Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.18' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 73.295822][ T8498] ================================================================================ [ 73.305239][ T8498] UBSAN: shift-out-of-bounds in net/netfilter/ipset/ip_set_hash_gen.h:151:6 [ 73.319187][ T8498] shift exponent 32 is too large for 32-bit type 'unsigned int' [ 73.326915][ T8498] CPU: 0 PID: 8498 Comm: syz-executor519 Not tainted 5.10.0-rc7-next-20201208-syzkaller #0 [ 73.336904][ T8498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.346940][ T8498] Call Trace: [ 73.350229][ T8498] dump_stack+0x107/0x163 [ 73.354541][ T8498] ubsan_epilogue+0xb/0x5a [ 73.358937][ T8498] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 [ 73.365677][ T8498] ? rcu_read_lock_sched_held+0x3a/0x70 [ 73.371239][ T8498] ? unpoison_range+0x2c/0x50 [ 73.375898][ T8498] ? ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 73.381861][ T8498] hash_mac_create.cold+0x58/0x9b [ 73.386888][ T8498] ? __nla_parse+0x3d/0x50 [ 73.391398][ T8498] ? hash_mac4_head+0xf60/0xf60 [ 73.396230][ T8498] ip_set_create+0x610/0x1380 [ 73.400889][ T8498] ? __find_set_type_get+0x420/0x420 [ 73.406165][ T8498] ? find_held_lock+0x2d/0x110 [ 73.410955][ T8498] ? __find_set_type_get+0x420/0x420 [ 73.416223][ T8498] nfnetlink_rcv_msg+0xecc/0x1180 [ 73.421234][ T8498] ? nfnetlink_rcv+0x420/0x420 [ 73.425979][ T8498] ? __kernel_text_address+0x9/0x30 [ 73.431196][ T8498] ? __lock_acquire+0xbdc/0x54b0 [ 73.436162][ T8498] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 73.442118][ T8498] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 73.448081][ T8498] netlink_rcv_skb+0x153/0x420 [ 73.452845][ T8498] ? nfnetlink_rcv+0x420/0x420 [ 73.457590][ T8498] ? netlink_ack+0xab0/0xab0 [ 73.462166][ T8498] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.468396][ T8498] ? ns_capable_common+0x117/0x140 [ 73.473595][ T8498] nfnetlink_rcv+0x1ac/0x420 [ 73.478163][ T8498] ? nfnetlink_rcv_batch+0x21e0/0x21e0 [ 73.483608][ T8498] netlink_unicast+0x533/0x7d0 [ 73.488367][ T8498] ? netlink_attachskb+0x870/0x870 [ 73.493469][ T8498] ? _copy_from_iter_full+0x275/0x850 [ 73.498820][ T8498] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 73.505037][ T8498] ? __phys_addr_symbol+0x2c/0x70 [ 73.510037][ T8498] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 73.515735][ T8498] ? __check_object_size+0x171/0x3f0 [ 73.521001][ T8498] netlink_sendmsg+0x907/0xe40 [ 73.525748][ T8498] ? netlink_unicast+0x7d0/0x7d0 [ 73.530678][ T8498] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.536898][ T8498] ? netlink_unicast+0x7d0/0x7d0 [ 73.541813][ T8498] sock_sendmsg+0xcf/0x120 [ 73.546209][ T8498] ____sys_sendmsg+0x6e8/0x810 [ 73.550951][ T8498] ? kernel_sendmsg+0x50/0x50 [ 73.555620][ T8498] ? do_recvmmsg+0x6c0/0x6c0 [ 73.560193][ T8498] ? find_held_lock+0x2d/0x110 [ 73.564941][ T8498] ___sys_sendmsg+0xf3/0x170 [ 73.570555][ T8498] ? sendmsg_copy_msghdr+0x160/0x160 [ 73.575827][ T8498] ? do_huge_pmd_anonymous_page+0x927/0x23c0 [ 73.581789][ T8498] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 73.588019][ T8498] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.594247][ T8498] ? find_held_lock+0x2d/0x110 [ 73.598989][ T8498] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.605216][ T8498] ? __fget_light+0x215/0x280 [ 73.609879][ T8498] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 73.616111][ T8498] __sys_sendmsg+0xe5/0x1b0 [ 73.620594][ T8498] ? __sys_sendmsg_sock+0xb0/0xb0 [ 73.625598][ T8498] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.631834][ T8498] ? syscall_enter_from_user_mode+0x1d/0x50 [ 73.637724][ T8498] do_syscall_64+0x2d/0x70 [ 73.642133][ T8498] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.648001][ T8498] RIP: 0033:0x440419 [ 73.651877][ T8498] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 73.671465][ T8498] RSP: 002b:00007ffd29571ba8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 73.679865][ T8498] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440419 [ 73.687821][ T8498] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 73.695789][ T8498] RBP: 00000000006ca018 R08: 0000000000000009 R09: 00000000004002c8 [ 73.703742][ T8498] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000401c20 [ 73.711695][ T8498] R13: 0000000000401cb0 R14: 0000000000000000 R15: 0000000000000000 [ 73.721362][ T8498] ================================================================================ [ 73.730919][ T8498] Kernel panic - not syncing: panic_on_warn set ... [ 73.737517][ T8498] CPU: 0 PID: 8498 Comm: syz-executor519 Not tainted 5.10.0-rc7-next-20201208-syzkaller #0 [ 73.747505][ T8498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.757564][ T8498] Call Trace: [ 73.760870][ T8498] dump_stack+0x107/0x163 [ 73.765203][ T8498] panic+0x343/0x77f [ 73.769108][ T8498] ? __warn_printk+0xf3/0xf3 [ 73.773715][ T8498] ? ubsan_epilogue+0x3e/0x5a [ 73.778404][ T8498] ubsan_epilogue+0x54/0x5a [ 73.782918][ T8498] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 [ 73.789701][ T8498] ? rcu_read_lock_sched_held+0x3a/0x70 [ 73.795261][ T8498] ? unpoison_range+0x2c/0x50 [ 73.799950][ T8498] ? ____kasan_kmalloc.constprop.0+0xa0/0xd0 [ 73.805949][ T8498] hash_mac_create.cold+0x58/0x9b [ 73.810986][ T8498] ? __nla_parse+0x3d/0x50 [ 73.815420][ T8498] ? hash_mac4_head+0xf60/0xf60 [ 73.820285][ T8498] ip_set_create+0x610/0x1380 [ 73.825108][ T8498] ? __find_set_type_get+0x420/0x420 [ 73.830427][ T8498] ? find_held_lock+0x2d/0x110 [ 73.835216][ T8498] ? __find_set_type_get+0x420/0x420 [ 73.840533][ T8498] nfnetlink_rcv_msg+0xecc/0x1180 [ 73.845564][ T8498] ? nfnetlink_rcv+0x420/0x420 [ 73.850311][ T8498] ? __kernel_text_address+0x9/0x30 [ 73.855507][ T8498] ? __lock_acquire+0xbdc/0x54b0 [ 73.860434][ T8498] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 73.866398][ T8498] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 73.872383][ T8498] netlink_rcv_skb+0x153/0x420 [ 73.877132][ T8498] ? nfnetlink_rcv+0x420/0x420 [ 73.881878][ T8498] ? netlink_ack+0xab0/0xab0 [ 73.886455][ T8498] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.892672][ T8498] ? ns_capable_common+0x117/0x140 [ 73.897767][ T8498] nfnetlink_rcv+0x1ac/0x420 [ 73.902335][ T8498] ? nfnetlink_rcv_batch+0x21e0/0x21e0 [ 73.907777][ T8498] netlink_unicast+0x533/0x7d0 [ 73.912527][ T8498] ? netlink_attachskb+0x870/0x870 [ 73.917619][ T8498] ? _copy_from_iter_full+0x275/0x850 [ 73.922970][ T8498] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 73.929189][ T8498] ? __phys_addr_symbol+0x2c/0x70 [ 73.934191][ T8498] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 73.939895][ T8498] ? __check_object_size+0x171/0x3f0 [ 73.945165][ T8498] netlink_sendmsg+0x907/0xe40 [ 73.949911][ T8498] ? netlink_unicast+0x7d0/0x7d0 [ 73.954842][ T8498] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.961061][ T8498] ? netlink_unicast+0x7d0/0x7d0 [ 73.965989][ T8498] sock_sendmsg+0xcf/0x120 [ 73.970385][ T8498] ____sys_sendmsg+0x6e8/0x810 [ 73.975128][ T8498] ? kernel_sendmsg+0x50/0x50 [ 73.979797][ T8498] ? do_recvmmsg+0x6c0/0x6c0 [ 73.984368][ T8498] ? find_held_lock+0x2d/0x110 [ 73.989114][ T8498] ___sys_sendmsg+0xf3/0x170 [ 73.993702][ T8498] ? sendmsg_copy_msghdr+0x160/0x160 [ 73.998975][ T8498] ? do_huge_pmd_anonymous_page+0x927/0x23c0 [ 74.005023][ T8498] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 74.011255][ T8498] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.017476][ T8498] ? find_held_lock+0x2d/0x110 [ 74.022220][ T8498] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.028436][ T8498] ? __fget_light+0x215/0x280 [ 74.033092][ T8498] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 74.039319][ T8498] __sys_sendmsg+0xe5/0x1b0 [ 74.043802][ T8498] ? __sys_sendmsg_sock+0xb0/0xb0 [ 74.048805][ T8498] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 74.055033][ T8498] ? syscall_enter_from_user_mode+0x1d/0x50 [ 74.060922][ T8498] do_syscall_64+0x2d/0x70 [ 74.065321][ T8498] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 74.071190][ T8498] RIP: 0033:0x440419 [ 74.075065][ T8498] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 74.094661][ T8498] RSP: 002b:00007ffd29571ba8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.103068][ T8498] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440419 [ 74.111019][ T8498] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 74.118969][ T8498] RBP: 00000000006ca018 R08: 0000000000000009 R09: 00000000004002c8 [ 74.126918][ T8498] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000401c20 [ 74.134866][ T8498] R13: 0000000000401cb0 R14: 0000000000000000 R15: 0000000000000000 [ 74.143618][ T8498] Kernel Offset: disabled [ 74.148017][ T8498] Rebooting in 86400 seconds..