IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 ================================================================================ UBSAN: Undefined behaviour in ./include/net/red.h:272:18 shift exponent 75 is too large for 64-bit type 'long unsigned int' CPU: 0 PID: 8044 Comm: syz-executor.0 Not tainted 4.19.152-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 red_calc_qavg_from_idle_time include/net/red.h:272 [inline] red_calc_qavg include/net/red.h:313 [inline] choke_enqueue+0x2a7e/0x2cc0 net/sched/sch_choke.c:231 __dev_xmit_skb net/core/dev.c:3494 [inline] __dev_queue_xmit+0x14e1/0x2ec0 net/core/dev.c:3807 neigh_hh_output include/net/neighbour.h:491 [inline] neigh_output include/net/neighbour.h:499 [inline] ip_finish_output2+0xc04/0x1640 net/ipv4/ip_output.c:230 ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip_output+0x203/0x650 net/ipv4/ip_output.c:406 dst_output include/net/dst.h:455 [inline] ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125 __ip_queue_xmit+0x8a0/0x1bd0 net/ipv4/ip_output.c:506 __tcp_transmit_skb+0x1c72/0x36c0 net/ipv4/tcp_output.c:1148 tcp_transmit_skb net/ipv4/tcp_output.c:1164 [inline] tcp_send_syn_data net/ipv4/tcp_output.c:3486 [inline] tcp_connect+0x121e/0x2610 net/ipv4/tcp_output.c:3525 tcp_v4_connect+0x141c/0x1aa0 net/ipv4/tcp_ipv4.c:315 __inet_stream_connect+0x836/0xe50 net/ipv4/af_inet.c:655 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready tcp_sendmsg_fastopen net/ipv4/tcp.c:1185 [inline] tcp_sendmsg_locked+0x22cb/0x2fe0 net/ipv4/tcp.c:1232 wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1460 inet_sendmsg+0x174/0x640 net/ipv4/af_inet.c:798 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc7/0x130 net/socket.c:632 __sys_sendto+0x21a/0x320 net/socket.c:1787 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready __do_sys_sendto net/socket.c:1799 [inline] __se_sys_sendto net/socket.c:1795 [inline] __x64_sys_sendto+0xdd/0x1b0 net/socket.c:1795 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f172080fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 000000000002e880 RCX: 000000000045de59 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 RBP: 000000000118c020 R08: 0000000020000100 R09: 0000000000000010 R10: 00000000200007bf R11: 0000000000000246 R12: 000000000118bfd4 R13: 00007ffed2f28baf R14: 00007f17208109c0 R15: 000000000118bfd4 ================================================================================ overlayfs: conflicting lowerdir path SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36624 sclass=netlink_route_socket pid=8067 comm=syz-executor.2 IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready syz-executor.5 (8076) used greatest stack depth: 23528 bytes left SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36624 sclass=netlink_route_socket pid=8096 comm=syz-executor.2 syz-executor.4 (8080) used greatest stack depth: 23040 bytes left overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. IPVS: ftp: loaded support on port[0] = 21 overlayfs: './bus' not a directory overlayfs: './bus' not a directory IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 ERROR: (device loop3): xtSearch: XT_GETPAGE: xtree page corrupt ERROR: (device loop3): xtSearch: XT_GETPAGE: xtree page corrupt IPVS: ftp: loaded support on port[0] = 21 ERROR: (device loop3): xtSearch: XT_GETPAGE: xtree page corrupt IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 mkiss: ax0: crc mode is auto. new mount options do not match the existing superblock, will be ignored new mount options do not match the existing superblock, will be ignored L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) EXT4-fs error (device loop4): __ext4_iget:5080: inode #3: block 131584: comm syz-executor.4: invalid block EXT4-fs error (device loop4): ext4_quota_enable:5835: comm syz-executor.4: Bad quota inode # 3 EXT4-fs warning (device loop4): ext4_enable_quotas:5872: Failed to enable quota tracking (type=0, err=-117). Please run e2fsck to fix. EXT4-fs (loop4): mount failed EXT4-fs error (device loop4): __ext4_iget:5080: inode #3: block 131584: comm syz-executor.4: invalid block EXT4-fs error (device loop4): ext4_quota_enable:5835: comm syz-executor.4: Bad quota inode # 3 EXT4-fs warning (device loop4): ext4_enable_quotas:5872: Failed to enable quota tracking (type=0, err=-117). Please run e2fsck to fix. EXT4-fs (loop4): mount failed IPVS: ftp: loaded support on port[0] = 21 NILFS (loop4): unable to read secondary superblock (blocksize = 1024) NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop4): unrecognized mount option "؄Qտ CuVKA45Ghwm̢j时h" NILFS (loop4): unable to read secondary superblock (blocksize = 1024) NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop4): unrecognized mount option "؄Qտ CuVKA45Ghwm̢j时h" NILFS (loop4): unable to read secondary superblock (blocksize = 1024) NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop4): unrecognized mount option "؄Qտ CuVKA45Ghwm̢j时h" overlayfs: unrecognized mount option "index=on=߻!V/z}HPKO}~+ OC<]xWqʚ+97*Tܹp" or missing value overlayfs: unrecognized mount option "index=on=߻!V/z}HPKO}~+ OC<]xWqʚ+97*Tܹp" or missing value sp0: Synchronizing with TNC sp0: Synchronizing with TNC SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8663 comm=syz-executor.3 device bond0 entered promiscuous mode device bond_slave_0 entered promiscuous mode device bond_slave_1 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8677 comm=syz-executor.3 audit: type=1800 audit(1603132743.718:9): pid=8727 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="sda1" ino=15873 res=0 syz-executor.4 (8692) used greatest stack depth: 22688 bytes left