================================================================================
UBSAN: Undefined behaviour in net/netfilter/ipset/ip_set_hash_gen.h:125:6
shift exponent 32 is too large for 32-bit type 'unsigned int'
CPU: 1 PID: 7533 Comm: syz-executor.0 Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 htable_bits net/netfilter/ipset/ip_set_hash_gen.h:125 [inline]
 hash_ipportip_create.cold+0x1a/0x21 net/netfilter/ipset/ip_set_hash_gen.h:1290
 ip_set_create+0x70e/0x1380 net/netfilter/ipset/ip_set_core.c:940
 nfnetlink_rcv_msg+0xeff/0x1210 net/netfilter/nfnetlink.c:233
 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2455
 nfnetlink_rcv+0x1b2/0x41b net/netfilter/nfnetlink.c:565
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x717/0xcc0 net/netlink/af_netlink.c:1909
 sock_sendmsg_nosec net/socket.c:622 [inline]
 sock_sendmsg+0xc7/0x130 net/socket.c:632
 ___sys_sendmsg+0x7bb/0x8f0 net/socket.c:2115
 __sys_sendmsg net/socket.c:2153 [inline]
 __do_sys_sendmsg net/socket.c:2162 [inline]
 __se_sys_sendmsg net/socket.c:2160 [inline]
 __x64_sys_sendmsg+0x132/0x220 net/socket.c:2160
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45de59
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f5836c53c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000029b40 RCX: 000000000045de59
RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003
RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007ffcd4e5f0ff R14: 00007f5836c549c0 R15: 000000000118bf2c
================================================================================
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
capability: warning: `syz-executor.2' uses 32-bit capabilities (legacy support in use)
netlink: 'syz-executor.1': attribute type 1 has an invalid length.
netlink: 'syz-executor.1': attribute type 1 has an invalid length.
netlink: 'syz-executor.1': attribute type 1 has an invalid length.
qnx4: no qnx4 filesystem (no root dir).
qnx4: no qnx4 filesystem (no root dir).
qnx4: no qnx4 filesystem (no root dir).
qnx4: no qnx4 filesystem (no root dir).
qnx4: no qnx4 filesystem (no root dir).
MTD: Attempt to mount non-MTD device "/dev/loop5"
romfs: bad initial checksum on dev loop5.
MTD: Attempt to mount non-MTD device "/dev/loop5"
romfs: bad initial checksum on dev loop5.
MTD: Attempt to mount non-MTD device "/dev/loop5"
romfs: bad initial checksum on dev loop5.
MTD: Attempt to mount non-MTD device "/dev/loop5"
romfs: bad initial checksum on dev loop5.
MTD: Attempt to mount non-MTD device "/dev/loop5"
romfs: bad initial checksum on dev loop5.
BUG: MAX_LOCKDEP_CHAINS too low!
turning off the locking correctness validator.
CPU: 1 PID: 8200 Comm: syz-executor.1 Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 add_chain_cache kernel/locking/lockdep.c:2258 [inline]
 lookup_chain_cache_add kernel/locking/lockdep.c:2370 [inline]
 validate_chain kernel/locking/lockdep.c:2390 [inline]
 __lock_acquire.cold+0x44b/0x543 kernel/locking/lockdep.c:3415
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3907
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
 rq_lock kernel/sched/sched.h:1823 [inline]
 __schedule+0x257/0x22e0 kernel/sched/core.c:3455
 preempt_schedule_irq+0xb4/0x180 kernel/sched/core.c:3744
 retint_kernel+0x1b/0x2d
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline]
RIP: 0010:lock_acquire+0x1ec/0x3f0 kernel/locking/lockdep.c:3910
Code: 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 dd 01 00 00 48 83 3d 09 8e 0b 08 00 0f 84 4e 01 00 00 48 8b 7c 24 08 57 9d <0f> 1f 44 00 00 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f c3 65 8b
RSP: 0018:ffff88804a14f9e0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff12c713d RBX: ffff888053dba300 RCX: ffffffff8157c85e
RDX: dffffc0000000000 RSI: 0000000000000004 RDI: 0000000000000286
RBP: ffff8880a3b352a8 R08: 0000000000000000 R09: fffffbfff1a53f08
R10: 0000000000000003 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001
 kernfs_drain fs/kernfs/dir.c:468 [inline]
 __kernfs_remove+0x827/0xa20 fs/kernfs/dir.c:1316
 kernfs_remove+0x1f/0x30 fs/kernfs/dir.c:1351
 sysfs_remove_dir+0xc1/0x100 fs/sysfs/dir.c:101
 kobject_del lib/kobject.c:592 [inline]
 kobject_del+0x43/0xf0 lib/kobject.c:584
 blk_integrity_del+0x25/0x2e block/blk-integrity.c:451
 del_gendisk+0x85/0xaf0 block/genhd.c:744
 loop_remove drivers/block/loop.c:2066 [inline]
 loop_control_ioctl drivers/block/loop.c:2165 [inline]
 loop_control_ioctl+0x3b1/0x480 drivers/block/loop.c:2131
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
 __do_sys_ioctl fs/ioctl.c:712 [inline]
 __se_sys_ioctl fs/ioctl.c:710 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45de59
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f3525bbec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000012900 RCX: 000000000045de59
RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000003
RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007ffe603a2e9f R14: 00007f3525bbf9c0 R15: 000000000118bf2c