================================================================================ UBSAN: shift-out-of-bounds in ./include/net/red.h:312:18 shift exponent 109 is too large for 64-bit type 'long unsigned int' CPU: 1 PID: 4883 Comm: systemd-udevd Not tainted 5.11.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:120 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:395 red_calc_qavg_from_idle_time include/net/red.h:312 [inline] red_adaptative_algo include/net/red.h:444 [inline] red_adaptative_timer.cold+0x1bd/0x26c net/sched/sch_red.c:324 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1417 expire_timers kernel/time/timer.c:1462 [inline] __run_timers.part.0+0x67c/0xa50 kernel/time/timer.c:1731 __run_timers kernel/time/timer.c:1712 [inline] run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1744 __do_softirq+0x29b/0x9f6 kernel/softirq.c:343 asm_call_irq_on_stack+0xf/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:226 [inline] __irq_exit_rcu kernel/softirq.c:420 [inline] irq_exit_rcu+0x134/0x200 kernel/softirq.c:432 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:629 RIP: 0010:unwind_next_frame+0xc92/0x1f90 arch/x86/kernel/unwind_orc.c:539 Code: 30 80 3c 02 00 0f 85 b9 11 00 00 4c 89 f2 4d 89 67 38 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 6f 11 00 00 <49> 8d 7f 58 49 c7 47 50 00 00 00 00 48 b8 00 00 00 00 00 fc ff df RSP: 0018:ffffc900015bf570 EFLAGS: 00000246 RAX: dffffc0000000000 RBX: 1ffff920002b7eb6 RCX: ffffffff8e45da4d RDX: 1ffff920002b7ed3 RSI: ffffc900015bfd00 RDI: ffffc900015bfd00 RBP: 0000000000000001 R08: ffffffff8e45da48 R09: ffffffff8e45da4c R10: 0000000000082083 R11: 0000000000000001 R12: ffffc900015bfd08 R13: ffffc900015bf67d R14: ffffc900015bf698 R15: ffffc900015bf648 arch_stack_walk+0x7d/0xe0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:401 [inline] ____kasan_kmalloc.constprop.0+0x82/0xa0 mm/kasan/common.c:429 kasan_slab_alloc include/linux/kasan.h:209 [inline] slab_post_alloc_hook mm/slab.h:512 [inline] slab_alloc_node mm/slub.c:2892 [inline] slab_alloc mm/slub.c:2900 [inline] __kmalloc+0x1db/0x3e0 mm/slub.c:3981 kmalloc include/linux/slab.h:557 [inline] kzalloc include/linux/slab.h:682 [inline] tomoyo_encode2.part.0+0xe9/0x3a0 security/tomoyo/realpath.c:45 tomoyo_encode2 security/tomoyo/realpath.c:31 [inline] tomoyo_encode+0x28/0x50 security/tomoyo/realpath.c:80 tomoyo_realpath_from_path+0x186/0x620 security/tomoyo/realpath.c:288 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_path_perm+0x21b/0x400 security/tomoyo/file.c:822 security_inode_getattr+0xcf/0x140 security/security.c:1280 vfs_getattr fs/stat.c:121 [inline] vfs_statx+0x164/0x390 fs/stat.c:189 vfs_fstatat fs/stat.c:207 [inline] vfs_lstat include/linux/fs.h:3122 [inline] __do_sys_newlstat+0x91/0x110 fs/stat.c:362 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7ff8ccfd1335 Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89 RSP: 002b:00007ffd502e1d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000006 RAX: ffffffffffffffda RBX: 000056215797daa0 RCX: 00007ff8ccfd1335 RDX: 00007ffd502e1d70 RSI: 00007ffd502e1d70 RDI: 000056215797caa0 RBP: 00007ffd502e1e30 R08: 00007ff8cd290198 R09: 0000000000001010 R10: 00007ff8cd28fb58 R11: 0000000000000246 R12: 000056215797caa0 R13: 000056215797caba R14: 0000562157997015 R15: 000056215799701a ================================================================================