================================================================================
UBSAN: Undefined behaviour in net/sched/sch_api.c:561:7
shift exponent 129 is too large for 32-bit type 'int'
CPU: 0 PID: 21728 Comm: systemd-udevd Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 __qdisc_calculate_pkt_len+0x3bb/0x570 net/sched/sch_api.c:561
 qdisc_calculate_pkt_len include/net/sch_generic.h:697 [inline]
 __dev_xmit_skb net/core/dev.c:3443 [inline]
 __dev_queue_xmit+0x1372/0x2ec0 net/core/dev.c:3807
 neigh_hh_output include/net/neighbour.h:491 [inline]
 neigh_output include/net/neighbour.h:499 [inline]
 ip_finish_output2+0xc04/0x1640 net/ipv4/ip_output.c:230
 ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip_output+0x203/0x650 net/ipv4/ip_output.c:406
 dst_output include/net/dst.h:455 [inline]
 ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
 iptunnel_xmit+0x63e/0xa30 net/ipv4/ip_tunnel_core.c:91
 geneve_xmit_skb drivers/net/geneve.c:865 [inline]
 geneve_xmit+0xf46/0x2ac0 drivers/net/geneve.c:938
 __netdev_start_xmit include/linux/netdevice.h:4333 [inline]
 netdev_start_xmit include/linux/netdevice.h:4347 [inline]
 xmit_one net/core/dev.c:3256 [inline]
 dev_hard_start_xmit+0x1a8/0x960 net/core/dev.c:3272
 __dev_queue_xmit+0x276a/0x2ec0 net/core/dev.c:3838
 neigh_hh_output include/net/neighbour.h:491 [inline]
 neigh_output include/net/neighbour.h:499 [inline]
 ip6_finish_output2+0xe78/0x2370 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x610/0xcc0 net/ipv6/ip6_output.c:154
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip6_output+0x205/0x7c0 net/ipv6/ip6_output.c:171
 dst_output include/net/dst.h:455 [inline]
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ndisc_send_skb+0xa6b/0x1860 net/ipv6/ndisc.c:491
 ndisc_send_rs+0x131/0x6a0 net/ipv6/ndisc.c:685
 addrconf_rs_timer+0x2d9/0x640 net/ipv6/addrconf.c:3834
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline]
RIP: 0010:seqcount_lockdep_reader_access include/linux/seqlock.h:83 [inline]
RIP: 0010:read_seqcount_begin include/linux/seqlock.h:164 [inline]
RIP: 0010:read_seqbegin include/linux/seqlock.h:440 [inline]
RIP: 0010:zone_span_seqbegin include/linux/memory_hotplug.h:65 [inline]
RIP: 0010:page_outside_zone_boundaries mm/page_alloc.c:490 [inline]
RIP: 0010:bad_range+0x295/0x4b0 mm/page_alloc.c:519
Code: e7 ff 48 c7 c0 e8 89 63 89 48 c1 e8 03 80 3c 28 00 0f 85 f1 01 00 00 48 83 3d 9e 1c d4 07 00 0f 84 b0 00 00 00 4c 89 ff 57 9d <0f> 1f 44 00 00 e9 75 fe ff ff 0f 0b 48 c7 c7 20 56 84 89 e8 c3 ae
RSP: 0018:ffff888095ca75c8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff12c713d RBX: ffff88812fffb6c0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000286
RBP: dffffc0000000000 R08: 00000000978e26d2 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff12c713c
R13: 0000000000000000 R14: 1ffffffff12c713e R15: 0000000000000286
 rmqueue mm/page_alloc.c:3046 [inline]
 get_page_from_freelist+0x1127/0x4620 mm/page_alloc.c:3372
 __alloc_pages_nodemask+0x3b1/0x2a60 mm/page_alloc.c:4398
 alloc_pages_current+0x19d/0x2c0 mm/mempolicy.c:2197
 alloc_pages include/linux/gfp.h:532 [inline]
 __page_cache_alloc+0x76/0x90 mm/filemap.c:969
 __do_page_cache_readahead+0x1a1/0x730 mm/readahead.c:195
 force_page_cache_readahead+0x1d8/0x310 mm/readahead.c:242
 page_cache_sync_readahead mm/readahead.c:523 [inline]
 page_cache_sync_readahead+0x3ea/0x580 mm/readahead.c:510
 generic_file_buffered_read mm/filemap.c:2115 [inline]
 generic_file_read_iter+0x1497/0x2c00 mm/filemap.c:2385
 blkdev_read_iter+0x11b/0x180 fs/block_dev.c:1959
 call_read_iter include/linux/fs.h:1815 [inline]
 new_sync_read fs/read_write.c:406 [inline]
 __vfs_read+0x518/0x760 fs/read_write.c:418
 vfs_read+0x194/0x3c0 fs/read_write.c:452
 ksys_read+0x12b/0x2a0 fs/read_write.c:579
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fe0d08ac210
Code: 73 01 c3 48 8b 0d 98 7d 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d b9 c1 20 00 00 75 10 b8 00 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 4e fc ff ff 48 89 04 24
RSP: 002b:00007ffd225d8e58 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 0000560d81213b70 RCX: 00007fe0d08ac210
RDX: 0000000000040000 RSI: 0000560d81213b98 RDI: 000000000000000f
RBP: 0000560d810dc9c0 R08: 0000000000000003 R09: 0000000000040030
R10: 0000560d81213b88 R11: 0000000000000246 R12: 00000000080c0000
R13: 0000000008100000 R14: 0000560d810dca10 R15: 0000000000040000
================================================================================
Bluetooth: hci2: command 0x0419 tx timeout
MINIX-fs: mounting unchecked file system, running fsck is recommended
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
FAT-fs (loop5): Unrecognized mount option "#�P2k" or missing value
FAT-fs (loop2): bogus number of FAT structure
FAT-fs (loop2): Can't find a valid FAT filesystem
FAT-fs (loop5): Unrecognized mount option "#�P2k" or missing value
FAT-fs (loop2): bogus number of FAT structure
FAT-fs (loop2): Can't find a valid FAT filesystem
FAT-fs (loop5): Unrecognized mount option "n/casBǹ�j}��˨�" or missing value
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
FAT-fs (loop5): Unrecognized mount option "���" or missing value
FAT-fs (loop5): Unrecognized mount option "���" or missing value
FAT-fs (loop5): Unrecognized mount option "nojaqe" or missing value
FAT-fs (loop5): Unrecognized mount option "nojaqe" or missing value
UBIFS error (pid: 21975): cannot open "ubifs", error -22
FAT-fs (loop4): bogus number of reserved sectors
FAT-fs (loop4): Can't find a valid FAT filesystem
FAT-fs (loop4): bogus number of reserved sectors
UBIFS error (pid: 22020): cannot open "ubi0xffffffffffffffff", error -19
UBIFS error (pid: 22020): cannot open "ubi0xffffffffffffffff", error -19
FAT-fs (loop4): Can't find a valid FAT filesystem
FAT-fs (loop4): bogus number of reserved sectors
FAT-fs (loop4): Can't find a valid FAT filesystem
UBIFS error (pid: 22074): cannot open "", error -22
UBIFS error (pid: 22078): cannot open "", error -22
UBIFS error (pid: 22095): cannot open "�
����:!kI1r4z�>�8", error -22
FAT-fs (loop4): bogus number of reserved sectors
FAT-fs (loop4): Can't find a valid FAT filesystem
UBIFS error (pid: 22106): cannot open "ubiWA�F&`���1Q|
Q
�ȡ�KM�}Cqq�)�P�|t@��{?����i��r�x0͇Ͱ��R�W��K3?\Z�`����"@��I>�|H�����^�����DV�~��}s�������r䕙���O#�", error -22
UBIFS error (pid: 22106): cannot open "ubiWA�F&`���1Q|
Q
�ȡ�KM�}Cqq�)�P�|t@��{?����i��r�x0͇Ͱ��R�W��K3?\Z�`����"@��I>�|H�����^�����DV�~��}s�������r䕙���O#�", error -22
UBIFS error (pid: 22119): cannot open "ubi", error -22
FAT-fs (loop4): bogus number of reserved sectors
FAT-fs (loop4): Can't find a valid FAT filesystem
UBIFS error (pid: 22136): cannot open "ubi", error -22
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
FAT-fs (loop4): bogus number of reserved sectors
FAT-fs (loop4): Can't find a valid FAT filesystem
FAT-fs (loop4): bogus number of reserved sectors
UBIFS error (pid: 22207): cannot open "Ubi�����J�~3G�؎�Q�T&�x���M�L�CdG|-�0���U�X����zz|��3�#�~�$�N.�M?t�w��*q�"$��y��ƞ��Υ���)�\YUȃ��o&��=�xF�%p�ɢ�Y�ȭ", error -22
FAT-fs (loop4): Can't find a valid FAT filesystem
UBIFS error (pid: 22225): cannot open "ubi", error -22
UBIFS error (pid: 22228): cannot open "ubi", error -22
FAT-fs (loop5): Unrecognized mount option "noca3%(" or missing value
FAT-fs (loop4): bogus number of reserved sectors
UBIFS error (pid: 22259): cannot open "ubi", error -22
FAT-fs (loop4): Can't find a valid FAT filesystem
UBIFS error (pid: 22263): cannot open "ubi", error -22
UBIFS error (pid: 22279): cannot open "ubi", error -22
FAT-fs (loop4): bogus number of reserved sectors
UBIFS error (pid: 22277): cannot open "ubi", error -22
FAT-fs (loop4): Can't find a valid FAT filesystem
UBIFS error (pid: 22319): cannot open "��'�", error -22
FAT-fs (loop4): bogus number of reserved sectors
FAT-fs (loop4): Can't find a valid FAT filesystem
FAT-fs (loop4): bogus number of reserved sectors
FAT-fs (loop4): Can't find a valid FAT filesystem
UBIFS error (pid: 22355): cannot open "ubi���=́%R*T��\x��", error -22
UBIFS error (pid: 22374): cannot open "ubi", error -22
UBIFS error (pid: 22374): cannot open "ubi", error -22
FAT-fs (loop4): bogus number of reserved sectors
netlink: 'syz-executor.5': attribute type 2 has an invalid length.
FAT-fs (loop4): Can't find a valid FAT filesystem