[  OK  ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Started Update UTMP about System Runlevel Changes.


Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.7' (ECDSA) to the list of known hosts.
syzkaller login: [   39.132611] audit: type=1400 audit(1600904901.107:8): avc:  denied  { execmem } for  pid=6470 comm="syz-executor813" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   40.265413] IPVS: ftp: loaded support on port[0] = 21
[   40.364031] chnl_net:caif_netlink_parms(): no params data found
[   40.452754] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.459396] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.467262] device bridge_slave_0 entered promiscuous mode
[   40.475200] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.481576] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.488964] device bridge_slave_1 entered promiscuous mode
[   40.506148] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   40.515207] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   40.533659] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   40.541151] team0: Port device team_slave_0 added
[   40.547181] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   40.554956] team0: Port device team_slave_1 added
[   40.570035] batman_adv: batadv0: Adding interface: batadv_slave_0
[   40.576345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   40.601566] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   40.613173] batman_adv: batadv0: Adding interface: batadv_slave_1
[   40.619481] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   40.644737] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   40.655964] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   40.663462] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   40.683118] device hsr_slave_0 entered promiscuous mode
[   40.688837] device hsr_slave_1 entered promiscuous mode
[   40.695234] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   40.702237] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   40.771331] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.777759] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.784644] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.790976] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.822813] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   40.830083] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.839407] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   40.848390] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   40.857606] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.865064] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.871971] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   40.883943] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   40.890014] 8021q: adding VLAN 0 to HW filter on device team0
[   40.899609] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   40.907375] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.913766] bridge0: port 1(bridge_slave_0) entered forwarding state
[   40.934799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   40.942395] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.948808] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.956383] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   40.964471] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   40.972063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   40.981308] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   40.992013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.001994] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   41.008359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   41.024026] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[   41.031329] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   41.039369] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   41.050463] 8021q: adding VLAN 0 to HW filter on device batadv0
[   41.063206] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   41.072549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.104708] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   41.111700] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   41.119481] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   41.128994] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.136746] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   41.143972] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   41.153904] device veth0_vlan entered promiscuous mode
[   41.162486] device veth1_vlan entered promiscuous mode
[   41.169239] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
[   41.178614] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
[   41.190382] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[   41.200604] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   41.208983] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   41.216957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.226402] device veth0_macvtap entered promiscuous mode
[   41.232524] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
[   41.241064] device veth1_macvtap entered promiscuous mode
[   41.249783] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[   41.259000] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[   41.268986] batman_adv: batadv0: Interface activated: batadv_slave_0
[   41.276451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.285131] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   41.296279] batman_adv: batadv0: Interface activated: batadv_slave_1
