================================================================================
UBSAN: Undefined behaviour in ./include/net/red.h:272:18
shift exponent 167 is too large for 64-bit type 'long unsigned int'
CPU: 1 PID: 10256 Comm: syz-executor.1 Not tainted 4.19.152-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 red_calc_qavg_from_idle_time include/net/red.h:272 [inline]
 red_calc_qavg include/net/red.h:313 [inline]
 choke_enqueue+0x2a7e/0x2cc0 net/sched/sch_choke.c:231
 __dev_xmit_skb net/core/dev.c:3494 [inline]
 __dev_queue_xmit+0x14e1/0x2ec0 net/core/dev.c:3807
 neigh_hh_output include/net/neighbour.h:491 [inline]
 neigh_output include/net/neighbour.h:499 [inline]
 ip6_finish_output2+0xe78/0x2370 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x610/0xcc0 net/ipv6/ip6_output.c:154
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip6_output+0x205/0x7c0 net/ipv6/ip6_output.c:171
 dst_output include/net/dst.h:455 [inline]
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ndisc_send_skb+0xa6b/0x1860 net/ipv6/ndisc.c:491
 ndisc_send_rs+0x131/0x6a0 net/ipv6/ndisc.c:685
 addrconf_rs_timer+0x2d9/0x640 net/ipv6/addrconf.c:3834
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0033:0x412f48
Code: 83 ec 18 8b 47 04 4c 8b 77 08 48 89 34 24 48 89 54 24 08 85 c0 4d 8d 6e 04 0f 84 a4 01 00 00 45 31 ff 31 db 31 ed 0f 1f 40 00 <44> 89 f8 41 8b 44 85 00 89 c2 31 c3 83 f0 3d c1 ea 10 89 df 31 d0
RSP: 002b:00007ffc6665c7c0 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13
RAX: 00000000f6d012ee RBX: 00000000ebb13253 RCX: 0000001b33320000
RDX: 00000000f6d012ed RSI: 00000000000012ee RDI: 00000000f6d012ed
RBP: 0000000000000467 R08: 00000000f6d012f1 R09: 0000000000000000
R10: 00007ffc6665c950 R11: 0000000000000246 R12: 000000000118bfa8
R13: 00007f6cef752004 R14: 00007f6cef752000 R15: 0000000000001430
================================================================================
binder: binder_mmap: 10256 20ffc000-20ffe000 bad vm_flags failed -1
binder: binder_mmap: 10265 20ffc000-20ffe000 bad vm_flags failed -1
netem: change failed
ldm_validate_privheads(): Disk read failed.
 loop3: p1 p2 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p21
loop3: partition table partially beyond EOD, truncated
loop3: p1 start 335741103 is beyond EOD, truncated
loop3: p2 size 2 extends beyond EOD, truncated
loop3: p5 start 335741103 is beyond EOD, truncated
loop3: p6 start 335741103 is beyond EOD, truncated
loop3: p7 start 335741103 is beyond EOD, truncated
loop3: p8 start 335741103 is beyond EOD, truncated
loop3: p9 start 335741103 is beyond EOD, truncated
loop3: p10 start 335741103 is beyond EOD, truncated
loop3: p11 start 335741103 is beyond EOD, truncated
loop3: p12 start 335741103 is beyond EOD, truncated
loop3: p13 start 335741103 is beyond EOD, truncated
loop3: p14 start 335741103 is beyond EOD, truncated
loop3: p15 start 335741103 is beyond EOD, truncated
loop3: p16 start 335741103 is beyond EOD, truncated
loop3: p17 start 335741103 is beyond EOD, truncated
loop3: p18 start 335741103 is beyond EOD, truncated
loop3: p19 start 335741103 is beyond EOD, truncated
loop3: p20 start 335741103 is beyond EOD, truncated
loop3: p21 start 335741103 is beyond EOD, truncated
loop3: p22 start 335741103 is beyond EOD, truncated
loop3: p23 start 335741103 is beyond EOD, truncated
loop3: p24 start 335741103 is beyond EOD, truncated
loop3: p25 start 335741103 is beyond EOD, truncated
