[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 27.187287] kauditd_printk_skb: 8 callbacks suppressed [ 27.187299] audit: type=1800 audit(1540953922.903:29): pid=5562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 27.213852] audit: type=1800 audit(1540953922.903:30): pid=5562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 39.516415] sshd (5704) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts. [ 45.966787] IPVS: ftp: loaded support on port[0] = 21 [ 46.117290] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.124105] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.131483] device bridge_slave_0 entered promiscuous mode [ 46.149261] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.155701] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.162675] device bridge_slave_1 entered promiscuous mode [ 46.180518] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.197874] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.246656] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.266102] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.339923] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.347942] team0: Port device team_slave_0 added [ 46.363967] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.371077] team0: Port device team_slave_1 added [ 46.388585] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.408961] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.429000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.449629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 46.593660] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.600154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.607140] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.613562] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 47.121585] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.172170] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.222858] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 47.229271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.236912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.281258] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 47.596724] BUG: please report to dccp@vger.kernel.org => prev = 0, last = 0 at net/dccp/ccids/lib/packet_history.c:425/tfrc_rx_hist_sample_rtt() [ 47.610057] CPU: 1 PID: 5961 Comm: syz-executor491 Not tainted 4.19.0-next-20181030+ #101 [ 47.618365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.627705] Call Trace: [ 47.630273] [ 47.632445] dump_stack+0x244/0x39d [ 47.636063] ? dump_stack_print_info.cold.1+0x20/0x20 [ 47.641245] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.646779] ? tfrc_rx_handle_loss+0x67b/0x1eb0 [ 47.651445] tfrc_rx_hist_sample_rtt.cold.3+0x54/0x5c [ 47.656631] ccid3_hc_rx_packet_recv+0x5c4/0xeb0 [ 47.661471] ? dccp_parse_options+0x4a1/0x12f0 [ 47.666064] ? ccid3_first_li+0x400/0x400 [ 47.670215] dccp_deliver_input_to_ccids+0xf0/0x280 [ 47.675341] dccp_rcv_established+0x87/0xb0 [ 47.679650] dccp_v4_do_rcv+0x153/0x180 [ 47.683616] __sk_receive_skb+0x3e0/0xeb0 [ 47.687756] ? sk_free+0x50/0x50 [ 47.691126] ? inet_lhash2_lookup+0x6e0/0x6e0 [ 47.695614] ? reqsk_fastopen_remove+0x660/0x660 [ 47.700361] ? lock_downgrade+0x900/0x900 [ 47.704495] ? check_preemption_disabled+0x48/0x280 [ 47.709503] ? dccp_invalid_packet+0x64/0x880 [ 47.713992] dccp_v4_rcv+0x10f9/0x1f58 [ 47.717873] ? dccp_v4_err+0x18a0/0x18a0 [ 47.721922] ? __lock_is_held+0xb5/0x140 [ 47.725984] ip_local_deliver_finish+0x2e9/0xda0 [ 47.730743] ? ip_sublist_rcv_finish+0x3a0/0x3a0 [ 47.735487] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 