[   41.303601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[   41.573291] ================================================================================
[   41.582173] UBSAN: Undefined behaviour in ./include/net/red.h:272:18
[   41.588666] shift exponent 103 is too large for 64-bit type 'long unsigned int'
[   41.596151] CPU: 1 PID: 25 Comm: kworker/1:1 Not tainted 4.19.147-syzkaller #0
[   41.603492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.612868] Workqueue: ipv6_addrconf addrconf_dad_work
[   41.618138] Call Trace:
[   41.620699]  <IRQ>
[   41.622848]  dump_stack+0x22c/0x33e
[   41.626466]  ubsan_epilogue+0xe/0x3a
[   41.630196]  __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250
[   41.636338]  ? kvm_clock_get_cycles+0x14/0x30
[   41.640812]  ? ktime_get+0x21b/0x320
[   41.644513]  red_enqueue+0x2064/0x2200
[   41.648381]  ? red_graft+0x320/0x320
[   41.652087]  ? __dev_queue_xmit+0x1425/0x2ec0
[   41.656563]  __dev_queue_xmit+0x14e1/0x2ec0
[   41.660864]  ? __lock_acquire+0x6ec/0x3ff0
[   41.665077]  ? netdev_pick_tx+0x350/0x350
[   41.669225]  ? mark_held_locks+0xa6/0xf0
[   41.673265]  ? ip_finish_output2+0x1073/0x1640
[   41.677823]  ip_finish_output2+0xc04/0x1640
[   41.682230]  ? ip_reply_glue_bits+0xb0/0xb0
[   41.686530]  ? lock_downgrade+0x750/0x750
[   41.690657]  ip_finish_output+0x88e/0xd80
[   41.694877]  ip_output+0x203/0x650
[   41.698394]  ? ip_mc_output+0xff0/0xff0
[   41.702362]  ? ip_fragment.constprop.0+0x240/0x240
[   41.707287]  ? prandom_u32+0xa3/0x100
[   41.711080]  ip_local_out+0xaf/0x170
[   41.714791]  iptunnel_xmit+0x63e/0xa30
[   41.718674]  geneve_xmit+0xeb4/0x2a20
[   41.722459]  ? geneve_fill_metadata_dst+0xd00/0xd00
[   41.727466]  ? netif_skb_features+0x3f9/0xb20
[   41.732294]  dev_hard_start_xmit+0x1a8/0x960
[   41.736685]  __dev_queue_xmit+0x276a/0x2ec0
[   41.741000]  ? netdev_pick_tx+0x350/0x350
[   41.745145]  ? ip6_finish_output+0x610/0xcc0
[   41.749539]  ? mark_held_locks+0xa6/0xf0
[   41.753579]  ? ip6_finish_output2+0x1777/0x2370
[   41.758227]  ip6_finish_output2+0xe78/0x2370
[   41.762644]  ? ip6_append_data+0x300/0x300
[   41.766857]  ? lock_downgrade+0x750/0x750
[   41.770997]  ? check_preemption_disabled+0x41/0x2b0
[   41.775998]  ip6_finish_output+0x610/0xcc0
[   41.780232]  ip6_output+0x205/0x7c0
[   41.783876]  ? ip6_finish_output+0xcc0/0xcc0
[   41.788301]  ? ip6_fragment+0x3390/0x3390
[   41.792435]  ? check_preemption_disabled+0x41/0x2b0
[   41.797430]  mld_sendpack+0x6c1/0x1120
[   41.801294]  ? add_grhead+0x223/0x330
[   41.805074]  ? igmp6_mc_seq_stop+0x1a0/0x1a0
[   41.809497]  ? icmpv6_rcv.cold+0x94/0x94
[   41.813538]  ? mld_ifc_timer_expire+0x604/0xc00
[   41.818189]  ? mld_ifc_timer_expire+0x4a3/0xc00
[   41.822843]  ? __local_bh_enable_ip+0x159/0x2a0
[   41.827542]  ? lockdep_hardirqs_on+0x29f/0x5e0
[   41.832105]  mld_ifc_timer_expire+0x616/0xc00
[   41.836586]  call_timer_fn+0x177/0x760
[   41.840449]  ? mld_clear_delrec+0x380/0x380
[   41.844796]  ? init_timer_key+0x370/0x370
[   41.848923]  ? mark_held_locks+0xa6/0xf0
[   41.852963]  ? _raw_spin_unlock_irq+0x24/0x90
[   41.857434]  ? mld_clear_delrec+0x380/0x380
[   41.861743]  expire_timers+0x243/0x500
[   41.865613]  run_timer_softirq+0x259/0x730
[   41.869825]  ? expire_timers+0x500/0x500
[   41.873866]  ? kvm_sched_clock_read+0x14/0x40
[   41.878356]  __do_softirq+0x27d/0xad2
[   41.882150]  irq_exit+0x22d/0x270
[   41.885591]  smp_apic_timer_interrupt+0x15f/0x5d0
[   41.890413]  apic_timer_interrupt+0xf/0x20
[   41.894635]  </IRQ>
[   41.896851] RIP: 0010:mutex_spin_on_owner+0x235/0x330
[   41.902017] Code: 41 5f c3 be 08 00 00 00 4c 89 f7 e8 35 16 54 00 4c 89 f0 48 c1 e8 03 80 3c 28 00 0f 85 ee 00 00 00 49 8b 06 a8 01 75 87 f3 90 <e9> 47 fe ff ff e8 61 3d 08 00 84 c0 0f 85 1d fe ff ff 48 c7 c2 60
[   41.921069] RSP: 0018:ffff8880a9befad8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   41.928754] RAX: 0000000000000000 RBX: ffff8880a3efc540 RCX: ffffffff8156d35e
[   41.936000] RDX: 1ffffffff12c7154 RSI: 0000000000000008 RDI: 0000000000000000
[   41.943253] RBP: dffffc0000000000 R08: 0000000000000000 R09: fffffbfff15be16c
[   41.950508] R10: ffffffff8adf0b67 R11: 0000000000000003 R12: 0000000000000000
[   41.957754] R13: ffffed101537e4d0 R14: ffffffff8adf0b60 R15: ffff8880a9bf2680
[   41.965017]  ? mutex_spin_on_owner+0x8e/0x330
[   41.969495]  ? mutex_spin_on_owner+0x8e/0x330
[   41.973973]  __mutex_lock+0x9f1/0x13f0
[   41.977841]  ? find_held_lock+0x2d/0x110
[   41.981881]  ? addrconf_dad_work+0x9c/0x1130
[   41.986268]  ? ww_mutex_unlock+0x2f0/0x2f0
[   41.990492]  ? mark_held_locks+0xf0/0xf0
[   41.994542]  ? lock_downgrade+0x750/0x750
[   41.998664]  ? lock_acquire+0x170/0x3f0
[   42.002622]  ? debug_object_deactivate+0x100/0x2e0
[   42.007586]  ? trace_hardirqs_off+0x64/0x200
[   42.011979]  ? find_held_lock+0x2d/0x110
[   42.016026]  addrconf_dad_work+0x9c/0x1130
[   42.020296]  ? addrconf_dad_completed+0xb60/0xb60
[   42.025122]  process_one_work+0x796/0x14e0
[   42.029336]  ? init_worker_pool+0x5c0/0x5c0
[   42.033640]  worker_thread+0x64c/0x1130
[   42.037597]  ? __kthread_parkme+0x133/0x1e0
[   42.041898]  ? rescuer_thread+0xce0/0xce0
[   42.046034]  kthread+0x33f/0x460
[   42.049378]  ? kthread_park+0x180/0x180
[   42.053335]  ret_from_fork+0x24/0x30
[   42.057034] ================================================================================