[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.127' (ECDSA) to the list of known hosts.
syzkaller login: [   40.381092] audit: type=1400 audit(1600920342.095:8): avc:  denied  { execmem } for  pid=6479 comm="syz-executor638" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   40.401989] IPVS: ftp: loaded support on port[0] = 21
[   40.486150] chnl_net:caif_netlink_parms(): no params data found
[   40.647018] bridge0: port 1(bridge_slave_0) entered blocking state
[   40.655105] bridge0: port 1(bridge_slave_0) entered disabled state
[   40.662993] device bridge_slave_0 entered promiscuous mode
[   40.671154] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.677531] bridge0: port 2(bridge_slave_1) entered disabled state
[   40.684952] device bridge_slave_1 entered promiscuous mode
[   40.703910] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   40.712907] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   40.732040] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   40.739752] team0: Port device team_slave_0 added
[   40.745316] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   40.753032] team0: Port device team_slave_1 added
[   40.769243] batman_adv: batadv0: Adding interface: batadv_slave_0
[   40.775497] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   40.800747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   40.812473] batman_adv: batadv0: Adding interface: batadv_slave_1
[   40.818811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   40.845139] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   40.856154] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   40.864122] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   40.884181] device hsr_slave_0 entered promiscuous mode
[   40.890847] device hsr_slave_1 entered promiscuous mode
[   40.897049] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   40.905383] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   40.980397] bridge0: port 2(bridge_slave_1) entered blocking state
[   40.988720] bridge0: port 2(bridge_slave_1) entered forwarding state
[   40.995661] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.002077] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.045560] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   41.052013] 8021q: adding VLAN 0 to HW filter on device bond0
[   41.063297] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   41.072904] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.082419] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.089895] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.096877] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   41.109923] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   41.116079] 8021q: adding VLAN 0 to HW filter on device team0
[   41.125699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   41.134144] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.140847] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.152154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   41.160633] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.166988] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.189088] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   41.196938] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   41.204963] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.212659] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.220685] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   41.231885] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   41.238446] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   41.251405] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[   41.259487] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   41.266187] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   41.278619] 8021q: adding VLAN 0 to HW filter on device batadv0
[   41.293581] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   41.303259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.340206] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   41.347362] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   41.355080] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   41.366386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.374369] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   41.381805] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   41.391714] device veth0_vlan entered promiscuous mode
[   41.401656] device veth1_vlan entered promiscuous mode
[   41.407558] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
[   41.418700] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
[   41.431556] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[   41.441101] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   41.449207] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   41.456605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.468313] device veth0_macvtap entered promiscuous mode
[   41.476897] device veth1_macvtap entered promiscuous mode
[   41.486796] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[   41.496872] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[   41.507396] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
[   41.515120] batman_adv: batadv0: Interface activated: batadv_slave_0
[   41.522483] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   41.530840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.541274] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[   41.548472] batman_adv: batadv0: Interface activated: batadv_slave_1
[   41.555267] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   41.563570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.689155] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[   41.696181] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.723055] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   41.723772] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
executing program
