================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:87:38
shift exponent -246 is negative
CPU: 0 PID: 2324 Comm: kworker/0:1H Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: kblockd blk_mq_run_work_fn
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 est_timer.cold+0x96/0x126 net/core/gen_estimator.c:87
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:trace_scsi_dispatch_cmd_start include/trace/events/scsi.h:200 [inline]
RIP: 0010:scsi_dispatch_cmd+0x334/0xc40 drivers/scsi/scsi_lib.c:1835
Code: de e8 a0 fc fa fc 83 fb 3f 0f 87 9d 07 00 00 e8 22 fb fa fc 89 db 48 0f a3 1d 10 ca c3 06 0f 92 c3 31 ff 89 de e8 3c fc fa fc <84> db 0f 85 b2 04 00 00 e8 ff fa fa fc 49 8d bc 24 58 01 00 00 48
RSP: 0018:ffff8880a2837970 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff8476d754
RDX: 0000000000000001 RSI: ffff8880a2828140 RDI: 0000000000000001
RBP: ffff8880a0dde538 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 000000000d297885 R12: ffff888218da6b00
R13: 0000000000000020 R14: ffff8880a0de8e00 R15: ffff8880a0deb6c0
 scsi_queue_rq+0x1477/0x1aa0 drivers/scsi/scsi_lib.c:2139
 blk_mq_dispatch_rq_list+0xcf4/0x1a00 block/blk-mq.c:1186
 blk_mq_do_dispatch_sched+0x187/0x400 block/blk-mq-sched.c:117
 blk_mq_sched_dispatch_requests+0x389/0x5b0 block/blk-mq-sched.c:213
 __blk_mq_run_hw_queue+0x185/0x290 block/blk-mq.c:1317
 blk_mq_run_work_fn+0x48/0x60 block/blk-mq.c:1550
 process_one_work+0x796/0x14e0 kernel/workqueue.c:2155
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:88:23
shift exponent 255 is too large for 64-bit type 'long long unsigned int'
CPU: 0 PID: 2324 Comm: kworker/0:1H Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: kblockd blk_mq_run_work_fn
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 est_timer.cold+0xd6/0x126 net/core/gen_estimator.c:88
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:trace_scsi_dispatch_cmd_start include/trace/events/scsi.h:200 [inline]
RIP: 0010:scsi_dispatch_cmd+0x334/0xc40 drivers/scsi/scsi_lib.c:1835
Code: de e8 a0 fc fa fc 83 fb 3f 0f 87 9d 07 00 00 e8 22 fb fa fc 89 db 48 0f a3 1d 10 ca c3 06 0f 92 c3 31 ff 89 de e8 3c fc fa fc <84> db 0f 85 b2 04 00 00 e8 ff fa fa fc 49 8d bc 24 58 01 00 00 48
RSP: 0018:ffff8880a2837970 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff8476d754
RDX: 0000000000000001 RSI: ffff8880a2828140 RDI: 0000000000000001
RBP: ffff8880a0dde538 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 000000000d297885 R12: ffff888218da6b00
R13: 0000000000000020 R14: ffff8880a0de8e00 R15: ffff8880a0deb6c0
 scsi_queue_rq+0x1477/0x1aa0 drivers/scsi/scsi_lib.c:2139
 blk_mq_dispatch_rq_list+0xcf4/0x1a00 block/blk-mq.c:1186
 blk_mq_do_dispatch_sched+0x187/0x400 block/blk-mq-sched.c:117
 blk_mq_sched_dispatch_requests+0x389/0x5b0 block/blk-mq-sched.c:213
 __blk_mq_run_hw_queue+0x185/0x290 block/blk-mq.c:1317
 blk_mq_run_work_fn+0x48/0x60 block/blk-mq.c:1550
 process_one_work+0x796/0x14e0 kernel/workqueue.c:2155
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:90:46
shift exponent -246 is negative
CPU: 0 PID: 2324 Comm: kworker/0:1H Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: kblockd blk_mq_run_work_fn
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 est_timer.cold+0x17/0x126 net/core/gen_estimator.c:90
