syzbot

================================================================================
UBSAN: shift-out-of-bounds in net/core/gen_estimator.c:83:38
shift exponent -1 is negative
CPU: 0 PID: 4876 Comm: systemd-journal Not tainted 5.10.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:395
 est_timer.cold+0xbb/0x12d net/core/gen_estimator.c:83
 call_timer_fn+0x1a5/0x710 kernel/time/timer.c:1417
 expire_timers kernel/time/timer.c:1462 [inline]
 __run_timers.part.0+0x692/0xa80 kernel/time/timer.c:1731
 __run_timers kernel/time/timer.c:1712 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1744
 __do_softirq+0x2bc/0xa77 kernel/softirq.c:343
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:226 [inline]
 __irq_exit_rcu+0x17f/0x200 kernel/softirq.c:420
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:432
 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1096
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/irqflags.h:85 [inline]
RIP: 0010:lock_acquire kernel/locking/lockdep.c:5440 [inline]
RIP: 0010:lock_acquire+0x2c7/0x750 kernel/locking/lockdep.c:5402
Code: 48 c7 c7 40 9a 6b 89 48 83 c4 20 e8 83 82 c1 07 b8 ff ff ff ff 65 0f c1 05 76 3a aa 7e 83 f8 01 0f 85 40 03 00 00 ff 34 24 9d <e9> 3a fe ff ff 65 ff 05 dd 28 aa 7e 48 8b 05 b6 36 12 0c e8 a1 77
RSP: 0018:ffffc90000f47888 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 1ffff920001e8f13 RCX: 0000000000000001
RDX: 1ffff110027f6148 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8f5177a7
R10: fffffbfff1ea2ef4 R11: 0000000000000000 R12: 0000000000000002
R13: ffffffff8b78e0e0 R14: 0000000000000000 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:253 [inline]
 rcu_read_lock include/linux/rcupdate.h:642 [inline]
 __d_lookup+0xa8/0x760 fs/dcache.c:2386
 lookup_fast+0x2d0/0x6c0 fs/namei.c:1502
 walk_component+0xc6/0x6a0 fs/namei.c:1857
 link_path_walk.part.0+0x6b8/0xc20 fs/namei.c:2184
 link_path_walk fs/namei.c:2112 [inline]
 path_lookupat+0xb7/0x830 fs/namei.c:2333
 filename_lookup+0x19f/0x560 fs/namei.c:2367
 do_readlinkat+0xcd/0x2f0 fs/stat.c:407
 __do_sys_readlinkat fs/stat.c:434 [inline]
 __se_sys_readlinkat fs/stat.c:431 [inline]
 __x64_sys_readlinkat+0x93/0xf0 fs/stat.c:431
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fb53d8bc0ba
Code: 48 8b 0d e1 bd 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 0b 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ae bd 2b 00 f7 d8 64 89 01 48
RSP: 002b:00007ffc6551c828 EFLAGS: 00000202 ORIG_RAX: 000000000000010b
RAX: ffffffffffffffda RBX: 000055fee9307a80 RCX: 00007fb53d8bc0ba
RDX: 000055fee9307a80 RSI: 00007ffc6551c8b0 RDI: 00000000ffffff9c
RBP: 0000000000000064 R08: 00007fb53db78c58 R09: 0000000000000070
R10: 0000000000000063 R11: 0000000000000202 R12: 00007ffc6551c8b0
R13: 00000000ffffff9c R14: 00007ffc6551c880 R15: 0000000000000063
================================================================================