsockopt.isra.11+0x1fc/0x7b0
[   34.559346]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   34.564363]  ? trace_hardirqs_on+0xd/0x10
[   34.568511]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.574087]  ? sockfd_lookup_light+0xc5/0x160
[   34.578594]  __sys_sendmsg+0x11d/0x290
[   34.582491]  ? __ia32_sys_shutdown+0x80/0x80
[   34.586940]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   34.592484]  ? fput+0x130/0x1a0
[   34.595773]  ? __x64_sys_futex+0x47f/0x6a0
[   34.600013]  ? syscall_slow_exit_work+0x500/0x500
[   34.604859]  __x64_sys_sendmsg+0x78/0xb0
[   34.608963]  do_syscall_64+0x1b9/0x820
[   34.612902]  ? finish_task_switch+0x1d3/0x870
[   34.617391]  ? syscall_return_slowpath+0x5e0/0x5e0
[   34.622312]  ? syscall_return_slowpath+0x31d/0x5e0
[   34.627279]  ? __switch_to_asm+0x34/0x70
[   34.631357]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   34.636732]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.641621]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.646811] RIP: 0033:0x446f79
[   34.649997] Code: e8 cc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   34.668979] RSP: 002b:00007f7cea395da8 EFLAGS: 00000293 ORIG_RAX: 000000000000002e
[   34.676679] RAX: ffffffffffffffda RBX: 00000000006dec58 RCX: 0000000000446f79
[   34.683940] RDX: 0000000004000080 RSI: 00000000200030c0 RDI: 0000000000000005
[   34.691376] RBP: 00000000006dec50 R08: 0000000000000000 R09: 0000000000000000
[   34.698642] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000006dec5c
[   34.705906] R13: 00000000004b0678 R14: 0000000020001f80 R15: 0000000000000001