================================================================================
UBSAN: Undefined behaviour in ./include/net/red.h:272:18
shift exponent 102 is too large for 64-bit type 'long unsigned int'
CPU: 0 PID: 6513 Comm: syz-executor.0 Not tainted 4.19.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 red_calc_qavg_from_idle_time include/net/red.h:272 [inline]
 red_adaptative_algo include/net/red.h:404 [inline]
 red_adaptative_timer+0x7ed/0x870 net/sched/sch_red.c:266
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x50/0x90 kernel/locking/spinlock.c:192
Code: c0 b8 89 63 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 3d 48 83 3d 61 ca b2 01 00 74 25 fb 66 0f 1f 44 00 00 <bf> 01 00 00 00 e8 86 35 9c f9 65 8b 05 5f 2e 51 78 85 c0 74 02 5d
RSP: 0018:ffff8880a7917840 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff12c7137 RBX: 0000000076d330a8 RCX: 1ffff110124e8187
RDX: dffffc0000000000 RSI: ffff888092740c18 RDI: ffff888092740bc4
RBP: ffff8880ae22c2c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880ae22c2c0
R13: ffff88809e11e100 R14: 0000000000000000 R15: 0000000000000001
 finish_lock_switch kernel/sched/core.c:2578 [inline]
 finish_task_switch+0x174/0x8b0 kernel/sched/core.c:2678
 context_switch kernel/sched/core.c:2831 [inline]
 __schedule+0x8ed/0x22e0 kernel/sched/core.c:3517
 preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:3641
 ___preempt_schedule+0x16/0x18
 __raw_spin_unlock include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock+0x3b/0x40 kernel/locking/spinlock.c:176
 spin_unlock include/linux/spinlock.h:369 [inline]
 copy_pte_range mm/memory.c:1113 [inline]
 copy_pmd_range mm/memory.c:1153 [inline]
 copy_pud_range mm/memory.c:1187 [inline]
 copy_p4d_range mm/memory.c:1209 [inline]
 copy_page_range+0x140a/0x3380 mm/memory.c:1271
 dup_mmap kernel/fork.c:549 [inline]
 dup_mm kernel/fork.c:1288 [inline]
 copy_mm kernel/fork.c:1344 [inline]
 copy_process.part.0+0x5c68/0x7fb0 kernel/fork.c:1897
 copy_process kernel/fork.c:1694 [inline]
 _do_fork+0x22f/0x1020 kernel/fork.c:2207
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c36a
Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
RSP: 002b:00007ffd1d1f7510 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ffd1d1f7510 RCX: 000000000045c36a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffd1d1f7550 R08: 0000000000000001 R09: 0000000001e61940
R10: 0000000001e61c10 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd1d1f75a0
================================================================================
IPVS: ftp: loaded support on port[0] = 21
audit: type=1804 audit(1601375263.977:141): pid=32046 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir609647676/syzkaller.kJcALk/1127/cgroup.controllers" dev="sda1" ino=17416 res=1
audit: type=1804 audit(1601375263.997:142): pid=32042 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir609647676/syzkaller.kJcALk/1127/cgroup.controllers" dev="sda1" ino=17416 res=1
netlink: 'syz-executor.4': attribute type 1 has an invalid length.
device bond2 entered promiscuous mode
netlink: 23 bytes leftover after parsing attributes in process `syz-executor.4'.
audit: type=1804 audit(1601375264.497:143): pid=32109 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir609647676/syzkaller.kJcALk/1128/cgroup.controllers" dev="sda1" ino=16669 res=1
device veth3 entered promiscuous mode
audit: type=1804 audit(1601375264.557:144): pid=32070 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir609647676/syzkaller.kJcALk/1128/cgroup.controllers" dev="sda1" ino=16669 res=1
bond2: making interface veth3 the new active one
IPVS: ftp: loaded support on port[0] = 21
bond2: Enslaving veth3 as an active interface with an up link
bond2 (unregistering): Releasing backup interface veth3
bond2 (unregistering): Released all slaves
netlink: 'syz-executor.4': attribute type 1 has an invalid length.
netlink: 23 bytes leftover after parsing attributes in process `syz-executor.4'.
device veth5 entered promiscuous mode
netlink: 'syz-executor.4': attribute type 1 has an invalid length.
device bond2 entered promiscuous mode
netlink: 23 bytes leftover after parsing attributes in process `syz-executor.4'.
device veth5 entered promiscuous mode
bond2: making interface veth5 the new active one
bond2: Enslaving veth5 as an active interface with an up link
bond2 (unregistering): Releasing backup interface veth5
bond2 (unregistering): Released all slaves
xt_connbytes: Forcing CT accounting to be enabled
xt_l2tp: invalid flags combination: 0
audit: type=1804 audit(1601375269.057:145): pid=32417 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir609647676/syzkaller.kJcALk/1134/cgroup.controllers" dev="sda1" ino=15921 res=1
netlink: 'syz-executor.4': attribute type 1 has an invalid length.
device bond2 entered promiscuous mode
netlink: 23 bytes leftover after parsing attributes in process `syz-executor.4'.
audit: type=1804 audit(1601375269.237:146): pid=32441 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir393742078/syzkaller.zaxjoj/1184/cgroup.controllers" dev="sda1" ino=15985 res=1
device veth7 entered promiscuous mode
bond2: making interface veth7 the new active one
bond2: Enslaving veth7 as an active interface with an up link
netlink: 164 bytes leftover after parsing attributes in process `syz-executor.1'.
bond2 (unregistering): Releasing backup interface veth7
IPVS: ftp: loaded support on port[0] = 21
bond2 (unregistering): Released all slaves
IPVS: ftp: loaded support on port[0] = 21
netlink: 'syz-executor.4': attribute type 1 has an invalid length.
device bond2 entered promiscuous mode
netlink: 23 bytes leftover after parsing attributes in process `syz-executor.4'.
audit: type=1804 audit(1601375270.427:147): pid=32612 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir393742078/syzkaller.zaxjoj/1186/cgroup.controllers" dev="sda1" ino=15937 res=1
device veth9 entered promiscuous mode
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
audit: type=1804 audit(1601375271.167:148): pid=32666 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir079830266/syzkaller.AE1AS8/1300/cgroup.controllers" dev="sda1" ino=16369 res=1
IPVS: ftp: loaded support on port[0] = 21
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1010 sclass=netlink_route_socket pid=32712 comm=syz-executor.0
bond1: Enslaving veth3 as an active interface with an up link
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 'syz-executor.3': attribute type 4 has an invalid length.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1010 sclass=netlink_route_socket pid=32670 comm=syz-executor.0
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
bond2 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): veth3: link is not ready
netlink: 'syz-executor.3': attribute type 4 has an invalid length.
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
IPVS: ftp: loaded support on port[0] = 21