================================================================================
UBSAN: shift-out-of-bounds in ./include/net/red.h:312:18
shift exponent 109 is too large for 64-bit type 'long unsigned int'
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.11.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x141/0x1d7 lib/dump_stack.c:120
 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:395
 red_calc_qavg_from_idle_time include/net/red.h:312 [inline]
 red_calc_qavg include/net/red.h:353 [inline]
 red_enqueue.cold+0x64/0x452 net/sched/sch_red.c:77
 __dev_xmit_skb net/core/dev.c:3837 [inline]
 __dev_queue_xmit+0x1943/0x2e00 net/core/dev.c:4150
 arp_xmit_finish net/ipv4/arp.c:632 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 NF_HOOK include/linux/netfilter.h:295 [inline]
 arp_xmit+0x8d/0xc0 net/ipv4/arp.c:641
 arp_send_dst net/ipv4/arp.c:319 [inline]
 arp_send_dst+0x16b/0x1a0 net/ipv4/arp.c:300
 arp_solicit+0x6a7/0x11e0 net/ipv4/arp.c:391
 neigh_probe+0xc2/0x110 net/core/neighbour.c:1010
 __neigh_event_send+0x37d/0x14c0 net/core/neighbour.c:1171
 neigh_event_send include/net/neighbour.h:444 [inline]
 neigh_resolve_output+0x538/0x820 net/core/neighbour.c:1475
 neigh_output include/net/neighbour.h:510 [inline]
 ip_finish_output2+0x83d/0x21f0 net/ipv4/ip_output.c:230
 __ip_finish_output net/ipv4/ip_output.c:308 [inline]
 __ip_finish_output+0x396/0x640 net/ipv4/ip_output.c:290
 ip_finish_output+0x35/0x200 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:290 [inline]
 ip_output+0x196/0x310 net/ipv4/ip_output.c:432
 dst_output include/net/dst.h:448 [inline]
 ip_local_out net/ipv4/ip_output.c:126 [inline]
 __ip_queue_xmit+0x8e9/0x1a00 net/ipv4/ip_output.c:533
 __tcp_transmit_skb+0x188c/0x38f0 net/ipv4/tcp_output.c:1405
 tcp_transmit_skb net/ipv4/tcp_output.c:1423 [inline]
 tcp_xmit_probe_skb+0x2bb/0x360 net/ipv4/tcp_output.c:4013
 tcp_write_wakeup+0x1bd/0x610 net/ipv4/tcp_output.c:4066
 tcp_send_probe0+0x44/0x560 net/ipv4/tcp_output.c:4081
 tcp_probe_timer net/ipv4/tcp_timer.c:398 [inline]
 tcp_write_timer_handler+0x90c/0xae0 net/ipv4/tcp_timer.c:626
 tcp_write_timer+0xa2/0x2b0 net/ipv4/tcp_timer.c:642
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1431
 expire_timers kernel/time/timer.c:1476 [inline]
 __run_timers.part.0+0x67c/0xa50 kernel/time/timer.c:1745
 __run_timers kernel/time/timer.c:1726 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1758
 __do_softirq+0x29b/0x9f6 kernel/softirq.c:345
 invoke_softirq kernel/softirq.c:221 [inline]
 __irq_exit_rcu kernel/softirq.c:422 [inline]
 irq_exit_rcu+0x134/0x200 kernel/softirq.c:434
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100
 </IRQ>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:29 [inline]
RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline]
RIP: 0010:arch_irqs_disabled arch/x86/include/asm/irqflags.h:137 [inline]
RIP: 0010:acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]
RIP: 0010:acpi_idle_do_entry+0x1c9/0x250 drivers/acpi/processor_idle.c:516
Code: cd bb 70 f8 84 db 75 ac e8 14 b5 70 f8 e8 bf a1 76 f8 e9 0c 00 00 00 e8 05 b5 70 f8 0f 00 2d 1e 86 c7 00 e8 f9 b4 70 f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 04 bd 70 f8 48 85 db
RSP: 0018:ffffffff8bc07d60 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffffffff8bcbc340 RSI: ffffffff8902bf67 RDI: 0000000000000000
RBP: ffff888014ea3064 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff81796148 R11: 0000000000000000 R12: 0000000000000001
R13: ffff888014ea3000 R14: ffff888014ea3064 R15: ffff888017fba804
 acpi_idle_enter+0x361/0x500 drivers/acpi/processor_idle.c:647
 cpuidle_enter_state+0x1b1/0xc80 drivers/cpuidle/cpuidle.c:237
 cpuidle_enter+0x4a/0xa0 drivers/cpuidle/cpuidle.c:351
 call_cpuidle kernel/sched/idle.c:158 [inline]
 cpuidle_idle_call kernel/sched/idle.c:239 [inline]
 do_idle+0x3e1/0x590 kernel/sched/idle.c:300
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:397
 start_kernel+0x46b/0x48c init/main.c:1059
 secondary_startup_64_no_verify+0xb0/0xbb
================================================================================