FAT-fs (loop1): bogus number of FAT sectors FAT-fs (loop1): Can't find a valid FAT filesystem ================================================================================ UBSAN: Undefined behaviour in ./include/net/sch_generic.h:1051:7 shift exponent 129 is too large for 32-bit type 'int' CPU: 0 PID: 8615 Comm: syz-executor.0 Not tainted 4.19.149-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 qdisc_l2t include/net/sch_generic.h:1051 [inline] cbq_update net/sched/sch_cbq.c:567 [inline] cbq_dequeue.cold+0x189/0x18e net/sched/sch_cbq.c:814 dequeue_skb net/sched/sch_generic.c:282 [inline] qdisc_restart net/sched/sch_generic.c:385 [inline] __qdisc_run+0x1b9/0x1680 net/sched/sch_generic.c:403 qdisc_run include/net/pkt_sched.h:120 [inline] net_tx_action+0x520/0xce0 net/core/dev.c:4592 __do_softirq+0x27d/0xad2 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x22d/0x270 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:544 [inline] smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x50 kernel/kcov.c:100 Code: 04 0f 88 4c 89 25 7c cb bc 0b 41 bc f4 ff ff ff e8 c0 7b e9 ff 48 c7 05 66 cb bc 0b 00 00 00 00 e9 39 ec ff ff 90 48 8b 34 24 <65> 48 8b 04 25 40 ee 01 00 65 8b 15 5c 1b 90 7e 81 e2 00 01 1f 00 RSP: 0018:ffff88804aec7a40 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000002 RBX: 0000000000000001 RCX: ffffffff83a2a533 RDX: 0000000000000001 RSI: ffffffff83a2a53c RDI: 0000000000000005 RBP: ffffffff8851f340 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000001 R12: 0000000000000000 R13: ffffffff8851f300 R14: ffff888050032000 R15: dffffc0000000000 check_preemption_disabled+0x3c/0x2b0 lib/smp_processor_id.c:25 rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:348 [inline] rcu_is_watching+0xe/0x100 kernel/rcu/tree.c:1025 rcu_read_lock_held+0xba/0x110 kernel/rcu/update.c:283 ct_expect_get_first net/netfilter/nf_conntrack_expect.c:545 [inline] ct_expect_get_idx net/netfilter/nf_conntrack_expect.c:568 [inline] exp_seq_start+0x232/0x350 net/netfilter/nf_conntrack_expect.c:580 seq_read+0x29e/0x10c0 fs/seq_file.c:224 proc_reg_read+0x1bd/0x2d0 fs/proc/inode.c:231 do_loop_readv_writev fs/read_write.c:701 [inline] do_loop_readv_writev fs/read_write.c:688 [inline] do_iter_read+0x471/0x630 fs/read_write.c:925 vfs_readv+0xe5/0x150 fs/read_write.c:987 do_preadv fs/read_write.c:1071 [inline] __do_sys_preadv fs/read_write.c:1121 [inline] __se_sys_preadv fs/read_write.c:1116 [inline] __x64_sys_preadv+0x22b/0x310 fs/read_write.c:1116 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de29 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fd7dfc73c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 RAX: ffffffffffffffda RBX: 0000000000025dc0 RCX: 000000000045de29 RDX: 00000000000003da RSI: 00000000200017c0 RDI: 0000000000000004 RBP: 000000000118bf70 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007fff64a9e28f R14: 00007fd7dfc749c0 R15: 000000000118bf2c ================================================================================ audit: type=1804 audit(1602000229.656:11): pid=8666 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir837376236/syzkaller.JbJVEm/27/file1/file1/bus" dev="sda1" ino=15834 res=1 bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1