================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:87:38
shift exponent -246 is negative
CPU: 0 PID: 6518 Comm: syz-executor.4 Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 est_timer.cold+0x96/0x126 net/core/gen_estimator.c:87
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
 </IRQ>
 do_softirq.part.0+0x168/0x200 kernel/softirq.c:336
 do_softirq kernel/softirq.c:328 [inline]
 __local_bh_enable_ip+0x22d/0x2a0 kernel/softirq.c:189
 sock_orphan include/net/sock.h:1803 [inline]
 tcp_close+0x598/0x1030 net/ipv4/tcp.c:2429
 inet_release+0xd7/0x1e0 net/ipv4/af_inet.c:427
 __sock_release+0xcd/0x2a0 net/socket.c:579
 sock_close+0x15/0x20 net/socket.c:1140
 __fput+0x2ce/0x8a0 fs/file_table.c:278
 task_work_run+0x141/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x269/0x2c0 arch/x86/entry/common.c:167
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x57c/0x670 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x417781
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffc243887c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 00007ffc243887f0 RCX: 0000000000417781
RDX: 00000000000000e0 RSI: 00007ffc24388af0 RDI: 0000000000000003
RBP: 000000000074de60 R08: 0000000000006000 R09: 0000000000004000
R10: 00007ffc24388850 R11: 0000000000000293 R12: 00007ffc24388850
R13: 0000000000000003 R14: 000000000074de60 R15: 0000000000000000
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:88:23
shift exponent 255 is too large for 64-bit type 'long long unsigned int'
CPU: 0 PID: 6518 Comm: syz-executor.4 Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 est_timer.cold+0xd6/0x126 net/core/gen_estimator.c:88
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
 </IRQ>
 do_softirq.part.0+0x168/0x200 kernel/softirq.c:336
 do_softirq kernel/softirq.c:328 [inline]
 __local_bh_enable_ip+0x22d/0x2a0 kernel/softirq.c:189
 sock_orphan include/net/sock.h:1803 [inline]
 tcp_close+0x598/0x1030 net/ipv4/tcp.c:2429
 inet_release+0xd7/0x1e0 net/ipv4/af_inet.c:427
 __sock_release+0xcd/0x2a0 net/socket.c:579
 sock_close+0x15/0x20 net/socket.c:1140
 __fput+0x2ce/0x8a0 fs/file_table.c:278
 task_work_run+0x141/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x269/0x2c0 arch/x86/entry/common.c:167
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x57c/0x670 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x417781
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffc243887c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 00007ffc243887f0 RCX: 0000000000417781
RDX: 00000000000000e0 RSI: 00007ffc24388af0 RDI: 0000000000000003
RBP: 000000000074de60 R08: 0000000000006000 R09: 0000000000004000
R10: 00007ffc24388850 R11: 0000000000000293 R12: 00007ffc24388850
R13: 0000000000000003 R14: 000000000074de60 R15: 0000000000000000
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:90:46
shift exponent -246 is negative
CPU: 0 PID: 6518 Comm: syz-executor.4 Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 est_timer.cold+0x17/0x126 net/core/gen_estimator.c:90
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
 </IRQ>
 do_softirq.part.0+0x168/0x200 kernel/softirq.c:336
 do_softirq kernel/softirq.c:328 [inline]
 __local_bh_enable_ip+0x22d/0x2a0 kernel/softirq.c:189
 sock_orphan include/net/sock.h:1803 [inline]
 tcp_close+0x598/0x1030 net/ipv4/tcp.c:2429
 inet_release+0xd7/0x1e0 net/ipv4/af_inet.c:427
 __sock_release+0xcd/0x2a0 net/socket.c:579
 sock_close+0x15/0x20 net/socket.c:1140
 __fput+0x2ce/0x8a0 fs/file_table.c:278
 task_work_run+0x141/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x269/0x2c0 arch/x86/entry/common.c:167
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x57c/0x670 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x417781
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffc243887c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 00007ffc243887f0 RCX: 0000000000417781
RDX: 00000000000000e0 RSI: 00007ffc24388af0 RDI: 0000000000000003
RBP: 000000000074de60 R08: 0000000000006000 R09: 0000000000004000
R10: 00007ffc24388850 R11: 0000000000000293 R12: 00007ffc24388850
R13: 0000000000000003 R14: 000000000074de60 R15: 0000000000000000
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:91:22
shift exponent 255 is too large for 64-bit type 'long long unsigned int'
CPU: 0 PID: 6518 Comm: syz-executor.4 Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 est_timer.cold+0x5b/0x126 net/core/gen_estimator.c:91
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
 </IRQ>
 do_softirq.part.0+0x168/0x200 kernel/softirq.c:336
 do_softirq kernel/softirq.c:328 [inline]
 __local_bh_enable_ip+0x22d/0x2a0 kernel/softirq.c:189
 sock_orphan include/net/sock.h:1803 [inline]
 tcp_close+0x598/0x1030 net/ipv4/tcp.c:2429
 inet_release+0xd7/0x1e0 net/ipv4/af_inet.c:427
 __sock_release+0xcd/0x2a0 net/socket.c:579
 sock_close+0x15/0x20 net/socket.c:1140
 __fput+0x2ce/0x8a0 fs/file_table.c:278
 task_work_run+0x141/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x269/0x2c0 arch/x86/entry/common.c:167
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x57c/0x670 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x417781
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffc243887c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 00007ffc243887f0 RCX: 0000000000417781
RDX: 00000000000000e0 RSI: 00007ffc24388af0 RDI: 0000000000000003
RBP: 000000000074de60 R08: 0000000000006000 R09: 0000000000004000
R10: 00007ffc24388850 R11: 0000000000000293 R12: 00007ffc24388850
R13: 0000000000000003 R14: 000000000074de60 R15: 0000000000000000
================================================================================
audit: type=1804 audit(1601978056.048:10): pid=11523 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir986150112/syzkaller.BtPyL1/303/bus" dev="sda1" ino=16163 res=1
audit: type=1804 audit(1601978056.168:11): pid=11536 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir986150112/syzkaller.BtPyL1/303/bus" dev="sda1" ino=16163 res=1
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'.
audit: type=1800 audit(1601978056.238:12): pid=11523 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.5" name="bus" dev="sda1" ino=16163 res=0
audit: type=1800 audit(1601978056.238:13): pid=11536 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.5" name="bus" dev="sda1" ino=16163 res=0
sd 0:0:1:0: [sg0] tag#3338 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
sd 0:0:1:0: [sg0] tag#3338 CDB: Test Unit Ready
sd 0:0:1:0: [sg0] tag#3338 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#3338 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#3338 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#3338 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#3338 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#3338 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#3338 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#3338 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#3338 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#3338 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#3338 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#3338 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sd 0:0:1:0: [sg0] tag#3338 CDB[c0]: 00 00 00 00 00 00 00 00
nla_parse: 12 callbacks suppressed
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'.
audit: type=1800 audit(1601978058.148:14): pid=11683 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16122 res=0
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'.