================================================================================
UBSAN: Undefined behaviour in net/netfilter/ipset/ip_set_hash_gen.h:125:6
shift exponent 32 is too large for 32-bit type 'unsigned int'
CPU: 1 PID: 9233 Comm: syz-executor.0 Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x22c/0x33e lib/dump_stack.c:118
ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
__ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
htable_bits net/netfilter/ipset/ip_set_hash_gen.h:125 [inline]
hash_netiface_create.cold+0x1a/0x1f net/netfilter/ipset/ip_set_hash_gen.h:1290
ip_set_create+0x70e/0x1380 net/netfilter/ipset/ip_set_core.c:940
nfnetlink_rcv_msg+0xeff/0x1210 net/netfilter/nfnetlink.c:233
netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2455
nfnetlink_rcv+0x1b2/0x41b net/netfilter/nfnetlink.c:565
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x717/0xcc0 net/netlink/af_netlink.c:1909
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xc7/0x130 net/socket.c:632
sock_no_sendpage+0xf5/0x140 net/core/sock.c:2668
kernel_sendpage net/socket.c:3378 [inline]
sock_sendpage+0xdf/0x140 net/socket.c:847
pipe_to_sendpage+0x268/0x330 fs/splice.c:452
splice_from_pipe_feed fs/splice.c:503 [inline]
__splice_from_pipe+0x3af/0x820 fs/splice.c:627
splice_from_pipe fs/splice.c:662 [inline]
generic_splice_sendpage+0xd4/0x140 fs/splice.c:833
do_splice_from fs/splice.c:852 [inline]
do_splice fs/splice.c:1154 [inline]
__do_sys_splice fs/splice.c:1428 [inline]
__se_sys_splice+0xf31/0x15f0 fs/splice.c:1408
do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45de29
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f866ba3cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 00000000000350c0 RCX: 000000000045de29
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000118bf78 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007fff4b35c0cf R14: 00007f866ba3d9c0 R15: 000000000118bf2c
================================================================================
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
================================================================================
UBSAN: Undefined behaviour in ./include/net/red.h:272:18
shift exponent 234 is too large for 64-bit type 'long unsigned int'
CPU: 0 PID: 13 Comm: migration/0 Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x22c/0x33e lib/dump_stack.c:118
ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
__ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
red_calc_qavg_from_idle_time include/net/red.h:272 [inline]
red_calc_qavg include/net/red.h:313 [inline]
red_enqueue+0x2064/0x2200 net/sched/sch_red.c:68
__dev_xmit_skb net/core/dev.c:3494 [inline]
__dev_queue_xmit+0x14e1/0x2ec0 net/core/dev.c:3807
neigh_hh_output include/net/neighbour.h:491 [inline]
neigh_output include/net/neighbour.h:499 [inline]
ip_finish_output2+0xc04/0x1640 net/ipv4/ip_output.c:230
ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip_output+0x203/0x650 net/ipv4/ip_output.c:406
dst_output include/net/dst.h:455 [inline]
ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
iptunnel_xmit+0x63e/0xa30 net/ipv4/ip_tunnel_core.c:91
geneve_xmit_skb drivers/net/geneve.c:865 [inline]
geneve_xmit+0xf46/0x2ac0 drivers/net/geneve.c:938
libceph: resolve 'd5€K'gL�O–Çb' (ret=-3): failed
__netdev_start_xmit include/linux/netdevice.h:4333 [inline]
netdev_start_xmit include/linux/netdevice.h:4347 [inline]
xmit_one net/core/dev.c:3256 [inline]
dev_hard_start_xmit+0x1a8/0x960 net/core/dev.c:3272
__dev_queue_xmit+0x276a/0x2ec0 net/core/dev.c:3838
libceph: parse_ips bad ip '[d5€K'gL�O–Çb]'
neigh_hh_output include/net/neighbour.h:491 [inline]
neigh_output include/net/neighbour.h:499 [inline]
ip6_finish_output2+0xe78/0x2370 net/ipv6/ip6_output.c:120
ip6_finish_output+0x610/0xcc0 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip6_output+0x205/0x7c0 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:455 [inline]
NF_HOOK include/linux/netfilter.h:289 [inline]
ndisc_send_skb+0xa6b/0x1860 net/ipv6/ndisc.c:491
ndisc_send_rs+0x131/0x6a0 net/ipv6/ndisc.c:685
addrconf_rs_timer+0x2d9/0x640 net/ipv6/addrconf.c:3834
call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
expire_timers+0x243/0x500 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1703 [inline]
run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
__do_softirq+0x27d/0xad2 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x22d/0x270 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:544 [inline]
smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x50/0x90 kernel/locking/spinlock.c:192
Code: c0 f8 89 63 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 3d 48 83 3d 91 7d b2 01 00 74 25 fb 66 0f 1f 44 00 00 01 00 00 00 e8 76 f8 9b f9 65 8b 05 4f e1 50 78 85 c0 74 02 5d
RSP: 0018:ffff8880a9a57cf8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff12c713f RBX: 0000000076d320a8 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880a9a4abc4
RBP: ffff8880ae22c2c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880ae22c2c0
R13: ffff888050222500 R14: 0000000000000000 R15: 0000000000000000
finish_lock_switch kernel/sched/core.c:2578 [inline]
finish_task_switch+0x174/0x8b0 kernel/sched/core.c:2678
context_switch kernel/sched/core.c:2831 [inline]
__schedule+0x8ed/0x22e0 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
smpboot_thread_fn+0x341/0xa30 kernel/smpboot.c:160
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
================================================================================
audit: type=1400 audit(1602016986.647:18): avc: denied { create } for pid=9281 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1
audit: type=1400 audit(1602016986.667:19): avc: denied { name_bind } for pid=9281 comm="syz-executor.1" src=20000 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
audit: type=1400 audit(1602016986.667:20): avc: denied { node_bind } for pid=9281 comm="syz-executor.1" src=20000 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
audit: type=1400 audit(1602016986.677:21): avc: denied { name_connect } for pid=9281 comm="syz-executor.1" dest=20000 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
IPVS: ftp: loaded support on port[0] = 21
raw_sendmsg: syz-executor.5 forgot to set AF_INET. Fix it!
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
gfs2: not a GFS2 filesystem
gfs2: not a GFS2 filesystem
Dev loop4: unable to read RDB block 1
loop4: unable to read partition table
loop4: partition table beyond EOD, truncated
loop_reread_partitions: partition scan of loop4 () failed (rc=-5)
IPVS: ftp: loaded support on port[0] = 21