[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.486917] audit: type=1400 audit(1601822820.481:8): avc: denied { execmem } for pid=6490 comm="syz-executor067" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 40.489921] ================================================================================ [ 40.515471] UBSAN: Undefined behaviour in net/sched/sch_api.c:375:22 [ 40.521981] shift exponent 255 is too large for 32-bit type 'int' [ 40.528193] CPU: 1 PID: 6490 Comm: syz-executor067 Not tainted 4.19.149-syzkaller #0 [ 40.536051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.545381] Call Trace: [ 40.547950] dump_stack+0x22c/0x33e [ 40.551565] ubsan_epilogue+0xe/0x3a [ 40.555261] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 40.561389] ? qdisc_get_rtab+0x1d4/0x770 [ 40.565519] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 40.570517] ? kmem_cache_alloc_trace+0x379/0x4b0 [ 40.575363] qdisc_get_rtab.cold+0x1d/0x8e [ 40.579581] tbf_change+0x99d/0x1230 [ 40.583275] ? mark_held_locks+0xa6/0xf0 [ 40.587316] ? _raw_spin_unlock_irqrestore+0x7d/0xf0 [ 40.592399] ? tbf_enqueue+0x9b0/0x9b0 [ 40.596265] ? find_held_lock+0x2d/0x110 [ 40.600319] ? tbf_init+0x5e/0xc4 [ 40.603759] ? kvm_clock_get_cycles+0x14/0x30 [ 40.608233] ? ktime_get+0x21b/0x320 [ 40.611927] ? tbf_change+0x1230/0x1230 [ 40.615882] tbf_init+0x91/0xc4 [ 40.619144] qdisc_create+0x534/0x1080 [ 40.623029] ? tc_get_qdisc+0xad0/0xad0 [ 40.626983] ? nla_parse+0x1b2/0x290 [ 40.630698] tc_modify_qdisc+0x4c0/0x195b [ 40.634849] ? qdisc_create+0x1080/0x1080 [ 40.638976] ? rtnetlink_rcv_msg+0x443/0xc10 [ 40.643374] ? qdisc_create+0x1080/0x1080 [ 40.647513] rtnetlink_rcv_msg+0x498/0xc10 [ 40.651741] ? rtnl_get_link+0x270/0x270 [ 40.655783] ? __netlink_lookup+0x481/0x7e0 [ 40.660089] ? find_held_lock+0x2d/0x110 [ 40.664132] netlink_rcv_skb+0x160/0x440 [ 40.668171] ? rtnl_get_link+0x270/0x270 [ 40.672213] ? netlink_ack+0xae0/0xae0 [ 40.676100] netlink_unicast+0x4d5/0x690 [ 40.680152] ? netlink_sendskb+0x110/0x110 [ 40.684373] netlink_sendmsg+0x717/0xcc0 [ 40.688421] ? nlmsg_notify+0x1a0/0x1a0 [ 40.692424] ? __sock_recv_ts_and_drops+0x540/0x540 [ 40.697425] ? nlmsg_notify+0x1a0/0x1a0 [ 40.701389] sock_sendmsg+0xc7/0x130 [ 40.705088] ___sys_sendmsg+0x7bb/0x8f0 [ 40.709045] ? copy_msghdr_from_user+0x440/0x440 [ 40.713798] ? selinux_file_alloc_security+0xe4/0x1c0 [ 40.718968] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 40.723966] ? __lockdep_init_map+0x100/0x5c0 [ 40.728442] ? check_preemption_disabled+0x41/0x2b0 [ 40.733437] ? mark_held_locks+0xf0/0xf0 [ 40.737476] ? percpu_counter_add_batch+0x126/0x180 [ 40.742474] ? alloc_empty_file+0xd7/0x170 [ 40.746689] ? errseq_sample+0x56/0x70 [ 40.750570] ? find_held_lock+0x2d/0x110 [ 40.754669] ? __fd_install+0x22a/0x6e0 [ 40.758637] ? __fget_light+0x1a2/0x230 [ 40.762592] __x64_sys_sendmsg+0x132/0x220 [ 40.766807] ? __sys_sendmsg+0x1b0/0x1b0 [ 40.770863] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 40.776219] ? trace_hardirqs_off_caller+0x6e/0x210 [ 40.781216] ? do_syscall_64+0x21/0x670 [ 40.785171] do_syscall_64+0xf9/0x670 [ 40.788954] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.794138] RIP: 0033:0x440fe9 [ 40.797309] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.816193] RSP: 002b:00007ffc1d7faa58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 40.823881] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440fe9 [ 40.831131] RDX: 0000000000000000 RSI: 0000000020000800 RDI: 0000000000000004 [ 40.838379] RBP: 00000000006cb018 R08: 0000000000000000 R09: 00000000004002c8 [ 40.845651] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004027f0 [ 40.852912] R13: 0000000000402880 R14: 0000000000000000 R15: 0000000000000000 [ 40.860170] ================================================================================ [ 40.869866] ================================================================================ [ 40.878449] UBSAN: Undefined behaviour in net/sched/sch_api.c:376:24 [ 40.884946] shift exponent 255 is too large for 32-bit type 'int' [ 40.891179] CPU: 1 PID: 6490 Comm: syz-executor067 Not tainted 4.19.149-syzkaller #0 [ 40.899077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.908424] Call Trace: [ 40.911007] dump_stack+0x22c/0x33e [ 40.914652] ubsan_epilogue+0xe/0x3a [ 40.918384] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 40.924526] ? qdisc_get_rtab+0x1d4/0x770 [ 40.928667] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 40.933663] ? kmem_cache_alloc_trace+0x379/0x4b0 [ 40.938485] qdisc_get_rtab.cold+0x7f/0x8e [ 40.942703] tbf_change+0x99d/0x1230 [ 40.946396] ? mark_held_locks+0xa6/0xf0 [ 40.950462] ? _raw_spin_unlock_irqrestore+0x7d/0xf0 [ 40.955547] ? tbf_enqueue+0x9b0/0x9b0 [ 40.959435] ? find_held_lock+0x2d/0x110 [ 40.963476] ? tbf_init+0x5e/0xc4 [ 40.966917] ? kvm_clock_get_cycles+0x14/0x30 [ 40.971406] ? ktime_get+0x21b/0x320 [ 40.975101] ? tbf_change+0x1230/0x1230 [ 40.979055] tbf_init+0x91/0xc4 [ 40.982315] qdisc_create+0x534/0x1080 [ 40.986196] ? tc_get_qdisc+0xad0/0xad0 [ 40.990162] ? nla_parse+0x1b2/0x290 [ 40.993856] tc_modify_qdisc+0x4c0/0x195b [ 40.998002] ? qdisc_create+0x1080/0x1080 [ 41.002128] ? rtnetlink_rcv_msg+0x443/0xc10 [ 41.006528] ? qdisc_create+0x1080/0x1080 [ 41.010655] rtnetlink_rcv_msg+0x498/0xc10 [ 41.014882] ? rtnl_get_link+0x270/0x270 [ 41.018924] ? __netlink_lookup+0x481/0x7e0 [ 41.023229] ? find_held_lock+0x2d/0x110 [ 41.027271] netlink_rcv_skb+0x160/0x440 [ 41.031313] ? rtnl_get_link+0x270/0x270 [ 41.035354] ? netlink_ack+0xae0/0xae0 [ 41.039242] netlink_unicast+0x4d5/0x690 [ 41.043329] ? netlink_sendskb+0x110/0x110 [ 41.047558] netlink_sendmsg+0x717/0xcc0 [ 41.051602] ? nlmsg_notify+0x1a0/0x1a0 [ 41.055554] ? __sock_recv_ts_and_drops+0x540/0x540 [ 41.060567] ? nlmsg_notify+0x1a0/0x1a0 [ 41.064519] sock_sendmsg+0xc7/0x130 [ 41.068212] ___sys_sendmsg+0x7bb/0x8f0 [ 41.072164] ? copy_msghdr_from_user+0x440/0x440 [ 41.076913] ? selinux_file_alloc_security+0xe4/0x1c0 [ 41.082081] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 41.087090] ? __lockdep_init_map+0x100/0x5c0 [ 41.091566] ? check_preemption_disabled+0x41/0x2b0 [ 41.096560] ? mark_held_locks+0xf0/0xf0 [ 41.100605] ? percpu_counter_add_batch+0x126/0x180 [ 41.105602] ? alloc_empty_file+0xd7/0x170 [ 41.109819] ? errseq_sample+0x56/0x70 [ 41.113686] ? find_held_lock+0x2d/0x110 [ 41.117728] ? __fd_install+0x22a/0x6e0 [ 41.121700] ? __fget_light+0x1a2/0x230 [ 41.125656] __x64_sys_sendmsg+0x132/0x220 [ 41.129900] ? __sys_sendmsg+0x1b0/0x1b0 [ 41.133945] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.139287] ? trace_hardirqs_off_caller+0x6e/0x210 [ 41.144286] ? do_syscall_64+0x21/0x670 [ 41.148257] do_syscall_64+0xf9/0x670 [ 41.152053] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.157235] RIP: 0033:0x440fe9 [ 41.160406] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 41.179299] RSP: 002b:00007ffc1d7faa58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 41.186983] RAX: ffffffffffffffd