loop3: p26 start 335741103 is beyond EOD, truncated
loop3: p27 start 335741103 is beyond EOD, truncated
loop3: p28 start 335741103 is beyond EOD, truncated
loop3: p29 start 335741103 is beyond EOD, truncated
loop3: p30 start 335741103 is beyond EOD, truncated
loop3: p31 start 335741103 is beyond EOD, truncated
loop3: p32 start 335741103 is beyond EOD, truncated
loop3: p33 start 335741103 is beyond EOD, truncated
loop3: p34 start 335741103 is beyond EOD, truncated
loop3: p35 start 335741103 is beyond EOD, truncated
loop3: p36 start 335741103 is beyond EOD, truncated
loop3: p37 start 335741103 is beyond EOD, truncated
loop3: p38 start 335741103 is beyond EOD, truncated
loop3: p39 start 335741103 is beyond EOD, truncated
loop3: p40 start 335741103 is beyond EOD, truncated
loop3: p41 start 335741103 is beyond EOD, truncated
loop3: p42 start 335741103 is beyond EOD, truncated
loop3: p43 start 335741103 is beyond EOD, truncated
loop3: p44 start 335741103 is beyond EOD, truncated
loop3: p45 start 335741103 is beyond EOD, truncated
loop3: p46 start 335741103 is beyond EOD, truncated
loop3: p47 start 335741103 is beyond EOD, truncated
loop3: p48 start 335741103 is beyond EOD, truncated
loop3: p49 start 335741103 is beyond EOD, truncated
loop3: p50 start 335741103 is beyond EOD, truncated
loop3: p51 start 335741103 is beyond EOD, truncated
loop3: p52 start 335741103 is beyond EOD, truncated
loop3: p53 start 335741103 is beyond EOD, truncated
loop3: p54 start 335741103 is beyond EOD, truncated
loop3: p55 start 335741103 is beyond EOD, truncated
loop3: p56 start 335741103 is beyond EOD, truncated
loop3: p57 start 335741103 is beyond EOD, truncated
loop3: p58 start 335741103 is beyond EOD, truncated
loop3: p59 start 335741103 is beyond EOD, truncated
loop3: p60 start 335741103 is beyond EOD, truncated
loop3: p61 start 335741103 is beyond EOD, truncated
loop3: p62 start 335741103 is beyond EOD, truncated
loop3: p63 start 335741103 is beyond EOD, truncated
loop3: p64 start 335741103 is beyond EOD, truncated
loop3: p65 start 335741103 is beyond EOD, truncated
loop3: p66 start 335741103 is beyond EOD, truncated
loop3: p67 start 335741103 is beyond EOD, truncated
loop3: p68 start 335741103 is beyond EOD, truncated
loop3: p69 start 335741103 is beyond EOD, truncated
loop3: p70 start 335741103 is beyond EOD, truncated
loop3: p71 start 335741103 is beyond EOD, truncated
loop3: p72 start 335741103 is beyond EOD, truncated
loop3: p73 start 335741103 is beyond EOD, truncated
loop3: p74 start 335741103 is beyond EOD, truncated
loop3: p75 start 335741103 is beyond EOD, truncated
loop3: p76 start 335741103 is beyond EOD, truncated
loop3: p77 start 335741103 is beyond EOD, truncated
loop3: p78 start 335741103 is beyond EOD, truncated
loop3: p79 start 335741103 is beyond EOD, truncated
loop3: p80 start 335741103 is beyond EOD, truncated
loop3: p81 start 335741103 is beyond EOD, truncated
loop3: p82 start 335741103 is beyond EOD, truncated
loop3: p83 start 335741103 is beyond EOD, truncated
loop3: p84 start 335741103 is beyond EOD, truncated
loop3: p85 start 335741103 is beyond EOD, truncated
loop3: p86 start 335741103 is beyond EOD, truncated
loop3: p87 start 335741103 is beyond EOD, truncated
loop3: p88 start 335741103 is beyond EOD, truncated
loop3: p89 start 335741103 is beyond EOD, truncated
loop3: p90 start 335741103 is beyond EOD, truncated
loop3: p91 start 335741103 is beyond EOD, truncated
loop3: p92 start 335741103 is beyond EOD, truncated
loop3: p93 start 335741103 is beyond EOD, truncated
loop3: p94 start 335741103 is beyond EOD, truncated
loop3: p95 start 335741103 is beyond EOD, truncated
loop3: p96 start 335741103 is beyond EOD, truncated
loop3: p97 start 335741103 is beyond EOD, truncated
loop3: p98 start 335741103 is beyond EOD, truncated
loop3: p99 start 335741103 is beyond EOD, truncated
loop3: p100 start 335741103 is beyond EOD, truncated
loop3: p101 start 335741103 is beyond EOD, truncated
loop3: p102 start 335741103 is beyond EOD, truncated
loop3: p103 start 335741103 is beyond EOD, truncated
loop3: p104 start 335741103 is beyond EOD, truncated
loop3: p105 start 335741103 is beyond EOD, truncated
loop3: p106 start 335741103 is beyond EOD, truncated
loop3: p107 start 335741103 is beyond EOD, truncated
loop3: p108 start 335741103 is beyond EOD, truncated
loop3: p109 start 335741103 is beyond EOD, truncated
loop3: p110 start 335741103 is beyond EOD, truncated
loop3: p111 start 335741103 is beyond EOD, truncated
loop3: p112 start 335741103 is beyond EOD, truncated
loop3: p113 start 335741103 is beyond EOD, truncated
loop3: p114 start 335741103 is beyond EOD, truncated
loop3: p115 start 335741103 is beyond EOD, truncated
loop3: p116 start 335741103 is beyond EOD, truncated
loop3: p117 start 335741103 is beyond EOD, truncated
loop3: p118 start 335741103 is beyond EOD, truncated
loop3: p119 start 335741103 is beyond EOD, truncated
loop3: p120 start 335741103 is beyond EOD, truncated
loop3: p121 start 335741103 is beyond EOD, truncated
loop3: p122 start 335741103 is beyond EOD, truncated
loop3: p123 start 335741103 is beyond EOD, truncated
loop3: p124 start 335741103 is beyond EOD, truncated
loop3: p125 start 335741103 is beyond EOD, truncated
loop3: p126 start 335741103 is beyond EOD, truncated
loop3: p127 start 335741103 is beyond EOD, truncated
loop3: p128 start 335741103 is beyond EOD, truncated
loop3: p129 start 335741103 is beyond EOD, truncated
loop3: p130 start 335741103 is beyond EOD, truncated
loop3: p131 start 335741103 is beyond EOD, truncated
loop3: p132 start 335741103 is beyond EOD, truncated
loop3: p133 start 335741103 is beyond EOD, truncated
loop3: p134 start 335741103 is beyond EOD, truncated
loop3: p135 start 335741103 is beyond EOD, truncated
loop3: p136 start 335741103 is beyond EOD, truncated
loop3: p137 start 335741103 is beyond EOD, truncated
loop3: p138 start 335741103 is beyond EOD, truncated
loop3: p139 start 335741103 is beyond EOD, truncated
loop3: p140 start 335741103 is beyond EOD, truncated
loop3: p141 start 335741103 is beyond EOD, truncated
loop3: p142 start 335741103 is beyond EOD, truncated
loop3: p143 start 335741103 is beyond EOD, truncated
loop3: p144 start 335741103 is beyond EOD, truncated
loop3: p145 start 335741103 is beyond EOD, truncated
loop3: p146 start 335741103 is beyond EOD, truncated
loop3: p147 start 335741103 is beyond EOD, truncated
loop3: p148 start 335741103 is beyond EOD, truncated
loop3: p149 start 335741103 is beyond EOD, truncated
loop3: p150 start 335741103 is beyond EOD, truncated
loop3: p151 start 335741103 is beyond EOD, truncated
loop3: p152 start 335741103 is beyond EOD, truncated
loop3: p153 start 335741103 is beyond EOD, truncated
loop3: p154 start 335741103 is beyond EOD, truncated
loop3: p155 start 335741103 is beyond EOD, truncated
loop3: p156 start 335741103 is beyond EOD, truncated
