batman_adv: batadv0: Not using interface veth3 (retrying later): interface not active batman_adv: batadv0: Removing interface: veth3 device geneve2 entered promiscuous mode block nbd1: shutting down sockets ================================================================================ UBSAN: Undefined behaviour in ./include/net/red.h:272:18 shift exponent 75 is too large for 64-bit type 'long unsigned int' CPU: 1 PID: 6458 Comm: syz-fuzzer Not tainted 4.19.152-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 red_calc_qavg_from_idle_time include/net/red.h:272 [inline] red_calc_qavg include/net/red.h:313 [inline] choke_enqueue+0x2a7e/0x2cc0 net/sched/sch_choke.c:231 __dev_xmit_skb net/core/dev.c:3494 [inline] __dev_queue_xmit+0x14e1/0x2ec0 net/core/dev.c:3807 neigh_hh_output include/net/neighbour.h:491 [inline] neigh_output include/net/neighbour.h:499 [inline] ip_finish_output2+0xc04/0x1640 net/ipv4/ip_output.c:230 ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip_output+0x203/0x650 net/ipv4/ip_output.c:406 dst_output include/net/dst.h:455 [inline] ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125 iptunnel_xmit+0x63e/0xa30 net/ipv4/ip_tunnel_core.c:91 geneve_xmit_skb drivers/net/geneve.c:865 [inline] geneve_xmit+0xf46/0x2ac0 drivers/net/geneve.c:938 __netdev_start_xmit include/linux/netdevice.h:4333 [inline] netdev_start_xmit include/linux/netdevice.h:4347 [inline] xmit_one net/core/dev.c:3256 [inline] dev_hard_start_xmit+0x1a8/0x960 net/core/dev.c:3272 __dev_queue_xmit+0x276a/0x2ec0 net/core/dev.c:3838 neigh_resolve_output+0x55a/0x950 net/core/neighbour.c:1374 neigh_output include/net/neighbour.h:501 [inline] ip6_finish_output2+0x1184/0x2370 net/ipv6/ip6_output.c:120 ip6_finish_output+0x610/0xcc0 net/ipv6/ip6_output.c:154 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip6_output+0x205/0x7c0 net/ipv6/ip6_output.c:171 dst_output include/net/dst.h:455 [inline] NF_HOOK include/linux/netfilter.h:289 [inline] mld_sendpack+0x6c1/0x1120 net/ipv6/mcast.c:1684 mld_send_cr net/ipv6/mcast.c:1980 [inline] mld_ifc_timer_expire+0x616/0xc00 net/ipv6/mcast.c:2479 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338 expire_timers+0x243/0x500 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1703 [inline] run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716 __do_softirq+0x27d/0xad2 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x22d/0x270 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:544 [inline] smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0033:0x414e79 Code: d2 eb 04 49 83 c2 08 49 39 fa 73 e8 4c 89 54 24 40 44 0f b6 1b 45 0f a3 c3 73 39 4f 8d 1c 0a 4d 8d 24 32 4c 8b aa 48 17 00 00 <4d> 8b 1b 4d 8b 24 24 4d 89 5d 00 4d 89 65 08 4c 8b 9a 48 17 00 00 RSP: 002b:000000c023c8d378 EFLAGS: 00000283 ORIG_RAX: ffffffffffffff13 RAX: 000000000020300a RBX: 00007ff461af81ca RCX: 00007ff461bfffff RDX: 000000c00002e800 RSI: 000000c023c8d460 RDI: 0000000000000038 RBP: 000000c023c8d3f0 R08: 0000000000000001 R09: 000000c029f03940 R10: 0000000000000008 R11: 000000c029f03948 R12: 000000c023c8d468 R13: 000000c000030588 R14: 0000000000aff3b2 R15: 0000000000000000 ================================================================================ netlink: 'syz-executor.0': attribute type 4 has an invalid length. IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready audit: type=1804 audit(1603048127.057:45): pid=8957 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir700818556/syzkaller.Xfx7vp/21/cgroup.controllers" dev="sda1" ino=15813 res=1 netlink: 'syz-executor.0': attribute type 4 has an invalid length. syz-executor.0 (8945) used greatest stack depth: 23168 bytes left Cannot find add_set index 0 as target netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. device veth5 entered promiscuous mode netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. device veth5 left promiscuous mode netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. device veth5 entered promiscuous mode device veth5 left promiscuous mode audit: type=1804 audit(1603048128.377:46): pid=8986 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir700818556/syzkaller.Xfx7vp/23/bus" dev="sda1" ino=15783 res=1 mmap: syz-executor.0 (9007) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. MINIX-fs: