[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.17' (ECDSA) to the list of known hosts. syzkaller login: [ 40.508457] audit: type=1400 audit(1602774103.613:8): avc: denied { execmem } for pid=6500 comm="syz-executor298" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 40.527995] IPVS: ftp: loaded support on port[0] = 21 [ 40.615173] chnl_net:caif_netlink_parms(): no params data found [ 40.716710] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.723295] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.731663] device bridge_slave_0 entered promiscuous mode [ 40.740071] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.746952] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.753954] device bridge_slave_1 entered promiscuous mode [ 40.774267] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 40.783461] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 40.803080] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 40.811871] team0: Port device team_slave_0 added [ 40.818086] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 40.825868] team0: Port device team_slave_1 added [ 40.841997] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.848328] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.873624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.885684] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.891938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.917317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.928174] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 40.937840] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 40.959164] device hsr_slave_0 entered promiscuous mode [ 40.964902] device hsr_slave_1 entered promiscuous mode [ 40.971433] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 40.978758] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 41.049819] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.056285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.063136] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.069584] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.104610] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 41.112406] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.121823] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.131996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.140601] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.148207] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.156144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 41.167852] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 41.173962] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.187210] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.194853] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.201330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.208528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.216696] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.223047] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.238926] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 41.247322] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 41.260022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 41.273159] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 41.284131] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 41.296482] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 41.302908] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.311346] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.319234] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 41.332163] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 41.340446] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 41.348072] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 41.360659] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.373189] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 41.383807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.420798] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 41.428435] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 41.436109] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 41.445812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.453406] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.460810] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.470034] device veth0_vlan entered promiscuous mode [ 41.479806] device veth1_vlan entered promiscuous mode [ 41.487231] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 41.496631] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 41.508160] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 41.517979] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 41.525683] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 41.533132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.543206] device veth0_macvtap entered promiscuous mode [ 41.549866] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 41.559720] device veth1_macvtap entered promiscuous mode [ 41.569446] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 41.579357] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 41.589953] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.597653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.607246] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 41.618411] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 41.625843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.632392] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.641030] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 41.903865] ================================================================================ [ 41.912635] UBSAN: Undefined behaviour in ./include/net/red.h:272:18 [ 41.919118] shift exponent 103 is too large for 64-bit type 'long unsigned int' [ 41.926589] CPU: 1 PID: 3741 Comm: kworker/1:3 Not tainted 4.19.150-syzkaller #0 [ 41.934131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.943479] Workqueue: ipv6_addrconf addrconf_dad_work [ 41.948734] Call Trace: [ 41.951320] dump_stack+0x22c/0x33e [ 41.954945] ubsan_epilogue+0xe/0x3a [ 41.958651] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 41.964893] ? kvm_clock_get_cycles+0x14/0x30 [ 41.969368] ? ktime_get+0x21b/0x320 [ 41.973062] red_enqueue+0x2064/0x2200 [ 41.976954] ? red_graft+0x320/0x320 [ 41.980651] ? __dev_queue_xmit+0x1425/0x2ec0 [ 41.985133] __dev_queue_xmit+0x14e1/0x2ec0 [ 41.989462] ? ctnetlink_conntrack_event+0xc82/0x1405 [ 41.994649] ? netdev_pick_tx+0x350/0x350 [ 41.998812] ? mark_held_locks+0xa6/0xf0 [ 42.002878] ? ip_finish_output2+0x1073/0x1640 [ 42.007448] ip_finish_output2+0xc04/0x1640 [ 42.011765] ? ip_reply_glue_bits+0xb0/0xb0 [ 42.016073] ? lock_downgrade+0x750/0x750 [ 42.020202] ip_finish_output+0x88e/0xd80 [ 42.024341] ip_output+0x203/0x650 [ 42.027869] ? ip_mc_output+0xff0/0xff0 [ 42.031838] ? ip_fragment.constprop.0+0x240/0x240 [ 42.036770] ? prandom_u32+0xa3/0x100 [ 42.040553] ip_local_out+0xaf/0x170 [ 42.044249] iptunnel_xmit+0x63e/0xa30 [ 42.048124] geneve_xmit+0xf46/0x2ac0 [ 42.051920] ? geneve_fill_metadata_dst+0x1590/0x1590 [ 42.057111] ? netif_skb_features+0x3f9/0xb20 [ 42.061591] dev_hard_start_xmit+0x1a8/0x960 [ 42.065983] __dev_queue_xmit+0x276a/0x2ec0 [ 42.070300] ? __neigh_create+0x1286/0x1d80 [ 42.074610] ? netdev_pick_tx+0x350/0x350 [ 42.078770] ? ip6_finish_output2+0x1184/0x2370 [ 42.083423] ? memcpy+0x35/0x50 [ 42.086697] neigh_resolve_output+0x55a/0x950 [ 42.091187] ip6_finish_output2+0x1184/0x2370 [ 42.095669] ? ip6_append_data+0x300/0x300 [ 42.099895] ? lock_downgrade+0x750/0x750 [ 42.104036] ? check_preemption_disabled+0x41/0x2b0 [ 42.109045] ip6_finish_output+0x610/0xcc0 [ 42.113280] ip6_output+0x205/0x7c0 [ 42.116900] ? ip6_finish_output+0xcc0/0xcc0 [ 42.121299] ? ip6_fragment+0x3390/0x3390 [ 42.125431] ? check_preemption_disabled+0x41/0x2b0 [ 42.130453] ndisc_send_skb+0xa6b/0x1860 [ 42.134531] ? pndisc_constructor+0x250/0x250 [ 42.139041] ? __kmalloc_node_track_caller+0x38/0x70 [ 42.144157] ? do_ipv6_setsockopt.constprop.0.cold+0x8c/0x8c [ 42.149948] ? __alloc_skb+0x36d/0x580 [ 42.153819] ? skb_set_owner_w+0x21f/0x370 [ 42.158040] ndisc_send_ns+0x51d/0x840 [ 42.161920] ? addrconf_dad_work+0xab2/0x1130 [ 42.166430] ? pndisc_redo+0x20/0x20 [ 42.170128] ? mark_held_locks+0xa6/0xf0 [ 42.174169] ? addrconf_dad_work+0x677/0x1130 [ 42.178668] ? __local_bh_enable_ip+0x159/0x2a0 [ 42.183363] addrconf_dad_work+0xb78/0x1130 [ 42.187676] ? addrconf_dad_completed+0xb60/0xb60 [ 42.192505] process_one_work+0x796/0x14e0 [ 42.196727] ? init_worker_pool+0x5c0/0x5c0 [ 42.201034] worker_thread+0x64c/0x1130 [