================================================================================ UBSAN: Undefined behaviour in ./include/net/red.h:272:18 shift exponent 202 is too large for 64-bit type 'long unsigned int' CPU: 1 PID: 19779 Comm: syz-executor.1 Not tainted 4.19.152-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 red_calc_qavg_from_idle_time include/net/red.h:272 [inline] red_calc_qavg include/net/red.h:313 [inline] choke_enqueue+0x2a7e/0x2cc0 net/sched/sch_choke.c:231 __dev_xmit_skb net/core/dev.c:3494 [inline] __dev_queue_xmit+0x14df/0x2ec0 net/core/dev.c:3807 neigh_hh_output include/net/neighbour.h:491 [inline] neigh_output include/net/neighbour.h:499 [inline] ip_finish_output2+0xc04/0x16b0 net/ipv4/ip_output.c:230 ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip_output+0x203/0x650 net/ipv4/ip_output.c:406 dst_output include/net/dst.h:455 [inline] ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125 __ip_queue_xmit+0x8a0/0x1bd0 net/ipv4/ip_output.c:506 __tcp_transmit_skb+0x1c72/0x36c0 net/ipv4/tcp_output.c:1148 tcp_transmit_skb net/ipv4/tcp_output.c:1164 [inline] tcp_connect+0x1a52/0x2650 net/ipv4/tcp_output.c:3526 tcp_v4_connect+0x141c/0x1aa0 net/ipv4/tcp_ipv4.c:315 __inet_stream_connect+0x836/0xe50 net/ipv4/af_inet.c:655 inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:719 smc_connect+0x358/0x410 net/smc/af_smc.c:808 __sys_connect+0x265/0x2c0 net/socket.c:1663 __do_sys_connect net/socket.c:1674 [inline] __se_sys_connect net/socket.c:1671 [inline] __x64_sys_connect+0x6f/0xb0 net/socket.c:1671 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007efe1a5d0c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000000002340 RCX: 000000000045de59 RDX: 0000000000000010 RSI: 0000000020000100 RDI: 0000000000000003 RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007ffdc664c31f R14: 00007efe1a5d19c0 R15: 000000000118bf2c ================================================================================ netlink: 14 bytes leftover after parsing attributes in process `syz-executor.3'. bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered forwarding state F2FS-fs (loop1): Unable to read 1th superblock F2FS-fs (loop1): Unable to read 2th superblock F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop1): Unable to read 2th superblock IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 14 bytes leftover after parsing attributes in process `syz-executor.3'. bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 1(bridge_slave_0) entered blocking state bridge0: port 1(bridge_slave_0) entered forwarding state IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 72 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 72 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 72 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. vim2m vim2m.0: vidioc_s_fmt queue busy vim2m vim2m.0: vidioc_s_fmt queue busy overlayfs: filesystem on './file0' not supported as upperdir IPVS: ftp: loaded support on port[0] = 21 EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 netlink: 76 bytes leftover after parsing attributes in process `syz-executor.3'. syz-executor.3: vmalloc: allocation failure: 17179869200 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) syz-executor.3 cpuset=/ mems_allowed=0-1 CPU: 1 PID: 20324 Comm: syz-executor.3 Not tainted 4.19.152-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 warn_alloc.cold+0x7b/0x18f mm/page_alloc.c:3457 __vmalloc_node_range mm/vmalloc.c:1775 [inline] __vmalloc_node mm/vmalloc.c:1804 [inline] __vmalloc_node_flags mm/vmalloc.c:1818 [inline] vzalloc+0x15c/0x1a0 mm/vmalloc.c:1857 ip_set_alloc+0x8a/0xd0 net/netfilter/ipset/ip_set_core.c:265 hash_ipport_create+0x42d/0xd65 net/netfilter/ipset/ip_set_hash_gen.h:1296 ip_set_create+0x714/0x1430 net/netfilter/ipset/ip_set_core.c:940 nfnetlink_rcv_msg+0xeff/0x1210 net/netfilter/nfnetlink.c:233 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2455 nfnetlink_rcv+0x1b2/0x41b net/netfilter/nfnetlink.c:565 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x717/0xcc0 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc7/0x130 net/socket.c:632 ___sys_sendmsg+0x7bb/0x8f0 net/socket.c:2115 __sys_sendmsg net/socket.c:2153 [inline] __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2160 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f6bc36d2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000029b40 RCX: 000000000045de59 RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007fffd0cc735f R14: 00007f6bc36d39c0 R15: 000000000118bf2c Mem-Info: active_anon:145605 inactive_anon:8766 isolated_anon:0 active_file:12455 inactive_file:78373 isolated_file:0 unevictable:0 dirty:147 writeback:0 unstable:0 slab_reclaimable:19393 slab_unreclaimable:130232 mapped:61260 shmem:9051 pagetables:1918 bounce:0 free:1225667 free_pcp:408 free_cma:0 Node 0 active_anon:588916kB inactive_anon:35064kB active_file:49688kB inactive_file:313492kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:245040kB dirty:588kB writeback:0kB shmem:36204kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 280576kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 1 active_anon:0kB inactive_anon:0kB active_file:132kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no Node 0 DMA free:15908kB min:208kB low:260kB high:312kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 2661 2664 2664 2664 Node 0 DMA32 free:844500kB min:35736kB low:44668kB high:53600kB active_anon:586776kB inactive_anon:35060kB active_file:49696kB inactive_file:313516kB unevictable:0kB writepending:628kB present:3129332kB managed:2732224kB mlocked:0kB kernel_stack:8960kB pagetables:7508kB bounce:0kB free_pcp:1880kB local_pcp:1044kB free_cma:0kB lowmem_reserve[]: 0 0 2 2 2 Node 0 Normal free:16kB min:32kB low:40kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2512kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 1 Normal free:4038880kB min:54132kB low:67664kB high:81196kB active_anon:0kB inactive_anon:0kB active_file:132kB inactive_file:0kB unevictable:0kB writepending:0kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 0 Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB Node 0 DMA32: 388*4kB (E) 630*8kB (UME) 580*16kB (UME) 285*32kB (UME) 64*64kB (UME) 23*128kB (UME) 3*256kB (UM) 2*512kB (U) 5*1024kB (UME) 2*2048kB (M) 197*4096kB (UM) = 849952kB Node 0 Normal: 0*4kB 2*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB Node 1 Normal: 98*4kB (UE) 411*8kB (UME) 280*16kB (UME) 76*32kB (UME) 30*64kB (UME) 10*128kB (UME) 9*256kB (UM) 9*512kB (UME) 2*1024kB (M) 1*2048kB (U) 980*4096kB (M) = 4038880kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB