netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. audit: type=1400 audit(1602302270.155:9): avc: denied { create } for pid=8104 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 ================================================================================ UBSAN: Undefined behaviour in net/netfilter/ipset/ip_set_hash_gen.h:125:6 shift exponent 32 is too large for 32-bit type 'unsigned int' CPU: 1 PID: 8111 Comm: syz-executor.1 Not tainted 4.19.150-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 htable_bits net/netfilter/ipset/ip_set_hash_gen.h:125 [inline] hash_ip_create.cold+0x1a/0x29 net/netfilter/ipset/ip_set_hash_gen.h:1290 ip_set_create+0x70e/0x1380 net/netfilter/ipset/ip_set_core.c:940 nfnetlink_rcv_msg+0xeff/0x1210 net/netfilter/nfnetlink.c:233 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2455 nfnetlink_rcv+0x1b2/0x41b net/netfilter/nfnetlink.c:565 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x717/0xcc0 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc7/0x130 net/socket.c:632 ___sys_sendmsg+0x7bb/0x8f0 net/socket.c:2115 __sys_sendmsg net/socket.c:2153 [inline] __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2160 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ff396a14c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000029b40 RCX: 000000000045de59 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000005 RBP: 000000000118c008 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bfd4 R13: 00007ffd44c9b8bf R14: 00007ff396a159c0 R15: 000000000118bfd4 ================================================================================ netlink: 276 bytes leftover after parsing attributes in process `syz-executor.1'. audit: type=1400 audit(1602302270.565:10): avc: denied { name_bind } for pid=8104 comm="syz-executor.3" src=20000 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 audit: type=1400 audit(1602302270.565:11): avc: denied { node_bind } for pid=8104 comm="syz-executor.3" src=20000 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) NILFS (loop4): unrecognized mount option "ß}8ŽÂ^f[š ƒúò½@ÁRChAìÝu6¥(e" audit: type=1400 audit(1602302270.605:12): avc: denied { name_connect } for pid=8104 comm="syz-executor.3" dest=20000 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) bond0: ip_vti0 is up - this may be due to an out of date ifenslave NILFS (loop4): unrecognized mount option "ß}8ŽÂ^f[š ƒúò½@ÁRChAìÝu6¥(e" device lo entered promiscuous mode EXT4-fs (loop4): Invalid want_extra_isize 0 L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. befs: Unrecognized mount option "-" or missing value befs: (loop3): cannot parse mount options EXT4-fs (loop4): Invalid want_extra_isize 0 befs: Unrecognized mount option "-" or missing value befs: (loop3): cannot parse mount options nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. befs: Unrecognized mount option "-" or missing value befs: (loop3): cannot parse mount options EXT4-fs (loop4): Invalid want_extra_isize 0 netlink: 52 bytes leftover after parsing attributes in process `syz-executor.1'. befs: Unrecognized mount option "-" or missing value befs: (loop5): cannot parse mount options SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8247 comm=syz-executor.4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8247 comm=syz-executor.4 befs: Unrecognized mount option "-" or missing value FAT-fs (loop3): Unrecognized mount option "fowner>00000000000000000000" or missing value befs: (loop5): cannot parse mount options netlink: 52 bytes leftover after parsing attributes in process `syz-executor.1'. audit: type=1804 audit(1602302273.595:13): pid=8310 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir709990305/syzkaller.i06lu4/5/file1/file0" dev="sda1" ino=15768 res=1 befs: Unrecognized mount option "-" or missing value befs: (loop5): cannot parse mount options befs: Unrecognized mount option "-" or missing value audit: type=1804 audit(1602302274.265:14): pid=8316 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir709990305/syzkaller.i06lu4/5/file1/file0" dev="sda1" ino=15768 res=1 befs: (loop5): cannot parse mount options syz-executor.2 (8293) used greatest stack depth: 23376 bytes left netlink: 52 bytes leftover after parsing attributes in process `syz-executor.1'. befs: Unrecognized mount option "-" or missing value befs: Unrecognized mount option "-" or missing value befs: (loop5): cannot parse mount options befs: (loop0): cannot parse mount options audit: type=1804 audit(1602302274.905:15): pid=8374 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir709990305/syzkaller.i06lu4/6/file1/file0" dev="loop2" ino=5 res=1 befs: Unrecognized mount option "-" or missing value befs: (loop5): cannot parse mount options befs: Unrecognized mount option "-" or missing value netlink: 52 bytes leftover after parsing attributes in process `syz-executor.1'. befs: (loop0): cannot parse mount options befs: Unrecognized mount option "-" or missing value befs: (loop5): cannot parse mount options befs: Unrecognized mount option "-" or missing value befs: (loop0): cannot parse mount options befs: Unrecognized mount option "-" or missing value befs: (loop2): cannot parse mount options befs: Unrecognized mount option "-" or missing value befs: (loop5): cannot parse mount options befs: Unrecognized mount option "-" or missing value befs: Unrecognized mount option "-" or missing value befs: (loop2): cannot parse mount options befs: (loop0): cannot parse mount options befs: Unrecognized mount option "-" or missing value befs: (loop5): cannot parse mount options batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state device veth1_macvtap left promiscuous mode device veth0_macvtap left promiscuous mode device veth1_vlan left promiscuous mode device veth0_vlan left promiscuous mode