================================================================================
UBSAN: Undefined behaviour in ./include/net/red.h:272:18
shift exponent 75 is too large for 64-bit type 'long unsigned int'
CPU: 1 PID: 14922 Comm: syz-executor.4 Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 red_calc_qavg_from_idle_time include/net/red.h:272 [inline]
 red_calc_qavg include/net/red.h:313 [inline]
 choke_enqueue+0x2a7e/0x2cc0 net/sched/sch_choke.c:231
 __dev_xmit_skb net/core/dev.c:3494 [inline]
 __dev_queue_xmit+0x14e1/0x2ec0 net/core/dev.c:3807
 neigh_hh_output include/net/neighbour.h:491 [inline]
 neigh_output include/net/neighbour.h:499 [inline]
 ip_finish_output2+0xc04/0x1640 net/ipv4/ip_output.c:230
 ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip_output+0x203/0x650 net/ipv4/ip_output.c:406
 dst_output include/net/dst.h:455 [inline]
 ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
 ip_send_skb net/ipv4/ip_output.c:1447 [inline]
 ip_push_pending_frames+0x8b/0x140 net/ipv4/ip_output.c:1467
 ip_send_unicast_reply+0xb34/0x120b net/ipv4/ip_output.c:1607
 tcp_v4_send_reset+0x1085/0x1f40 net/ipv4/tcp_ipv4.c:775
 tcp_v4_do_rcv+0x676/0x870 net/ipv4/tcp_ipv4.c:1573
 tcp_v4_rcv+0x3945/0x3bd0 net/ipv4/tcp_ipv4.c:1819
 ip_local_deliver_finish+0x4cb/0xc80 net/ipv4/ip_input.c:215
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ip_local_deliver+0x188/0x560 net/ipv4/ip_input.c:256
 dst_input include/net/dst.h:461 [inline]
 ip_rcv_finish+0x1ca/0x2e0 net/ipv4/ip_input.c:414
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ip_rcv+0xca/0x420 net/ipv4/ip_input.c:524
 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:4954
 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066
 netif_receive_skb_internal+0x110/0x450 net/core/dev.c:5156
 tun_rx_batched+0x5bb/0x7a0 drivers/net/tun.c:1535
 tun_get_user+0x1b01/0x4db0 drivers/net/tun.c:1966
 tun_chr_write_iter+0xb0/0x150 drivers/net/tun.c:1995
 call_write_iter include/linux/fs.h:1821 [inline]
 new_sync_write fs/read_write.c:474 [inline]
 __vfs_write+0x51b/0x770 fs/read_write.c:487
 vfs_write+0x1f3/0x540 fs/read_write.c:549
 ksys_write+0x12b/0x2a0 fs/read_write.c:599
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4176f1
Code: 75 14 b8 01 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 64 1b 00 00 c3 48 83 ec 08 e8 ca fc ff ff 48 89 04 24 b8 01 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 13 fd ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007fc44689dc60 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000118bfc8 RCX: 00000000004176f1
RDX: 0000000000000036 RSI: 0000000020000300 RDI: 00000000000000f0
RBP: 000000000118c008 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 000000000118bfd4
R13: 00007fff89bd9ecf R14: 00007fc44689e9c0 R15: 000000000118bfd4
================================================================================
audit: type=1804 audit(1602576421.624:56): pid=15015 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir960236045/syzkaller.yiFvxB/212/file0/bus" dev="ramfs" ino=48799 res=1
Process accounting resumed
audit: type=1804 audit(1602576421.714:57): pid=15015 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir960236045/syzkaller.yiFvxB/212/file0/bus" dev="ramfs" ino=48809 res=1
EXT4-fs warning (device sda1): ext4_group_add:1680: No reserved GDT blocks, can't resize
Process accounting resumed
audit: type=1804 audit(1602576421.984:58): pid=15044 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir256087615/syzkaller.5EL5Jb/229/file0/bus" dev="ramfs" ino=48829 res=1
Process accounting resumed
Process accounting resumed
Process accounting resumed
EXT4-fs warning (device sda1): ext4_group_add:1680: No reserved GDT blocks, can't resize
audit: type=1804 audit(1602576422.014:59): pid=15046 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir446582906/syzkaller.b6EgfR/224/file0/bus" dev="ramfs" ino=47692 res=1
Process accounting resumed
Process accounting resumed
EXT4-fs warning (device sda1): ext4_group_add:1680: No reserved GDT blocks, can't resize
Process accounting resumed
audit: type=1804 audit(1602576422.024:60): pid=15045 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir960236045/syzkaller.yiFvxB/213/file0/bus" dev="ramfs" ino=48831 res=1
Process accounting resumed
audit: type=1804 audit(1602576422.184:61): pid=15056 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir960236045/syzkaller.yiFvxB/214/file0/bus" dev="ramfs" ino=48845 res=1
EXT4-fs warning (device sda1): ext4_group_add:1680: No reserved GDT blocks, can't resize
Process accounting resumed
Process accounting resumed
EXT4-fs warning (device sda1): ext4_group_add:1680: No reserved GDT blocks, can't resize
audit: type=1804 audit(1602576422.214:62): pid=15057 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir256087615/syzkaller.5EL5Jb/230/file0/bus" dev="ramfs" ino=47721 res=1
device wlan1 entered promiscuous mode
audit: type=1804 audit(1602576422.234:63): pid=15060 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir446582906/syzkaller.b6EgfR/225/file0/bus" dev="ramfs" ino=48850 res=1
EXT4-fs warning (device sda1): ext4_group_add:1680: No reserved GDT blocks, can't resize
device wlan1 left promiscuous mode
device wlan1 entered promiscuous mode
audit: type=1804 audit(1602576422.374:64): pid=15068 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir960236045/syzkaller.yiFvxB/215/file0/bus" dev="ramfs" ino=48865 res=1
audit: type=1804 audit(1602576422.444:65): pid=15073 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir446582906/syzkaller.b6EgfR/226/file0/bus" dev="ramfs" ino=47746 res=1
device wlan1 left promiscuous mode
device wlan1 entered promiscuous mode
device wlan1 entered promiscuous mode
device wlan1 left promiscuous mode
device wlan1 left promiscuous mode
device wlan1 entered promiscuous mode
device wlan1 entered promiscuous mode
device wlan1 left promiscuous mode
device wlan1 entered promiscuous mode
device wlan1 left promiscuous mode
device wlan1 entered promiscuous mode