================================================================================ UBSAN: Undefined behaviour in ./include/net/red.h:272:18 shift exponent 71 is too large for 64-bit type 'long unsigned int' CPU: 0 PID: 8345 Comm: syz-executor.3 Not tainted 4.19.148-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 red_calc_qavg_from_idle_time include/net/red.h:272 [inline] red_adaptative_algo include/net/red.h:404 [inline] red_adaptative_timer+0x7ed/0x870 net/sched/sch_red.c:266 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338 expire_timers+0x243/0x500 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1703 [inline] run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716 __do_softirq+0x27d/0xad2 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x22d/0x270 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:544 [inline] smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 RIP: 0010:debug_lockdep_rcu_enabled kernel/rcu/update.c:253 [inline] RIP: 0010:rcu_read_lock_sched_held+0x30/0x1e0 kernel/rcu/update.c:111 Code: 8b 55 48 ba 00 00 00 00 00 fc ff df 48 89 c1 53 83 e0 07 48 c1 e9 03 83 c0 03 0f b6 14 11 38 d0 7c 08 84 d2 0f 85 4e 01 00 00 <8b> 35 1e 87 dc 09 85 f6 74 3b 48 c7 c3 40 29 17 8a 48 b8 00 00 00 RSP: 0018:ffff88804e3f7918 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000007 RBX: 1ffff11009c7ef2d RCX: 1ffffffff1675608 RDX: 0000000000000000 RSI: ffffffff86847caa RDI: 0000000000000001 RBP: ffff888047090d40 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffff88808f81c8a8 R13: ffff88808c047320 R14: 0000000000000000 R15: ffff8880a013a0c0 trace_tcp_probe include/trace/events/tcp.h:226 [inline] tcp_rcv_established+0xd9f/0x1d10 net/ipv4/tcp_input.c:5513 tcp_v6_do_rcv+0xe5e/0x13b0 net/ipv6/tcp_ipv6.c:1326 sk_backlog_rcv include/net/sock.h:950 [inline] __release_sock+0x134/0x3a0 net/core/sock.c:2344 __sk_flush_backlog+0x22/0x30 net/core/sock.c:2364 sk_flush_backlog include/net/sock.h:1037 [inline] tcp_sendmsg_locked+0x268d/0x2fe0 net/ipv4/tcp.c:1304 tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1460 inet_sendmsg+0x174/0x640 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc7/0x130 net/socket.c:632 __sys_sendto+0x21a/0x320 net/socket.c:1787 __do_sys_sendto net/socket.c:1799 [inline] __se_sys_sendto net/socket.c:1795 [inline] __x64_sys_sendto+0xdd/0x1b0 net/socket.c:1795 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45e179 Code: 3d b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f2dd1d67c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 000000000002d6c0 RCX: 000000000045e179 RDX: fffffffffffffea7 RSI: 0000000020f6f000 RDI: 0000000000000004 RBP: 000000000118cf98 R08: 0000000020b63fe4 R09: 000000000000001c R10: 0000000020000004 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffd8a380a4f R14: 00007f2dd1d689c0 R15: 000000000118cf4c ================================================================================ netlink: 14 bytes leftover after parsing attributes in process `syz-executor.1'. bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered forwarding state device bridge0 left promiscuous mode IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready IPVS: ftp: loaded support on port[0] = 21 ion_buffer_destroy: buffer still mapped in the kernel Started in network mode Own node identity 7f, cluster identity 4711 32-bit node address hash set to 7f IPVS: ftp: loaded support on port[0] = 21 IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready ================================================================================ UBSAN: Undefined behaviour in drivers/vhost/vhost.c:116:62 load of value 73 is not a valid value for type '_Bool' CPU: 1 PID: 8558 Comm: syz-executor.3 Not tainted 4.19.148-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_load_invalid_value.cold+0x63/0x6f lib/ubsan.c:454 vhost_init_is_le drivers/vhost/vhost.c:116 [inline] vhost_reset_is_le drivers/vhost/vhost.c:143 [inline] vhost_vq_reset.constprop.0.cold+0x15/0x1a drivers/vhost/vhost.c:325 vhost_dev_init+0x442/0x780 drivers/vhost/vhost.c:463 vhost_net_open+0x54c/0x730 drivers/vhost/net.c:1103 misc_open+0x372/0x4a0 drivers/char/misc.c:141 chrdev_open+0x266/0x770 fs/char_dev.c:423 do_dentry_open+0x4aa/0x1160 fs/open.c:796 do_last fs/namei.c:3421 [inline] path_openat+0x7d5/0x2e90 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45e179 Code: 3d b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f2dd1d67c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000000000024a80 RCX: 000000000045e179 RDX: 0000000000000002 RSI: 00000000200003c0 RDI: ffffffffffffff9c RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffd8a380a4f R14: 00007f2dd1d689c0 R15: 000000000118cf4c ================================================================================ dlm: plock device version mismatch: kernel (1.2.0), user (1.13056.0) SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1542 sclass=netlink_route_socket pid=8670 comm=syz-executor.5 (unnamed net_device) (uninitialized): Device ip6_vti0 is not bonding slave (unnamed net_device) (uninitialized): option active_slave: invalid value (ip6_vti0) (unnamed net_device) (uninitialized): Device ip6_vti0 is not bonding slave (unnamed net_device) (uninitialized): option active_slave: invalid value (ip6_vti0) (unnamed net_device) (uninitialized): Device ip6_vti0 is not bonding slave (unnamed net_device) (uninitialized): option active_slave: invalid value (ip6_vti0) netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. audit: type=1800 audit(1601266625.540:13): pid=8851 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=15890 res=0 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. audit: type=1800 audit(1601266626.190:14): pid=8859 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=15875 res=0