UBSAN: Undefined behaviour in net/sched/sch_api.c:561:7
shift exponent 129 is too large for 32-bit type 'int'
CPU: 0 PID: 9272 Comm: syz-executor.0 Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 __qdisc_calculate_pkt_len+0x3bb/0x570 net/sched/sch_api.c:561
 qdisc_calculate_pkt_len include/net/sch_generic.h:697 [inline]
 __dev_xmit_skb net/core/dev.c:3443 [inline]
 __dev_queue_xmit+0x1372/0x2ec0 net/core/dev.c:3807
 neigh_hh_output include/net/neighbour.h:491 [inline]
 neigh_output include/net/neighbour.h:499 [inline]
 ip_finish_output2+0xc04/0x1640 net/ipv4/ip_output.c:230
 ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip_output+0x203/0x650 net/ipv4/ip_output.c:406
 dst_output include/net/dst.h:455 [inline]
 ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
 iptunnel_xmit+0x63e/0xa30 net/ipv4/ip_tunnel_core.c:91
 geneve_xmit_skb drivers/net/geneve.c:865 [inline]
 geneve_xmit+0xf46/0x2ac0 drivers/net/geneve.c:938
 __netdev_start_xmit include/linux/netdevice.h:4333 [inline]
 netdev_start_xmit include/linux/netdevice.h:4347 [inline]
 xmit_one net/core/dev.c:3256 [inline]
 dev_hard_start_xmit+0x1a8/0x960 net/core/dev.c:3272
 __dev_queue_xmit+0x276a/0x2ec0 net/core/dev.c:3838
 neigh_hh_output include/net/neighbour.h:491 [inline]
 neigh_output include/net/neighbour.h:499 [inline]
 ip6_finish_output2+0xe78/0x2370 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x610/0xcc0 net/ipv6/ip6_output.c:154
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip6_output+0x205/0x7c0 net/ipv6/ip6_output.c:171
 dst_output include/net/dst.h:455 [inline]
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ndisc_send_skb+0xa6b/0x1860 net/ipv6/ndisc.c:491
 ndisc_send_rs+0x131/0x6a0 net/ipv6/ndisc.c:685
 addrconf_rs_timer+0x2d9/0x640 net/ipv6/addrconf.c:3834
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:rcu_read_lock include/linux/rcupdate.h:628 [inline]
RIP: 0010:find_get_entries+0x860/0xb50 mm/filemap.c:1658
Code: c6 80 2d 12 88 4c 89 f7 e8 fd 31 0e 00 0f 0b 48 c7 c7 40 2b 83 89 e8 6f 37 28 02 e8 9a ed e3 ff 49 8d 5c 24 ff e9 74 fb ff ff <e8> 8b ed e3 ff e8 96 3d d1 ff 31 ff 89 c5 89 c6 e8 ab ee e3 ff 40
RSP: 0018:ffff88804791f530 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000002 RBX: 0000000000000078 RCX: ffffffff818ddddc
RDX: 0000000000000000 RSI: ffff8880a42d65c0 RDI: 0000000000000001
RBP: 0000000000000000 R08: 00000000b2a4133d R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000003 R12: 0000000000000078
R13: 000000000000000f R14: ffff88804791f718 R15: 000000000000000f
 pagevec_lookup_entries+0x35/0x80 mm/swap.c:956
 truncate_inode_pages_range+0x1e7/0x1e80 mm/truncate.c:331
 truncate_inode_pages mm/truncate.c:478 [inline]
 truncate_pagecache+0x63/0x90 mm/truncate.c:805
 ext4_setattr+0x156e/0x25d0 fs/ext4/inode.c:5698
 notify_change+0x70b/0xfc0 fs/attr.c:334
 do_truncate+0x134/0x1f0 fs/open.c:63
 handle_truncate fs/namei.c:3009 [inline]
 do_last fs/namei.c:3427 [inline]
 path_openat+0x238b/0x2e90 fs/namei.c:3537
 do_filp_open+0x18c/0x3f0 fs/namei.c:3567
 do_sys_open+0x3b3/0x520 fs/open.c:1085
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45de29
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fe65bbccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000002980 RCX: 000000000045de29
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100
RBP: 000000000118bf58 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007fffe5c9a53f R14: 00007fe65bbcd9c0 R15: 000000000118bf2c
================================================================================
team0: Device ipvlan1 failed to register rx_handler
Unknown ioctl 35299
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
audit: type=1804 audit(1602275305.352:27): pid=9294 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir364417173/syzkaller.7LUsCZ/82/file0/bus" dev="sda1" ino=15883 res=1
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
audit: type=1804 audit(1602275305.842:28): pid=9322 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir364417173/syzkaller.7LUsCZ/83/file0/bus" dev="sda1" ino=15883 res=1
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
team0: Device ipvlan1 failed to register rx_handler
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
xt_CHECKSUM: unsupported CHECKSUM operation 2
x_tables: ip_tables: CHECKSUM target: only valid in mangle table, not /dev/vcsa
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop3): Unrecognized mount option "	" or missing value
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
FAT-fs (loop3): Unrecognized mount option "	" or missing value
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
Unknown ioctl 35299
Unknown ioctl 35299
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
audit: type=1400 audit(1602275308.102:29): avc:  denied  { ioctl } for  pid=9465 comm="syz-executor.3" path="socket:[35275]" dev="sockfs" ino=35275 ioctlcmd=0x8983 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1
print_req_error: I/O error, dev loop11, sector 0
(syz-executor.5,9473,1):ocfs2_get_sector:1832 ERROR: status = -5
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
(syz-executor.5,9473,1):ocfs2_sb_probe:782 ERROR: status = -5
(syz-executor.5,9473,1):ocfs2_fill_super:1023 ERROR: superblock probe failed!