47.740495] ? nf_hook_slow+0x11e/0x1c0 [ 47.744478] ip_local_deliver+0x1e4/0x740 [ 47.748616] ? ip_call_ra_chain+0x730/0x730 [ 47.752934] ? ip_sublist_rcv_finish+0x3a0/0x3a0 [ 47.757719] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 47.762659] ? kasan_check_read+0x11/0x20 [ 47.766794] ? rcu_softirq_qs+0x20/0x20 [ 47.770760] ip_rcv_finish+0x1f9/0x300 [ 47.774643] ip_rcv+0xe8/0x600 [ 47.777824] ? lockdep_hardirqs_on+0x296/0x5b0 [ 47.782393] ? ip_local_deliver+0x740/0x740 [ 47.786763] ? ip_rcv_finish_core.isra.16+0x1f40/0x1f40 [ 47.792127] ? lock_acquire+0x1ed/0x520 [ 47.796093] ? process_backlog+0x1dd/0x7a0 [ 47.800322] __netif_receive_skb_one_core+0x14d/0x200 [ 47.805506] ? __netif_receive_skb_core+0x3b20/0x3b20 [ 47.810727] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 47.816014] ? rcu_softirq_qs+0x20/0x20 [ 47.819984] ? trace_hardirqs_off_caller+0x300/0x300 [ 47.825078] __netif_receive_skb+0x27/0x1e0 [ 47.829395] process_backlog+0x24e/0x7a0 [ 47.833449] net_rx_action+0x7fa/0x19b0 [ 47.837439] ? napi_complete_done+0x7a0/0x7a0 [ 47.841933] ? find_held_lock+0x36/0x1c0 [ 47.845987] ? rebalance_domains+0x358/0xdc0 [ 47.850387] ? lock_downgrade+0x900/0x900 [ 47.854525] ? check_preemption_disabled+0x48/0x280 [ 47.859581] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 47.864508] ? kasan_check_read+0x11/0x20 [ 47.868659] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 47.873924] ? rcu_softirq_qs+0x20/0x20 [ 47.877895] ? rebalance_domains+0x375/0xdc0 [ 47.882294] ? load_balance+0x3990/0x3990 [ 47.886430] ? print_usage_bug+0xc0/0xc0 [ 47.890497] ? trace_hardirqs_on+0x310/0x310 [ 47.894901] ? kvm_clock_read+0x18/0x30 [ 47.898867] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 47.903868] ? ktime_get+0x2c1/0x400 [ 47.907567] ? zap_class+0x640/0x640 [ 47.911271] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.916795] ? check_preemption_disabled+0x48/0x280 [ 47.921813] ? __lock_is_held+0xb5/0x140 [ 47.925867] __do_softirq+0x308/0xb7e [ 47.929659] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.935185] ? __irqentry_text_end+0x1f9688/0x1f9688 [ 47.940278] ? smp_reschedule_interrupt+0x109/0x650 [ 47.945285] ? smp_thermal_interrupt+0x850/0x850 [ 47.950025] ? ret_from_intr+0xb/0x1e [ 47.953811] ? trace_hardirqs_off_caller+0xbb/0x300 [ 47.958814] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.963644] ? trace_hardirqs_on_caller+0x310/0x310 [ 47.968645] ? task_prio+0x50/0x50 [ 47.972188] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.977710] ? check_preemption_disabled+0x48/0x280 [ 47.982722] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.987553] ? ip_finish_output2+0xa83/0x1860 [ 47.992031] do_softirq_own_stack+0x2a/0x40 [ 47.996331] [ 47.998557] do_softirq.part.14+0x126/0x160 [ 48.002931] __local_bh_enable_ip+0x21d/0x260 [ 48.007423] ip_finish_output2+0xab6/0x1860 [ 48.011799] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 48.016724] ? ip_copy_metadata+0xe10/0xe10 [ 48.021036] ? zap_class+0x640/0x640 [ 48.024825] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.030360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.035883] ? ipv4_mtu+0x39f/0x590 [ 48.039500] ? __lock_is_held+0xb5/0x140 [ 48.043552] ip_finish_output+0x7f8/0xfa0 [ 48.047699] ? ip_finish_output+0x7f8/0xfa0 [ 48.052013] ? ip_fragment.constprop.50+0x240/0x240 [ 48.057019] ? kasan_check_read+0x11/0x20 [ 48.061220] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 48.066506] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.072032] ? rcu_softirq_qs+0x20/0x20 [ 48.075990] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 