================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:87:38
shift exponent -246 is negative
CPU: 0 PID: 6515 Comm: syz-executor.3 Not tainted 4.19.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ip6_tunnel: non-ECT from fe80:0000:0000:0000:0600:0000:0000:0000 with DS=0xb
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x22c/0x33e lib/dump_stack.c:118
ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
ip6_tunnel: non-ECT from fe80:0000:0000:0000:0600:0000:0000:0000 with DS=0xb
__ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
est_timer.cold+0x96/0x126 net/core/gen_estimator.c:87
call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
expire_timers+0x243/0x500 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1703 [inline]
run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
__do_softirq+0x27d/0xad2 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x22d/0x270 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:544 [inline]
smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
RIP: 0010:integrity_inode_free+0x2/0x310 security/integrity/iint.c:142
Code: c2 40 fe e9 43 ff ff ff e8 7b c2 40 fe e9 62 ff ff ff 48 89 ef e8 6e c2 40 fe e9 75 ff ff ff 66 0f 1f 84 00 00 00 00 00 41 55 <41> 54 49 89 fc 55 53 e8 f2 81 07 fe 49 8d 7c 24 0c 48 b8 00 00 00
RSP: 0018:ffff8880839efcd8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
RAX: ffff8880839e26c0 RBX: ffff8880442cb3f0 RCX: ffffffff81bc69fe
RDX: 0000000000000000 RSI: ffffffff83540656 RDI: ffff8880442cb3f0
RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000002 R12: ffff8880442cb3f0
R13: ffff8880442cb578 R14: ffff8880442cb478 R15: ffff8880442cb418
security_inode_free+0x1e/0x80 security/security.c:449
__destroy_inode+0x26d/0x670 fs/inode.c:239
destroy_inode+0x49/0x120 fs/inode.c:266
iput_final fs/inode.c:1555 [inline]
iput+0x511/0x890 fs/inode.c:1581
dentry_unlink_inode+0x265/0x320 fs/dcache.c:374
d_delete+0x1ee/0x270 fs/dcache.c:2370
vfs_rmdir.part.0+0x2de/0x430 fs/namei.c:3895
vfs_rmdir fs/namei.c:3865 [inline]
do_rmdir+0x3af/0x420 fs/namei.c:3943
do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45dee7
Code: 00 66 90 b8 57 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffff0fec198 EFLAGS: 00000207 ORIG_RAX: 0000000000000054
RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 000000000045dee7
RDX: 0000000000000000 RSI: 000000000074c678 RDI: 00007ffff0fed2d0
RBP: 00000000000000b9 R08: 0000000000000000 R09: 0000000000000001
R10: 000000000000000a R11: 0000000000000207 R12: 00007ffff0fed2d0
R13: 0000000001c08a60 R14: 0000000000000000 R15: 00007ffff0fed2d0
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:88:23
shift exponent 255 is too large for 64-bit type 'long long unsigned int'
CPU: 0 PID: 6515 Comm: syz-executor.3 Not tainted 4.19.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x22c/0x33e lib/dump_stack.c:118
ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
__ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
est_timer.cold+0xd6/0x126 net/core/gen_estimator.c:88
call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
expire_timers+0x243/0x500 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1703 [inline]
run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
__do_softirq+0x27d/0xad2 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x22d/0x270 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:544 [inline]
smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
RIP: 0010:integrity_inode_free+0x2/0x310 security/integrity/iint.c:142
Code: c2 40 fe e9 43 ff ff ff e8 7b c2 40 fe e9 62 ff ff ff 48 89 ef e8 6e c2 40 fe e9 75 ff ff ff 66 0f 1f 84 00 00 00 00 00 41 55 <41> 54 49 89 fc 55 53 e8 f2 81 07 fe 49 8d 7c 24 0c 48 b8 00 00 00
RSP: 0018:ffff8880839efcd8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
RAX: ffff8880839e26c0 RBX: ffff8880442cb3f0 RCX: ffffffff81bc69fe
RDX: 0000000000000000 RSI: ffffffff83540656 RDI: ffff8880442cb3f0
RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000002 R12: ffff8880442cb3f0
R13: ffff8880442cb578 R14: ffff8880442cb478 R15: ffff8880442cb418
security_inode_free+0x1e/0x80 security/security.c:449
__destroy_inode+0x26d/0x670 fs/inode.c:239
destroy_inode+0x49/0x120 fs/inode.c:266
iput_final fs/inode.c:1555 [inline]
iput+0x511/0x890 fs/inode.c:1581
dentry_unlink_inode+0x265/0x320 fs/dcache.c:374
d_delete+0x1ee/0x270 fs/dcache.c:2370
vfs_rmdir.part.0+0x2de/0x430 fs/namei.c:3895
vfs_rmdir fs/namei.c:3865 [inline]
do_rmdir+0x3af/0x420 fs/namei.c:3943
do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45dee7
Code: 00 66 90 b8 57 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffff0fec198 EFLAGS: 00000207 ORIG_RAX: 0000000000000054
RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 000000000045dee7
RDX: 0000000000000000 RSI: 000000000074c678 RDI: 00007ffff0fed2d0
RBP: 00000000000000b9 R08: 0000000000000000 R09: 0000000000000001
R10: 000000000000000a R11: 0000000000000207 R12: 00007ffff0fed2d0
R13: 0000000001c08a60 R14: 0000000000000000 R15: 00007ffff0fed2d0
