Warning: Permanently added '10.128.0.19' (ECDSA) to the list of known hosts. syzkaller login: [ 42.804171] audit: type=1400 audit(1601080088.725:8): avc: denied { execmem } for pid=6508 comm="syz-executor787" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 43.928713] IPVS: ftp: loaded support on port[0] = 21 [ 44.043584] chnl_net:caif_netlink_parms(): no params data found [ 44.184296] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.191089] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.199381] device bridge_slave_0 entered promiscuous mode [ 44.207658] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.214484] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.221622] device bridge_slave_1 entered promiscuous mode [ 44.241313] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.251015] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.271152] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.278759] team0: Port device team_slave_0 added [ 44.285218] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.293063] team0: Port device team_slave_1 added [ 44.309842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.316197] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.341687] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.354010] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.360242] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.385692] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.396489] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.404343] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.425136] device hsr_slave_0 entered promiscuous mode [ 44.430946] device hsr_slave_1 entered promiscuous mode [ 44.437609] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.445098] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.520108] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.526645] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.533561] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.539935] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.575652] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 44.581735] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.593373] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.602937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.611499] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.619905] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.627309] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 44.639515] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.646306] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.656353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.664537] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.670876] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.681162] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.689244] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.695660] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.712439] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.728798] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 44.739145] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 44.750489] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 44.758150] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.765917] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.774197] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.783648] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.791221] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.805037] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 44.814580] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 44.821353] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 44.834059] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.847993] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 44.858500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.895377] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 44.903214] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 44.909739] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 44.920975] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.929266] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.936737] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.947835] device veth0_vlan entered promiscuous mode [ 44.957306] device veth1_vlan entered promiscuous mode [ 44.963923] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 44.973097] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 44.986387] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 44.995825] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 45.003890] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 45.011263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.021409] device veth0_macvtap entered promiscuous mode [ 45.031257] device veth1_macvtap entered promiscuous mode [ 45.040522] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 45.050387] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 45.061447] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 45.070601] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.078403] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.087004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.098126] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 45.105125] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.111673] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.120395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.246391] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 45.254013] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.271222] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.287123] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready executing program [ 45.300303] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 45.307750] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.316108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.323617] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 45.535932] ================================================================================ [ 45.544750] UBSAN: Undefined behaviour in ./include/net/red.h:272:18 [ 45.551250] shift exponent 223 is too large for 64-bit type 'long unsigned int' [ 45.558700] CPU: 1 PID: 6406 Comm: kworker/1:3 Not tainted 4.19.147-syzkaller #0 [ 45.566227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.575585] Workqueue: ipv6_addrconf addrconf_dad_work [ 45.580856] Call Trace: [ 45.583449] dump_stack+0x22c/0x33e [ 45.587094] ubsan_epilogue+0xe/0x3a [ 45.590800] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 45.596978] ? kvm_clock_get_cycles+0x14/0x30 [ 45.601477] ? ktime_get+0x21b/0x320 [ 45.605189] red_enqueue+0x2064/0x2200 [ 45.609063] ? red_graft+0x320/0x320 [ 45.612763] ? __dev_queue_xmit+0x1425/0x2ec0 [ 45.617264] __dev_queue_xmit+0x14e1/0x2ec0 [ 45.621591] ? __lock_acquire+0x6ec/0x3ff0 [ 45.625835] ? netdev_pick_tx+0x350/0x350 [ 45.630774] ? mark_held_locks+0xa6/0xf0 [ 45.634834] ? ip_finish_output2+0x1073/0x1640 [ 45.639405] ip_finish_output2+0xc04/0x1640 [ 45.643733] ? ip_reply_glue_bits+0xb0/0xb0 [ 45.648041] ? lock_downgrade+0x750/0x750 [ 45.652176] ip_finish_output+0x88e/0xd80 [ 45.656321] ip_output+0x203/0x650 [ 45.659840] ? ip_mc_output+0xff0/0xff0 [ 45.663799] ? ip_fragment.constprop.0+0x240/0x240 [ 45.668722] ? prandom_u32+0xa3/0x100 [ 45.672517] ip_local_out+0xaf/0x170 [ 45.676238] iptunnel_xmit+0x63e/0xa30 [ 45.680112] geneve_xmit+0xeb4/0x2a20 [ 45.683906] ? geneve_fill_metadata_dst+0xd00/0xd00 [ 45.688912] ? netif_skb_features+0x3f9/0xb20 [ 45.693430] dev_hard_start_xmit+0x1a8/0x960 [ 45.697828] __dev_queue_xmit+0x276a/0x2ec0 [ 45.702150] ? __neigh_create+0x1286/0x1d80 [ 45.706454] ? netdev_pick_tx+0x350/0x350 [ 45.710595] ? ip6_finish_output2+0x1184/0x2370 [ 45.715262] ? memcpy+0x35/0x50 [ 45.718700] neigh_resolve_output+0x55a/0x950 [ 45.723209] ip6_finish_output2+0x1184/0x2370 [ 45.727695] ? ip6_append_data+0x300/0x300 [ 45.731915] ? lock_downgrade+0x750/0x750 [ 45.736074] ? check_preemption_disabled+0x41/0x2b0 [ 45.741087] ip6_finish_output+0x610/0xcc0 [ 45.745325] ip6_output+0x205/0x7c0 [ 45.748949] ? ip6_finish_output+0xcc0/0xcc0 [ 45.753343] ? ip6_fragment+0x3390/0x3390 [ 45.757489] ? check_preemption_disabled+0x41/0x2b0 [ 45.764999] ndisc_send_skb+0xa6b/0x1860 [ 45.769060] ? pndisc_constructor+0x250/0x250 [ 45.773542] ? __kmalloc_node_track_caller+0x38/0x70 [ 45.778629] ? do_ipv6_setsockopt.constprop.0.cold+0x8c/0x8c [ 45.784419] ? __alloc_skb+0x36d/0x580 [ 45.788292] ? skb_set_owner_w+0x21f/0x370 [ 45.792532] ndisc_send_ns+0x51d/0x840 [ 45.796408] ? addrconf_dad_work+0xab2/0x1130 [ 45.800944] ? pndisc_redo+0x20/0x20 [ 45.804646] ? mark_held_locks+0xa6/0xf0 [ 45.808696] ? addrconf_dad_work+0x677/0x1130 [ 45.813188] ? __local_bh_enable_ip+0x159/0x2a0 [ 45.817934] addrconf_dad_work+0xb78/0x1130 [ 45.822249] ? addrconf_dad_completed+0xb60/0xb60 [ 45.827108] process_one_work+0x796/0x14e0 [ 45.831363] ? init_worker_pool+0x5c0/0x5c0 [ 45.835677] wor