48.081116] ? nf_hook_slow+0x11e/0x1c0 [ 48.085086] ip_output+0x21d/0x8d0 [ 48.088617] ? ip_mc_output+0x15a0/0x15a0 [ 48.092755] ? ip_fragment.constprop.50+0x240/0x240 [ 48.097761] ? __lock_is_held+0xb5/0x140 [ 48.101814] ip_local_out+0xc5/0x1b0 [ 48.105514] __ip_queue_xmit+0x9af/0x1f30 [ 48.109653] ? ip_build_and_send_pkt+0xc90/0xc90 [ 48.114393] ? __skb_checksum+0x920/0x920 [ 48.118531] ? skb_send_sock+0x50/0x50 [ 48.122417] ? reqsk_fastopen_remove+0x660/0x660 [ 48.127162] ? dccp_insert_option_padding+0xbc/0xe0 [ 48.132172] ip_queue_xmit+0x56/0x70 [ 48.135869] dccp_transmit_skb+0x98c/0x12e0 [ 48.140235] dccp_xmit_packet+0x25e/0x7d0 [ 48.144376] ? _copy_from_iter_full+0x2d8/0xce0 [ 48.149034] ? dccp_send_sync+0x270/0x270 [ 48.153175] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 48.158181] ? ccid3_hc_tx_send_packet+0x358/0x876 [ 48.163098] dccp_write_xmit+0x190/0x1f0 [ 48.167159] dccp_sendmsg+0x9cc/0x1020 [ 48.171043] ? dccp_setsockopt_cscov.part.10+0x290/0x290 [ 48.176494] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.182022] ? aa_label_sk_perm+0x91/0x100 [ 48.186241] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 48.191196] ? aa_sk_perm+0x22b/0x8e0 [ 48.194989] ? import_iovec+0x2a3/0x4b0 [ 48.198954] ? aa_af_perm+0x5a0/0x5a0 [ 48.202742] inet_sendmsg+0x19c/0x690 [ 48.206530] ? ipip_gro_receive+0x100/0x100 [ 48.210895] ? apparmor_socket_sendmsg+0x29/0x30 [ 48.215646] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.221170] ? security_socket_sendmsg+0x94/0xc0 [ 48.225910] ? ipip_gro_receive+0x100/0x100 [ 48.230218] sock_sendmsg+0xd5/0x120 [ 48.233920] ___sys_sendmsg+0x7fd/0x930 [ 48.237886] ? copy_msghdr_from_user+0x580/0x580 [ 48.242627] ? _raw_spin_unlock_bh+0x30/0x40 [ 48.247025] ? check_preemption_disabled+0x48/0x280 [ 48.252047] ? __fget_light+0x2e9/0x430 [ 48.257037] ? fget_raw+0x20/0x20 [ 48.260477] ? release_sock+0x1ec/0x2c0 [ 48.264541] ? lock_sock_nested+0x9a/0x120 [ 48.268768] ? __release_sock+0x3a0/0x3a0 [ 48.272907] ? __local_bh_enable_ip+0x160/0x260 [ 48.277576] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 48.283103] ? sockfd_lookup_light+0xc5/0x160 [ 48.287591] __sys_sendmsg+0x11d/0x280 [ 48.291469] ? __ia32_sys_shutdown+0x80/0x80 [ 48.295863] ? __x64_sys_futex+0x47f/0x6a0 [ 48.300084] ? do_syscall_64+0x9a/0x820 [ 48.304043] ? do_syscall_64+0x9a/0x820 [ 48.308010] ? trace_hardirqs_off_caller+0x300/0x300 [ 48.313095] ? trace_hardirqs_off+0xb8/0x310 [ 48.317537] __x64_sys_sendmsg+0x78/0xb0 [ 48.321591] do_syscall_64+0x1b9/0x820 [ 48.325461] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 48.330810] ? syscall_return_slowpath+0x5e0/0x5e0 [ 48.335727] ? trace_hardirqs_on_caller+0x310/0x310 [ 48.340770] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 48.345784] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 48.352440] ? __switch_to_asm+0x40/0x70 [ 48.356528] ? __switch_to_asm+0x34/0x70 [ 48.360576] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.365429] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.370599] RIP: 0033:0x446a69 [ 48.373780] Code: e8 cc b8 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 48.392707] RSP: 002b:00007f5e0a1dbda8 EFLAGS: 00000293 ORIG_RAX: 000000000000002e [ 48.400406] RAX: ffffffffffffffda RBX: 00000000006dcc68 RCX: 0000000000446a69 [ 48.407662] RDX: 0000000000000800 RSI: 00000000200004c0 RDI: 0000000000000005 [ 48.414916] RBP: 00000000006dcc60 R08: 0000000000000000 R09: 0000000000000000 [ 48.422180] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000006dcc6c [ 48.429432] R13: b8f0db312c1fe558 R14: d6bf4eea9265b264 R15: 0000000000000005