nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. ================================================================================ UBSAN: Undefined behaviour in ./include/net/red.h:272:18 shift exponent 95 is too large for 64-bit type 'long unsigned int' CPU: 1 PID: 30653 Comm: syz-executor.1 Not tainted 4.19.152-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 red_calc_qavg_from_idle_time include/net/red.h:272 [inline] red_calc_qavg include/net/red.h:313 [inline] choke_enqueue+0x2a7e/0x2cc0 net/sched/sch_choke.c:231 __dev_xmit_skb net/core/dev.c:3494 [inline] __dev_queue_xmit+0x14e1/0x2ec0 net/core/dev.c:3807 neigh_hh_output include/net/neighbour.h:491 [inline] neigh_output include/net/neighbour.h:499 [inline] ip6_finish_output2+0xe78/0x2370 net/ipv6/ip6_output.c:120 ip6_finish_output+0x610/0xcc0 net/ipv6/ip6_output.c:154 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip6_output+0x205/0x7c0 net/ipv6/ip6_output.c:171 dst_output include/net/dst.h:455 [inline] NF_HOOK include/linux/netfilter.h:289 [inline] ip6_xmit+0xe46/0x2110 net/ipv6/ip6_output.c:275 inet6_csk_xmit+0x350/0x661 net/ipv6/inet6_connection_sock.c:139 __tcp_transmit_skb+0x1c72/0x36c0 net/ipv4/tcp_output.c:1148 tcp_transmit_skb net/ipv4/tcp_output.c:1164 [inline] tcp_xmit_probe_skb+0x2e8/0x390 net/ipv4/tcp_output.c:3679 tcp_write_wakeup+0x1bd/0x610 net/ipv4/tcp_output.c:3732 tcp_send_probe0+0x46/0x413 net/ipv4/tcp_output.c:3747 tcp_probe_timer net/ipv4/tcp_timer.c:385 [inline] tcp_write_timer_handler+0x8b8/0xb50 net/ipv4/tcp_timer.c:602 tcp_write_timer+0x103/0x1b0 net/ipv4/tcp_timer.c:618 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338 expire_timers+0x243/0x500 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1703 [inline] run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716 __do_softirq+0x27d/0xad2 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x22d/0x270 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:544 [inline] smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:__find_get_block+0x2a3/0x1080 fs/buffer.c:1293 Code: ff df 48 c1 ea 03 80 3c 02 00 0f 85 76 0d 00 00 48 83 3d b7 85 9f 07 00 0f 84 28 05 00 00 e8 84 ce ad ff fb 66 0f 1f 44 00 00 <4d> 85 e4 0f 84 6f 02 00 00 e8 6f ce ad ff 0f 1f 44 00 00 e8 65 ce RSP: 0018:ffff8880a711fac0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 RAX: ffff8880a38a05c0 RBX: 0000000000000000 RCX: 1ffff110147141d2 RDX: 0000000000000000 RSI: ffffffff81c4044c RDI: ffff8880a38a0e44 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88804190e540 R13: 0000000000000433 R14: 0000000000001000 R15: ffff88804190e540 sb_find_get_block include/linux/buffer_head.h:346 [inline] recently_deleted fs/ext4/ialloc.c:685 [inline] find_inode_bit+0x285/0x5b0 fs/ext4/ialloc.c:725 __ext4_new_inode+0x174c/0x5e40 fs/ext4/ialloc.c:917 ext4_symlink+0x3f5/0xc00 fs/ext4/namei.c:3146 vfs_symlink+0x3ac/0x630 fs/namei.c:4129 do_symlinkat+0x258/0x2c0 fs/namei.c:4156 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45db87 Code: 0f 1f 00 b8 5c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffdda769d08 EFLAGS: 00000202 ORIG_RAX: 0000000000000058 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045db87 RDX: 00007ffdda769da3 RSI: 00000000004c3889 RDI: 00007ffdda769d90 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000013 R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000001 R13: 00007ffdda769d40 R14: 0000000000000000 R15: 00007ffdda769d50 ================================================================================ netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready IPVS: Error connecting to the multicast addr IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables x_tables: duplicate underflow at hook 1 x_tables: duplicate underflow at hook 1 x_tables: duplicate underflow at hook 3 x_tables: duplicate underflow at hook 3 x_tables: duplicate underflow at hook 3