================================================================================ UBSAN: Undefined behaviour in ./include/net/sch_generic.h:1051:7 shift exponent 129 is too large for 32-bit type 'int' CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.19.152-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 qdisc_l2t include/net/sch_generic.h:1051 [inline] cbq_update net/sched/sch_cbq.c:567 [inline] cbq_dequeue.cold+0x189/0x18e net/sched/sch_cbq.c:814 netlink: 1164 bytes leftover after parsing attributes in process `syz-executor.1'. dequeue_skb net/sched/sch_generic.c:282 [inline] qdisc_restart net/sched/sch_generic.c:385 [inline] __qdisc_run+0x1b9/0x1680 net/sched/sch_generic.c:403 qdisc_run include/net/pkt_sched.h:120 [inline] net_tx_action+0x520/0xce0 net/core/dev.c:4592 __do_softirq+0x27d/0xad2 kernel/softirq.c:292 run_ksoftirqd+0x57/0x130 kernel/softirq.c:653 smpboot_thread_fn+0x66e/0xa30 kernel/smpboot.c:164 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 ================================================================================ netlink: 1164 bytes leftover after parsing attributes in process `syz-executor.1'. audit: type=1800 audit(1602947082.606:9): pid=8375 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15794 res=0 audit: type=1800 audit(1602947082.976:10): pid=8412 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15813 res=0 audit: type=1326 audit(1602947083.036:11): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8405 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x460cba code=0x0 audit: type=1800 audit(1602947083.066:12): pid=8417 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=15814 res=0 audit: type=1800 audit(1602947083.226:13): pid=8439 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=15795 res=0 audit: type=1804 audit(1602947083.376:14): pid=8447 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir731211272/syzkaller.h5V17q/29/bus" dev="sda1" ino=15792 res=1 audit: type=1804 audit(1602947083.376:15): pid=8447 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir731211272/syzkaller.h5V17q/29/bus" dev="sda1" ino=15792 res=1 syz-executor.0 (8435) used greatest stack depth: 23304 bytes left audit: type=1326 audit(1602947083.726:16): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8405 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x460cba code=0x0 EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. syz-executor.4 (8474) used greatest stack depth: 23232 bytes left EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue audit: type=1800 audit(1602947086.286:17): pid=8657 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=15822 res=0 audit: type=1800 audit(1602947086.326:18): pid=8663 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15823 res=0 kauditd_printk_skb: 3 callbacks suppressed audit: type=1800 audit(1602947087.946:22): pid=8788 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15834 res=0 audit: type=1800 audit(1602947088.376:23): pid=8827 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15843 res=0 audit: type=1800 audit(1602947088.826:24): pid=8871 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15843 res=0 EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue audit: type=1800 audit(1602947089.256:25): pid=8906 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15843 res=0 EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue audit: type=1800 audit(1602947089.826:26): pid=8947 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15831 res=0 audit: type=1800 audit(1602947090.226:27): pid=8965 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15856 res=0 audit: type=1800 audit(1602947090.376:28): pid=8977 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15831 res=0 audit: type=1800 audit(1602947090.486:29): pid=8991 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15783 res=0 audit: type=1800 audit(1602947090.636:30): pid=9005 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15788 res=0 audit: type=1800 audit(1602947090.766:31): pid=9022 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=15783 res=0 ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. ldm_validate_privheads(): Cannot find PRIVHEAD 1. loop2: p2 < > ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. ldm_validate_privheads(): Cannot find PRIVHEAD 1. loop2: p2 < >