================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:87:38
shift exponent -246 is negative
CPU: 1 PID: 118 Comm: kworker/u4:3 Not tainted 4.19.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound call_usermodehelper_exec_work
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 est_timer.cold+0x96/0x126 net/core/gen_estimator.c:87
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:26 [inline]
RIP: 0010:__orc_find+0x6f/0xf0 arch/x86/kernel/unwind_orc.c:48
Code: 72 4d 4c 89 e0 48 29 e8 48 89 c2 48 c1 e8 3f 48 c1 fa 02 48 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 <48> 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 48 48 63 03 48 01
RSP: 0000:ffff8880a93df4f8 EFLAGS: 00000a07 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff172f509 RBX: ffffffff8b97a84c RCX: ffffffff87c00193
RDX: 0000000000000000 RSI: ffffffff8c18a55a RDI: ffffffff8b97a7bc
RBP: ffffffff8b97a7bc R08: ffffffff8c18a710 R09: 0000000000000001
R10: ffff8880a93df677 R11: 000000000014d623 R12: ffffffff8b97a8dc
R13: ffffffff8b97a7bc R14: ffffffff8b97a7bc R15: dffffc0000000000
 orc_find arch/x86/kernel/unwind_orc.c:159 [inline]
 unwind_next_frame+0x329/0x2430 arch/x86/kernel/unwind_orc.c:429
 __save_stack_trace+0x83/0x100 arch/x86/kernel/stacktrace.c:44
 save_stack mm/kasan/kasan.c:448 [inline]
 set_track mm/kasan/kasan.c:460 [inline]
 kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553
 slab_post_alloc_hook mm/slab.h:445 [inline]
 slab_alloc mm/slab.c:3397 [inline]
 kmem_cache_alloc+0x114/0x4a0 mm/slab.c:3557
 copy_sighand kernel/fork.c:1438 [inline]
 copy_process.part.0+0x1feb/0x7fb0 kernel/fork.c:1891
 copy_process kernel/fork.c:1694 [inline]
 _do_fork+0x22f/0x1020 kernel/fork.c:2207
 kernel_thread+0x2f/0x40 kernel/fork.c:2266
 call_usermodehelper_exec_work+0x16d/0x260 kernel/umh.c:190
 process_one_work+0x796/0x14e0 kernel/workqueue.c:2155
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:88:23
shift exponent 255 is too large for 64-bit type 'long long unsigned int'
CPU: 1 PID: 118 Comm: kworker/u4:3 Not tainted 4.19.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound call_usermodehelper_exec_work
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 est_timer.cold+0xd6/0x126 net/core/gen_estimator.c:88
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:26 [inline]
RIP: 0010:__orc_find+0x6f/0xf0 arch/x86/kernel/unwind_orc.c:48
Code: 72 4d 4c 89 e0 48 29 e8 48 89 c2 48 c1 e8 3f 48 c1 fa 02 48 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 <48> 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 48 48 63 03 48 01
RSP: 0000:ffff8880a93df4f8 EFLAGS: 00000a07 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff172f509 RBX: ffffffff8b97a84c RCX: ffffffff87c00193
RDX: 0000000000000000 RSI: ffffffff8c18a55a RDI: ffffffff8b97a7bc
RBP: ffffffff8b97a7bc R08: ffffffff8c18a710 R09: 0000000000000001
R10: ffff8880a93df677 R11: 000000000014d623 R12: ffffffff8b97a8dc
R13: ffffffff8b97a7bc R14: ffffffff8b97a7bc R15: dffffc0000000000
 orc_find arch/x86/kernel/unwind_orc.c:159 [inline]
 unwind_next_frame+0x329/0x2430 arch/x86/kernel/unwind_orc.c:429
 __save_stack_trace+0x83/0x100 arch/x86/kernel/stacktrace.c:44
 save_stack mm/kasan/kasan.c:448 [inline]
 set_track mm/kasan/kasan.c:460 [inline]
 kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553
 slab_post_alloc_hook mm/slab.h:445 [inline]
 slab_alloc mm/slab.c:3397 [inline]
 kmem_cache_alloc+0x114/0x4a0 mm/slab.c:3557
 copy_sighand kernel/fork.c:1438 [inline]
 copy_process.part.0+0x1feb/0x7fb0 kernel/fork.c:1891
 copy_process kernel/fork.c:1694 [inline]
 _do_fork+0x22f/0x1020 kernel/fork.c:2207
 kernel_thread+0x2f/0x40 kernel/fork.c:2266
 call_usermodehelper_exec_work+0x16d/0x260 kernel/umh.c:190
 process_one_work+0x796/0x14e0 kernel/workqueue.c:2155
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:90:46
audit: type=1400 audit(1601273387.978:25): avc:  denied  { block_suspend } for  pid=9089 comm="syz-executor.4" capability=36  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
shift exponent -246 is negative
CPU: 1 PID: 118 Comm: kworker/u4:3 Not tainted 4.19.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound call_usermodehelper_exec_work
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 est_timer.cold+0x17/0x126 net/core/gen_estimator.c:90
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:26 [inline]
RIP: 0010:__orc_find+0x6f/0xf0 arch/x86/kernel/unwind_orc.c:48
Code: 72 4d 4c 89 e0 48 29 e8 48 89 c2 48 c1 e8 3f 48 c1 fa 02 48 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 <48> 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 48 48 63 03 48 01
RSP: 0000:ffff8880a93df4f8 EFLAGS: 00000a07 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff172f509 RBX: ffffffff8b97a84c RCX: ffffffff87c00193
RDX: 0000000000000000 RSI: ffffffff8c18a55a RDI: ffffffff8b97a7bc
RBP: ffffffff8b97a7bc R08: ffffffff8c18a710 R09: 0000000000000001
R10: ffff8880a93df677 R11: 000000000014d623 R12: ffffffff8b97a8dc
R13: ffffffff8b97a7bc R14: ffffffff8b97a7bc R15: dffffc0000000000
 orc_find arch/x86/kernel/unwind_orc.c:159 [inline]
 unwind_next_frame+0x329/0x2430 arch/x86/kernel/unwind_orc.c:429
 __save_stack_trace+0x83/0x100 arch/x86/kernel/stacktrace.c:44
 save_stack mm/kasan/kasan.c:448 [inline]
