================================================================================ UBSAN: shift-out-of-bounds in ./include/net/red.h:310:18 shift exponent 234 is too large for 64-bit type 'long unsigned int' CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.0-rc6-next-20201207-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:120 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:395 red_calc_qavg_from_idle_time include/net/red.h:310 [inline] red_calc_qavg include/net/red.h:351 [inline] red_enqueue.cold+0x1a/0x475 net/sched/sch_red.c:77 __dev_xmit_skb net/core/dev.c:3789 [inline] __dev_queue_xmit+0x199e/0x2ec0 net/core/dev.c:4101 neigh_hh_output include/net/neighbour.h:499 [inline] neigh_output include/net/neighbour.h:508 [inline] ip_finish_output2+0xf5d/0x2330 net/ipv4/ip_output.c:230 __ip_finish_output net/ipv4/ip_output.c:308 [inline] __ip_finish_output+0x399/0x650 net/ipv4/ip_output.c:290 ip_finish_output+0x35/0x200 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip_output+0x196/0x310 net/ipv4/ip_output.c:432 dst_output include/net/dst.h:441 [inline] ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:126 iptunnel_xmit+0x5a3/0x9c0 net/ipv4/ip_tunnel_core.c:82 geneve_xmit_skb drivers/net/geneve.c:971 [inline] geneve_xmit+0xfe0/0x3230 drivers/net/geneve.c:1071 __netdev_start_xmit include/linux/netdevice.h:4775 [inline] netdev_start_xmit include/linux/netdevice.h:4789 [inline] xmit_one net/core/dev.c:3556 [inline] dev_hard_start_xmit+0x1eb/0x960 net/core/dev.c:3572 __dev_queue_xmit+0x21de/0x2ec0 net/core/dev.c:4133 neigh_hh_output include/net/neighbour.h:499 [inline] neigh_output include/net/neighbour.h:508 [inline] ip6_finish_output2+0x8cc/0x1710 net/ipv6/ip6_output.c:117 __ip6_finish_output net/ipv6/ip6_output.c:143 [inline] __ip6_finish_output+0x4be/0xb80 net/ipv6/ip6_output.c:128 ip6_finish_output+0x35/0x200 net/ipv6/ip6_output.c:153 NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip6_output+0x1db/0x520 net/ipv6/ip6_output.c:176 dst_output include/net/dst.h:441 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] mld_sendpack+0x996/0xe20 net/ipv6/mcast.c:1679 mld_send_cr net/ipv6/mcast.c:1975 [inline] mld_ifc_timer_expire+0x60a/0xf10 net/ipv6/mcast.c:2474 call_timer_fn+0x1a5/0x710 kernel/time/timer.c:1417 expire_timers kernel/time/timer.c:1462 [inline] __run_timers.part.0+0x692/0xa80 kernel/time/timer.c:1731 __run_timers kernel/time/timer.c:1712 [inline] run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1744 __do_softirq+0x2b7/0xa76 kernel/softirq.c:343 asm_call_irq_on_stack+0xf/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:226 [inline] __irq_exit_rcu kernel/softirq.c:424 [inline] irq_exit_rcu+0x194/0x210 kernel/softirq.c:436 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1096 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628 RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:29 [inline] RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:79 [inline] RIP: 0010:arch_irqs_disabled arch/x86/include/asm/irqflags.h:169 [inline] RIP: 0010:acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250 drivers/acpi/processor_idle.c:516 Code: cd 0f 5b f8 84 db 75 ac e8 e4 01 5b f8 e8 df d7 60 f8 e9 0c 00 00 00 e8 d5 01 5b f8 0f 00 2d de 39 b3 00 e8 c9 01 5b f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 54 0c 5b f8 48 85 db RSP: 0018:ffffffff8b407d60 EFLAGS: 00000293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffffffff8b49bc00 RSI: ffffffff89174467 RDI: 0000000000000000 RBP: ffff888014233064 R08: 0000000000000001 R09: 0000000000000001 R10: ffffffff81781c68 R11: 0000000000000000 R12: 0000000000000001 R13: ffff888014233000 R14: ffff888014233064 R15: ffff888143612004 acpi_idle_enter+0x361/0x500 drivers/acpi/processor_idle.c:647 cpuidle_enter_state+0x1b1/0xc80 drivers/cpuidle/cpuidle.c:237 cpuidle_enter+0x4a/0xa0 drivers/cpuidle/cpuidle.c:351 call_cpuidle kernel/sched/idle.c:158 [inline] cpuidle_idle_call kernel/sched/idle.c:239 [inline] do_idle+0x3eb/0x590 kernel/sched/idle.c:299 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:396 start_kernel+0x49b/0x4bc init/main.c:1064 secondary_startup_64_no_verify+0xb0/0xbb ================================================================================