UBSAN: shift-out-of-bounds in choke

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	UBSAN: shift-out-of-bounds in choke_change net	C	inconclusive		15	1155d	1214d	0/26	closed as dup on 2020/12/29 20:08

================================================================================ UBSAN: shift-out-of-bounds in ./include/net/red.h:237:23 shift exponent 32 is too large for 32-bit type 'unsigned int' CPU: 1 PID: 8397 Comm: syz-executor265 Not tainted 5.12.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327 red_set_parms include/net/red.h:237 [inline] choke_change.cold+0x3c/0xc8 net/sched/sch_choke.c:414 qdisc_create+0x475/0x12f0 net/sched/sch_api.c:1247 tc_modify_qdisc+0x4c8/0x1a50 net/sched/sch_api.c:1663 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5553 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:674 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x43f039 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffceb473ac8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f039 RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 RBP: 0000000000403020 R08: 0000000000400488 R09: 0000000000400488 R10: 0000000000400488 R11: 0000000000000246 R12: 00000000004030b0 R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 ================================================================================

Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Manager	Title
2021/03/25 10:27	net-old	6f235a69e594	607e3baf	.config	console log	report	syz	C		ci-upstream-net-this-kasan-gce	UBSAN: shift-out-of-bounds in choke_change
2021/03/24 20:51	linux-next	20f1b5f9c07c	607e3baf	.config	console log	report	syz	C		ci-upstream-linux-next-kasan-gce-root	UBSAN: shift-out-of-bounds in choke_change
2021/04/09 05:42	upstream	4fa56ad0d12e	6a81331a	.config	console log	report			info	ci-upstream-kasan-gce-root	UBSAN: shift-out-of-bounds in choke_change
2021/04/06 05:10	upstream	0a50438c8436	6a81331a	.config	console log	report			info	ci-upstream-kasan-gce	UBSAN: shift-out-of-bounds in choke_change
2021/04/01 13:28	upstream	d19cc4bfbff1	6a81331a	.config	console log	report			info	ci-upstream-kasan-gce	UBSAN: shift-out-of-bounds in choke_change
2021/03/28 06:58	linux-next	931294922e65	a8529b82	.config	console log	report			info	ci-upstream-linux-next-kasan-gce-root	UBSAN: shift-out-of-bounds in choke_change
2021/03/24 20:30	linux-next	20f1b5f9c07c	607e3baf	.config	console log	report			info	ci-upstream-linux-next-kasan-gce-root	UBSAN: shift-out-of-bounds in choke_change