[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.246' (ECDSA) to the list of known hosts. syzkaller login: [ 41.101862] audit: type=1400 audit(1600918998.582:8): avc: denied { execmem } for pid=6497 comm="syz-executor454" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 42.200532] IPVS: ftp: loaded support on port[0] = 21 [ 42.305215] chnl_net:caif_netlink_parms(): no params data found [ 42.396199] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.403004] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.410772] device bridge_slave_0 entered promiscuous mode [ 42.418906] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.425276] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.432814] device bridge_slave_1 entered promiscuous mode [ 42.451513] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.460522] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.479988] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.487944] team0: Port device team_slave_0 added [ 42.493483] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.501512] team0: Port device team_slave_1 added [ 42.518710] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 42.524948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.550205] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 42.561897] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 42.568234] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.593667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 42.605362] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 42.613256] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 42.633910] device hsr_slave_0 entered promiscuous mode [ 42.639703] device hsr_slave_1 entered promiscuous mode [ 42.645740] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 42.653123] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 42.728953] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.735426] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.742476] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.748921] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.783308] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 42.789482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.800290] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.809436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.819874] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.827407] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.834411] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 42.845673] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 42.851941] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.862056] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.870358] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.876801] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.887022] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.894771] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.901233] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.918921] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 42.927135] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 42.938590] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 42.952588] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 42.963099] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 42.974685] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 42.982671] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.991159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.000022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 43.013403] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 43.021563] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 43.028507] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 43.041013] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.053866] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 43.065085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.112313] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 43.120059] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 43.127468] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 43.137276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.144969] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.152500] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.161522] device veth0_vlan entered promiscuous mode [ 43.171854] device veth1_vlan entered promiscuous mode [ 43.178543] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 43.188740] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 43.201614] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 43.211040] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 43.219326] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 43.227974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.238133] device