FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! audit: type=1400 audit(1602925864.106:55): avc: denied { ioctl } for pid=30975 comm="syz-executor.2" path="socket:[109374]" dev="sockfs" ino=109374 ioctlcmd=0x8914 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 ================================================================================ UBSAN: Undefined behaviour in net/sched/sch_api.c:561:7 shift exponent 129 is too large for 32-bit type 'int' CPU: 1 PID: 30956 Comm: syz-executor.5 Not tainted 4.19.150-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 __qdisc_calculate_pkt_len+0x3bb/0x570 net/sched/sch_api.c:561 qdisc_calculate_pkt_len include/net/sch_generic.h:697 [inline] __dev_xmit_skb net/core/dev.c:3443 [inline] __dev_queue_xmit+0x1372/0x2ec0 net/core/dev.c:3807 neigh_hh_output include/net/neighbour.h:491 [inline] neigh_output include/net/neighbour.h:499 [inline] ip_finish_output2+0xc04/0x1640 net/ipv4/ip_output.c:230 ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip_output+0x203/0x650 net/ipv4/ip_output.c:406 dst_output include/net/dst.h:455 [inline] ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125 __ip_queue_xmit+0x8a0/0x1bd0 net/ipv4/ip_output.c:506 __tcp_transmit_skb+0x1c72/0x36c0 net/ipv4/tcp_output.c:1148 tcp_transmit_skb net/ipv4/tcp_output.c:1164 [inline] tcp_send_syn_data net/ipv4/tcp_output.c:3486 [inline] tcp_connect+0x121e/0x2610 net/ipv4/tcp_output.c:3525 tcp_v4_connect+0x141c/0x1aa0 net/ipv4/tcp_ipv4.c:315 __inet_stream_connect+0x836/0xe50 net/ipv4/af_inet.c:655 tcp_sendmsg_fastopen net/ipv4/tcp.c:1185 [inline] tcp_sendmsg_locked+0x22cb/0x2fe0 net/ipv4/tcp.c:1232 tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1460 inet_sendmsg+0x174/0x640 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc7/0x130 net/socket.c:632 __sys_sendto+0x21a/0x320 net/socket.c:1787 __do_sys_sendto net/socket.c:1799 [inline] __se_sys_sendto net/socket.c:1795 [inline] __x64_sys_sendto+0xdd/0x1b0 net/socket.c:1795 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fd26069ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 000000000002e880 RCX: 000000000045de59 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 000000000118c020 R08: 0000000020e68000 R09: 0000000000000010 R10: 00000000200007fd R11: 0000000000000246 R12: 000000000118bfd4 R13: 00007ffe528f5c1f R14: 00007fd26069f9c0 R15: 000000000118bfd4 ================================================================================ audit: type=1804 audit(1602925865.256:56): pid=31034 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir577864294/syzkaller.JzekrH/1020/cgroup.controllers" dev="sda1" ino=15965 res=1 netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. BTRFS: device fsid f90cac8b-044b-4fa8-8bee-4b8d3da88dc2 devid 1 transid 7 /dev/loop2 BTRFS error (device loop2): superblock checksum mismatch BTRFS error (device loop2): open_ctree failed BTRFS error (device loop2): superblock checksum mismatch BTRFS error (device loop2): open_ctree failed netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. MD5 Hash mismatch for [fe80::aa]:0->[ff02::1]:20002 netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state device bridge0 entered promiscuous mode netlink: 14 bytes leftover after parsing attributes in process `syz-executor.2'. bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered forwarding state IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 isofs_fill_super: root inode is not a directory. Corrupted media? nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING IPVS: ftp: loaded support on port[0] = 21 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. loop3: p1 p2 p3 p4 loop3: partition table partially beyond EOD, truncated Unknown ioctl 21513 loop3: p1 size 11290111 extends beyond EOD, truncated loop3: p2 size 100663296 extends beyond EOD, truncated Unknown ioctl 1082175138 Unknown ioctl 21513 loop3: p3 start 4293001441 is beyond EOD, truncated loop3: p4 size 3657465856 extends beyond EOD, truncated loop3: p1 p2 p3 p4 loop3: partition table partially beyond EOD, truncated loop3: p1 size 11290111 extends beyond EOD, truncated TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. loop3: p2 size 100663296 extends beyond EOD, truncated loop3: p3 start 4293001441 is beyond EOD, truncated loop3: p4 size 3657465856 extends beyond EOD, truncated netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.