REISERFS warning (device loop1): sh-2021 reiserfs_fill_super: can not find reiserfs on loop1 ================================================================================ UBSAN: Undefined behaviour in net/bridge/br_private.h:586:29 load of value 3 is not a valid value for type '_Bool' CPU: 1 PID: 12251 Comm: syz-executor.1 Not tainted 4.19.148-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_load_invalid_value.cold+0x63/0x6f lib/ubsan.c:454 br_skb_isolated net/bridge/br_private.h:586 [inline] should_deliver net/bridge/br_forward.c:34 [inline] maybe_deliver.cold+0x15/0x34 net/bridge/br_forward.c:178 br_flood+0x180/0x4f0 net/bridge/br_forward.c:226 br_dev_xmit+0xdd0/0x1510 net/bridge/br_device.c:103 __netdev_start_xmit include/linux/netdevice.h:4333 [inline] netdev_start_xmit include/linux/netdevice.h:4347 [inline] xmit_one net/core/dev.c:3256 [inline] dev_hard_start_xmit+0x1a8/0x960 net/core/dev.c:3272 __dev_queue_xmit+0x276a/0x2ec0 net/core/dev.c:3838 mrp_queue_xmit net/802/mrp.c:354 [inline] mrp_join_timer+0x8a/0xc0 net/802/mrp.c:598 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338 expire_timers+0x243/0x500 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1703 [inline] run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716 __do_softirq+0x27d/0xad2 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x22d/0x270 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:544 [inline] smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:pv_queued_spin_unlock arch/x86/include/asm/paravirt.h:684 [inline] RIP: 0010:queued_spin_unlock arch/x86/include/asm/qspinlock.h:58 [inline] RIP: 0010:do_raw_spin_unlock+0x159/0x240 kernel/locking/spinlock_debug.c:135 Code: 7c 08 84 d2 0f 85 9e 00 00 00 48 c7 c0 88 8a 63 89 c7 45 08 ff ff ff ff 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 <0f> 85 c3 00 00 00 48 83 3d f1 d1 0a 08 00 74 4c 48 89 ef e8 af 9e RSP: 0018:ffff88804f887ab0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff12c7151 RBX: ffff88804f887bf0 RCX: ffffffff8158b780 RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff8880896c5c78 RBP: ffff8880896c5c78 R08: 0000000000000000 R09: ffffed10112d8b8f R10: ffff8880896c5c7b R11: 0000000000000001 R12: ffff8880896c5c80 R13: ffff8880896c5c88 R14: ffff8880896c5ca8 R15: 0000000000000000 __raw_spin_unlock include/linux/spinlock_api_smp.h:151 [inline] _raw_spin_unlock+0x1f/0x40 kernel/locking/spinlock.c:176 spin_unlock include/linux/spinlock.h:369 [inline] flock_lock_inode+0x8ad/0xfa0 fs/locks.c:979 locks_remove_flock+0x258/0x2a0 fs/locks.c:2518 locks_remove_file+0xdd/0x450 fs/locks.c:2560 __fput+0x220/0x8a0 fs/file_table.c:270 task_work_run+0x141/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x269/0x2c0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x57c/0x670 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x417901 Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007fe14f69ba80 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: ffffffffffffffff RCX: 0000000000417901 RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000004 RBP: 00007fe14f69c6d4 R08: 00007fe14f69bb20 R09: 0000000020000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000016 R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020011400 ================================================================================ audit: type=1400 audit(1601264381.121:49): avc: denied { setattr } for pid=12270 comm="syz-executor.4" name="fd" dev="proc" ino=41664 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1 bridge0: port 3(vlan2) entered blocking state bridge0: port 3(vlan2) entered disabled state new mount options do not match the existing superblock, will be ignored bridge0: port 3(vlan2) entered blocking state bridge0: port 3(vlan2) entered disabled state REISERFS warning (device loop1): sh-2021 reiserfs_fill_super: can not find reiserfs on loop1 REISERFS warning (device loop1): sh-2021 reiserfs_fill_super: can not find reiserfs on loop1 bridge0: port 3(vlan2) entered blocking state bridge0: port 3(vlan2) entered disabled state nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. REISERFS warning (device loop1): sh-2021 reiserfs_fill_super: can not find reiserfs on loop1 REISERFS warning (device loop1): sh-2021 reiserfs_fill_super: can not find reiserfs on loop1 REISERFS warning (device loop1): sh-2021 reiserfs_fill_super: can not find reiserfs on loop1 bridge0: port 3(vlan2) entered blocking state bridge0: port 3(vlan2) entered disabled state REISERFS warning (device loop1): sh-2021 reiserfs_fill_super: can not find reiserfs on loop1 MINIX-fs: deleted inode referenced: 1 REISERFS warning (device loop1): sh-2021 reiserfs_fill_super: can not find reiserfs on loop1 MINIX-fs: get root inode failed bridge0: port 3(vlan2) entered blocking state REISERFS warning (device loop1): sh-2021 reiserfs_fill_super: can not find reiserfs on loop1 bridge0: port 3(vlan2) entered disabled state REISERFS warning (device loop1): sh-2021 reiserfs_fill_super: can not find reiserfs on loop1 ALSA: mixer_oss: invalid OSS volume '' ALSA: mixer_oss: invalid OSS volume '' REISERFS warning (device loop1): sh-2021 reiserfs_fill_super: can not find reiserfs on loop1 ALSA: mixer_oss: invalid OSS volume '' ALSA: mixer_oss: invalid OSS volume '' REISERFS warning (device loop1): sh-2021 reiserfs_fill_super: can not find reiserfs on loop1 REISERFS warning (device loop1): sh-2021 reiserfs_fill_super: can not find reiserfs on loop1 audit: type=1400 audit(1601264387.421:50): avc: denied { ioctl } for pid=12594 comm="syz-executor.4" path="socket:[42505]" dev="sockfs" ino=42505 ioctlcmd=0x6617 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. x_tables: eb_tables: redirect.0 target: invalid size 8 (kernel) != (user) 0 x_tables: eb_tables: redirect.0 target: invalid size 8 (kernel) != (user) 0 netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. xt_CT: You must specify a L4 protocol and not use inversions on it audit: type=1800 audit(1601264388.791:51): pid=12657 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.5" name="bus" dev="sda1" ino=16280 res=0 Bluetooth: hci0: command 0x0406 tx timeout Bluetooth: hci1: command 0x0406 tx timeout