[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.227' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.967019] audit: type=1400 audit(1600623327.901:8): avc: denied { execmem } for pid=6490 comm="syz-executor263" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 41.969247] ================================================================================ [ 41.995576] UBSAN: Undefined behaviour in net/sched/sch_api.c:375:22 [ 42.002084] shift exponent 255 is too large for 32-bit type 'int' [ 42.008310] CPU: 0 PID: 6490 Comm: syz-executor263 Not tainted 4.19.146-syzkaller #0 [ 42.016389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.025853] Call Trace: [ 42.028433] dump_stack+0x22c/0x33e [ 42.032049] ubsan_epilogue+0xe/0x3a [ 42.035765] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 42.041921] ? qdisc_get_rtab+0x1d4/0x770 [ 42.046139] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 42.051155] ? kmem_cache_alloc_trace+0x379/0x4b0 [ 42.056056] qdisc_get_rtab.cold+0x1d/0x8e [ 42.060301] tbf_change+0x99d/0x1230 [ 42.064002] ? mark_held_locks+0xa6/0xf0 [ 42.068090] ? _raw_spin_unlock_irqrestore+0x7d/0xf0 [ 42.073180] ? tbf_enqueue+0x9b0/0x9b0 [ 42.081410] ? find_held_lock+0x2d/0x110 [ 42.087366] ? tbf_init+0x5e/0xc4 [ 42.090818] ? kvm_clock_get_cycles+0x14/0x30 [ 42.095314] ? ktime_get+0x21b/0x320 [ 42.099027] ? tbf_change+0x1230/0x1230 [ 42.103080] tbf_init+0x91/0xc4 [ 42.107125] qdisc_create+0x534/0x1080 [ 42.110997] ? tc_get_qdisc+0xad0/0xad0 [ 42.114956] ? nla_parse+0x1b2/0x290 [ 42.118671] tc_modify_qdisc+0x4c0/0x195b [ 42.122804] ? qdisc_create+0x1080/0x1080 [ 42.126935] ? rtnetlink_rcv_msg+0x443/0xc10 [ 42.131334] ? qdisc_create+0x1080/0x1080 [ 42.135462] rtnetlink_rcv_msg+0x498/0xc10 [ 42.139677] ? rtnl_get_link+0x270/0x270 [ 42.143720] ? __netlink_lookup+0x481/0x7e0 [ 42.148026] ? find_held_lock+0x2d/0x110 [ 42.152082] netlink_rcv_skb+0x160/0x440 [ 42.156126] ? rtnl_get_link+0x270/0x270 [ 42.160185] ? netlink_ack+0xae0/0xae0 [ 42.164059] netlink_unicast+0x4d5/0x690 [ 42.168124] ? netlink_sendskb+0x110/0x110 [ 42.172360] netlink_sendmsg+0x717/0xcc0 [ 42.176419] ? nlmsg_notify+0x1a0/0x1a0 [ 42.180374] ? __sock_recv_ts_and_drops+0x540/0x540 [ 42.185375] ? nlmsg_notify+0x1a0/0x1a0 [ 42.189329] sock_sendmsg+0xc7/0x130 [ 42.193022] ___sys_sendmsg+0x7bb/0x8f0 [ 42.197344] ? copy_msghdr_from_user+0x440/0x440 [ 42.202101] ? selinux_file_alloc_security+0xe4/0x1c0 [ 42.207274] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 42.212278] ? __lockdep_init_map+0x100/0x5c0 [ 42.216842] ? check_preemption_disabled+0x41/0x2b0 [ 42.221838] ? mark_held_locks+0xf0/0xf0 [ 42.225915] ? percpu_counter_add_batch+0x126/0x180 [ 42.230918] ? alloc_empty_file+0xd7/0x170 [ 42.235408] ? errseq_sample+0x56/0x70 [ 42.239277] ? find_held_lock+0x2d/0x110 [ 42.243321] ? __fd_install+0x22a/0x6e0 [ 42.247283] ? __fget_light+0x1a2/0x230 [ 42.251359] __x64_sys_sendmsg+0x132/0x220 [ 42.255584] ? __sys_sendmsg+0x1b0/0x1b0 [ 42.259726] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 42.264470] ? trace_hardirqs_off_caller+0x69/0x210 [ 42.269472] ? do_syscall_64+0x21/0x670 [ 42.273623] do_syscall_64+0xf9/0x670 [ 42.277412] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.282583] RIP: 0033:0x440fe9 [ 42.285756] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 42.305033] RSP: 002b:00007ffe2ff6a018 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 42.312747] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440fe9 [ 42.320007] RDX: 0000000000000000 RSI: 0000000020000800 RDI: 0000000000000004 [ 42.327268] RBP: 00000000006cb018 R08: 0000000000000000 R09: 00000000004002c8 [ 42.334556] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004027f0 [ 42.341817] R13: 