================================================================================ UBSAN: Undefined behaviour in ./include/net/sch_generic.h:1051:7 shift exponent 129 is too large for 32-bit type 'int' CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.149-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 qdisc_l2t include/net/sch_generic.h:1051 [inline] cbq_update net/sched/sch_cbq.c:567 [inline] cbq_dequeue.cold+0x189/0x18e net/sched/sch_cbq.c:814 dequeue_skb net/sched/sch_generic.c:282 [inline] qdisc_restart net/sched/sch_generic.c:385 [inline] __qdisc_run+0x1b9/0x1680 net/sched/sch_generic.c:403 qdisc_run include/net/pkt_sched.h:120 [inline] net_tx_action+0x520/0xce0 net/core/dev.c:4592 __do_softirq+0x27d/0xad2 kernel/softirq.c:292 run_ksoftirqd+0x57/0x130 kernel/softirq.c:653 smpboot_thread_fn+0x66e/0xa30 kernel/smpboot.c:164 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 ================================================================================ 9pnet_virtio: no channels available for device syz binder: 9941:9944 ioctl c018620b 0 returned -14 SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=9964 comm=syz-executor.2 audit: type=1804 audit(1601995941.735:7181): pid=9981 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir166010472/syzkaller.sKAgGW/106/bus" dev="sda1" ino=16014 res=1 audit: type=1804 audit(1601995941.765:7182): pid=9981 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir166010472/syzkaller.sKAgGW/106/bus" dev="sda1" ino=16014 res=1 audit: type=1804 audit(1601995941.765:7183): pid=9981 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir166010472/syzkaller.sKAgGW/106/bus" dev="sda1" ino=16014 res=1 audit: type=1804 audit(1601995941.775:7184): pid=9986 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir166010472/syzkaller.sKAgGW/106/bus" dev="sda1" ino=16014 res=1 audit: type=1804 audit(1601995941.785:7185): pid=9986 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir166010472/syzkaller.sKAgGW/106/bus" dev="sda1" ino=16014 res=1 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on sz1 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on sz1 ldm_validate_privheads(): Disk read failed. loop5: p1 < > p2 < > p4 loop5: partition table partially beyond EOD, truncated loop5: p1 start 839120047 is beyond EOD, truncated loop5: p2 size 2 extends beyond EOD, truncated loop5: p4 size 2097152 extends beyond EOD, truncated ldm_validate_privheads(): Disk read failed. loop5: p1 < > p2 < > p4 loop5: partition table partially beyond EOD, truncated loop5: p1 start 839120047 is beyond EOD, truncated loop5: p2 size 2 extends beyond EOD, truncated loop5: p4 size 2097152 extends beyond EOD, truncated netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. tmpfs: Bad value 'prefer=relative:' for mount option 'mpol' tmpfs: Bad value 'prefer=relative:' for mount option 'mpol' mmap: syz-executor.3 (10380) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. XFS (loop4): Invalid superblock magic number XFS (loop4): Invalid superblock magic number (unnamed net_device) (uninitialized): HSR: Slave1 device not specified