================================================================================ UBSAN: Undefined behaviour in net/netfilter/ipset/ip_set_hash_gen.h:125:6 shift exponent 32 is too large for 32-bit type 'unsigned int' CPU: 0 PID: 24239 Comm: syz-executor.5 Not tainted 4.19.147-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 htable_bits net/netfilter/ipset/ip_set_hash_gen.h:125 [inline] hash_netnet_create.cold+0x1a/0x22 net/netfilter/ipset/ip_set_hash_gen.h:1290 ip_set_create+0x70e/0x1380 net/netfilter/ipset/ip_set_core.c:940 nfnetlink_rcv_msg+0xeff/0x1210 net/netfilter/nfnetlink.c:233 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2455 nfnetlink_rcv+0x1b2/0x41b net/netfilter/nfnetlink.c:565 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x717/0xcc0 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc7/0x130 net/socket.c:632 ___sys_sendmsg+0x7bb/0x8f0 net/socket.c:2115 __sys_sendmsg net/socket.c:2153 [inline] __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2160 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45e179 Code: 3d b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f9392429c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000029b40 RCX: 000000000045e179 RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007fff3f14f3ef R14: 00007f939242a9c0 R15: 000000000118cf4c ================================================================================ sch_tbf: burst 0 is lower than device lo mtu (65550) ! sch_tbf: burst 0 is lower than device lo mtu (65550) ! audit: type=1804 audit(1601050310.040:301): pid=24297 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="bus" dev="sda1" ino=15793 res=1 audit: type=1804 audit(1601050310.830:302): pid=24337 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="bus" dev="sda1" ino=15793 res=1 audit: type=1804 audit(1601050310.880:303): pid=24342 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="bus" dev="sda1" ino=15793 res=1 audit: type=1804 audit(1601050310.880:304): pid=24337 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="bus" dev="sda1" ino=15793 res=1 IPVS: ftp: loaded support on port[0] = 21 Process accounting resumed Process accounting resumed Process accounting resumed netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 'syz-executor.5': attribute type 1 has an invalid length. netlink: 100 bytes leftover after parsing attributes in process `syz-executor.5'. RDS: rds_bind could not find a transport for fc02::, load rds_tcp or rds_rdma? ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. ldm_validate_privheads(): Cannot find PRIVHEAD 1. loop3: unable to read partition table loop_reread_partitions: partition scan of loop3 () failed (rc=-5) team0: Device vlan2 is already an upper device of the team interface (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551615) (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647 team0: Device vlan2 is already an upper device of the team interface nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. audit: type=1804 audit(1601050315.880:305): pid=24802 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir471362904/syzkaller.nqXUxZ/2468/bus" dev="sda1" ino=15908 res=1 audit: type=1804 audit(1601050316.630:306): pid=24834 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir471362904/syzkaller.nqXUxZ/2468/bus" dev="sda1" ino=15908 res=1 audit: type=1804 audit(1601050316.680:307): pid=24834 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir471362904/syzkaller.nqXUxZ/2468/bus" dev="sda1" ino=15908 res=1 audit: type=1800 audit(1601050316.780:308): pid=24842 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16819 res=0 audit: type=1800 audit(1601050316.820:309): pid=24842 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16819 res=0 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. gfs2: statfs_percent mount option requires a numeric argument between 0 and 100 gfs2: can't parse mount arguments gfs2: statfs_percent mount option requires a numeric argument between 0 and 100 gfs2: can't parse mount arguments device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode device vlan2 entered promiscuous mode device gretap0 entered promiscuous mode device gretap0 left promiscuous mode