[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.46' (ECDSA) to the list of known hosts.
syzkaller login: [   41.849240] audit: type=1400 audit(1600917296.856:8): avc:  denied  { execmem } for  pid=6497 comm="syz-executor143" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   42.947472] IPVS: ftp: loaded support on port[0] = 21
[   43.061008] chnl_net:caif_netlink_parms(): no params data found
[   43.128502] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.135920] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.143175] device bridge_slave_0 entered promiscuous mode
[   43.151999] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.159073] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.166468] device bridge_slave_1 entered promiscuous mode
[   43.185670] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   43.196238] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   43.215802] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   43.223748] team0: Port device team_slave_0 added
[   43.230119] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   43.237927] team0: Port device team_slave_1 added
[   43.255669] batman_adv: batadv0: Adding interface: batadv_slave_0
[   43.261954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   43.287343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   43.299457] batman_adv: batadv0: Adding interface: batadv_slave_1
[   43.305834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   43.331343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   43.342463] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   43.350357] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   43.370912] device hsr_slave_0 entered promiscuous mode
[   43.377379] device hsr_slave_1 entered promiscuous mode
[   43.383493] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   43.390994] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   43.466415] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.473185] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.480416] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.489338] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.525565] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   43.531894] 8021q: adding VLAN 0 to HW filter on device bond0
[   43.542572] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   43.555293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.565886] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.573274] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.581923] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   43.594884] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   43.601459] 8021q: adding VLAN 0 to HW filter on device team0
[   43.625793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.634224] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.641090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.649040] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.658203] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.664906] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.672493] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   43.681071] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   43.689233] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   43.701243] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   43.711507] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   43.723728] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   43.731653] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.740235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.748789] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   43.763902] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[   43.772467] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   43.780094] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   43.792720] 8021q: adding VLAN 0 to HW filter on device batadv0
[   43.807110] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   43.818462] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.854147] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   43.861966] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   43.870696] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   43.881580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.891593] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   43.899856] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   43.910624] device veth0_vlan entered promiscuous mode
[   43.922115] device veth1_vlan entered promiscuous mode
[   43.929685] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
[   43.940636] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
[   43.953259] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[   43.964986] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   43.973296] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   43.982499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.993472] device veth0_macvtap entered promiscuous mode