(syz-executor.5,9473,1):ocfs2_fill_super:1225 ERROR: status = -5
print_req_error: I/O error, dev loop11, sector 0
(syz-executor.5,9479,1):ocfs2_get_sector:1832 ERROR: status = -5
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
(syz-executor.5,9479,1):ocfs2_sb_probe:782 ERROR: status = -5
(syz-executor.5,9479,1):ocfs2_fill_super:1023 ERROR: superblock probe failed!
(syz-executor.5,9479,1):ocfs2_fill_super:1225 ERROR: status = -5
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
overlayfs: workdir and upperdir must reside under the same mount
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
netlink: 88 bytes leftover after parsing attributes in process `syz-executor.0'.
xt_connbytes: Forcing CT accounting to be enabled
Cannot find add_set index 0 as target
Cannot find add_set index 0 as target
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 88 bytes leftover after parsing attributes in process `syz-executor.0'.
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
Unknown ioctl -1073191926
Unknown ioctl 35299
Unknown ioctl 22019
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
Unknown ioctl 22019
EXT4-fs (loop1): filesystem is read-only
EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (819!=0)
EXT4-fs (loop1): mounted filesystem without journal. Opts: prjquota,,errors=continue
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
Unknown ioctl 35299
Unknown ioctl 1074020611
Unknown ioctl 35299
Unknown ioctl 20737
isofs_fill_super: root inode is not a directory. Corrupted media?
qnx4: no qnx4 filesystem (no root dir).
Unknown ioctl 35299
Unknown ioctl 1074020611
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
Unknown ioctl 35299
Unknown ioctl 35299
Unknown ioctl 35299
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop2): invalid media value (0x00)
FAT-fs (loop2): Can't find a valid FAT filesystem
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
 loop4: p1 < > p2 p3 < p5 p6 > p4
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop2): invalid media value (0x00)
FAT-fs (loop2): Can't find a valid FAT filesystem
loop4: p2 size 1073741824 extends beyond EOD, truncated
loop4: p4 size 32768 extends beyond EOD, truncated
loop4: p5 size 1073741824 extends beyond EOD, truncated
loop4: p6 size 32768 extends beyond EOD, truncated
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop2): invalid media value (0x00)
FAT-fs (loop2): Can't find a valid FAT filesystem
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop2): bogus number of reserved sectors
FAT-fs (loop2): Can't find a valid FAT filesystem
FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
 loop4: p1 < > p2 p3 < p5 p6 > p4
loop4: p2 size 1073741824 extends beyond EOD, truncated
loop4: p4 size 32768 extends beyond EOD, truncated
FAT-fs (loop5): Directory bread(block 6) failed
loop4: p5 size 1073741824 extends beyond EOD, truncated
audit: type=1804 audit(1602275314.492:30): pid=9924 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir364417173/syzkaller.7LUsCZ/96/bus" dev="sda1" ino=15992 res=1
loop4: p6 size 32768 extends beyond EOD, truncated
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
FAT-fs (loop2): bogus number of reserved sectors
 loop4: p1 < > p2 p3 < p5 p6 > p4
FAT-fs (loop2): Can't find a valid FAT filesystem
loop4: p2 size 1073741824 extends beyond EOD, truncated
FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
loop4: p4 size 32768 extends beyond EOD, truncated
FAT-fs (loop5): Directory bread(block 6) failed
loop4: p5 size 1073741824 extends beyond EOD, truncated
loop4: p6 size 32768 extends beyond EOD, truncated