syz-executor.4 (23622) used greatest stack depth: 22576 bytes left ================================================================================ UBSAN: Undefined behaviour in ./include/net/red.h:272:18 shift exponent 253 is too large for 64-bit type 'long unsigned int' CPU: 0 PID: 23619 Comm: syz-executor.3 Not tainted 4.19.152-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 red_calc_qavg_from_idle_time include/net/red.h:272 [inline] red_calc_qavg include/net/red.h:313 [inline] red_enqueue+0x2064/0x2200 net/sched/sch_red.c:68 __dev_xmit_skb net/core/dev.c:3494 [inline] __dev_queue_xmit+0x14e1/0x2ec0 net/core/dev.c:3807 arp_xmit_finish net/ipv4/arp.c:634 [inline] NF_HOOK include/linux/netfilter.h:289 [inline] arp_xmit+0x85/0x420 net/ipv4/arp.c:643 arp_send_dst net/ipv4/arp.c:321 [inline] arp_send_dst+0x241/0x280 net/ipv4/arp.c:302 arp_solicit+0x658/0x1000 net/ipv4/arp.c:393 neigh_probe+0xcc/0x110 net/core/neighbour.c:916 __neigh_event_send+0x387/0xf70 net/core/neighbour.c:1074 neigh_event_send include/net/neighbour.h:436 [inline] neigh_resolve_output+0x6d8/0x950 net/core/neighbour.c:1358 neigh_output include/net/neighbour.h:501 [inline] ip_finish_output2+0xdca/0x1640 net/ipv4/ip_output.c:230 ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip_output+0x203/0x650 net/ipv4/ip_output.c:406 dst_output include/net/dst.h:455 [inline] ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125 ip_send_skb+0x3e/0xe0 net/ipv4/ip_output.c:1447 udp_send_skb+0x72a/0x1240 net/ipv4/udp.c:848 udp_sendmsg+0x1cdb/0x2530 net/ipv4/udp.c:1135 inet_sendmsg+0x174/0x640 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc7/0x130 net/socket.c:632 xs_send_kvec+0x1b9/0x1e0 net/sunrpc/xprtsock.c:343 xs_sendpages+0xed/0x610 net/sunrpc/xprtsock.c:413 xs_udp_send_request+0x1be/0x4c0 net/sunrpc/xprtsock.c:594 xprt_transmit+0x15f/0xca0 net/sunrpc/xprt.c:1037 call_transmit+0x8ed/0xfa0 net/sunrpc/clnt.c:1972 __rpc_execute+0x1f7/0xb80 net/sunrpc/sched.c:783 rpc_execute+0x242/0x370 net/sunrpc/sched.c:851 rpc_run_task+0x4e3/0x6a0 net/sunrpc/clnt.c:1064 rpc_call_sync+0xb8/0x190 net/sunrpc/clnt.c:1093 rpc_ping+0xb5/0x110 net/sunrpc/clnt.c:2527 rpc_create_xprt+0x313/0x3c0 net/sunrpc/clnt.c:479 rpc_create+0x31e/0x540 net/sunrpc/clnt.c:587 nfs_create_rpc_client+0x36f/0x440 fs/nfs/client.c:529 nfs_init_client fs/nfs/client.c:640 [inline] nfs_init_client+0x6d/0x100 fs/nfs/client.c:627 nfs_get_client+0xf9f/0x13e0 fs/nfs/client.c:431 nfs_init_server+0x249/0xe10 fs/nfs/client.c:676 nfs_create_server+0x7a/0x4f0 fs/nfs/client.c:960 nfs_try_mount+0x172/0x940 fs/nfs/super.c:1884 nfs_fs_mount+0x171f/0x2e8e fs/nfs/super.c:2701 mount_fs+0xa3/0x318 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2469 [inline] do_mount+0x51c/0x2f10 fs/namespace.c:2799 ksys_mount+0xcf/0x130 fs/namespace.c:3015 __do_sys_mount fs/namespace.c:3029 [inline] __se_sys_mount fs/namespace.c:3026 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3026 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f9dc560ac78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000021740 RCX: 000000000045de59 RDX: 0000000020fb5ffc RSI: 0000000020000140 RDI: 0000000000000000 RBP: 000000000118bf70 R08: 000000002000a000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007ffe9a5a25ef R14: 00007f9dc560b9c0 R15: 000000000118bf2c ================================================================================ 9pnet: Insufficient options for proto=fd 9pnet: Insufficient options for proto=fd rtc_cmos 00:00: Alarms can be up to one day in the future SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=23624 comm=syz-executor.3 syz-executor.3 (23619) used greatest stack depth: 22368 bytes left netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. ceph: device name is missing path (no : separator in 01777777777777777777777üû‡íg>@D-/ü³iˆ˜™Óö¥<¨Läwû¸5›—) ceph: device name is missing path (no : separator in 01777777777777777777777üû‡íg>@D-/ü³iˆ˜™Óö¥<¨Läwû¸5›—) rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc rtc0: __rtc_set_alarm: err=-22 netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. xt_ecn: cannot match TCP bits for non-tcp packets ceph: device name is missing path (no : separator in 01777777777777777777777üû‡íg>@D-/ü³iˆ˜™Óö¥<¨Läwû¸5›—) FAT-fs (loop4): Unrecognized mount option "fmask=0Nà'Z¥z000000000000000000" or missing value netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23775 comm=syz-executor.0 netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23770 comm=syz-executor.0 device wlan1 entered promiscuous mode device wlan1 left promiscuous mode hpfs: bad mount options. hpfs: bad mount options. kvm [23816]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x40000004 FAT-fs (loop3): Unrecognized mount option ""µc·ÿ€%ËeIõ" or missing value kvm [23816]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x40000078 kvm [23816]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x4000000c kvm [23816]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x40000012 FAT-fs (loop3): Unrecognized mount option ""µc·ÿ€%ËeIõ" or missing value kvm [23816]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x40000042 SQUASHFS error: Unknown inode type 65535 in squashfs_iget! kvm [23816]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x40000046 kvm [23816]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x4000001e kvm [23816]: vcpu0, guest rIP: 0x145 Hyper-V unhandled rdmsr: 0x4000003e SQUASHFS error: Unknown inode type 65535 in squashfs_iget! MINIX-fs: mounting unchecked file system, running fsck is recommended XFS (loop3): Invalid superblock magic number XFS (loop3): Invalid superblock magic number IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 device bond0 entered promiscuous mode device bond_slave_0 entered promiscuous mode device bond_slave_1 entered promiscuous mode device bond1 entered promiscuous mode device wlan1 entered promiscuous mode device wlan1 left promiscuous mode device wlan1 entered promiscuous mode device wlan1 left promiscuous mode device wlan1 entered promiscuous mode device wlan1 left promiscuous mode device wlan1 entered promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 24144 Comm: syz-executor.2 Not tainted 4.19.152-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0x2f lib/fault-inject.c:149 __should_failslab+0x153/0x1b6 mm/failslab.c:32 should_failslab+0x5/0xf mm/slab_common.c:1588 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc+0x43/0x4a0 mm/slab.c:3557 dst_alloc+0x106/0x1a0 net/core/dst.c:105 rt_dst_alloc+0x7f/0x400 net/ipv4/route.c:1619 __mkroute_output net/ipv4/route.c:2319 [inline] ip_route_output_key_hash_rcu+0xefa/0x31b0 net/ipv4/route.c:2547 ip_route_output_key_hash+0x1e3/0x350 net/ipv4/route.c:2375 __ip_route_output_key include/net/route.h:124 [inline] ip_route_output_flow+0x23/0xc0 net/ipv4/route.c:2632 udp_sendmsg+0x19fc/0x2530 net/ipv4/udp.c:1101 udpv6_sendmsg+0x1536/0x2b40 net/ipv6/udp.c:1224 inet_sendmsg+0x174/0x640 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc7/0x130 net/socket.c:632 ___sys_sendmsg+0x3b3/0x8f0 net/socket.c:2115 __sys_sendmmsg+0x195/0x470 net/socket.c:2210 __do_sys_sendmmsg net/socket.c:2239 [inline] __se_sys_sendmmsg net/socket.c:2236 [inline] __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2236 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f0c44371c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045de59 RDX: 00000000000005c3 RSI: 0000000020000240 RDI: 0000000000000005 RBP: 00007f0c44371ca0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc373d30df R14: 00007f0c443729c0 R15: 000000000118bf2c