[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.4' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 38.762062] audit: type=1400 audit(1600642458.719:8): avc: denied { execmem } for pid=6481 comm="syz-executor853" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 38.764079] ================================================================================ [ 38.791577] UBSAN: Undefined behaviour in net/netfilter/ipset/ip_set_hash_gen.h:125:6 [ 38.799538] shift exponent 32 is too large for 32-bit type 'unsigned int' [ 38.806448] CPU: 0 PID: 6481 Comm: syz-executor853 Not tainted 4.19.146-syzkaller #0 [ 38.814303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.823634] Call Trace: [ 38.826207] dump_stack+0x22c/0x33e [ 38.829852] ubsan_epilogue+0xe/0x3a [ 38.833552] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 38.839689] ? hash_netportnet_create+0x366/0xa4d [ 38.844522] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 38.849562] ? kmem_cache_alloc_trace+0x379/0x4b0 [ 38.854386] hash_netportnet_create.cold+0x1a/0x23 [ 38.859307] ? hash_netportnet4_add+0x27c0/0x27c0 [ 38.864132] ip_set_create+0x70e/0x1380 [ 38.868087] ? __find_set_type_get+0x450/0x450 [ 38.872661] ? lock_downgrade+0x750/0x750 [ 38.876803] ? __find_set_type_get+0x450/0x450 [ 38.881382] nfnetlink_rcv_msg+0xeff/0x1210 [ 38.885688] ? nfnetlink_net_init+0x170/0x170 [ 38.890175] ? avc_has_extended_perms+0x1020/0x1020 [ 38.895276] ? avc_has_extended_perms+0x1020/0x1020 [ 38.900269] ? __lock_acquire+0x6ec/0x3ff0 [ 38.904483] ? mark_held_locks+0xf0/0xf0 [ 38.908532] ? cred_has_capability+0x162/0x2e0 [ 38.913094] ? cred_has_capability+0x1d9/0x2e0 [ 38.917665] ? selinux_inode_copy_up+0x180/0x180 [ 38.922410] ? selinux_inode_copy_up+0x180/0x180 [ 38.927145] netlink_rcv_skb+0x160/0x440 [ 38.931186] ? nfnetlink_net_init+0x170/0x170 [ 38.935661] ? netlink_ack+0xae0/0xae0 [ 38.939531] ? ns_capable_common+0x117/0x140 [ 38.943920] nfnetlink_rcv+0x1b2/0x41b [ 38.947797] ? nfnetlink_rcv_batch+0x1710/0x1710 [ 38.952553] netlink_unicast+0x4d5/0x690 [ 38.956610] ? netlink_sendskb+0x110/0x110 [ 38.960836] netlink_sendmsg+0x717/0xcc0 [ 38.964876] ? nlmsg_notify+0x1a0/0x1a0 [ 38.968830] ? __sock_recv_ts_and_drops+0x540/0x540 [ 38.973830] ? nlmsg_notify+0x1a0/0x1a0 [ 38.977780] sock_sendmsg+0xc7/0x130 [ 38.981485] ___sys_sendmsg+0x7bb/0x8f0 [ 38.985461] ? copy_msghdr_from_user+0x440/0x440 [ 38.990197] ? do_huge_pmd_anonymous_page+0x939/0x1d70 [ 38.995457] ? prep_transhuge_page+0xa0/0xa0 [ 38.999864] ? check_preemption_disabled+0x41/0x2b0 [ 39.004872] ? mark_held_locks+0xf0/0xf0 [ 39.009012] ? __handle_mm_fault+0xf34/0x4370 [ 39.013489] ? errseq_sample+0x56/0x70 [ 39.017365] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 39.022187] ? find_held_lock+0x2d/0x110 [ 39.026241] ? find_held_lock+0x2d/0x110 [ 39.030292] ? __fget_light+0x1a2/0x230 [ 39.034252] __x64_sys_sendmsg+0x132/0x220 [ 39.038472] ? __sys_sendmsg+0x1b0/0x1b0 [ 39.042525] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 39.047265] ? trace_hardirqs_off_caller+0x69/0x210 [ 39.052263] ? do_syscall_64+0x21/0x670 [ 39.056263] do_syscall_64+0xf9/0x670 [ 39.060084] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.065251] RIP: 0033:0x440429 [ 39.068423] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 39.087476] RSP: 002b:00007ffd4bf7c058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 39.095160] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440429 [ 39.102428] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 39.109685] RBP: 00000000006ca018 R08: 0000