x_tables: duplicate underflow at hook 1
================================================================================
UBSAN: Undefined behaviour in ./include/net/red.h:272:18
shift exponent 103 is too large for 64-bit type 'long unsigned int'
CPU: 1 PID: 13846 Comm: syz-executor.2 Not tainted 4.19.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 red_calc_qavg_from_idle_time include/net/red.h:272 [inline]
 red_adaptative_algo include/net/red.h:404 [inline]
 red_adaptative_timer+0x7ed/0x870 net/sched/sch_red.c:266
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:_vm_normal_page+0x15d/0x520 mm/memory.c:895
Code: b8 00 00 00 00 00 fc ff df 48 c7 44 05 00 00 00 00 00 48 8b 44 24 68 65 48 2b 04 25 28 00 00 00 0f 85 5d 03 00 00 48 83 c4 70 <48> 89 d8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 c0 53 d4 ff 48 89 d8
RSP: 0018:ffff888048137728 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: ffffea0002746680 RCX: ffffffff819d6f8c
RDX: 0000000000000000 RSI: ffffffff819d6ee2 RDI: 0000000000000006
RBP: 1ffff11009026ed9 R08: 0000000000000000 R09: 000000000021ffff
R10: 0000000000000006 R11: 0000000000000001 R12: 800000009d19a007
R13: ffff888096656460 R14: 00007f769ef84000 R15: ffff8880481376e8
 zap_pte_range mm/memory.c:1311 [inline]
 zap_pmd_range mm/memory.c:1440 [inline]
 zap_pud_range mm/memory.c:1469 [inline]
 zap_p4d_range mm/memory.c:1490 [inline]
 unmap_page_range+0xfba/0x2ec0 mm/memory.c:1511
 unmap_single_vma+0x198/0x300 mm/memory.c:1556
 unmap_vmas+0xa9/0x180 mm/memory.c:1586
 exit_mmap+0x2b9/0x530 mm/mmap.c:3091
 __mmput kernel/fork.c:1015 [inline]
 mmput+0x14e/0x4a0 kernel/fork.c:1036
 exit_mm kernel/exit.c:546 [inline]
 do_exit+0xb12/0x2d80 kernel/exit.c:874
 do_group_exit+0x125/0x320 kernel/exit.c:990
 get_signal+0x3f3/0x2270 kernel/signal.c:2588
 do_signal+0x8f/0x1690 arch/x86/kernel/signal.c:821
 exit_to_usermode_loop+0x204/0x2c0 arch/x86/entry/common.c:163
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x57c/0x670 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45dd99
Code: Bad RIP value.
RSP: 002b:00007f769e34ccf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 000000000118bf28 RCX: 000000000045dd99
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000118bf28
RBP: 000000000118bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007ffc0694ddff R14: 00007f769e34d9c0 R15: 000000000118bf2c
================================================================================
netlink: 43614 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 88 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
sock: process `syz-executor.5' is using obsolete setsockopt SO_BSDCOMPAT
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
netlink: 40027 bytes leftover after parsing attributes in process `syz-executor.2'.
device lo entered promiscuous mode
device tunl0 entered promiscuous mode
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
device gre0 entered promiscuous mode
IPVS: ftp: loaded support on port[0] = 21
device gretap0 entered promiscuous mode
device erspan0 entered promiscuous mode
device ip_vti0 entered promiscuous mode
device ip6_vti0 entered promiscuous mode
device sit0 entered promiscuous mode
device ip6tnl0 entered promiscuous mode
device ip6gre0 entered promiscuous mode
device ip6gretap0 entered promiscuous mode
device bridge0 entered promiscuous mode
device vcan0 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
device bond0 entered promiscuous mode
device bond_slave_0 entered promiscuous mode
device bond_slave_1 entered promiscuous mode
device team0 entered promiscuous mode
device team_slave_0 entered promiscuous mode
device team_slave_1 entered promiscuous mode
device dummy0 entered promiscuous mode
device nlmon0 entered promiscuous mode
device caif0 entered promiscuous mode
A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
netlink: 40067 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 40027 bytes leftover after parsing attributes in process `syz-executor.2'.
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
netlink: 40067 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 43435 bytes leftover after parsing attributes in process `syz-executor.0'.
IPVS: ftp: loaded support on port[0] = 21
netlink: 40067 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 16863 bytes leftover after parsing attributes in process `syz-executor.0'.
IPVS: ftp: loaded support on port[0] = 21
netlink: 40027 bytes leftover after parsing attributes in process `syz-executor.2'.
Cannot find del_set index 0 as target
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables
IPVS: ftp: loaded support on port[0] = 21
netlink: 40027 bytes leftover after parsing attributes in process `syz-executor.2'.
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14429 comm=syz-executor.0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pid=14429 comm=syz-executor.0
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14439 comm=syz-executor.5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14444 comm=syz-executor.5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14477 comm=syz-executor.5