[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 65.014007][ T8453] sshd (8453) used greatest stack depth: 22728 bytes left Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts. [ 207.272317][ T8489] IPVS: ftp: loaded support on port[0] = 21 [ 207.387825][ T24] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 207.401832][ T24] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 207.423902][ T3205] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready executing program executing program executing program executing program executing program executing program [ 207.445217][ T24] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 207.453163][ T24] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 207.462641][ T3205] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 207.895212][ T3205] ================================================================================ [ 207.904796][ T3205] UBSAN: shift-out-of-bounds in net/sched/sch_api.c:571:7 [ 207.911979][ T3205] shift exponent 144 is too large for 32-bit type 'int' [ 207.919325][ T3205] CPU: 0 PID: 3205 Comm: kworker/0:3 Not tainted 5.11.0-rc4-syzkaller #0 [ 207.927748][ T3205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.937799][ T3205] Workqueue: ipv6_addrconf addrconf_dad_work [ 207.943788][ T3205] Call Trace: [ 207.947079][ T3205] dump_stack+0x107/0x163 [ 207.951402][ T3205] ubsan_epilogue+0xb/0x5a [ 207.955805][ T3205] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 [ 207.962557][ T3205] ? call_rcu+0x2e3/0x700 [ 207.966920][ T3205] __qdisc_calculate_pkt_len.cold+0x62/0xcf [ 207.972814][ T3205] __dev_queue_xmit+0x1276/0x2dd0 [ 207.977837][ T3205] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 207.983112][ T3205] ? ip6_finish_output2+0x6b8/0x16c0 [ 207.988437][ T3205] ? mark_held_locks+0x9f/0xe0 [ 207.993207][ T3205] ? memcpy+0x39/0x60 [ 207.997184][ T3205] neigh_resolve_output+0x4d8/0x7e0 [ 208.002397][ T3205] ip6_finish_output2+0x6b8/0x16c0 [ 208.007521][ T3205] __ip6_finish_output+0x4c1/0xe10 [ 208.012658][ T3205] ip6_finish_output+0x35/0x200 [ 208.017499][ T3205] ip6_output+0x1db/0x520 [ 208.021826][ T3205] ndisc_send_skb+0xa90/0x1750 [ 208.026603][ T3205] ? ndisc_ifinfo_sysctl_change+0x5f0/0x5f0 [ 208.032501][ T3205] ? ndisc_parse_options.part.0+0x510/0x510 [ 208.038394][ T3205] ? rcu_read_lock_sched_held+0x3a/0x70 [ 208.043931][ T3205] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 208.050168][ T3205] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 208.056397][ T3205] ? skb_set_owner_w+0x270/0x420 [ 208.061330][ T3205] ndisc_send_ns+0x3a9/0x850 [ 208.065913][ T3205] ? pndisc_redo+0x20/0x20 [ 208.070316][ T3205] ? mark_held_locks+0x9f/0xe0 [ 208.075072][ T3205] ? __local_bh_enable_ip+0xa0/0x110 [ 208.080364][ T3205] addrconf_dad_work+0xc1c/0x1280 [ 208.085377][ T3205] ? addrconf_dad_completed+0xc60/0xc60 [ 208.090920][ T3205] process_one_work+0x98d/0x15f0 [ 208.095854][ T3205] ? pwq_dec_nr_in_flight+0x320/0x320 [ 208.101218][ T3205] ? rwlock_bug.part.0+0x90/0x90 [ 208.106145][ T3205] ? _raw_spin_lock_irq+0x41/0x50 [ 208.111165][ T3205] worker_thread+0x64c/0x1120 [ 208.115837][ T3205] ? __kthread_parkme+0x13f/0x1e0 [ 208.120864][ T3205] ? process_one_work+0x15f0/0x15f0 [ 208.126052][ T3205] kthread+0x3b1/0x4a0 [ 208.130124][ T3205] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 208.136010][ T3205] ret_from_fork+0x1f/0x30 [ 208.140553][ T3205] ================================================================================ [ 208.149882][ T3205] Kernel panic - not syncing: panic_on_warn set ... [ 208.156464][ T3205] CPU: 0 PID: 3205 Comm: kworker/0:3 Not tainted 5.11.0-rc4-syzkaller #0 [ 208.164881][ T3205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.174924][ T3205] Workqueue: ipv6_addrconf addrconf_dad_work [ 208.180917][ T3205] Call Trace: [ 208.184188][ T3205] dump_stack+0x107/0x163 [ 208.188515][ T3205] panic+0x306/0x73d [ 208.192410][ T3205] ? __warn_printk+0xf3/0xf3 [ 208.196998][ T3205] ? ubsan_epilogue+0x3e/0x5a [ 208.201671][ T3205] ubsan_epilogue+0x54/0x5a [ 208.206178][ T3205] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 [ 208.212934][ T3205] ? call_rcu+0x2e3/0x700 [ 208.217270][ T3205] __qdisc_calculate_pkt_len.cold+0x62/0xcf [ 208.223176][ T3205] __dev_queue_xmit+0x1276/0x2dd0 [ 208.228227][ T3205] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 208.233522][ T3205] ? ip6_finish_output2+0x6b8/0x16c0 [ 208.238803][ T3205] ? mark_held_locks+0x9f/0xe0 [ 208.243558][ T3205] ? memcpy+0x39/0x60 [ 208.247532][ T3205] neigh_resolve_output+0x4d8/0x7e0 [ 208.252748][ T3205] ip6_finish_output2+0x6b8/0x16c0 [ 208.257864][ T3205] __ip6_finish_output+0x4c1/0xe10 [ 208.262974][ T3205] ip6_finish_output+0x35/0x200 [ 208.267820][ T3205] ip6_output+0x1db/0x520 [ 208.272162][ T3205] ndisc_send_skb+0xa90/0x1750 [ 208.276962][ T3205] ? ndisc_ifinfo_sysctl_change+0x5f0/0x5f0 [ 208.282846][ T3205] ? ndisc_parse_options.part.0+0x510/0x510 [ 208.288727][ T3205] ? rcu_read_lock_sched_held+0x3a/0x70 [ 208.294262][ T3205] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 208.300513][ T3205] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 208.306752][ T3205] ? skb_set_owner_w+0x270/0x420 [ 208.311684][ T3205] ndisc_send_ns+0x3a9/0x850 [ 208.316265][ T3205] ? pndisc_redo+0x20/0x20 [ 208.320672][ T3205] ? mark_held_locks+0x9f/0xe0 [ 208.325433][ T3205] ? __local_bh_enable_ip+0xa0/0x110 [ 208.330712][ T3205] addrconf_dad_work+0xc1c/0x1280 [ 208.335801][ T3205] ? addrconf_dad_completed+0xc60/0xc60 [ 208.341343][ T3205] process_one_work+0x98d/0x15f0 [ 208.346280][ T3205] ? pwq_dec_nr_in_flight+0x320/0x320 [ 208.351652][ T3205] ? rwlock_bug.part.0+0x90/0x90 [ 208.356602][ T3205] ? _raw_spin_lock_irq+0x41/0x50 [ 208.361623][ T3205] worker_thread+0x64c/0x1120 [ 208.366298][ T3205] ? __kthread_parkme+0x13f/0x1e0 [ 208.371308][ T3205] ? process_one_work+0x15f0/0x15f0 [ 208.376493][ T3205] kthread+0x3b1/0x4a0 [ 208.380547][ T3205] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 208.386434][ T3205] ret_from_fork+0x1f/0x30 [ 208.391739][ T3205] Kernel Offset: disabled [ 208.396159][ T3205] Rebooting in 86400 seconds..