0000000000402880 R14: 0000000000000000 R15: 0000000000000000 [ 42.349080] ================================================================================ [ 42.358790] ================================================================================ [ 42.367384] UBSAN: Undefined behaviour in net/sched/sch_api.c:376:24 [ 42.373881] shift exponent 255 is too large for 32-bit type 'int' [ 42.380117] CPU: 0 PID: 6490 Comm: syz-executor263 Not tainted 4.19.146-syzkaller #0 [ 42.387993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.397530] Call Trace: [ 42.400267] dump_stack+0x22c/0x33e [ 42.403901] ubsan_epilogue+0xe/0x3a [ 42.407610] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 42.413760] ? qdisc_get_rtab+0x1d4/0x770 [ 42.417912] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 42.422912] ? kmem_cache_alloc_trace+0x379/0x4b0 [ 42.427738] qdisc_get_rtab.cold+0x7f/0x8e [ 42.431957] tbf_change+0x99d/0x1230 [ 42.435654] ? mark_held_locks+0xa6/0xf0 [ 42.439703] ? _raw_spin_unlock_irqrestore+0x7d/0xf0 [ 42.444799] ? tbf_enqueue+0x9b0/0x9b0 [ 42.448671] ? find_held_lock+0x2d/0x110 [ 42.452713] ? tbf_init+0x5e/0xc4 [ 42.456156] ? kvm_clock_get_cycles+0x14/0x30 [ 42.460668] ? ktime_get+0x21b/0x320 [ 42.464362] ? tbf_change+0x1230/0x1230 [ 42.468319] tbf_init+0x91/0xc4 [ 42.471584] qdisc_create+0x534/0x1080 [ 42.475454] ? tc_get_qdisc+0xad0/0xad0 [ 42.479417] ? nla_parse+0x1b2/0x290 [ 42.483202] tc_modify_qdisc+0x4c0/0x195b [ 42.487338] ? qdisc_create+0x1080/0x1080 [ 42.491466] ? rtnetlink_rcv_msg+0x443/0xc10 [ 42.495902] ? qdisc_create+0x1080/0x1080 [ 42.500031] rtnetlink_rcv_msg+0x498/0xc10 [ 42.504356] ? rtnl_get_link+0x270/0x270 [ 42.508539] ? __netlink_lookup+0x481/0x7e0 [ 42.512857] ? find_held_lock+0x2d/0x110 [ 42.516930] netlink_rcv_skb+0x160/0x440 [ 42.520981] ? rtnl_get_link+0x270/0x270 [ 42.525041] ? netlink_ack+0xae0/0xae0 [ 42.529891] netlink_unicast+0x4d5/0x690 [ 42.533941] ? netlink_sendskb+0x110/0x110 [ 42.538279] netlink_sendmsg+0x717/0xcc0 [ 42.542335] ? nlmsg_notify+0x1a0/0x1a0 [ 42.546322] ? __sock_recv_ts_and_drops+0x540/0x540 [ 42.551342] ? nlmsg_notify+0x1a0/0x1a0 [ 42.555409] sock_sendmsg+0xc7/0x130 [ 42.559129] ___sys_sendmsg+0x7bb/0x8f0 [ 42.563725] ? copy_msghdr_from_user+0x440/0x440 [ 42.568468] ? selinux_file_alloc_security+0xe4/0x1c0 [ 42.573641] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 42.578639] ? __lockdep_init_map+0x100/0x5c0 [ 42.583117] ? check_preemption_disabled+0x41/0x2b0 [ 42.588114] ? mark_held_locks+0xf0/0xf0 [ 42.592175] ? percpu_counter_add_batch+0x126/0x180 [ 42.597190] ? alloc_empty_file+0xd7/0x170 [ 42.601423] ? errseq_sample+0x56/0x70 [ 42.605307] ? find_held_lock+0x2d/0x110 [ 42.609379] ? __fd_install+0x22a/0x6e0 [ 42.613789] ? __fget_light+0x1a2/0x230 [ 42.617768] __x64_sys_sendmsg+0x132/0x220 [ 42.622021] ? __sys_sendmsg+0x1b0/0x1b0 [ 42.626077] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 42.631007] ? trace_hardirqs_off_caller+0x69/0x210 [ 42.636135] ? do_syscall_64+0x21/0x670 [ 42.640099] do_syscall_64+0xf9/0x670 [ 42.643893] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.649067] RIP: 0033:0x440fe9 [ 42.652252] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 42.671140] RSP: 002b:00007ffe2ff6a018 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 42.678836] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440fe9 [ 42.686905] RDX: 0000000000000000 RSI: 0000000020000800 RDI: 0000000000000004 [ 42.694295] RBP: 00000000006cb018 R08: 0000000000000000 R09: 00000000004002c8 [ 42.701663] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004027f0 [ 42.708930] R13: 0000000000402880 R14: 0000000000000000 R15: 0000000000000000 [ 42.716195] ================================