================================================================================ UBSAN: shift-out-of-bounds in net/sched/sch_api.c:571:7 shift exponent 144 is too large for 32-bit type 'int' CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.0-rc7-next-20201208-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:120 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:395 __qdisc_calculate_pkt_len.cold+0x62/0xcf net/sched/sch_api.c:571 qdisc_calculate_pkt_len include/net/sch_generic.h:779 [inline] __dev_xmit_skb net/core/dev.c:3743 [inline] __dev_queue_xmit+0x1349/0x2ec0 net/core/dev.c:4101 neigh_hh_output include/net/neighbour.h:499 [inline] neigh_output include/net/neighbour.h:508 [inline] ip_finish_output2+0xf5d/0x2330 net/ipv4/ip_output.c:230 __ip_finish_output net/ipv4/ip_output.c:308 [inline] __ip_finish_output+0x399/0x650 net/ipv4/ip_output.c:290 ip_finish_output+0x35/0x200 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip_output+0x196/0x310 net/ipv4/ip_output.c:432 dst_output include/net/dst.h:441 [inline] ip_local_out+0xaf/0x1a0 net/ipv4/ip_output.c:126 iptunnel_xmit+0x5a3/0x9c0 net/ipv4/ip_tunnel_core.c:82 geneve_xmit_skb drivers/net/geneve.c:971 [inline] geneve_xmit+0xfe0/0x3230 drivers/net/geneve.c:1071 __netdev_start_xmit include/linux/netdevice.h:4775 [inline] netdev_start_xmit include/linux/netdevice.h:4789 [inline] xmit_one net/core/dev.c:3556 [inline] dev_hard_start_xmit+0x1eb/0x960 net/core/dev.c:3572 __dev_queue_xmit+0x21de/0x2ec0 net/core/dev.c:4133 neigh_hh_output include/net/neighbour.h:499 [inline] neigh_output include/net/neighbour.h:508 [inline] ip6_finish_output2+0x8cc/0x1710 net/ipv6/ip6_output.c:117 __ip6_finish_output net/ipv6/ip6_output.c:143 [inline] __ip6_finish_output+0x4be/0xb80 net/ipv6/ip6_output.c:128 ip6_finish_output+0x35/0x200 net/ipv6/ip6_output.c:153 NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip6_output+0x1db/0x520 net/ipv6/ip6_output.c:176 dst_output include/net/dst.h:441 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] mld_sendpack+0x996/0xe20 net/ipv6/mcast.c:1679 mld_send_cr net/ipv6/mcast.c:1975 [inline] mld_ifc_timer_expire+0x60a/0xf10 net/ipv6/mcast.c:2474 call_timer_fn+0x1a5/0x710 kernel/time/timer.c:1417 expire_timers kernel/time/timer.c:1462 [inline] __run_timers.part.0+0x692/0xa80 kernel/time/timer.c:1731 __run_timers kernel/time/timer.c:1712 [inline] run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1744 __do_softirq+0x2b7/0xa76 kernel/softirq.c:343 asm_call_irq_on_stack+0xf/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:226 [inline] __irq_exit_rcu kernel/softirq.c:424 [inline] irq_exit_rcu+0x194/0x210 kernel/softirq.c:436 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1096 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628 RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:29 [inline] RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:79 [inline] RIP: 0010:arch_irqs_disabled arch/x86/include/asm/irqflags.h:169 [inline] RIP: 0010:acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250 drivers/acpi/processor_idle.c:516 Code: fd 42 5a f8 84 db 75 ac e8 14 35 5a f8 e8 5f 0b 60 f8 e9 0c 00 00 00 e8 05 35 5a f8 0f 00 2d 3e 6e b2 00 e8 f9 34 5a f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 84 3f 5a f8 48 85 db RSP: 0018:ffffffff8b407d60 EFLAGS: 00000293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffffffff8b49bc00 RSI: ffffffff89181207 RDI: 0000000000000000 RBP: ffff8880153ee064 R08: 0000000000000001 R09: 0000000000000001 R10: ffffffff81781d88 R11: 0000000000000000 R12: 0000000000000001 R13: ffff8880153ee000 R14: ffff8880153ee064 R15: ffff8881435e0804 acpi_idle_enter+0x361/0x500 drivers/acpi/processor_idle.c:647 cpuidle_enter_state+0x1b1/0xc80 drivers/cpuidle/cpuidle.c:237 cpuidle_enter+0x4a/0xa0 drivers/cpuidle/cpuidle.c:351 call_cpuidle kernel/sched/idle.c:158 [inline] cpuidle_idle_call kernel/sched/idle.c:239 [inline] do_idle+0x3eb/0x590 kernel/sched/idle.c:299 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:396 start_kernel+0x49b/0x4bc init/main.c:1064 secondary_startup_64_no_verify+0xb0/0xbb ================================================================================