================================================================================ UBSAN: Undefined behaviour in ./include/net/red.h:272:18 shift exponent 75 is too large for 64-bit type 'long unsigned int' CPU: 0 PID: 26773 Comm: syz-executor.2 Not tainted 4.19.150-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 red_calc_qavg_from_idle_time include/net/red.h:272 [inline] red_calc_qavg include/net/red.h:313 [inline] choke_enqueue+0x2a7e/0x2cc0 net/sched/sch_choke.c:231 __dev_xmit_skb net/core/dev.c:3494 [inline] __dev_queue_xmit+0x14e1/0x2ec0 net/core/dev.c:3807 neigh_hh_output include/net/neighbour.h:491 [inline] neigh_output include/net/neighbour.h:499 [inline] ip_finish_output2+0xc04/0x1640 net/ipv4/ip_output.c:230 ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip_output+0x203/0x650 net/ipv4/ip_output.c:406 dst_output include/net/dst.h:455 [inline] ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125 dccp_v4_send_response+0x3b1/0x670 net/dccp/ipv4.c:497 dccp_v4_conn_request+0xa55/0x1230 net/dccp/ipv4.c:636 dccp_v6_conn_request+0xf88/0x14a0 net/dccp/ipv6.c:317 dccp_rcv_state_process+0x4b8/0x194f net/dccp/input.c:613 dccp_v4_do_rcv+0xff/0x1a0 net/dccp/ipv4.c:685 dccp_v6_do_rcv+0x986/0xb90 net/dccp/ipv6.c:579 sk_backlog_rcv include/net/sock.h:950 [inline] __sk_receive_skb+0x350/0xbb0 net/core/sock.c:473 dccp_v4_rcv+0xf15/0x1ad6 net/dccp/ipv4.c:877 ip_local_deliver_finish+0x4cb/0xc80 net/ipv4/ip_input.c:215 NF_HOOK include/linux/netfilter.h:289 [inline] ip_local_deliver+0x188/0x560 net/ipv4/ip_input.c:256 dst_input include/net/dst.h:461 [inline] ip_rcv_finish+0x1ca/0x2e0 net/ipv4/ip_input.c:414 NF_HOOK include/linux/netfilter.h:289 [inline] ip_rcv+0xca/0x420 net/ipv4/ip_input.c:524 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066 process_backlog+0x261/0x760 net/core/dev.c:5848 napi_poll net/core/dev.c:6272 [inline] net_rx_action+0x4e5/0x10d0 net/core/dev.c:6338 __do_softirq+0x27d/0xad2 kernel/softirq.c:292 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092 do_softirq.part.0+0x168/0x200 kernel/softirq.c:336 do_softirq kernel/softirq.c:328 [inline] __local_bh_enable_ip+0x22d/0x2a0 kernel/softirq.c:189 local_bh_enable include/linux/bottom_half.h:32 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline] ip_finish_output2+0xe53/0x1640 net/ipv4/ip_output.c:232 ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip_output+0x203/0x650 net/ipv4/ip_output.c:406 dst_output include/net/dst.h:455 [inline] ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125 __ip_queue_xmit+0x8a0/0x1bd0 net/ipv4/ip_output.c:506 dccp_transmit_skb+0x970/0x12b0 net/dccp/output.c:142 dccp_connect+0x324/0x630 net/dccp/output.c:564 dccp_v4_connect+0xdbe/0x1530 net/dccp/ipv4.c:126 __inet_stream_connect+0x836/0xe50 net/ipv4/af_inet.c:655 inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:719 __sys_connect+0x265/0x2c0 net/socket.c:1663 __do_sys_connect net/socket.c:1674 [inline] __se_sys_connect net/socket.c:1671 [inline] __x64_sys_connect+0x6f/0xb0 net/socket.c:1671 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f99e12e5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000000002340 RCX: 000000000045de59 RDX: 0000000000000010 RSI: 0000000020e5c000 RDI: 0000000000000005 RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007ffc39d5313f R14: 00007f99e12e69c0 R15: 000000000118bf2c ================================================================================ EXT4-fs warning (device sda1): ext4_block_to_path:105: block 2147483647 > max in inode 16427 IPVS: ftp: loaded support on port[0] = 21 IPVS: sync thread started: state = BACKUP, mcast_ifn = gre0, syncid = 0, id = 0 netlink: 'syz-executor.1': attribute type 4 has an invalid length. IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 netlink: 'syz-executor.1': attribute type 4 has an invalid length. qnx4: no qnx4 filesystem (no root dir). qnx4: no qnx4 filesystem (no root dir). IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21