================================================================================
UBSAN: Undefined behaviour in ./include/net/red.h:272:18
shift exponent 116 is too large for 64-bit type 'long unsigned int'
CPU: 1 PID: 22460 Comm: syz-executor.0 Not tainted 4.19.152-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x22c/0x33e lib/dump_stack.c:118
ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
__ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
red_calc_qavg_from_idle_time include/net/red.h:272 [inline]
red_calc_qavg include/net/red.h:313 [inline]
choke_enqueue+0x2a7e/0x2cc0 net/sched/sch_choke.c:231
__dev_xmit_skb net/core/dev.c:3494 [inline]
__dev_queue_xmit+0x14e1/0x2ec0 net/core/dev.c:3807
neigh_hh_output include/net/neighbour.h:491 [inline]
neigh_output include/net/neighbour.h:499 [inline]
ip_finish_output2+0xc04/0x1640 net/ipv4/ip_output.c:230
ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip_output+0x203/0x650 net/ipv4/ip_output.c:406
dst_output include/net/dst.h:455 [inline]
ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
iptunnel_xmit+0x63e/0xa30 net/ipv4/ip_tunnel_core.c:91
geneve_xmit_skb drivers/net/geneve.c:865 [inline]
geneve_xmit+0xf46/0x2ac0 drivers/net/geneve.c:938
__netdev_start_xmit include/linux/netdevice.h:4333 [inline]
netdev_start_xmit include/linux/netdevice.h:4347 [inline]
xmit_one net/core/dev.c:3256 [inline]
dev_hard_start_xmit+0x1a8/0x960 net/core/dev.c:3272
__dev_queue_xmit+0x276a/0x2ec0 net/core/dev.c:3838
neigh_resolve_output+0x55a/0x950 net/core/neighbour.c:1374
neigh_output include/net/neighbour.h:501 [inline]
ip6_finish_output2+0x1184/0x2370 net/ipv6/ip6_output.c:120
ip6_finish_output+0x610/0xcc0 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip6_output+0x205/0x7c0 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:455 [inline]
NF_HOOK include/linux/netfilter.h:289 [inline]
ndisc_send_skb+0xa6b/0x1860 net/ipv6/ndisc.c:491
ndisc_send_rs+0x131/0x6a0 net/ipv6/ndisc.c:685
addrconf_rs_timer+0x2d9/0x640 net/ipv6/addrconf.c:3834
call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
expire_timers+0x243/0x500 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1703 [inline]
run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
__do_softirq+0x27d/0xad2 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x22d/0x270 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:544 [inline]
smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
RIP: 0010:trace_ext4_es_lookup_extent_exit include/trace/events/ext4.h:2367 [inline]
RIP: 0010:ext4_es_lookup_extent+0x905/0xba0 fs/ext4/extents_status.c:835
Code: e1 0a 10 7e 48 c7 c0 88 91 34 8b 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 82 02 00 00 48 8b 05 73 ae 42 09 76 42 6c ff 31 ff 89 c3 89 c6 e8 1b f1 7f ff 85 db 74 3a e8 a2
RSP: 0018:ffff88804e4a7908 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81f1ddcb
RDX: dffffc0000000000 RSI: ffffffff81f1e2e8 RDI: 0000000000000001
RBP: 88000000000026d5 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000002 R12: 0000000000000001
R13: 0000000000000010 R14: ffff888048d1d4f0 R15: ffff88807ff34ec4
ext4_map_blocks+0x159/0x19e0 fs/ext4/inode.c:539
ext4_getblk+0x3fd/0x510 fs/ext4/inode.c:985
ext4_bread+0x7c/0x210 fs/ext4/inode.c:1035
__ext4_read_dirblock+0x89/0x900 fs/ext4/namei.c:111
ext4_add_entry+0x65f/0xbe0 fs/ext4/namei.c:2112
ext4_add_nondir fs/ext4/namei.c:2453 [inline]
ext4_symlink+0x5e4/0xc00 fs/ext4/namei.c:3215
vfs_symlink+0x3ac/0x630 fs/namei.c:4129
do_symlinkat+0x258/0x2c0 fs/namei.c:4156
do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45db87
Code: 0f 1f 00 b8 5c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc6824ff38 EFLAGS: 00000202 ORIG_RAX: 0000000000000058
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045db87
RDX: 00007ffc6824ffd3 RSI: 00000000004c3889 RDI: 00007ffc6824ffc0
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000013
R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000001
R13: 00007ffc6824ff70 R14: 0000000000000000 R15: 00007ffc6824ff80
================================================================================
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
audit: type=1800 audit(1603224898.355:158): pid=22664 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=15969 res=0
audit: type=1800 audit(1603224898.355:159): pid=22664 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=15969 res=0
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
ptrace attach of "/root/syz-executor.5"[22897] was attempted by "/root/syz-executor.5"[22899]
ptrace attach of "/root/syz-executor.2"[22944] was attempted by "/root/syz-executor.2"[22945]
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
ICMPv6: NA: aa:aa:aa:aa:aa:bb advertised our address fe80::aa on syz_tun!