EXT4-fs (loop2): fragment/cluster size (32768) != block size (2048) ================================================================================ UBSAN: Undefined behaviour in ./include/net/red.h:272:18 shift exponent 234 is too large for 64-bit type 'long unsigned int' CPU: 1 PID: 30178 Comm: syz-executor.2 Not tainted 4.19.148-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 red_calc_qavg_from_idle_time include/net/red.h:272 [inline] red_adaptative_algo include/net/red.h:404 [inline] red_adaptative_timer+0x7ed/0x870 net/sched/sch_red.c:266 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338 expire_timers+0x243/0x500 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1703 [inline] run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716 __do_softirq+0x27d/0xad2 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x22d/0x270 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:544 [inline] smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:rb_next+0xc8/0x140 lib/rbtree.c:541 Code: 75 75 4c 8b 23 48 89 dd 4c 89 e3 48 83 e3 fc 75 cb 48 83 c4 08 5b 5d 41 5c 41 5d c3 48 89 d0 48 8d 78 10 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 75 26 48 8b 50 10 48 85 d2 75 e3 48 83 c4 08 5b 5d 41 RSP: 0018:ffff88804bc2fac8 EFLAGS: 00000a02 ORIG_RAX: ffffffffffffff13 RAX: ffff888095e799a8 RBX: dffffc0000000000 RCX: 0000000000000000 RDX: 1ffff11012bcf337 RSI: 0000000000000004 RDI: ffff888095e799b8 RBP: ffff888095e79bb8 R08: 0000000000000000 R09: ffffed1011a9a946 R10: ffff88808d4d4a33 R11: 0000000000000001 R12: ffff888095e79691 R13: dffffc0000000000 R14: 0000000001190000 R15: 000000001d632000 browse_rb mm/mmap.c:302 [inline] validate_mm+0x3b3/0x7a0 mm/mmap.c:387 __vma_adjust+0xa26/0x1810 mm/mmap.c:969 vma_adjust include/linux/mm.h:2253 [inline] __split_vma+0x2b3/0x550 mm/mmap.c:2651 split_vma+0x95/0xd0 mm/mmap.c:2680 mprotect_fixup+0x7d9/0x9b0 mm/mprotect.c:451 do_mprotect_pkey+0x562/0x9b0 mm/mprotect.c:589 __do_sys_mprotect mm/mprotect.c:614 [inline] __se_sys_mprotect mm/mprotect.c:611 [inline] __x64_sys_mprotect+0x74/0xb0 mm/mprotect.c:611 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45e277 Code: 00 00 00 b8 0b 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffc520dcf28 EFLAGS: 00000246 ORIG_RAX: 000000000000000a RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 000000000045e277 RDX: 0000000000000000 RSI: 0000000000001000 RDI: 00007f04f18a9000 RBP: 00007ffc520dd010 R08: 000000000074d7e0 R09: 000000000074d7e0 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc520dd110 R13: 00007f04f18c9700 R14: 00007f04f18c99c0 R15: 000000000118cff4 ================================================================================ EXT4-fs (loop2): fragment/cluster size (32768) != block size (2048) ptrace attach of "/root/syz-executor.5"[30246] was attempted by "/root/syz-executor.5"[30254] ptrace attach of "/root/syz-executor.4"[30249] was attempted by "/root/syz-executor.4"[30251] ptrace attach of "/root/syz-executor.0"[30255] was attempted by "/root/syz-executor.0"[30257] Cannot find set identified by id 0 to match EXT4-fs (loop2): fragment/cluster size (32768) != block size (2048) audit: type=1804 audit(1601332371.136:385): pid=30277 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir194358375/syzkaller.OYDja7/623/bus" dev="sda1" ino=17138 res=1 EXT4-fs (loop2): fragment/cluster size (32768) != block size (2048) audit: type=1800 audit(1601332371.276:386): pid=30295 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=17142 res=0 audit: type=1800 audit(1601332371.286:387): pid=30289 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=17142 res=0 audit: type=1800 audit(1601332371.306:388): pid=30295 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=17142 res=0 EXT4-fs (loop2): fragment/cluster size (32768) != block size (2048) EXT4-fs (loop2): fragment/cluster size (32768) != block size (2048) ptrace attach of "/root/syz-executor.4"[30382] was attempted by "/root/syz-executor.4"[30383] EXT4-fs (loop2): fragment/cluster size (32768) != block size (2048) audit: type=1804 audit(1601332372.616:389): pid=30410 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir194358375/syzkaller.OYDja7/626/bus/bus" dev="sda1" ino=17144 res=1 overlayfs: './bus' not a directory audit: type=1804 audit(1601332372.686:390): pid=30410 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir194358375/syzkaller.OYDja7/626/bus/bus" dev="sda1" ino=17144 res=1 EXT4-fs (loop2): fragment/cluster size (32768) != block size (2048) EXT4-fs (loop2): fragment/cluster size (32768) != block size (2048) EXT4-fs (loop2): VFS: Can't find ext4 filesystem EXT4-fs (loop2): VFS: Can't find ext4 filesystem EXT4-fs (loop2): VFS: Can't find ext4 filesystem EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode active-backup(1) (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode active-backup(1) EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop2): re-mounted. Opts: (null) EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue