================================================================================ UBSAN: Undefined behaviour in net/sched/sch_api.c:569:10 shift exponent 92 is too large for 32-bit type 'int' CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.149-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 __qdisc_calculate_pkt_len+0x370/0x570 net/sched/sch_api.c:569 qdisc_calculate_pkt_len include/net/sch_generic.h:697 [inline] __dev_xmit_skb net/core/dev.c:3443 [inline] __dev_queue_xmit+0x1372/0x2ec0 net/core/dev.c:3807 br_dev_queue_push_xmit+0x25a/0x6c0 net/bridge/br_forward.c:56 br_nf_dev_queue_xmit+0x2c3/0x15d0 net/bridge/br_netfilter_hooks.c:727 NF_HOOK include/linux/netfilter.h:289 [inline] br_nf_post_routing+0xa7e/0x11f0 net/bridge/br_netfilter_hooks.c:828 nf_hook_entry_hookfn include/linux/netfilter.h:119 [inline] nf_hook_slow+0xc5/0x1e0 net/netfilter/core.c:511 nf_hook include/linux/netfilter.h:244 [inline] NF_HOOK include/linux/netfilter.h:287 [inline] br_forward_finish+0x29a/0x430 net/bridge/br_forward.c:69 br_nf_hook_thresh+0x2d7/0x370 net/bridge/br_netfilter_hooks.c:1011 br_nf_forward_finish+0x335/0x6d0 net/bridge/br_netfilter_hooks.c:553 NF_HOOK include/linux/netfilter.h:289 [inline] br_nf_forward_ip+0xad1/0x1620 net/bridge/br_netfilter_hooks.c:620 nf_hook_entry_hookfn include/linux/netfilter.h:119 [inline] nf_hook_slow+0xc5/0x1e0 net/netfilter/core.c:511 nf_hook include/linux/netfilter.h:244 [inline] NF_HOOK include/linux/netfilter.h:287 [inline] __br_forward+0x3c8/0xbb0 net/bridge/br_forward.c:113 deliver_clone net/bridge/br_forward.c:129 [inline] br_flood+0x3ee/0x4f0 net/bridge/br_forward.c:238 br_handle_frame_finish+0xfcc/0x14d0 net/bridge/br_input.c:167 br_nf_hook_thresh+0x2d7/0x370 net/bridge/br_netfilter_hooks.c:1011 br_nf_pre_routing_finish_ipv6+0x701/0xd90 net/bridge/br_netfilter_ipv6.c:210 NF_HOOK include/linux/netfilter.h:289 [inline] br_nf_pre_routing_ipv6+0x3f4/0x8ca net/bridge/br_netfilter_ipv6.c:240 br_nf_pre_routing+0x9c7/0x152c net/bridge/br_netfilter_hooks.c:494 nf_hook_entry_hookfn include/linux/netfilter.h:119 [inline] nf_hook_slow+0xc5/0x1e0 net/netfilter/core.c:511 nf_hook include/linux/netfilter.h:244 [inline] NF_HOOK include/linux/netfilter.h:287 [inline] br_handle_frame+0xb24/0x151a net/bridge/br_input.c:306 __netif_receive_skb_core+0x7d5/0x33c0 net/core/dev.c:4876 __netif_receive_skb_one_core+0xae/0x180 net/core/dev.c:4952 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5066 process_backlog+0x261/0x760 net/core/dev.c:5848 napi_poll net/core/dev.c:6272 [inline] net_rx_action+0x4e5/0x10d0 net/core/dev.c:6338 __do_softirq+0x27d/0xad2 kernel/softirq.c:292 run_ksoftirqd+0x57/0x130 kernel/softirq.c:653 smpboot_thread_fn+0x66e/0xa30 kernel/smpboot.c:164 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 ================================================================================ overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. serio: Serial port pts1 overlayfs: failed to resolve './file0': -2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11922 comm=syz-executor.4 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11932 comm=syz-executor.4 audit: type=1804 audit(1601949237.716:86): pid=11931 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir131995261/syzkaller.wnpTSh/50/bus" dev="sda1" ino=15813 res=1 audit: type=1804 audit(1601949238.446:87): pid=11938 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir131995261/syzkaller.wnpTSh/50/bus" dev="sda1" ino=15813 res=1 delete_channel: no stack delete_channel: no stack xt_CT: You must specify a L4 protocol and not use inversions on it Bluetooth: hci4: command 0x0405 tx timeout XFS (loop1): Invalid superblock magic number XFS (loop1): Invalid superblock magic number IPVS: ftp: loaded support on port[0] = 21 libceph: resolve 'K|—å¸gK' (ret=-3): failed libceph: resolve 'K|—å¸gK' (ret=-3): failed libceph: parse_ips bad ip 'K|—å¸gK:]' libceph: parse_ips bad ip 'K|—å¸gK:]' IPVS: ftp: loaded support on port[0] = 21 overlayfs: failed to resolve './file0': -2 libceph: resolve 'K|—å¸gK' (ret=-3): failed overlayfs: failed to resolve './bus': -2 audit: type=1804 audit(1601949241.206:88): pid=12185 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir311625946/syzkaller.eka141/125/bus/bus" dev="sda1" ino=16236 res=1 libceph: parse_ips bad ip 'K|—å¸gK:]' overlayfs: './bus' not a directory overlayfs: failed to resolve './file0': -2 audit: type=1804 audit(1601949241.296:89): pid=12175 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir311625946/syzkaller.eka141/125/bus/bus" dev="sda1" ino=16236 res=1