netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. ================================================================================ UBSAN: Undefined behaviour in fs/ext4/super.c:3763:25 shift exponent 1701604449 is too large for 32-bit type 'int' CPU: 0 PID: 9359 Comm: syz-executor.4 Not tainted 4.19.152-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 ext4_fill_super.cold+0x33b/0x4ea fs/ext4/super.c:3763 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x318 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2469 [inline] do_mount+0x51c/0x2f10 fs/namespace.c:2799 ksys_mount+0xcf/0x130 fs/namespace.c:3015 __do_sys_mount fs/namespace.c:3029 [inline] __se_sys_mount fs/namespace.c:3026 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3026 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4608aa Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 RSP: 002b:00007fcfab4b7a88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007fcfab4b7b20 RCX: 00000000004608aa RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fcfab4b7ae0 RBP: 00007fcfab4b7ae0 R08: 00007fcfab4b7b20 R09: 0000000020000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000080 ================================================================================ EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop4): Unrecognized mount option "MÌÁ´zqžÀ ™" or missing value EXT4-fs (loop4): Unrecognized mount option "MÌÁ´zqžÀ ™" or missing value EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue kvm: pic: non byte write kvm: pic: non byte write kvm: pic: non byte write kvm: pic: non byte write kvm: pic: non byte write kvm: pic: non byte write kvm: pic: non byte write kvm: pic: non byte write kvm: pic: non byte write kvm: pic: non byte write audit: type=1804 audit(1603268119.813:33): pid=9439 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir402090496/syzkaller.v3cFhP/20/bus" dev="sda1" ino=15946 res=1 netlink: 'syz-executor.1': attribute type 1 has an invalid length. audit: type=1804 audit(1603268119.843:34): pid=9428 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir402090496/syzkaller.v3cFhP/20/bus" dev="sda1" ino=15946 res=1 netlink: 'syz-executor.1': attribute type 1 has an invalid length. EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue IPVS: ftp: loaded support on port[0] = 21 EXT4-fs (loop5): Unrecognized mount option "fsuuid=a2b5c631-2872-fdbf-75ec-61ac83cb" or missing value audit: type=1804 audit(1603268120.243:35): pid=9439 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir402090496/syzkaller.v3cFhP/20/bus" dev="sda1" ino=15946 res=1 audit: type=1804 audit(1603268120.283:36): pid=9428 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir402090496/syzkaller.v3cFhP/20/bus" dev="sda1" ino=15946 res=1 audit: type=1804 audit(1603268120.283:37): pid=9428 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir402090496/syzkaller.v3cFhP/20/bus" dev="sda1" ino=15946 res=1 audit: type=1804 audit(1603268120.463:38): pid=9519 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir236404381/syzkaller.rXM9gd/18/file1/file0" dev="sda1" ino=15954 res=1 EXT4-fs (loop5): Ignoring removed orlov option EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock EXT4-fs (loop5): group descriptors corrupted! audit: type=1400 audit(1603268120.713:39): avc: denied { sys_admin } for pid=9531 comm="syz-executor.1" capability=21 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=cap_userns permissive=1 EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9532 comm=syz-executor.4 IPVS: ftp: loaded support on port[0] = 21 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9544 comm=syz-executor.4 attempt to access beyond end of device loop5: rw=2049, want=66, limit=60 audit: type=1804 audit(1603268122.193:40): pid=9612 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir269894450/syzkaller.NpFaB0/31/file1/bus" dev="loop5" ino=168 res=1 attempt to access beyond end of device loop5: rw=2049, want=66, limit=60 Buffer I/O error on dev loop5, logical block 32, lost async page write attempt to access beyond end of device loop5: rw=0, want=66, limit=60 Buffer I/O error on dev loop5, logical block 32, async page read audit: type=1800 audit(1603268122.303:41): pid=9612 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.5" name="bus" dev="loop5" ino=168 res=0 attempt to access beyond end of device loop5: rw=2049, want=74, limit=60 *** Guest State *** CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 CR3 = 0x0000000000000000 RSP = 0x0000000000000f80 RIP = 0x0000000000000000 RFLAGS=0x00000002 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x000007ff, base=0x0000000000001000 LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811ca2ea RSP = 0xffff88809f18f878 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007fa452d13700 GSBase=ffff8880ae300000 TRBase=fffffe0000034000 GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 CR0=0000000080050033 CR3=000000009e449000 CR4=00000000001426e0 Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff87c013e0 EFER = 0x0000000000000d01 PAT = 0x0407050600070106 *** Control State *** PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ea EntryControls=0000d1ff ExitControls=002fefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff88346ea068 EPT pointer = 0x00000000a51a601e Virtual processor ID = 0x0001 netlink: 276 bytes leftover after parsing attributes in process `syz-executor.5'. audit: type=1800 audit(1603268123.813:42): pid=9647 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15964 res=0 audit: type=1800 audit(1603268123.813:43): pid=9647 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15964 res=0 overlayfs: unrecognized mount option "urperdir=./file1" or missing value netlink: 276 bytes leftover after parsing attributes in process `syz-executor.5'. overlayfs: unrecognized mount option "urperdir=./file1" or missing value Process accounting resumed EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue autofs4:pid:9703:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.5), cmd(0x0000937e) autofs4:pid:9703:validate_dev_ioctl: invalid device control module version supplied for cmd(0x0000937e) nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. autofs4:pid:9725:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.5), cmd(0x0000937e) EXT4-fs (loop1): Unrecognized mount option "min_ime=0x0000800000000000" or missing value autofs4:pid:9725:validate_dev_ioctl: invalid device control module version supplied for cmd(0x0000937e) team0: Device ipvlan1 failed to register rx_handler IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 EXT4-fs (loop3): Journaled quota options ignored when QUOTA feature is enabled EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (60935!=0) EXT4-fs (loop3): orphan cleanup on readonly fs EXT4-fs error (device loop3): ext4_orphan_get:1257: comm syz-executor.3: bad orphan inode 33554432 EXT4-fs (loop3): mounted filesystem without journal. Opts: usrjquota=./file0,,errors=continue