[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.596669] audit: type=1400 audit(1601955424.473:8): avc: denied { execmem } for pid=6499 comm="syz-executor752" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 40.600606] netlink: 32 bytes leftover after parsing attributes in process `syz-executor752'. [ 40.626109] netlink: 3092 bytes leftover after parsing attributes in process `syz-executor752'. [ 40.635520] ================================================================================ [ 40.644184] UBSAN: Undefined behaviour in net/sched/act_police.c:161:27 [ 40.650926] shift exponent 45 is too large for 32-bit type 'int' [ 40.657091] CPU: 0 PID: 6499 Comm: syz-executor752 Not tainted 4.19.149-syzkaller #0 [ 40.664955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.674300] Call Trace: [ 40.676880] dump_stack+0x22c/0x33e [ 40.680504] ubsan_epilogue+0xe/0x3a [ 40.684200] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 40.690356] ? tcf_police_init+0x56e/0x11d0 [ 40.694662] tcf_police_init.cold+0x34/0x86 [ 40.698979] ? tcf_police_search+0x2c0/0x2c0 [ 40.703375] tcf_action_init_1+0x962/0xc40 [ 40.707589] ? tcf_action_dump_old+0x80/0x80 [ 40.711979] ? mark_held_locks+0xf0/0xf0 [ 40.716024] ? memset+0x20/0x40 [ 40.719285] tcf_action_init+0x2c3/0x490 [ 40.723338] ? tcf_action_init_1+0xc40/0xc40 [ 40.727743] ? avc_has_perm_noaudit+0x224/0x3e0 [ 40.732409] tcf_action_add+0xd9/0x360 [ 40.736292] ? tca_action_gd+0x1720/0x1720 [ 40.740518] ? memset+0x20/0x40 [ 40.743779] ? nla_parse+0x1b2/0x290 [ 40.747474] tc_ctl_action+0x337/0x417 [ 40.751357] ? tcf_action_add+0x360/0x360 [ 40.755490] ? tcf_action_add+0x360/0x360 [ 40.759619] rtnetlink_rcv_msg+0x498/0xc10 [ 40.763833] ? rtnl_get_link+0x270/0x270 [ 40.767883] ? __netlink_lookup+0x481/0x7e0 [ 40.772210] ? find_held_lock+0x2d/0x110 [ 40.776267] netlink_rcv_skb+0x160/0x440 [ 40.780307] ? rtnl_get_link+0x270/0x270 [ 40.784353] ? netlink_ack+0xae0/0xae0 [ 40.788242] netlink_unicast+0x4d5/0x690 [ 40.792284] ? netlink_sendskb+0x110/0x110 [ 40.796504] netlink_sendmsg+0x717/0xcc0 [ 40.800561] ? nlmsg_notify+0x1a0/0x1a0 [ 40.804518] ? __sock_recv_ts_and_drops+0x540/0x540 [ 40.809516] ? nlmsg_notify+0x1a0/0x1a0 [ 40.813476] sock_sendmsg+0xc7/0x130 [ 40.817193] ___sys_sendmsg+0x3b3/0x8f0 [ 40.821148] ? do_syscall_64+0xf9/0x670 [ 40.825120] ? copy_msghdr_from_user+0x440/0x440 [ 40.829869] ? mark_held_locks+0xf0/0xf0 [ 40.833908] ? find_held_lock+0x2d/0x110 [ 40.837976] ? fs_reclaim_release+0xd0/0x110 [ 40.842367] ? find_held_lock+0x2d/0x110 [ 40.846419] ? __might_fault+0x11f/0x1d0 [ 40.850467] ? lock_downgrade+0x750/0x750 [ 40.854600] ? lock_acquire+0x170/0x3f0 [ 40.858592] ? __might_fault+0xef/0x1d0 [ 40.862551] __sys_sendmmsg+0x195/0x470 [ 40.866505] ? __ia32_sys_sendmsg+0x220/0x220 [ 40.871000] ? find_held_lock+0x2d/0x110 [ 40.875056] ? __fget_light+0x1a2/0x230 [ 40.879024] ? sockfd_lookup_light+0xc6/0x180 [ 40.883499] ? __x64_sys_sendmsg+0x159/0x220 [ 40.887892] ? __sys_sendmsg+0x1b0/0x1b0 [ 40.891939] ? __sys_socket+0x16d/0x200 [ 40.895920] ? move_addr_to_kernel+0x70/0x70 [ 40.900311] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 40.905671] __x64_sys_sendmmsg+0x99/0x100 [ 40.909884] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 40.914444] do_syscall_64+0xf9/0x670 [ 40.918226] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.923394] RIP: 0033:0x440389 [ 40.926565] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.945444] RSP: 002b:00007fff8