mounting unchecked file system, running fsck is recommended audit: type=1804 audit(1603048129.477:47): pid=9039 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir270760736/syzkaller.Zge04D/26/bus" dev="sda1" ino=15783 res=1 nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. MINIX-fs: mounting unchecked file system, running fsck is recommended audit: type=1804 audit(1603048129.507:48): pid=9034 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir270760736/syzkaller.Zge04D/26/bus" dev="sda1" ino=15783 res=1 audit: type=1804 audit(1603048129.767:49): pid=9039 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir270760736/syzkaller.Zge04D/26/bus" dev="sda1" ino=15783 res=1 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8721 sclass=netlink_route_socket pid=9058 comm=syz-executor.0 audit: type=1804 audit(1603048129.777:50): pid=9034 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir270760736/syzkaller.Zge04D/26/bus" dev="sda1" ino=15783 res=1 nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8721 sclass=netlink_route_socket pid=9058 comm=syz-executor.0 netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. audit: type=1804 audit(1603048129.777:51): pid=9034 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir270760736/syzkaller.Zge04D/26/bus" dev="sda1" ino=15783 res=1 netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. audit: type=1804 audit(1603048129.927:52): pid=9048 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir270760736/syzkaller.Zge04D/26/bus" dev="sda1" ino=15783 res=1 audit: type=1804 audit(1603048130.447:53): pid=9075 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir270760736/syzkaller.Zge04D/27/bus" dev="sda1" ino=15852 res=1 EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (20206!=0) EXT4-fs (loop3): group descriptors corrupted! audit: type=1804 audit(1603048130.447:54): pid=9075 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir270760736/syzkaller.Zge04D/27/bus" dev="sda1" ino=15852 res=1 audit: type=1804 audit(1603048130.697:55): pid=9075 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir270760736/syzkaller.Zge04D/27/bus" dev="sda1" ino=15852 res=1 EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1603048131.007:56): pid=9107 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir403723213/syzkaller.0JSBN2/27/bus" dev="sda1" ino=15849 res=1 EXT4-fs (loop4): Ignoring removed bh option EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,data_err=ignore,bh,,errors=continue audit: type=1804 audit(1603048131.017:57): pid=9107 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir403723213/syzkaller.0JSBN2/27/bus" dev="sda1" ino=15849 res=1 atomic_op 000000002b379760 conn xmit_atomic (null) loop1: [ICS] p1 p2 p3 p4 loop1: partition table partially beyond EOD, truncated loop1: p1 size 1996488704 extends beyond EOD, truncated squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop4 loop1: p2 start 3132540015 is beyond EOD, truncated loop1: p3 start 2018323807 is beyond EOD, truncated loop1: p4 start 3924677608 is beyond EOD, truncated loop1: [ICS] p1 p2 p3 p4 loop1: partition table partially beyond EOD, truncated loop1: p1 size 1996488704 extends beyond EOD, truncated loop1: p2 start 3132540015 is beyond EOD, truncated loop1: p3 start 2018323807 is beyond EOD, truncated loop1: p4 start 3924677608 is beyond EOD, truncated loop1: [ICS] p1 p2 p3 p4 loop1: partition table partially beyond EOD, truncated loop1: p1 size 1996488704 extends beyond EOD, truncated loop1: p2 start 3132540015 is beyond EOD, truncated loop1: p3 start 2018323807 is beyond EOD, truncated loop1: p4 start 3924677608 is beyond EOD, truncated can: request_module (can-proto-0) failed. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop3): re-mounted. Opts: EXT4-fs (loop3): re-mounted. Opts: kauditd_printk_skb: 7 callbacks suppressed audit: type=1804 audit(1603048135.187:65): pid=9269 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir403723213/syzkaller.0JSBN2/33/memory.events" dev="sda1" ino=15864 res=1 audit: type=1804 audit(1603048135.407:66): pid=9270 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir403723213/syzkaller.0JSBN2/33/memory.events" dev="sda1" ino=15864 res=1 ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00aa with DS=0x3