================================================================================ UBSAN: Undefined behaviour in ./include/net/red.h:272:18 shift exponent 184 is too large for 64-bit type 'long unsigned int' CPU: 0 PID: 19894 Comm: syz-executor.0 Not tainted 4.19.150-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 red_calc_qavg_from_idle_time include/net/red.h:272 [inline] red_calc_qavg include/net/red.h:313 [inline] choke_enqueue+0x2a7e/0x2cc0 net/sched/sch_choke.c:231 __dev_xmit_skb net/core/dev.c:3494 [inline] __dev_queue_xmit+0x14e1/0x2ec0 net/core/dev.c:3807 neigh_hh_output include/net/neighbour.h:491 [inline] neigh_output include/net/neighbour.h:499 [inline] ip_finish_output2+0xc04/0x1640 net/ipv4/ip_output.c:230 ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip_output+0x203/0x650 net/ipv4/ip_output.c:406 dst_output include/net/dst.h:455 [inline] ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125 ip_send_skb+0x3e/0xe0 net/ipv4/ip_output.c:1447 udp_send_skb+0x72a/0x1240 net/ipv4/udp.c:848 udp_sendmsg+0x1cdb/0x2530 net/ipv4/udp.c:1135 inet_sendmsg+0x174/0x640 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc7/0x130 net/socket.c:632 ___sys_sendmsg+0x3b3/0x8f0 net/socket.c:2115 __sys_sendmmsg+0x195/0x470 net/socket.c:2210 __do_sys_sendmmsg net/socket.c:2239 [inline] __se_sys_sendmmsg net/socket.c:2236 [inline] __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2236 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f51e92f9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 0000000000027f80 RCX: 000000000045de59 RDX: 0000000000000002 RSI: 00000000200041c0 RDI: 0000000000000003 RBP: 000000000118bf68 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007ffcbec8573f R14: 00007f51e92fa9c0 R15: 000000000118bf2c ================================================================================ batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! nla_parse: 7 callbacks suppressed netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. device geneve2 entered promiscuous mode device geneve2 entered promiscuous mode netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. dccp_invalid_packet: P.Data Offset(4) too small netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. dccp_invalid_packet: P.Data Offset(4) too small dccp_invalid_packet: P.Data Offset(4) too small netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 92 bytes leftover after parsing attributes in process `syz-executor.4'.