loop3: p157 start 335741103 is beyond EOD, truncated
loop3: p158 start 335741103 is beyond EOD, truncated
loop3: p159 start 335741103 is beyond EOD, truncated
loop3: p160 start 335741103 is beyond EOD, truncated
loop3: p161 start 335741103 is beyond EOD, truncated
loop3: p162 start 335741103 is beyond EOD, truncated
loop3: p163 start 335741103 is beyond EOD, truncated
loop3: p164 start 335741103 is beyond EOD, truncated
loop3: p165 start 335741103 is beyond EOD, truncated
loop3: p166 start 335741103 is beyond EOD, truncated
loop3: p167 start 335741103 is beyond EOD, truncated
loop3: p168 start 335741103 is beyond EOD, truncated
loop3: p169 start 335741103 is beyond EOD, truncated
loop3: p170 start 335741103 is beyond EOD, truncated
loop3: p171 start 335741103 is beyond EOD, truncated
loop3: p172 start 335741103 is beyond EOD, truncated
loop3: p173 start 335741103 is beyond EOD, truncated
loop3: p174 start 335741103 is beyond EOD, truncated
loop3: p175 start 335741103 is beyond EOD, truncated
loop3: p176 start 335741103 is beyond EOD, truncated
loop3: p177 start 335741103 is beyond EOD, truncated
loop3: p178 start 335741103 is beyond EOD, truncated
loop3: p179 start 335741103 is beyond EOD, truncated
loop3: p180 start 335741103 is beyond EOD, truncated
loop3: p181 start 335741103 is beyond EOD, truncated
loop3: p182 start 335741103 is beyond EOD, truncated
loop3: p183 start 335741103 is beyond EOD, truncated
loop3: p184 start 335741103 is beyond EOD, truncated
loop3: p185 start 335741103 is beyond EOD, truncated
loop3: p186 start 335741103 is beyond EOD, truncated
loop3: p187 start 335741103 is beyond EOD, truncated
loop3: p188 start 335741103 is beyond EOD, truncated
loop3: p189 start 335741103 is beyond EOD, truncated
loop3: p190 start 335741103 is beyond EOD, truncated
loop3: p191 start 335741103 is beyond EOD, truncated
loop3: p192 start 335741103 is beyond EOD, truncated
loop3: p193 start 335741103 is beyond EOD, truncated
loop3: p194 start 335741103 is beyond EOD, truncated
loop3: p195 start 335741103 is beyond EOD, truncated
loop3: p196 start 335741103 is beyond EOD, truncated
loop3: p197 start 335741103 is beyond EOD, truncated
loop3: p198 start 335741103 is beyond EOD, truncated
loop3: p199 start 335741103 is beyond EOD, truncated
loop3: p200 start 335741103 is beyond EOD, truncated
loop3: p201 start 335741103 is beyond EOD, truncated
loop3: p202 start 335741103 is beyond EOD, truncated
loop3: p203 start 335741103 is beyond EOD, truncated
loop3: p204 start 335741103 is beyond EOD, truncated
loop3: p205 start 335741103 is beyond EOD, truncated
loop3: p206 start 335741103 is beyond EOD, truncated
loop3: p207 start 335741103 is beyond EOD, truncated
loop3: p208 start 335741103 is beyond EOD, truncated
loop3: p209 start 335741103 is beyond EOD, truncated
loop3: p210 start 335741103 is beyond EOD, truncated
loop3: p211 start 335741103 is beyond EOD, truncated
loop3: p212 start 335741103 is beyond EOD, truncated
loop3: p213 start 335741103 is beyond EOD, truncated
loop3: p214 start 335741103 is beyond EOD, truncated
loop3: p215 start 335741103 is beyond EOD, truncated
loop3: p216 start 335741103 is beyond EOD, truncated
loop3: p217 start 335741103 is beyond EOD, truncated
loop3: p218 start 335741103 is beyond EOD, truncated
loop3: p219 start 335741103 is beyond EOD, truncated
loop3: p220 start 335741103 is beyond EOD, truncated
