UBSAN: shift-out-of-bounds in ./include/net/red.h:312:18 shift exponent 109 is too large for 64-bit type 'long unsigned int' CPU: 3 PID: 5026 Comm: systemd-udevd Not tainted 5.12.0-rc1-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0xfa/0x151 lib/dump_stack.c:120 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327 red_calc_qavg_from_idle_time include/net/red.h:312 [inline] red_calc_qavg include/net/red.h:353 [inline] red_enqueue.cold+0x64/0x452 net/sched/sch_red.c:77 __dev_xmit_skb net/core/dev.c:3837 [inline] __dev_queue_xmit+0x1943/0x2e00 net/core/dev.c:4150 neigh_resolve_output net/core/neighbour.c:1491 [inline] neigh_resolve_output+0x4d2/0x7e0 net/core/neighbour.c:1471 neigh_output include/net/neighbour.h:510 [inline] ip6_finish_output2+0x6b2/0x16b0 net/ipv6/ip6_output.c:117 __ip6_finish_output net/ipv6/ip6_output.c:182 [inline] __ip6_finish_output+0x4c1/0xe10 net/ipv6/ip6_output.c:161 ip6_finish_output+0x35/0x200 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip6_output+0x1e4/0x530 net/ipv6/ip6_output.c:215 dst_output include/net/dst.h:448 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] mld_sendpack+0x92a/0xdb0 net/ipv6/mcast.c:1679 mld_send_cr net/ipv6/mcast.c:1975 [inline] mld_ifc_timer_expire+0x60a/0xf10 net/ipv6/mcast.c:2474 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1431 expire_timers kernel/time/timer.c:1476 [inline] __run_timers.part.0+0x67c/0xa50 kernel/time/timer.c:1745 __run_timers kernel/time/timer.c:1726 [inline] run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1758 __do_softirq+0x29b/0x9f6 kernel/softirq.c:345 invoke_softirq kernel/softirq.c:221 [inline] __irq_exit_rcu kernel/softirq.c:422 [inline] irq_exit_rcu+0x134/0x200 kernel/softirq.c:434 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632 RIP: 0010:memcpy+0x0/0x60 mm/kasan/shadow.c:64 Code: f6 ff ff 84 c0 74 13 4c 89 e2 48 89 ee 4c 89 ef 5d 41 5c 41 5d e9 40 dd 29 02 5d 31 c0 41 5c 41 5d c3 0f 1f 84 00 00 00 00 00 <41> 55 49 89 fd 41 54 49 89 d4 31 d2 55 48 8b 4c 24 18 48 89 f5 4c RSP: 0018:ffffc9000deb7978 EFLAGS: 00000293 RAX: ffff888013b1b4e0 RBX: 1ffff92001bd6f33 RCX: 0000000000000000 RDX: 0000000000000014 RSI: ffff888013b1b4ec RDI: ffffc9000deb7aa8 RBP: 0000000010000000 R08: 0000000000000029 R09: 0000000000000008 R10: ffffffff8388b251 R11: 0000000000000008 R12: ffffffff8ffe3f00 R13: ffffc9000deb7aa8 R14: 0000000000000029 R15: 0000000000000008 memcpy include/linux/fortify-string.h:191 [inline] avc_has_perm_noaudit+0x153/0x390 security/selinux/avc.c:1156 selinux_inode_permission+0x3ff/0x670 security/selinux/hooks.c:3141 security_inode_permission+0x92/0xf0 security/security.c:1268 inode_permission.part.0+0x119/0x440 fs/namei.c:521 inode_permission fs/namei.c:494 [inline] may_lookup fs/namei.c:1656 [inline] link_path_walk.part.0+0x800/0xc90 fs/namei.c:2208 link_path_walk fs/namei.c:2190 [inline] path_lookupat+0xb7/0x830 fs/namei.c:2419 filename_lookup+0x19f/0x560 fs/namei.c:2453 user_path_at include/linux/namei.h:60 [inline] do_faccessat+0x127/0x850 fs/open.c:425 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f571ee979c7 Code: 83 c4 08 48 3d 01 f0 ff ff 73 01 c3 48 8b 0d c8 d4 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 15 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a1 d4 2b 00 f7 d8 64 89 01 48 RSP: 002b:00007fff5aa0fcb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 RAX: ffffffffffffffda RBX: 0000558f2aea8360 RCX: 00007f571ee979c7 RDX: 00746e657665752f RSI: 0000000000000000 RDI: 00007fff5aa0fcc0 RBP: 00007fff5aa0fd30 R08: 000000000000ffff R09: 0000000000001010 R10: 00007f571f155b58 R11: 0000000000000246 R12: 0000558f296dd856 R13: 0000558f2ae9c420 R14: 00007fff5aa0fcc0 R15: 00007fff5aa0fe00 ================================================================================