[   44.000845] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
[   44.009959] device veth1_macvtap entered promiscuous mode
[   44.020187] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[   44.031887] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[   44.043572] batman_adv: batadv0: Interface activated: batadv_slave_0
[   44.051769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   44.061601] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   44.073242] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[   44.081651] batman_adv: batadv0: Interface activated: batadv_slave_1
[   44.089670] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   44.100765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   44.235842] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[   44.245315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   44.267170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   44.269030] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
executing program
[   44.282070] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   44.296614] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   44.305260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   44.312540] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   44.530681] ================================================================================
[   44.541721] UBSAN: Undefined behaviour in ./include/net/red.h:272:18
[   44.552609] shift exponent 234 is too large for 64-bit type 'long unsigned int'
[   44.564708] CPU: 1 PID: 6707 Comm: kworker/1:3 Not tainted 4.19.147-syzkaller #0
[   44.573336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.586201] Workqueue: ipv6_addrconf addrconf_dad_work
[   44.592378] Call Trace:
[   44.595668]  dump_stack+0x22c/0x33e
[   44.601665]  ubsan_epilogue+0xe/0x3a
[   44.607523]  __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250
[   44.616581]  ? kvm_clock_get_cycles+0x14/0x30
[   44.621554]  ? ktime_get+0x21b/0x320
[   44.625846]  red_enqueue+0x2064/0x2200
[   44.631409]  ? red_graft+0x320/0x320
[   44.635839]  ? __dev_queue_xmit+0x1425/0x2ec0
[   44.641393]  __dev_queue_xmit+0x14e1/0x2ec0
[   44.646033]  ? ctnetlink_conntrack_event+0xc82/0x1405
[   44.651486]  ? netdev_pick_tx+0x350/0x350
[   44.657084]  ? mark_held_locks+0xa6/0xf0
[   44.663635]  ? ip_finish_output2+0x1073/0x1640
[   44.669739]  ip_finish_output2+0xc04/0x1640
[   44.675678]  ? ip_reply_glue_bits+0xb0/0xb0
[   44.680154]  ? lock_downgrade+0x750/0x750
[   44.685243]  ip_finish_output+0x88e/0xd80
[   44.690219]  ip_output+0x203/0x650
[   44.694146]  ? ip_mc_output+0xff0/0xff0
[   44.699048]  ? ip_fragment.constprop.0+0x240/0x240
[   44.704205]  ? prandom_u32+0xa3/0x100
[   44.708501]  ip_local_out+0xaf/0x170
[   44.712232]  iptunnel_xmit+0x63e/0xa30
[   44.716425]  geneve_xmit+0xeb4/0x2a20
[   44.720564]  ? geneve_fill_metadata_dst+0xd00/0xd00
[   44.725760]  ? netif_skb_features+0x3f9/0xb20
[   44.730268]  dev_hard_start_xmit+0x1a8/0x960
[   44.734751]  __dev_queue_xmit+0x276a/0x2ec0
[   44.739078]  ? __neigh_create+0x1286/0x1d80
[   44.744142]  ? netdev_pick_tx+0x350/0x350
[   44.748604]  ? ip6_finish_output2+0x1184/0x2370
[   44.753833]  ? memcpy+0x35/0x50
[   44.757680]  neigh_resolve_output+0x55a/0x950
[   44.762995]  ip6_finish_output2+0x1184/0x2370
[   44.768271]  ? ip6_append_data+0x300/0x300
[   44.772739]  ? lock_downgrade+0x750/0x750
[   44.777660]  ? check_preemption_disabled+0x41/0x2b0
[   44.783033]  ip6_finish_output+0x610/0xcc0
[   44.787277]  ip6_output+0x205/0x7c0
[   44.791715]  ? ip6_finish_output+0xcc0/0xcc0
[   44.796444]  ? ip6_fragment+0x3390/0x3390
[   44.801319]  ? check_preemption_disabled+0x41/0x2b0
[   44.807234]  ndisc_send_skb+0xa6b/0x1860
[   44.811772]  ? pndisc_constructor+0x250/0x250
[   44.816344]  ? __kmalloc_node_track_caller+0x38/0x70
[   44.821696]  ? do_ipv6_setsockopt.constprop.0.cold+0x8c/0x8c
[   44.827756]  ? __alloc_skb+0x36d/0x580
[   44.831982]  ? skb_set_owner_w+0x21f/0x370
[   44.836597]  ndisc_send_ns+0x51d/0x840
[   44.841020]  ? addrconf_dad_work+0xab2/0x1130
[   44.845992]  ? pndisc_redo+0x20/0x20
[   44.850885]  ? mark_held_locks+0xa6/0xf0
[   44.855581]  ? addrconf_dad_work+0x677/0x1130
[   44.860554]  ? __local_bh_enable_ip+0x159/0x2a0
[   44.865747]  addrconf_dad_work+0xb78/0x1130
[   44.870509]  ? addrconf_dad_completed+0xb60/0xb60
[   44.875639]  process_one_work+0x796/0x14e0
[   44.880259]  ? init_worker_pool+0x5c0/0x5c0
[   44.884590]  worker_thread+0x64c/0x1130
[   44.888718]  ? __kthread_parkme+0x133/0x1e0
[   44.893208]  ? rescuer_thread+0xce0/0xce0
[   44.897762]  kthread+0x33f/0x460
[   44.902436]  ? kthread_park+0x180/0x180
[   44.909430]  ret_from_fork+0x24/0x30
[   44.914925] ================================================================================