loop3: p221 start 335741103 is beyond EOD, truncated
loop3: p222 start 335741103 is beyond EOD, truncated
loop3: p223 start 335741103 is beyond EOD, truncated
loop3: p224 start 335741103 is beyond EOD, truncated
loop3: p225 start 335741103 is beyond EOD, truncated
loop3: p226 start 335741103 is beyond EOD, truncated
loop3: p227 start 335741103 is beyond EOD, truncated
loop3: p228 start 335741103 is beyond EOD, truncated
loop3: p229 start 335741103 is beyond EOD, truncated
loop3: p230 start 335741103 is beyond EOD, truncated
loop3: p231 start 335741103 is beyond EOD, truncated
loop3: p232 start 335741103 is beyond EOD, truncated
loop3: p233 start 335741103 is beyond EOD, truncated
loop3: p234 start 335741103 is beyond EOD, truncated
loop3: p235 start 335741103 is beyond EOD, truncated
loop3: p236 start 335741103 is beyond EOD, truncated
loop3: p237 start 335741103 is beyond EOD, truncated
loop3: p238 start 335741103 is beyond EOD, truncated
loop3: p239 start 335741103 is beyond EOD, truncated
loop3: p240 start 335741103 is beyond EOD, truncated
loop3: p241 start 335741103 is beyond EOD, truncated
loop3: p242 start 335741103 is beyond EOD, truncated
loop3: p243 start 335741103 is beyond EOD, truncated
loop3: p244 start 335741103 is beyond EOD, truncated
loop3: p245 start 335741103 is beyond EOD, truncated
loop3: p246 start 335741103 is beyond EOD, truncated
loop3: p247 start 335741103 is beyond EOD, truncated
loop3: p248 start 335741103 is beyond EOD, truncated
loop3: p249 start 335741103 is beyond EOD, truncated
loop3: p250 start 335741103 is beyond EOD, truncated
loop3: p251 start 335741103 is beyond EOD, truncated
loop3: p252 start 335741103 is beyond EOD, truncated
loop3: p253 start 335741103 is beyond EOD, truncated
loop3: p254 start 335741103 is beyond EOD, truncated
loop3: p255 start 335741103 is beyond EOD, truncated
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
device bond1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): bond1: link is not ready
8021q: adding VLAN 0 to HW filter on device bond1
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
syz_tun: mtu less than device minimum
syz_tun: mtu less than device minimum
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 56 bytes leftover after parsing attributes in process `syz-executor.5'.
syz-executor.0 (10348) used greatest stack depth: 22944 bytes left
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
audit: type=1800 audit(1603103912.086:34): pid=10374 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.5" name="bus" dev="sda1" ino=16118 res=0
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
team0: Device ipvlan1 failed to register rx_handler
team0: Device ipvlan1 failed to register rx_handler
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
audit: type=1804 audit(1603103917.346:35): pid=10582 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir186439299/syzkaller.9wk604/72/bus/file0" dev="overlay" ino=16168 res=1
audit: type=1804 audit(1603103917.426:36): pid=10598 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir186439299/syzkaller.9wk604/72/bus/bus/file0" dev="overlay" ino=16171 res=1
audit: type=1804 audit(1603103917.846:37): pid=10614 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir186439299/syzkaller.9wk604/73/bus/file0" dev="overlay" ino=16150 res=1
hub 9-0:1.0: USB hub found
hub 9-0:1.0: 8 ports detected
hub 9-0:1.0: USB hub found
hub 9-0:1.0: 8 ports detected