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:trace_scsi_dispatch_cmd_start include/trace/events/scsi.h:200 [inline]
RIP: 0010:scsi_dispatch_cmd+0x334/0xc40 drivers/scsi/scsi_lib.c:1835
Code: de e8 a0 fc fa fc 83 fb 3f 0f 87 9d 07 00 00 e8 22 fb fa fc 89 db 48 0f a3 1d 10 ca c3 06 0f 92 c3 31 ff 89 de e8 3c fc fa fc <84> db 0f 85 b2 04 00 00 e8 ff fa fa fc 49 8d bc 24 58 01 00 00 48
RSP: 0018:ffff8880a2837970 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff8476d754
RDX: 0000000000000001 RSI: ffff8880a2828140 RDI: 0000000000000001
RBP: ffff8880a0dde538 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 000000000d297885 R12: ffff888218da6b00
R13: 0000000000000020 R14: ffff8880a0de8e00 R15: ffff8880a0deb6c0
 scsi_queue_rq+0x1477/0x1aa0 drivers/scsi/scsi_lib.c:2139
 blk_mq_dispatch_rq_list+0xcf4/0x1a00 block/blk-mq.c:1186
 blk_mq_do_dispatch_sched+0x187/0x400 block/blk-mq-sched.c:117
 blk_mq_sched_dispatch_requests+0x389/0x5b0 block/blk-mq-sched.c:213
 __blk_mq_run_hw_queue+0x185/0x290 block/blk-mq.c:1317
 blk_mq_run_work_fn+0x48/0x60 block/blk-mq.c:1550
 process_one_work+0x796/0x14e0 kernel/workqueue.c:2155
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:91:22
shift exponent 255 is too large for 64-bit type 'long long unsigned int'
CPU: 0 PID: 2324 Comm: kworker/0:1H Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: kblockd blk_mq_run_work_fn
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 est_timer.cold+0x5b/0x126 net/core/gen_estimator.c:91
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:trace_scsi_dispatch_cmd_start include/trace/events/scsi.h:200 [inline]
RIP: 0010:scsi_dispatch_cmd+0x334/0xc40 drivers/scsi/scsi_lib.c:1835
Code: de e8 a0 fc fa fc 83 fb 3f 0f 87 9d 07 00 00 e8 22 fb fa fc 89 db 48 0f a3 1d 10 ca c3 06 0f 92 c3 31 ff 89 de e8 3c fc fa fc <84> db 0f 85 b2 04 00 00 e8 ff fa fa fc 49 8d bc 24 58 01 00 00 48
RSP: 0018:ffff8880a2837970 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff8476d754
RDX: 0000000000000001 RSI: ffff8880a2828140 RDI: 0000000000000001
RBP: ffff8880a0dde538 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 000000000d297885 R12: ffff888218da6b00
R13: 0000000000000020 R14: ffff8880a0de8e00 R15: ffff8880a0deb6c0
 scsi_queue_rq+0x1477/0x1aa0 drivers/scsi/scsi_lib.c:2139
 blk_mq_dispatch_rq_list+0xcf4/0x1a00 block/blk-mq.c:1186
 blk_mq_do_dispatch_sched+0x187/0x400 block/blk-mq-sched.c:117
 blk_mq_sched_dispatch_requests+0x389/0x5b0 block/blk-mq-sched.c:213
 __blk_mq_run_hw_queue+0x185/0x290 block/blk-mq.c:1317
 blk_mq_run_work_fn+0x48/0x60 block/blk-mq.c:1550
 process_one_work+0x796/0x14e0 kernel/workqueue.c:2155
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
================================================================================
audit: type=1800 audit(1602030776.653:207): pid=30128 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16241 res=0
audit: type=1800 audit(1602030776.803:208): pid=30128 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16241 res=0
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
nla_parse: 1 callbacks suppressed
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.2'.
IPVS: ftp: loaded support on port[0] = 21
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
Bluetooth: hci5: command 0x0409 tx timeout