================================================================================
UBSAN: Undefined behaviour in net/sched/sch_api.c:561:7
shift exponent 116 is too large for 32-bit type 'int'
CPU: 1 PID: 56 Comm: kworker/u4:3 Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: krdsd rds_connect_worker
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x22c/0x33e lib/dump_stack.c:118
ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
__ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
__qdisc_calculate_pkt_len+0x3bb/0x570 net/sched/sch_api.c:561
qdisc_calculate_pkt_len include/net/sch_generic.h:697 [inline]
__dev_xmit_skb net/core/dev.c:3443 [inline]
__dev_queue_xmit+0x1372/0x2ec0 net/core/dev.c:3807
neigh_resolve_output+0x55a/0x950 net/core/neighbour.c:1374
neigh_output include/net/neighbour.h:501 [inline]
ip6_finish_output2+0x1184/0x2370 net/ipv6/ip6_output.c:120
ip6_finish_output+0x610/0xcc0 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip6_output+0x205/0x7c0 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:455 [inline]
ip6_local_out+0xaf/0x170 net/ipv6/output_core.c:178
ip6_send_skb+0xb3/0x300 net/ipv6/ip6_output.c:1699
ip6_push_pending_frames+0xdd/0x100 net/ipv6/ip6_output.c:1719
icmpv6_push_pending_frames+0x294/0x470 net/ipv6/icmp.c:288
icmp6_send+0x1c51/0x2310 net/ipv6/icmp.c:584
icmpv6_send+0x11e/0x26d net/ipv6/ip6_icmp.c:43
ip6_link_failure+0x26/0x560 net/ipv6/route.c:2297
dst_link_failure include/net/dst.h:438 [inline]
ndisc_error_report+0xc7/0x190 net/ipv6/ndisc.c:695
neigh_invalidate+0x22c/0x540 net/core/neighbour.c:900
neigh_timer_handler+0x9b0/0xc70 net/core/neighbour.c:986
call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
expire_timers+0x243/0x500 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1703 [inline]
run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
__do_softirq+0x27d/0xad2 kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
do_softirq.part.0+0x168/0x200 kernel/softirq.c:336
do_softirq kernel/softirq.c:328 [inline]
__local_bh_enable_ip+0x22d/0x2a0 kernel/softirq.c:189
rds_tcp_state_change+0x117/0x240 net/rds/tcp_connect.c:85
tcp_rcv_synsent_state_process net/ipv4/tcp_input.c:5898 [inline]
tcp_rcv_state_process+0x1a46/0x4919 net/ipv4/tcp_input.c:6059
tcp_v4_do_rcv+0x31f/0x870 net/ipv4/tcp_ipv4.c:1566
sk_backlog_rcv include/net/sock.h:950 [inline]
__release_sock+0x134/0x3a0 net/core/sock.c:2344
release_sock+0x54/0x1b0 net/core/sock.c:2881
inet_stream_connect+0x76/0xa0 net/ipv4/af_inet.c:720
rds_tcp_conn_path_connect+0x61c/0x880 net/rds/tcp_connect.c:172
rds_connect_worker+0x194/0x2b0 net/rds/threads.c:175
process_one_work+0x796/0x14e0 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/sched/sch_api.c:569:10
shift exponent 181 is too large for 32-bit type 'int'
CPU: 1 PID: 56 Comm: kworker/u4:3 Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: krdsd rds_connect_worker
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x22c/0x33e lib/dump_stack.c:118
ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
__ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
__qdisc_calculate_pkt_len+0x370/0x570 net/sched/sch_api.c:569
qdisc_calculate_pkt_len include/net/sch_generic.h:697 [inline]
__dev_xmit_skb net/core/dev.c:3443 [inline]
__dev_queue_xmit+0x1372/0x2ec0 net/core/dev.c:3807
neigh_resolve_output+0x55a/0x950 net/core/neighbour.c:1374
neigh_output include/net/neighbour.h:501 [inline]
ip6_finish_output2+0x1184/0x2370 net/ipv6/ip6_output.c:120
ip6_finish_output+0x610/0xcc0 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip6_output+0x205/0x7c0 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:455 [inline]
ip6_local_out+0xaf/0x170 net/ipv6/output_core.c:178
ip6_send_skb+0xb3/0x300 net/ipv6/ip6_output.c:1699
ip6_push_pending_frames+0xdd/0x100 net/ipv6/ip6_output.c:1719
icmpv6_push_pending_frames+0x294/0x470 net/ipv6/icmp.c:288
icmp6_send+0x1c51/0x2310 net/ipv6/icmp.c:584
icmpv6_send+0x11e/0x26d net/ipv6/ip6_icmp.c:43
ip6_link_failure+0x26/0x560 net/ipv6/route.c:2297
dst_link_failure include/net/dst.h:438 [inline]
ndisc_error_report+0xc7/0x190 net/ipv6/ndisc.c:695
neigh_invalidate+0x22c/0x540 net/core/neighbour.c:900
neigh_timer_handler+0x9b0/0xc70 net/core/neighbour.c:986
call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
expire_timers+0x243/0x500 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1703 [inline]
run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
__do_softirq+0x27d/0xad2 kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
do_softirq.part.0+0x168/0x200 kernel/softirq.c:336
do_softirq kernel/softirq.c:328 [inline]
__local_bh_enable_ip+0x22d/0x2a0 kernel/softirq.c:189
rds_tcp_state_change+0x117/0x240 net/rds/tcp_connect.c:85
tcp_rcv_synsent_state_process net/ipv4/tcp_input.c:5898 [inline]
tcp_rcv_state_process+0x1a46/0x4919 net/ipv4/tcp_input.c:6059
tcp_v4_do_rcv+0x31f/0x870 net/ipv4/tcp_ipv4.c:1566
sk_backlog_rcv include/net/sock.h:950 [inline]
__release_sock+0x134/0x3a0 net/core/sock.c:2344
release_sock+0x54/0x1b0 net/core/sock.c:2881
inet_stream_connect+0x76/0xa0 net/ipv4/af_inet.c:720
rds_tcp_conn_path_connect+0x61c/0x880 net/rds/tcp_connect.c:172
rds_connect_worker+0x194/0x2b0 net/rds/threads.c:175
process_one_work+0x796/0x14e0 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
================================================================================
x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING