================================================================================ UBSAN: Undefined behaviour in net/netfilter/ipset/ip_set_hash_gen.h:125:6 shift exponent 32 is too large for 32-bit type 'unsigned int' CPU: 1 PID: 9204 Comm: syz-executor.2 Not tainted 4.19.150-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 htable_bits net/netfilter/ipset/ip_set_hash_gen.h:125 [inline] hash_netport_create.cold+0x1a/0x1f net/netfilter/ipset/ip_set_hash_gen.h:1290 ip_set_create+0x70e/0x1380 net/netfilter/ipset/ip_set_core.c:940 nfnetlink_rcv_msg+0xeff/0x1210 net/netfilter/nfnetlink.c:233 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2455 nfnetlink_rcv+0x1b2/0x41b net/netfilter/nfnetlink.c:565 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x717/0xcc0 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc7/0x130 net/socket.c:632 sock_no_sendpage+0xf5/0x140 net/core/sock.c:2668 kernel_sendpage net/socket.c:3378 [inline] sock_sendpage+0xdf/0x140 net/socket.c:847 pipe_to_sendpage+0x268/0x330 fs/splice.c:452 REISERFS warning (device nbd5): sh-2006 read_super_block: bread failed (dev nbd5, block 2, size 4096) splice_from_pipe_feed fs/splice.c:503 [inline] __splice_from_pipe+0x3af/0x820 fs/splice.c:627 REISERFS warning (device nbd5): sh-2006 read_super_block: bread failed (dev nbd5, block 16, size 4096) splice_from_pipe fs/splice.c:662 [inline] generic_splice_sendpage+0xd4/0x140 fs/splice.c:833 do_splice_from fs/splice.c:852 [inline] do_splice fs/splice.c:1154 [inline] __do_sys_splice fs/splice.c:1428 [inline] __se_sys_splice+0xf31/0x15f0 fs/splice.c:1408 REISERFS warning (device nbd5): sh-2021 reiserfs_fill_super: can not find reiserfs on nbd5 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f7bff8aec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 00000000000350c0 RCX: 000000000045de59 RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000118bf78 R08: 0000000100000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007ffca271cd5f R14: 00007f7bff8af9c0 R15: 000000000118bf2c ================================================================================ netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 152 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 108 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. syz-executor.2 (9348) used greatest stack depth: 23248 bytes left devpts: called with bogus options UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 512 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 1024 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 2048 failed UDF-fs: warning (device loop1): udf_load_vrs: No VRS found UDF-fs: Scanning with blocksize 4096 failed