[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.40' (ECDSA) to the list of known hosts. syzkaller login: [ 39.350714] audit: type=1400 audit(1602647183.775:8): avc: denied { execmem } for pid=6484 comm="syz-executor005" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 39.367404] IPVS: ftp: loaded support on port[0] = 21 [ 39.454795] chnl_net:caif_netlink_parms(): no params data found [ 39.561108] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.568377] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.576184] device bridge_slave_0 entered promiscuous mode [ 39.583517] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.590114] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.597377] device bridge_slave_1 entered promiscuous mode [ 39.615698] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 39.624956] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 39.643681] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 39.651187] team0: Port device team_slave_0 added [ 39.657210] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 39.664913] team0: Port device team_slave_1 added [ 39.681701] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.688514] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.713783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.725458] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.731692] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.756916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.767678] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 39.775412] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 39.795640] device hsr_slave_0 entered promiscuous mode [ 39.801417] device hsr_slave_1 entered promiscuous mode [ 39.807934] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 39.815336] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 39.886316] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.892877] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.899875] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.906311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.941839] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 39.949158] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.961077] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 39.972672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.981880] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.989525] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.997367] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 40.009087] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 40.015213] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.025212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.032836] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.039275] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.049328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.057327] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.063739] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.085566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 40.093264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 40.102275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.110587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.119887] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 40.126616] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 40.133773] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 40.145744] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 40.153732] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 40.160431] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 40.171867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.185305] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 40.195862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.228519] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 40.235890] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 40.242388] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 40.253892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.261496] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.268938] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.278826] device veth0_vlan entered promiscuous mode [ 40.288376] device veth1_vlan entered promiscuous mode [ 40.295088] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 40.305321] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 40.317386] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 40.327641] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 40.335395] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 40.342791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.352490] device veth0_macvtap entered promiscuous mode [ 40.359122] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 40.368063] device veth1_macvtap entered promiscuous mode [ 40.377538] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 40.386932] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 40.397311] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.404909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.413389] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 40.424773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.436709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 40.705567] ================================================================================ [ 40.714355] UBSAN: Undefined behaviour in ./include/net/red.h:272:18 [ 40.720847] shift exponent 71 is too large for 64-bit type 'long unsigned int' [ 40.728194] CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 4.19.150-syzkaller #0 [ 40.735532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.744876] Workqueue: ipv6_addrconf addrconf_dad_work [ 40.750129] Call Trace: [ 40.752702] dump_stack+0x22c/0x33e [ 40.756313] ubsan_epilogue+0xe/0x3a [ 40.760010] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 40.766281] ? kvm_clock_get_cycles+0x14/0x30 [ 40.770759] ? ktime_get+0x21b/0x320 [ 40.774459] red_enqueue+0x2064/0x2200 [ 40.778417] ? red_graft+0x320/0x320 [ 40.782114] ? __dev_queue_xmit+0x1425/0x2ec0 [ 40.786595] __dev_queue_xmit+0x14e1/0x2ec0 [ 40.790903] ? ctnetlink_conntrack_event+0xc82/0x1405 [ 40.796078] ? netdev_pick_tx+0x350/0x350 [ 40.800214] ? mark_held_locks+0xa6/0xf0 [ 40.804287] ? ip_finish_output2+0x1073/0x1640 [ 40.808889] ip_finish_output2+0xc04/0x1640 [ 40.813196] ? ip_reply_glue_bits+0xb0/0xb0 [ 40.817501] ? lock_downgrade+0x750/0x750 [ 40.821631] ip_finish_output+0x88e/0xd80 [ 40.825775] ip_output+0x203/0x650 [ 40.829304] ? ip_mc_output+0xff0/0xff0 [ 40.833301] ? ip_fragment.constprop.0+0x240/0x240 [ 40.838222] ? prandom_u32+0xa3/0x100 [ 40.842008] ip_local_out+0xaf/0x170 [ 40.845704] iptunnel_xmit+0x63e/0xa30 [ 40.849577] geneve_xmit+0xf46/0x2ac0 [ 40.853368] ? geneve_fill_metadata_dst+0x1590/0x1590 [ 40.858543] ? netif_skb_features+0x3f9/0xb20 [ 40.863027] dev_hard_start_xmit+0x1a8/0x960 [ 40.867440] __dev_queue_xmit+0x276a/0x2ec0 [ 40.871746] ? __neigh_create+0x1286/0x1d80 [ 40.876064] ? netdev_pick_tx+0x350/0x350 [ 40.880210] ? ip6_finish_output2+0x1184/0x2370 [ 40.884863] ? memcpy+0x35/0x50 [ 40.888135] neigh_resolve_output+0x55a/0x950 [ 40.892632] ip6_finish_output2+0x1184/0x2370 [ 40.897112] ? ip6_append_data+0x300/0x300 [ 40.901327] ? lock_downgrade+0x750/0x750 [ 40.905474] ? check_preemption_disabled+0x41/0x2b0 [ 40.910473] ip6_finish_output+0x610/0xcc0 [ 40.914690] ip6_output+0x205/0x7c0 [ 40.918297] ? ip6_finish_output+0xcc0/0xcc0 [ 40.922686] ? ip6_fragment+0x3390/0x3390 [ 40.926817] ? check_preemption_disabled+0x41/0x2b0 [ 40.931833] ndisc_send_skb+0xa6b/0x1860 [ 40.935877] ? pndisc_constructor+0x250/0x250 [ 40.940375] ? __kmalloc_node_track_caller+0x38/0x70 [ 40.945462] ? do_ipv6_setsockopt.constprop.0.cold+0x8c/0x8c [ 40.951263] ? __alloc_skb+0x36d/0x580 [ 40.955131] ? skb_set_owner_w+0x21f/0x370 [ 40.959351] ndisc_send_ns+0x51d/0x840 [ 40.963410] ? addrconf_dad_work+0xab2/0x1130 [ 40.967885] ? pndisc_redo+0x20/0x20 [ 40.971583] ? mark_held_locks+0xa6/0xf0 [ 40.976495] ? addrconf_dad_work+0x677/0x1130 [ 40.980969] ? __local_bh_enable_ip+0x159/0x2a0 [ 40.985620] addrconf_dad_work+0xb78/0x1130 [ 40.989924] ? addrconf_dad_completed+0xb60/0xb60 [ 40.994766] process_one_work+0x796/0x14e0 [ 40.999006] ? init_worker_pool+0x5c0/0x5c0 [ 41.003314] worker_thread+0x64c/0x113