================================================================================ UBSAN: Undefined behaviour in net/netfilter/ipset/ip_set_hash_gen.h:125:6 shift exponent 32 is too large for 32-bit type 'unsigned int' CPU: 0 PID: 9174 Comm: syz-executor.1 Not tainted 4.19.147-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 htable_bits net/netfilter/ipset/ip_set_hash_gen.h:125 [inline] hash_netiface_create.cold+0x1a/0x1f net/netfilter/ipset/ip_set_hash_gen.h:1290 ip_set_create+0x70e/0x1380 net/netfilter/ipset/ip_set_core.c:940 libceph: parse_ips bad ip '[:.)]' nfnetlink_rcv_msg+0xeff/0x1210 net/netfilter/nfnetlink.c:233 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2455 nfnetlink_rcv+0x1b2/0x41b net/netfilter/nfnetlink.c:565 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x717/0xcc0 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc7/0x130 net/socket.c:632 ___sys_sendmsg+0x7bb/0x8f0 net/socket.c:2115 __sys_sendmsg net/socket.c:2153 [inline] __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2160 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45e179 Code: 3d b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fa17f311c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000029b40 RCX: 000000000045e179 RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007fffa7cae78f R14: 00007fa17f3129c0 R15: 000000000118cf4c ================================================================================ device ip6gretap0 entered promiscuous mode device ip6gretap0 left promiscuous mode device ip6gretap0 entered promiscuous mode device ip6gretap0 left promiscuous mode device ip6gretap0 entered promiscuous mode device ip6gretap0 left promiscuous mode netlink: 'syz-executor.5': attribute type 5 has an invalid length. device dummy0 entered promiscuous mode device macsec1 entered promiscuous mode team0: Device macsec1 is up. Set it down before adding it as a team port device dummy0 left promiscuous mode netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 'syz-executor.5': attribute type 5 has an invalid length. device dummy0 entered promiscuous mode device macsec1 entered promiscuous mode team0: Device macsec1 is up. Set it down before adding it as a team port device dummy0 left promiscuous mode device ip6gretap0 entered promiscuous mode device ip6gretap0 left promiscuous mode netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended EXT4-fs (loop1): bad geometry: first data block 2835515476 is beyond end of filesystem (10) netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. kvm [9367]: vcpu0, guest rIP: 0x14c disabled perfctr wrmsr: 0xc1 data 0x1 kvm [9367]: vcpu0, guest rIP: 0x14c disabled perfctr wrmsr: 0xc1 data 0x1 kvm [9367]: vcpu0, guest rIP: 0x14c disabled perfctr wrmsr: 0xc1 data 0x1 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. kvm [9367]: vcpu0, guest rIP: 0x14c disabled perfctr wrmsr: 0xc1 data 0x1 kvm [9367]: vcpu0, guest rIP: 0x14c disabled perfctr wrmsr: 0xc1 data 0x1 kvm [9367]: vcpu0, guest rIP: 0x14c disabled perfctr wrmsr: 0xc1 data 0x1 kvm [9367]: vcpu0, guest rIP: 0x14c disabled perfctr wrmsr: 0xc1 data 0x1 kvm [9367]: vcpu0, guest rIP: 0x14c disabled perfctr wrmsr: 0xc1 data 0x1 kvm [9367]: vcpu0, guest rIP: 0x14c disabled perfctr wrmsr: 0xc1 data 0x1 kvm [9367]: vcpu0, guest rIP: 0x14c disabled perfctr wrmsr: 0xc1 data 0x1 device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. device wlan1 left promiscuous mode device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready netlink: 1996 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 1996 bytes leftover after parsing attributes in process `syz-executor.3'. audit: type=1800 audit(1601086472.059:22): pid=9515 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=15899 res=0 netlink: 1996 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 1996 bytes leftover after parsing attributes in process `syz-executor.3'. audit: type=1800 audit(1601086474.699:23): pid=9535 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=15935 res=0 Unable to read inode block Unable to read inode block netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: zone id is out of range netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.