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:90:46
shift exponent -246 is negative
CPU: 0 PID: 6515 Comm: syz-executor.3 Not tainted 4.19.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x22c/0x33e lib/dump_stack.c:118
ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
__ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
est_timer.cold+0x17/0x126 net/core/gen_estimator.c:90
call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
expire_timers+0x243/0x500 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1703 [inline]
run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
__do_softirq+0x27d/0xad2 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x22d/0x270 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:544 [inline]
smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
RIP: 0010:integrity_inode_free+0x2/0x310 security/integrity/iint.c:142
Code: c2 40 fe e9 43 ff ff ff e8 7b c2 40 fe e9 62 ff ff ff 48 89 ef e8 6e c2 40 fe e9 75 ff ff ff 66 0f 1f 84 00 00 00 00 00 41 55 <41> 54 49 89 fc 55 53 e8 f2 81 07 fe 49 8d 7c 24 0c 48 b8 00 00 00
RSP: 0018:ffff8880839efcd8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
RAX: ffff8880839e26c0 RBX: ffff8880442cb3f0 RCX: ffffffff81bc69fe
RDX: 0000000000000000 RSI: ffffffff83540656 RDI: ffff8880442cb3f0
RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000002 R12: ffff8880442cb3f0
R13: ffff8880442cb578 R14: ffff8880442cb478 R15: ffff8880442cb418
security_inode_free+0x1e/0x80 security/security.c:449
__destroy_inode+0x26d/0x670 fs/inode.c:239
destroy_inode+0x49/0x120 fs/inode.c:266
iput_final fs/inode.c:1555 [inline]
iput+0x511/0x890 fs/inode.c:1581
dentry_unlink_inode+0x265/0x320 fs/dcache.c:374
d_delete+0x1ee/0x270 fs/dcache.c:2370
vfs_rmdir.part.0+0x2de/0x430 fs/namei.c:3895
vfs_rmdir fs/namei.c:3865 [inline]
do_rmdir+0x3af/0x420 fs/namei.c:3943
do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45dee7
Code: 00 66 90 b8 57 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffff0fec198 EFLAGS: 00000207 ORIG_RAX: 0000000000000054
RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 000000000045dee7
RDX: 0000000000000000 RSI: 000000000074c678 RDI: 00007ffff0fed2d0
RBP: 00000000000000b9 R08: 0000000000000000 R09: 0000000000000001
R10: 000000000000000a R11: 0000000000000207 R12: 00007ffff0fed2d0
R13: 0000000001c08a60 R14: 0000000000000000 R15: 00007ffff0fed2d0
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:91:22
shift exponent 255 is too large for 64-bit type 'long long unsigned int'
CPU: 0 PID: 6515 Comm: syz-executor.3 Not tainted 4.19.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x22c/0x33e lib/dump_stack.c:118
ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
__ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
est_timer.cold+0x5b/0x126 net/core/gen_estimator.c:91
call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
expire_timers+0x243/0x500 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1703 [inline]
run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
__do_softirq+0x27d/0xad2 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x22d/0x270 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:544 [inline]
smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
RIP: 0010:integrity_inode_free+0x2/0x310 security/integrity/iint.c:142
Code: c2 40 fe e9 43 ff ff ff e8 7b c2 40 fe e9 62 ff ff ff 48 89 ef e8 6e c2 40 fe e9 75 ff ff ff 66 0f 1f 84 00 00 00 00 00 41 55 <41> 54 49 89 fc 55 53 e8 f2 81 07 fe 49 8d 7c 24 0c 48 b8 00 00 00
RSP: 0018:ffff8880839efcd8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
RAX: ffff8880839e26c0 RBX: ffff8880442cb3f0 RCX: ffffffff81bc69fe
RDX: 0000000000000000 RSI: ffffffff83540656 RDI: ffff8880442cb3f0
RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000002 R12: ffff8880442cb3f0
R13: ffff8880442cb578 R14: ffff8880442cb478 R15: ffff8880442cb418
security_inode_free+0x1e/0x80 security/security.c:449
__destroy_inode+0x26d/0x670 fs/inode.c:239
destroy_inode+0x49/0x120 fs/inode.c:266
iput_final fs/inode.c:1555 [inline]
iput+0x511/0x890 fs/inode.c:1581
dentry_unlink_inode+0x265/0x320 fs/dcache.c:374
d_delete+0x1ee/0x270 fs/dcache.c:2370
vfs_rmdir.part.0+0x2de/0x430 fs/namei.c:3895
vfs_rmdir fs/namei.c:3865 [inline]
do_rmdir+0x3af/0x420 fs/namei.c:3943
do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45dee7
Code: 00 66 90 b8 57 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffff0fec198 EFLAGS: 00000207 ORIG_RAX: 0000000000000054
RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 000000000045dee7
RDX: 0000000000000000 RSI: 000000000074c678 RDI: 00007ffff0fed2d0
RBP: 00000000000000b9 R08: 0000000000000000 R09: 0000000000000001
R10: 000000000000000a R11: 0000000000000207 R12: 00007ffff0fed2d0
R13: 0000000001c08a60 R14: 0000000000000000 R15: 00007ffff0fed2d0
================================================================================
netlink: 112 bytes leftover after parsing attributes in process `syz-executor.4'.
