================================================================================ UBSAN: shift-out-of-bounds in ./include/net/red.h:312:18 shift exponent 101 is too large for 64-bit type 'unsigned long' CPU: 1 PID: 12296 Comm: syz-executor.4 Not tainted 5.12.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x176/0x24e lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:148 [inline] __ubsan_handle_shift_out_of_bounds+0x432/0x4d0 lib/ubsan.c:327 red_calc_qavg_from_idle_time include/net/red.h:312 [inline] red_calc_qavg include/net/red.h:353 [inline] choke_enqueue+0x1a96/0x1c90 net/sched/sch_choke.c:221 __dev_xmit_skb net/core/dev.c:3837 [inline] __dev_queue_xmit+0xe5a/0x2a50 net/core/dev.c:4150 neigh_hh_output include/net/neighbour.h:499 [inline] neigh_output include/net/neighbour.h:508 [inline] ip6_finish_output2+0x1084/0x1460 net/ipv6/ip6_output.c:117 dst_output include/net/dst.h:448 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ndisc_send_skb+0x93b/0xd50 net/ipv6/ndisc.c:508 addrconf_rs_timer+0x242/0x6f0 net/ipv6/addrconf.c:3877 call_timer_fn+0x91/0x160 kernel/time/timer.c:1431 expire_timers kernel/time/timer.c:1476 [inline] __run_timers+0x6c0/0x8a0 kernel/time/timer.c:1745 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1758 __do_softirq+0x318/0x714 kernel/softirq.c:345 invoke_softirq kernel/softirq.c:221 [inline] __irq_exit_rcu+0x1d8/0x200 kernel/softirq.c:422 irq_exit_rcu+0x5/0x20 kernel/softirq.c:434 sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632 RIP: 0010:vm_normal_page+0x68/0x1d0 mm/memory.c:612 Code: b6 c3 48 f7 d8 4c 31 e0 48 c1 e8 0c 49 bd ff ff ff ff ff 00 00 00 49 21 c5 4c 89 e6 48 81 e6 00 02 00 00 31 ff e8 48 13 cc ff <4c> 89 e0 48 25 00 02 00 00 75 3f 48 8b 1d fe 78 08 0c 4c 89 ef 48 RSP: 0018:ffffc90002017798 EFLAGS: 00000293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888031961bc0 RDX: ffff888031961bc0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc90002017901 R08: ffffffff81ac9f08 R09: ffffed100632c379 R10: ffffed100632c379 R11: 0000000000000000 R12: 8000000065283007 R13: 0000000000065283 R14: 00007fd9b3d5e000 R15: ffff888013b0e630 zap_pte_range+0x2cf/0x1b40 mm/memory.c:1249 zap_pmd_range mm/memory.c:1380 [inline] zap_pud_range mm/memory.c:1409 [inline] zap_p4d_range mm/memory.c:1430 [inline] unmap_page_range+0x55a/0x890 mm/memory.c:1451 unmap_vmas+0x15d/0x2c0 mm/memory.c:1528 exit_mmap+0x26d/0x590 mm/mmap.c:3218 __mmput+0x111/0x370 kernel/fork.c:1082 exit_mm+0x5ec/0x710 kernel/exit.c:501 do_exit+0x62f/0x2340 kernel/exit.c:812 do_group_exit+0x168/0x2d0 kernel/exit.c:922 get_signal+0x1734/0x1ef0 kernel/signal.c:2773 arch_do_signal_or_restart+0x3c/0x610 arch/x86/kernel/signal.c:811 handle_signal_work kernel/entry/common.c:147 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0xac/0x1e0 kernel/entry/common.c:208 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline] syscall_exit_to_user_mode+0x48/0x180 kernel/entry/common.c:301 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x465f69 Code: Unable to access opcode bytes at RIP 0x465f3f. RSP: 002b:00007fd9b33d0218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000001 RBX: 000000000056c010 RCX: 0000000000465f69 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000056c014 RBP: 000000000056c008 R08: 000000000000000e R09: 0000000000000000 R10: 0000000000000028 R11: 0000000000000246 R12: 000000000056c014 R13: 00007fffc8d8411f R14: 00007fd9b33d0300 R15: 0000000000022000 ================================================================================