veth0_macvtap entered promiscuous mode [ 43.244306] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 43.254000] device veth1_macvtap entered promiscuous mode [ 43.263057] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 43.273175] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 43.283363] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 43.291023] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.299781] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 43.309884] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 43.317547] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 43.325084] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.334802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 43.586370] ================================================================================ [ 43.595168] UBSAN: Undefined behaviour in ./include/net/red.h:272:18 [ 43.601658] shift exponent 103 is too large for 64-bit type 'long unsigned int' [ 43.609114] CPU: 1 PID: 3719 Comm: kworker/1:2 Not tainted 4.19.147-syzkaller #0 [ 43.616644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.626011] Workqueue: events iterate_cleanup_work [ 43.630937] Call Trace: [ 43.633516] [ 43.635669] dump_stack+0x22c/0x33e [ 43.639301] ubsan_epilogue+0xe/0x3a [ 43.643012] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 43.649162] ? kvm_clock_get_cycles+0x14/0x30 [ 43.653653] ? ktime_get+0x21b/0x320 [ 43.657369] red_enqueue+0x2064/0x2200 [ 43.661253] ? red_graft+0x320/0x320 [ 43.664948] ? __dev_queue_xmit+0x1425/0x2ec0 [ 43.669433] __dev_queue_xmit+0x14e1/0x2ec0 [ 43.673744] ? __lock_acquire+0x6ec/0x3ff0 [ 43.677963] ? netdev_pick_tx+0x350/0x350 [ 43.682097] ? mark_held_locks+0xa6/0xf0 [ 43.686201] ? ip_finish_output2+0x1073/0x1640 [ 43.690764] ip_finish_output2+0xc04/0x1640 [ 43.695141] ? ip_reply_glue_bits+0xb0/0xb0 [ 43.699448] ? lock_downgrade+0x750/0x750 [ 43.703577] ip_finish_output+0x88e/0xd80 [ 43.707711] ip_output+0x203/0x650 [ 43.711274] ? ip_mc_output+0xff0/0xff0 [ 43.715231] ? ip_fragment.constprop.0+0x240/0x240 [ 43.720143] ? prandom_u32+0xa3/0x100 [ 43.723922] ip_local_out+0xaf/0x170 [ 43.727619] iptunnel_xmit+0x63e/0xa30 [ 43.731492] geneve_xmit+0xeb4/0x2a20 [ 43.735280] ? geneve_fill_metadata_dst+0xd00/0xd00 [ 43.740281] ? netif_skb_features+0x3f9/0xb20 [ 43.744761] dev_hard_start_xmit+0x1a8/0x960 [ 43.749158] __dev_queue_xmit+0x276a/0x2ec0 [ 43.753465] ? netdev_pick_tx+0x350/0x350 [ 43.757598] ? ip6_finish_output+0x610/0xcc0 [ 43.761993] ? mark_held_locks+0xa6/0xf0 [ 43.766036] ? ip6_finish_output2+0x1777/0x2370 [ 43.770686] ip6_finish_output2+0xe78/0x2370 [ 43.775080] ? ip6_append_data+0x300/0x300 [ 43.779299] ? lock_downgrade+0x750/0x750 [ 43.783441] ? check_preemption_disabled+0x41/0x2b0 [ 43.788441] ip6_finish_output+0x610/0xcc0 [ 43.792660] ip6_output+0x205/0x7c0 [ 43.796267] ? ip6_finish_output+0xcc0/0xcc0 [ 43.800655] ? ip6_fragment+0x3390/0x3390 [ 43.804781] ? check_preemption_disabled+0x41/0x2b0 [ 43.809778] mld_sendpack+0x6c1/0x1120 [ 43.813662] ? add_grhead+0x223/0x330 [ 43.817442] ? igmp6_mc_seq_stop+0x1a0/0x1a0 [ 43.821855] ? icmpv6_rcv.cold+0x94/0x94 [ 43.825911] ? mld_ifc_timer_expire+0x604/0xc00 [ 43.830575] ? mld_ifc_timer_expire+0x4a3/0xc00 [ 43.835222] ? __local_bh_enable_ip+0x159/0x2a0 [ 43.839871] ? lockdep_hardirqs_on+0x29f/0x5e0 [ 43.844432] mld_ifc_timer_expire+0x616/0xc00 [ 43.848945] call_timer_fn+0x177/0x760 [ 43.852810] ? mld_clear_delrec+0x380/0x380 [ 43.857113] ? init_timer_key+0x370/0x370 [ 43.861241] ? mark_held_locks+0xa6/0xf0 [ 43.865296] ? _raw_spin_unlock_irq+0x24/0x90 [ 43.869772] ? mld_clear_delrec+0x380/0x380 [ 43.874085] expire_timers+0x243/0x500 [ 43.877956] run_timer_softirq+0x259/0x730 [ 43.882184] ? expire_timers+0x500/0x500 [ 43.886242] ? kvm_sched_clock_read+0x14/0x40 [ 43.890722] __do_softirq+0x27d/0xad2 [ 43.894508] do_softirq_own_stack+0x2a/0x40 [ 43.898817] [ 43.901037] do_softirq.part.0+0x168/0x200 [ 43.905251] ? nf_ct_iterate_cleanup+0x1fb/0x510 [ 43.909989] __local_bh_enable_ip+0x22d/0x2a0 [ 43.914484] nf_ct_iterate_cleanup+0x224/0x510 [ 43.919061] ? nf_ct_port_nlattr_to_tuple+0x190/0x190 [ 43.924236] nf_ct_iterate_cleanup_net+0x113/0x170 [ 43.929146] ? masq_inet6_event+0x5f0/0x5f0 [ 43.933448] ? nf_ct_iterate_cleanup+0x510/0x510 [ 43.938204] ? masq_inet6_event+0x5f0/0x5f0 [ 43.942522] iterate_cleanup_work+0x43/0xd0 [ 43.946828] process_one_work+0x796/0x14e0 [ 43.951052] ? init_worker_pool+0x5c0/0x5c0 [ 43.955375] worker_thread+0x64c/0x1130 [ 43.959357] ? __kthread_parkme+0x133/0x1e0 [ 43.963655] ? rescuer_thread+0xce0/0xce0 [ 43.967784] kthread+0x33f/0x460 [ 43.971130] ? kthread_park+0x180/0x180 [ 43.975103] ret_from_fork+0x24/0x30 [ 43.978819] ================================================================================