================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:87:38
shift exponent -246 is negative
CPU: 0 PID: 8488 Comm: syz-executor.5 Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x22c/0x33e lib/dump_stack.c:118
ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
__ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
est_timer.cold+0x96/0x126 net/core/gen_estimator.c:87
call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
expire_timers+0x243/0x500 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1703 [inline]
run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
__do_softirq+0x27d/0xad2 kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
do_softirq.part.0+0x168/0x200 kernel/softirq.c:336
do_softirq kernel/softirq.c:328 [inline]
__local_bh_enable_ip+0x22d/0x2a0 kernel/softirq.c:189
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline]
ip_finish_output2+0xe53/0x1640 net/ipv4/ip_output.c:232
ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip_output+0x203/0x650 net/ipv4/ip_output.c:406
dst_output include/net/dst.h:455 [inline]
ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
ip_send_skb+0x3e/0xe0 net/ipv4/ip_output.c:1447
udp_send_skb+0x72a/0x1240 net/ipv4/udp.c:848
udp_sendmsg+0x1cdb/0x2530 net/ipv4/udp.c:1135
udpv6_sendmsg+0x1536/0x2b40 net/ipv6/udp.c:1224
inet_sendmsg+0x174/0x640 net/ipv4/af_inet.c:798
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xc7/0x130 net/socket.c:632
___sys_sendmsg+0x3b3/0x8f0 net/socket.c:2115
__sys_sendmmsg+0x195/0x470 net/socket.c:2210
__do_sys_sendmmsg net/socket.c:2239 [inline]
__se_sys_sendmmsg net/socket.c:2236 [inline]
__x64_sys_sendmmsg+0x99/0x100 net/socket.c:2236
do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45de29
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc4fe14bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045de29
RDX: 04000000000000d7 RSI: 00000000200002c0 RDI: 0000000000000004
RBP: 000000000118bf68 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007ffcb51f98ef R14: 00007fc4fe14c9c0 R15: 000000000118bf2c
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:88:23
shift exponent 255 is too large for 64-bit type 'long long unsigned int'
CPU: 0 PID: 8488 Comm: syz-executor.5 Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x22c/0x33e lib/dump_stack.c:118
ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
__ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
est_timer.cold+0xd6/0x126 net/core/gen_estimator.c:88
call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
expire_timers+0x243/0x500 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1703 [inline]
run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
__do_softirq+0x27d/0xad2 kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
do_softirq.part.0+0x168/0x200 kernel/softirq.c:336
do_softirq kernel/softirq.c:328 [inline]
__local_bh_enable_ip+0x22d/0x2a0 kernel/softirq.c:189
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline]
ip_finish_output2+0xe53/0x1640 net/ipv4/ip_output.c:232
ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip_output+0x203/0x650 net/ipv4/ip_output.c:406
dst_output include/net/dst.h:455 [inline]
ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
ip_send_skb+0x3e/0xe0 net/ipv4/ip_output.c:1447
udp_send_skb+0x72a/0x1240 net/ipv4/udp.c:848
udp_sendmsg+0x1cdb/0x2530 net/ipv4/udp.c:1135
udpv6_sendmsg+0x1536/0x2b40 net/ipv6/udp.c:1224
inet_sendmsg+0x174/0x640 net/ipv4/af_inet.c:798
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xc7/0x130 net/socket.c:632
___sys_sendmsg+0x3b3/0x8f0 net/socket.c:2115
__sys_sendmmsg+0x195/0x470 net/socket.c:2210
__do_sys_sendmmsg net/socket.c:2239 [inline]
__se_sys_sendmmsg net/socket.c:2236 [inline]
__x64_sys_sendmmsg+0x99/0x100 net/socket.c:2236
do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45de29
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc4fe14bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045de29
RDX: 04000000000000d7 RSI: 00000000200002c0 RDI: 0000000000000004
RBP: 000000000118bf68 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007ffcb51f98ef R14: 00007fc4fe14c9c0 R15: 000000000118bf2c
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:90:46
shift exponent -246 is negative
CPU: 0 PID: 8488 Comm: syz-executor.5 Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x22c/0x33e lib/dump_stack.c:118
ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
__ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
est_timer.cold+0x17/0x126 net/core/gen_estimator.c:90
call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
expire_timers+0x243/0x500 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1703 [inline]
run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
__do_softirq+0x27d/0xad2 kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
do_softirq.part.0+0x168/0x200 kernel/softirq.c:336
do_softirq kernel/softirq.c:328 [inline]
__local_bh_enable_ip+0x22d/0x2a0 kernel/softirq.c:189
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline]
ip_finish_output2+0xe53/0x1640 net/ipv4/ip_output.c:232
ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip_output+0x203/0x650 net/ipv4/ip_output.c:406
dst_output include/net/dst.h:455 [inline]
ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
ip_send_skb+0x3e/0xe0 net/ipv4/ip_output.c:1447
udp_send_skb+0x72a/0x1240 net/ipv4/udp.c:848
udp_sendmsg+0x1cdb/0x2530 net/ipv4/udp.c:1135
udpv6_sendmsg+0x1536/0x2b40 net/ipv6/udp.c:1224
inet_sendmsg+0x174/0x640 net/ipv4/af_inet.c:798
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xc7/0x130 net/socket.c:632
___sys_sendmsg+0x3b3/0x8f0 net/socket.c:2115
__sys_sendmmsg+0x195/0x470 net/socket.c:2210
__do_sys_sendmmsg net/socket.c:2239 [inline]
__se_sys_sendmmsg net/socket.c:2236 [inline]
__x64_sys_sendmmsg+0x99/0x100 net/socket.c:2236
do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45de29
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc4fe14bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045de29
RDX: 04000000000000d7 RSI: 00000000200002c0 RDI: 0000000000000004
RBP: 000000000118bf68 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007ffcb51f98ef R14: 00007fc4fe14c9c0 R15: 000000000118bf2c
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:91:22
shift exponent 255 is too large for 64-bit type 'long long unsigned int'
CPU: 0 PID: 8488 Comm: syz-executor.5 Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x22c/0x33e lib/dump_stack.c:118
ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
__ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
est_timer.cold+0x5b/0x126 net/core/gen_estimator.c:91
call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
expire_timers+0x243/0x500 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1703 [inline]
run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
__do_softirq+0x27d/0xad2 kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1092
do_softirq.part.0+0x168/0x200 kernel/softirq.c:336
do_softirq kernel/softirq.c:328 [inline]
__local_bh_enable_ip+0x22d/0x2a0 kernel/softirq.c:189
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:721 [inline]
ip_finish_output2+0xe53/0x1640 net/ipv4/ip_output.c:232
ip_finish_output+0x88e/0xd80 net/ipv4/ip_output.c:318
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip_output+0x203/0x650 net/ipv4/ip_output.c:406
dst_output include/net/dst.h:455 [inline]
ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
ip_send_skb+0x3e/0xe0 net/ipv4/ip_output.c:1447
udp_send_skb+0x72a/0x1240 net/ipv4/udp.c:848
udp_sendmsg+0x1cdb/0x2530 net/ipv4/udp.c:1135
udpv6_sendmsg+0x1536/0x2b40 net/ipv6/udp.c:1224
inet_sendmsg+0x174/0x640 net/ipv4/af_inet.c:798
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xc7/0x130 net/socket.c:632
___sys_sendmsg+0x3b3/0x8f0 net/socket.c:2115
__sys_sendmmsg+0x195/0x470 net/socket.c:2210
__do_sys_sendmmsg net/socket.c:2239 [inline]
__se_sys_sendmmsg net/socket.c:2236 [inline]
__x64_sys_sendmmsg+0x99/0x100 net/socket.c:2236
do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45de29
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc4fe14bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000027f00 RCX: 000000000045de29
RDX: 04000000000000d7 RSI: 00000000200002c0 RDI: 0000000000000004
RBP: 000000000118bf68 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007ffcb51f98ef R14: 00007fc4fe14c9c0 R15: 000000000118bf2c
================================================================================
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
syz-executor.1 uses obsolete (PF_INET,SOCK_PACKET)
nla_parse: 2 callbacks suppressed
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
rtc_cmos 00:00: Alarms can be up to one day in the future
rtc_cmos 00:00: Alarms can be up to one day in the future
audit: type=1800 audit(1601998519.468:15): pid=8623 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=15799 res=0
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
rtc_cmos 00:00: Alarms can be up to one day in the future
netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 40 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
rtc_cmos 00:00: Alarms can be up to one day in the future
rtc_cmos 00:00: Alarms can be up to one day in the future
rtc_cmos 00:00: Alarms can be up to one day in the future
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
rtc_cmos 00:00: Alarms can be up to one day in the future
rtc rtc0: __rtc_set_alarm: err=-22
netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
overlayfs: failed to resolve './file1': -2
overlayfs: failed to resolve './file1': -2
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
device batadv0 entered promiscuous mode
device batadv0 left promiscuous mode
device batadv0 entered promiscuous mode
device batadv0 left promiscuous mode
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
HTB: quantum of class FFFF0004 is big. Consider r2q change.
HTB: quantum of class FFFF000C is big. Consider r2q change.
HTB: quantum of class FFFF0004 is big. Consider r2q change.
HTB: quantum of class FFFF000C is big. Consider r2q change.
IPVS: ftp: loaded support on port[0] = 21