================================================================================
UBSAN: Undefined behaviour in ./include/net/red.h:272:18
shift exponent 75 is too large for 64-bit type 'long unsigned int'
CPU: 1 PID: 19240 Comm: syz-executor.2 Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 red_calc_qavg_from_idle_time include/net/red.h:272 [inline]
 red_calc_qavg include/net/red.h:313 [inline]
 choke_enqueue+0x2a7e/0x2cc0 net/sched/sch_choke.c:231
 __dev_xmit_skb net/core/dev.c:3494 [inline]
 __dev_queue_xmit+0x14e1/0x2ec0 net/core/dev.c:3807
 neigh_hh_output include/net/neighbour.h:491 [inline]
 neigh_output include/net/neighbour.h:499 [inline]
 ip_finish_output2+0xc04/0x1640 net/ipv4/ip_output.c:230
 ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip_output+0x203/0x650 net/ipv4/ip_output.c:406
 dst_output include/net/dst.h:455 [inline]
 ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
 __ip_queue_xmit+0x8a0/0x1bd0 net/ipv4/ip_output.c:506
 __tcp_transmit_skb+0x1c72/0x36c0 net/ipv4/tcp_output.c:1148
 tcp_transmit_skb net/ipv4/tcp_output.c:1164 [inline]
 tcp_write_xmit+0x839/0x5050 net/ipv4/tcp_output.c:2389
 __tcp_push_pending_frames+0xae/0x280 net/ipv4/tcp_output.c:2568
 tcp_push+0x4b7/0x6b0 net/ipv4/tcp.c:743
 do_tcp_sendpages+0x147a/0x1970 net/ipv4/tcp.c:1078
 tcp_sendpage_locked net/ipv4/tcp.c:1104 [inline]
 tcp_sendpage_locked net/ipv4/tcp.c:1096 [inline]
 tcp_sendpage+0x80/0xd0 net/ipv4/tcp.c:1114
 inet_sendpage+0x1a4/0x700 net/ipv4/af_inet.c:815
 kernel_sendpage net/socket.c:3378 [inline]
 sock_sendpage+0xdf/0x140 net/socket.c:847
 pipe_to_sendpage+0x268/0x330 fs/splice.c:452
 splice_from_pipe_feed fs/splice.c:503 [inline]
 __splice_from_pipe+0x3af/0x820 fs/splice.c:627
 splice_from_pipe fs/splice.c:662 [inline]
 generic_splice_sendpage+0xd4/0x140 fs/splice.c:833
 do_splice_from fs/splice.c:852 [inline]
 direct_splice_actor+0x115/0x160 fs/splice.c:1025
 splice_direct_to_actor+0x33f/0x8d0 fs/splice.c:980
 do_splice_direct+0x1a7/0x270 fs/splice.c:1068
 do_sendfile+0x550/0xc30 fs/read_write.c:1447
 __do_sys_sendfile64 fs/read_write.c:1508 [inline]
 __se_sys_sendfile64+0x147/0x160 fs/read_write.c:1494
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45de59
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f5dd3dbcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 0000000000027ec0 RCX: 000000000045de59
XFS (loop0): Invalid superblock magic number
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005
RBP: 000000000118bf68 R08: 0000000000000000 R09: 0000000000000000
R10: 000000010000edbe R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007ffc0d2473af R14: 00007f5dd3dbd9c0 R15: 000000000118bf2c
================================================================================
f2fs_msg: 30 callbacks suppressed
F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
audit: type=1804 audit(1602805663.942:25): pid=19341 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir494596523/syzkaller.tDwlDk/684/cgroup.controllers" dev="sda1" ino=16615 res=1
nvme_fabrics: missing parameter 'transport=%s'
nvme_fabrics: missing parameter 'nqn=%s'
nvme_fabrics: missing parameter 'transport=%s'
nvme_fabrics: missing parameter 'nqn=%s'
nvme_fabrics: missing parameter 'transport=%s'
nvme_fabrics: missing parameter 'nqn=%s'
nvme_fabrics: missing parameter 'transport=%s'
nvme_fabrics: missing parameter 'nqn=%s'
nvme_fabrics: missing parameter 'transport=%s'
nvme_fabrics: missing parameter 'nqn=%s'
nvme_fabrics: missing parameter 'transport=%s'
nvme_fabrics: missing parameter 'nqn=%s'
nvme_fabrics: missing parameter 'transport=%s'
nvme_fabrics: missing parameter 'nqn=%s'
nvme_fabrics: missing parameter 'transport=%s'
nvme_fabrics: missing parameter 'nqn=%s'
nvme_fabrics: missing parameter 'transport=%s'
nvme_fabrics: missing parameter 'nqn=%s'
nvme_fabrics: missing parameter 'transport=%s'
nvme_fabrics: missing parameter 'nqn=%s'
f2fs_msg: 166 callbacks suppressed
F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(0) root(7)
F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(0) root(7)
F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
overlayfs: bad mount option "redirect_dir=./"
audit: type=1800 audit(1602805670.092:26): pid=19992 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.1" name="memory.events" dev="sda1" ino=16225 res=0
overlayfs: bad mount option "redirect_dir=./"
overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
overlayfs: failed to resolve './file0': -2
overlayfs: bad mount option "redirect_dir=./"
overlayfs: failed to resolve './file0': -2
overlayfs: bad mount option "redirect_dir=./"
overlayfs: bad mount option "redirect_dir=./"
overlayfs: bad mount option "redirect_dir=./"
IPv6: addrconf: prefix option has invalid lifetime
netlink: 'syz-executor.4': attribute type 1 has an invalid length.
overlayfs: bad mount option "redirect_dir=./"
bond1: Enslaving veth3 as a backup interface with a down link
bond1 (unregistering): Releasing backup interface veth3
bond1 (unregistering): Released all slaves
netlink: 'syz-executor.4': attribute type 1 has an invalid length.
bond1: Enslaving veth5 as a backup interface with a down link