IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 ================================================================================ UBSAN: Undefined behaviour in ./include/net/red.h:272:18 shift exponent 173 is too large for 64-bit type 'long unsigned int' wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 CPU: 1 PID: 6532 Comm: syz-executor.3 Not tainted 4.19.147-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 red_calc_qavg_from_idle_time include/net/red.h:272 [inline] red_adaptative_algo include/net/red.h:404 [inline] red_adaptative_timer+0x7ed/0x870 net/sched/sch_red.c:266 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338 expire_timers+0x243/0x500 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1703 [inline] run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716 __do_softirq+0x27d/0xad2 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x22d/0x270 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:544 [inline] smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:mls_compute_sid+0x75/0xe10 security/selinux/ss/mls.c:516 Code: 44 24 28 f8 89 1e 89 89 44 24 14 48 c7 44 24 30 40 29 5c 83 c7 02 f1 f1 f1 f1 c7 42 04 00 04 f3 f3 65 48 8b 04 25 28 00 00 00 <48> 89 44 24 78 31 c0 e8 1f 99 15 fe 48 89 da 48 c1 ea 03 42 0f b6 RSP: 0018:ffff88808782fa68 EFLAGS: 00000a02 ORIG_RAX: ffffffffffffff13 RAX: e53f3984652e2900 RBX: ffffffff8d404868 RCX: 000000000000002b RDX: ffffed1010f05f51 RSI: ffff8880990f2508 RDI: ffffffff8d404868 RBP: ffff88808782fc18 R08: 0000000000000010 R09: ffff88808782fc18 R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000010 R13: ffff8880990f2508 R14: 1ffff11010f05f51 R15: dffffc0000000000 BTRFS: device fsid f27a566b-cd43-484e-ac91-9061ceff1bf4 devid 1 transid 7 /dev/loop4 security_compute_sid.part.0+0xd74/0x13e0 security/selinux/ss/services.c:1785 security_compute_sid security/selinux/ss/services.c:1825 [inline] security_transition_sid+0x142/0x1b0 security/selinux/ss/services.c:1825 socket_sockcreate_sid security/selinux/hooks.c:4561 [inline] selinux_socket_create+0x46e/0x5f0 security/selinux/hooks.c:4595 security_socket_create+0x5c/0xc0 security/security.c:1375 __sock_create+0x88/0x820 net/socket.c:1231 sock_create net/socket.c:1316 [inline] __sys_socket+0xef/0x200 net/socket.c:1346 __do_sys_socket net/socket.c:1355 [inline] __se_sys_socket net/socket.c:1353 [inline] __x64_sys_socket+0x6f/0xb0 net/socket.c:1353 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x460cc7 Code: 00 00 00 49 89 ca b8 36 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 da 86 fb ff c3 66 0f 1f 84 00 00 00 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd 86 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffd9c947818 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00000000016a4300 RCX: 0000000000460cc7 RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 RBP: 0000000000000041 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000000 ================================================================================ BTRFS error (device loop4): unsupported checksum algorithm 3 BTRFS error (device loop4): superblock checksum mismatch BTRFS error (device loop4): open_ctree failed BTRFS error (device loop4): unsupported checksum algorithm 3 BTRFS error (device loop4): superblock checksum mismatch BTRFS error (device loop4): open_ctree failed batman_adv: batadv0: Interface deactivated: batadv_slave_1 device batadv_slave_1 entered promiscuous mode audit: type=1326 audit(1601058101.548:9): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8109 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x460fba code=0x0 audit: type=1804 audit(1601058101.678:10): pid=8126 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir132794766/syzkaller.xUJYIW/7/file0/bus" dev="ramfs" ino=30971 res=1 audit: type=1804 audit(1601058101.908:11): pid=8132 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir132794766/syzkaller.xUJYIW/7/file0/file0/bus" dev="ramfs" ino=30592 res=1 audit: type=1326 audit(1601058102.258:12): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8109 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x460fba code=0x0 audit: type=1400 audit(1601058102.538:13): avc: denied { create } for pid=8164 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 audit: type=1400 audit(1601058102.558:14): avc: denied { name_bind } for pid=8164 comm="syz-executor.1" src=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. audit: type=1400 audit(1601058102.558:15): avc: denied { node_bind } for pid=8164 comm="syz-executor.1" src=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 audit: type=1400 audit(1601058102.558:16): avc: denied { name_connect } for pid=8164 comm="syz-executor.1" dest=20003 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 device lo entered promiscuous mode audit: type=1326 audit(1601058102.798:17): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8172 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x460fba code=0x0 can: request_module (can-proto-0) failed. can: request_module (can-proto-0) failed. syz-executor.2 (8310) used greatest stack depth: 22976 bytes left IPVS: ftp: loaded support on port[0] = 21 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 input: syz0 as /devices/virtual/input/input8 input: syz0 as /devices/virtual/input/input9 audit: type=1804 audit(1601058110.188:18): pid=8586 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir963496012/syzkaller.mdAFhN/12/bus" dev="sda1" ino=15806 res=1 audit: type=1804 audit(1601058110.298:19): pid=8587 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir963496012/syzkaller.mdAFhN/12/bus" dev="sda1" ino=15806 res=1