FAT-fs (loop0): bogus number of reserved sectors
FAT-fs (loop0): Can't find a valid FAT filesystem
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9609 comm=syz-executor.2
FAT-fs (loop0): bogus number of reserved sectors
FAT-fs (loop0): Can't find a valid FAT filesystem
FAT-fs (loop0): bogus number of reserved sectors
FAT-fs (loop0): Can't find a valid FAT filesystem
FAT-fs (loop0): bogus number of reserved sectors
IPVS: ftp: loaded support on port[0] = 21
FAT-fs (loop0): Can't find a valid FAT filesystem
FAT-fs (loop0): bogus number of reserved sectors
FAT-fs (loop0): Can't find a valid FAT filesystem
device vxlan0 entered promiscuous mode
FAT-fs (loop0): bogus number of reserved sectors
FAT-fs (loop0): Can't find a valid FAT filesystem
FAT-fs (loop0): bogus number of reserved sectors
FAT-fs (loop0): Can't find a valid FAT filesystem
IPVS: ftp: loaded support on port[0] = 21
FAT-fs (loop0): bogus number of reserved sectors
FAT-fs (loop0): Can't find a valid FAT filesystem
FAT-fs (loop0): bogus number of reserved sectors
FAT-fs (loop0): Can't find a valid FAT filesystem
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
FAT-fs (loop0): bogus number of reserved sectors
FAT-fs (loop0): Can't find a valid FAT filesystem
device vxlan0 entered promiscuous mode
gfs2: fsid=.: Trying to join cluster "lock_nolock", "."
gfs2: fsid=.: Now mounting FS...
gfs2: not a GFS2 filesystem
gfs2: fsid=.: can't read superblock
gfs2: fsid=.: can't read superblock: -22
gfs2: fsid=.: Trying to join cluster "lock_nolock", "."
gfs2: fsid=.: Now mounting FS...
gfs2: not a GFS2 filesystem
gfs2: fsid=.: can't read superblock
gfs2: fsid=.: can't read superblock: -22
FAT-fs (loop0): invalid media value (0x00)
FAT-fs (loop0): Can't find a valid FAT filesystem
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=9832 comm=syz-executor.3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=9832 comm=syz-executor.3
FAT-fs (loop0): invalid media value (0x00)
FAT-fs (loop0): Can't find a valid FAT filesystem
IPVS: ftp: loaded support on port[0] = 21
FAT-fs (loop0): invalid media value (0x00)
FAT-fs (loop0): Can't find a valid FAT filesystem
IPVS: ftp: loaded support on port[0] = 21
FAT-fs (loop0): invalid media value (0x00)
FAT-fs (loop0): Can't find a valid FAT filesystem
FAT-fs (loop0): invalid media value (0x00)
FAT-fs (loop0): Can't find a valid FAT filesystem
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
bridge1: port 1(bridge_slave_0) entered blocking state
bridge1: port 1(bridge_slave_0) entered disabled state
device bridge_slave_0 entered promiscuous mode
bridge1: port 1(bridge_slave_0) entered blocking state
bridge1: port 1(bridge_slave_0) entered forwarding state
bridge1: port 1(bridge_slave_0) entered blocking state
bridge1: port 1(bridge_slave_0) entered forwarding state
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
bridge1: port 1(bridge_slave_0) entered blocking state
bridge1: port 1(bridge_slave_0) entered forwarding state
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
FAT-fs (loop0): invalid media value (0x00)
FAT-fs (loop0): Can't find a valid FAT filesystem
FAT-fs (loop0): bogus number of FAT sectors
FAT-fs (loop0): Can't find a valid FAT filesystem
FAT-fs (loop0): bogus number of FAT sectors
FAT-fs (loop0): Can't find a valid FAT filesystem
overlayfs: conflicting lowerdir path
overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
overlayfs: conflicting lowerdir path
netlink: 'syz-executor.2': attribute type 5 has an invalid length.
FAT-fs (loop0): bogus number of FAT sectors
FAT-fs (loop0): Can't find a valid FAT filesystem
tmpfs: Bad value '0x' for mount option 'nr_inodes'
tmpfs: Bad value '0x' for mount option 'nr_inodes'