================================================================================ UBSAN: Undefined behaviour in ./include/net/sch_generic.h:1051:7 shift exponent 129 is too large for 32-bit type 'int' CPU: 1 PID: 2931 Comm: kworker/1:2 Not tainted 4.19.152-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: krxrpcd rxrpc_peer_keepalive_worker Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 qdisc_l2t include/net/sch_generic.h:1051 [inline] cbq_update net/sched/sch_cbq.c:567 [inline] cbq_dequeue.cold+0x189/0x18e net/sched/sch_cbq.c:814 dequeue_skb net/sched/sch_generic.c:282 [inline] qdisc_restart net/sched/sch_generic.c:385 [inline] __qdisc_run+0x1b9/0x1680 net/sched/sch_generic.c:403 qdisc_run include/net/pkt_sched.h:120 [inline] net_tx_action+0x520/0xce0 net/core/dev.c:4592 __do_softirq+0x27d/0xad2 kernel/softirq.c:292 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092 do_softirq.part.0+0x168/0x200 kernel/softirq.c:336 do_softirq kernel/softirq.c:328 [inline] __local_bh_enable_ip+0x22d/0x2a0 kernel/softirq.c:189 spin_unlock_bh include/linux/spinlock.h:374 [inline] rxrpc_peer_keepalive_worker+0x486/0xcd9 net/rxrpc/peer_event.c:430 process_one_work+0x796/0x14e0 kernel/workqueue.c:2155 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 ================================================================================ tmpfs: Bad value 'p0' for mount option 'nr_inodes' tmpfs: Bad value 'p0' for mount option 'nr_inodes' FAT-fs (loop4): Unrecognized mount option "fsmagic=0x0000000000000000" or missing value FAT-fs (loop4): Unrecognized mount option "fsmagic=0x0000000000000000" or missing value SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1544 sclass=netlink_xfrm_socket pid=10468 comm=syz-executor.1 nft_compat: unsupported protocol 0 netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. block nbd2: NBD_DISCONNECT block nbd2: NBD_DISCONNECT netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 'syz-executor.3': attribute type 3 has an invalid length. overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. ntfs: (device loop4): parse_options(): Unrecognized mount option . netlink: 'syz-executor.3': attribute type 3 has an invalid length. ntfs: (device loop4): parse_options(): Unrecognized mount option . squashfs: SQUASHFS error: Major/Minor mismatch, older Squashfs 0.0 filesystems are unsupported L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic squashfs: SQUASHFS error: Major/Minor mismatch, older Squashfs 0.0 filesystems are unsupported audit: type=1400 audit(1603235561.631:24): avc: denied { name_bind } for pid=10931 comm="syz-executor.3" src=20000 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic audit: type=1400 audit(1603235561.641:25): avc: denied { node_bind } for pid=10931 comm="syz-executor.3" src=20000 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 audit: type=1400 audit(1603235561.641:26): avc: denied { name_connect } for pid=10931 comm="syz-executor.3" dest=20000 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1