[   41.745076] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   41.752402] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   41.762198] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   41.771646] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   41.828159] ================================================================================
[   41.836872] UBSAN: Undefined behaviour in ./include/net/red.h:272:18
[   41.843383] shift exponent 234 is too large for 64-bit type 'long unsigned int'
[   41.850833] CPU: 1 PID: 6480 Comm: syz-executor638 Not tainted 4.19.147-syzkaller #0
[   41.858818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.868553] Call Trace:
[   41.871270]  <IRQ>
[   41.873876]  dump_stack+0x22c/0x33e
[   41.877515]  ubsan_epilogue+0xe/0x3a
[   41.881238]  __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250
[   41.887375]  ? kvm_clock_get_cycles+0x14/0x30
[   41.891884]  ? ktime_get+0x21b/0x320
[   41.895591]  red_enqueue+0x2064/0x2200
[   41.899491]  ? red_graft+0x320/0x320
[   41.903192]  __dev_queue_xmit+0x14e1/0x2ec0
[   41.907503]  ? __lock_acquire+0x6ec/0x3ff0
[   41.911741]  ? netdev_pick_tx+0x350/0x350
[   41.915895]  ? mark_held_locks+0xa6/0xf0
[   41.920170]  ? ip_finish_output2+0x1073/0x1640
[   41.924871]  ip_finish_output2+0xc04/0x1640
[   41.929213]  ? ip_reply_glue_bits+0xb0/0xb0
[   41.933779]  ? lock_downgrade+0x750/0x750
[   41.937940]  ip_finish_output+0x88e/0xd80
[   41.942089]  ip_output+0x203/0x650
[   41.945619]  ? ip_mc_output+0xff0/0xff0
[   41.951391]  ? ip_fragment.constprop.0+0x240/0x240
[   41.956599]  ? prandom_u32+0xa3/0x100
[   41.960396]  ip_local_out+0xaf/0x170
[   41.964110]  iptunnel_xmit+0x63e/0xa30
[   41.968003]  geneve_xmit+0xeb4/0x2a20
[   41.971796]  ? geneve_fill_metadata_dst+0xd00/0xd00
[   41.976803]  ? netif_skb_features+0x3f9/0xb20
[   41.981377]  dev_hard_start_xmit+0x1a8/0x960
[   41.985828]  __dev_queue_xmit+0x276a/0x2ec0
[   41.990306]  ? netdev_pick_tx+0x350/0x350
[   41.994445]  ? ip6_finish_output+0x610/0xcc0
[   41.999121]  ? mark_held_locks+0xa6/0xf0
[   42.003198]  ? ip6_finish_output2+0x1777/0x2370
[   42.007881]  ip6_finish_output2+0xe78/0x2370
[   42.012305]  ? ip6_append_data+0x300/0x300
[   42.016559]  ? lock_downgrade+0x750/0x750
[   42.020839]  ? check_preemption_disabled+0x41/0x2b0
[   42.025850]  ip6_finish_output+0x610/0xcc0
[   42.030234]  ip6_output+0x205/0x7c0
[   42.033848]  ? ip6_finish_output+0xcc0/0xcc0
[   42.038266]  ? ip6_fragment+0x3390/0x3390
[   42.042410]  ? check_preemption_disabled+0x41/0x2b0
[   42.047607]  mld_sendpack+0x6c1/0x1120
[   42.051497]  ? add_grhead+0x223/0x330
[   42.055296]  ? igmp6_mc_seq_stop+0x1a0/0x1a0
[   42.059720]  ? icmpv6_rcv.cold+0x94/0x94
[   42.063780]  ? mld_ifc_timer_expire+0x604/0xc00
[   42.068460]  ? mld_ifc_timer_expire+0x4a3/0xc00
[   42.073128]  ? __local_bh_enable_ip+0x159/0x2a0
[   42.077796]  ? lockdep_hardirqs_on+0x29f/0x5e0
[   42.082369]  mld_ifc_timer_expire+0x616/0xc00
[   42.086868]  call_timer_fn+0x177/0x760
[   42.090749]  ? mld_clear_delrec+0x380/0x380
[   42.095067]  ? init_timer_key+0x370/0x370
[   42.099199]  ? mark_held_locks+0xa6/0xf0
[   42.103244]  ? _raw_spin_unlock_irq+0x24/0x90
[   42.107723]  ? mld_clear_delrec+0x380/0x380
[   42.112152]  expire_timers+0x243/0x500
[   42.116929]  run_timer_softirq+0x259/0x730
[   42.121178]  ? expire_timers+0x500/0x500
[   42.125295]  ? kvm_sched_clock_read+0x14/0x40
[   42.129796]  __do_softirq+0x27d/0xad2
[   42.133719]  do_softirq_own_stack+0x2a/0x40
[   42.138030]  </IRQ>
[   42.140265]  do_softirq.part.0+0x168/0x200
[   42.144579]  ? nf_ct_iterate_cleanup+0x1fb/0x510
[   42.149333]  __local_bh_enable_ip+0x22d/0x2a0
[   42.153844]  nf_ct_iterate_cleanup+0x224/0x510
[   42.158423]  ? nf_ct_port_nlattr_to_tuple+0x190/0x190
[   42.163635]  nf_ct_iterate_cleanup_net+0x113/0x170
[   42.168551]  ? icmp_unique_tuple.cold+0x1e/0x1e
[   42.173222]  ? nf_ct_iterate_cleanup+0x510/0x510
[   42.178064]  ? icmp_unique_tuple.cold+0x1e/0x1e
[   42.182736]  ? lockdep_hardirqs_on+0x3c1/0x5e0
[   42.187389]  ? clusterip_netdev_event+0x4cc/0x6a0
[   42.192213]  ? __local_bh_enable_ip+0x159/0x2a0
[   42.196884]  masq_device_event+0xd6/0x110
[   42.201035]  notifier_call_chain+0xc0/0x230
[   42.205359]  dev_close_many+0x323/0x670
[   42.209320]  ? __dev_close_many+0x300/0x300
[   42.213641]  ? lock_downgrade+0x750/0x750
[   42.217791]  rollback_registered_many+0x2e8/0xf00
[   42.222624]  ? trace_hardirqs_off+0x64/0x200
[   42.227014]  ? generic_xdp_install+0x5c0/0x5c0
[   42.231584]  ? round_jiffies_up_relative+0xd0/0xd0
[   42.236494]  ? find_held_lock+0x2d/0x110
[   42.240539]  ? mark_held_locks+0xa6/0xf0
[   42.244597]  rollback_registered+0xe9/0x1b0
[   42.248906]  ? rollback_registered_many+0xf00/0xf00
[   42.253920]  ? linkwatch_schedule_work+0x135/0x170
[   42.258843]  unregister_netdevice_queue+0x1de/0x400
[   42.263874]  __tun_detach+0x1129/0x1480
[   42.267861]  ? __tun_detach+0x1480/0x1480
[   42.271999]  tun_chr_close+0xf6/0x1a0
[   42.275822]  __fput+0x2ce/0x8a0
[   42.279105]  task_work_run+0x141/0x1c0
[   42.282979]  do_exit+0xc09/0x2d80
[   42.286419]  ? find_held_lock+0x2d/0x110
[   42.290466]  ? __close_fd+0x1f3/0x220
[   42.295058]  ? mm_update_next_owner+0x660/0x660
[   42.299726]  ? lock_downgrade+0x750/0x750
[   42.303866]  ? lock_acquire+0x170/0x3f0
[   42.307832]  do_group_exit+0x125/0x320
[   42.311720]  __x64_sys_exit_group+0x3a/0x50
[   42.316024]  do_syscall_64+0xf9/0x670
[   42.319827]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   42.325010] RIP: 0033:0x4439a8
[   42.328350] Code: Bad RIP value.
[   42.332424] RSP: 002b:00007ffc28791968 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   42.340117] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004439a8
[   42.347404] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[   42.354910] RBP: 00000000004ca830 R08: 00000000000000e7 R09: ffffffffffffffd4
[   42.362183] R10: 00007ffc287919d0 R11: 0000000000000246 R12: 0000000000000001
[   42.369452] R13: 00000000006df260 R14: 0000000000000041 R15: 0000000000000004
[   42.376725] ================================================================================