 set_track mm/kasan/kasan.c:460 [inline]
 kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553
 slab_post_alloc_hook mm/slab.h:445 [inline]
 slab_alloc mm/slab.c:3397 [inline]
 kmem_cache_alloc+0x114/0x4a0 mm/slab.c:3557
 copy_sighand kernel/fork.c:1438 [inline]
 copy_process.part.0+0x1feb/0x7fb0 kernel/fork.c:1891
 copy_process kernel/fork.c:1694 [inline]
 _do_fork+0x22f/0x1020 kernel/fork.c:2207
 kernel_thread+0x2f/0x40 kernel/fork.c:2266
 call_usermodehelper_exec_work+0x16d/0x260 kernel/umh.c:190
 process_one_work+0x796/0x14e0 kernel/workqueue.c:2155
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
================================================================================
================================================================================
UBSAN: Undefined behaviour in net/core/gen_estimator.c:91:22
shift exponent 255 is too large for 64-bit type 'long long unsigned int'
CPU: 1 PID: 118 Comm: kworker/u4:3 Not tainted 4.19.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound call_usermodehelper_exec_work
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 est_timer.cold+0x5b/0x126 net/core/gen_estimator.c:91
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:26 [inline]
RIP: 0010:__orc_find+0x6f/0xf0 arch/x86/kernel/unwind_orc.c:48
Code: 72 4d 4c 89 e0 48 29 e8 48 89 c2 48 c1 e8 3f 48 c1 fa 02 48 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 <48> 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 48 48 63 03 48 01
RSP: 0000:ffff8880a93df4f8 EFLAGS: 00000a07 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff172f509 RBX: ffffffff8b97a84c RCX: ffffffff87c00193
RDX: 0000000000000000 RSI: ffffffff8c18a55a RDI: ffffffff8b97a7bc
RBP: ffffffff8b97a7bc R08: ffffffff8c18a710 R09: 0000000000000001
R10: ffff8880a93df677 R11: 000000000014d623 R12: ffffffff8b97a8dc
R13: ffffffff8b97a7bc R14: ffffffff8b97a7bc R15: dffffc0000000000
 orc_find arch/x86/kernel/unwind_orc.c:159 [inline]
 unwind_next_frame+0x329/0x2430 arch/x86/kernel/unwind_orc.c:429
 __save_stack_trace+0x83/0x100 arch/x86/kernel/stacktrace.c:44
 save_stack mm/kasan/kasan.c:448 [inline]
 set_track mm/kasan/kasan.c:460 [inline]
 kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:553
 slab_post_alloc_hook mm/slab.h:445 [inline]
 slab_alloc mm/slab.c:3397 [inline]
 kmem_cache_alloc+0x114/0x4a0 mm/slab.c:3557
 copy_sighand kernel/fork.c:1438 [inline]
 copy_process.part.0+0x1feb/0x7fb0 kernel/fork.c:1891
 copy_process kernel/fork.c:1694 [inline]
 _do_fork+0x22f/0x1020 kernel/fork.c:2207
 kernel_thread+0x2f/0x40 kernel/fork.c:2266
 call_usermodehelper_exec_work+0x16d/0x260 kernel/umh.c:190
 process_one_work+0x796/0x14e0 kernel/workqueue.c:2155
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
================================================================================
audit: type=1400 audit(1601273389.538:26): avc:  denied  { name_bind } for  pid=9145 comm="syz-executor.4" src=20000 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
audit: type=1400 audit(1601273389.538:27): avc:  denied  { name_connect } for  pid=9145 comm="syz-executor.4" dest=20000 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
audit: type=1804 audit(1601273389.958:28): pid=9193 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir799998416/syzkaller.vaEGE6/36/cgroup.controllers" dev="sda1" ino=15865 res=1
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.

**********************************************************
**   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
**                                                      **
** trace_printk() being used. Allocating extra memory.  **
**                                                      **
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
** This means that this is a DEBUG kernel and it is     **
netlink: 'syz-executor.5': attribute type 2 has an invalid length.
** unsafe for production use.                           **
**                                                      **
** If you see this message and you are not debugging    **
** the kernel, report this immediately to your vendor!  **
**                                                      **
**   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
audit: type=1800 audit(1601273393.348:29): pid=9309 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.0" name="cpuacct.stat" dev="sda1" ino=15892 res=0
**********************************************************
Dev loop0: unable to read RDB block 1
 loop0: unable to read partition table
loop0: partition table beyond EOD, truncated
loop_reread_partitions: partition scan of loop0 () failed (rc=-5)
Dev loop0: unable to read RDB block 1
 loop0: unable to read partition table
loop0: partition table beyond EOD, truncated
netlink: 'syz-executor.3': attribute type 5 has an invalid length.
loop_reread_partitions: partition scan of loop0 () failed (rc=-5)
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
overlayfs: failed to decode file handle (len=84, type=251, flags=0, err=-22)
audit: type=1800 audit(1601273394.708:30): pid=9436 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=15900 res=0
overlayfs: failed to decode file handle (len=84, type=251, flags=0, err=-22)
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
bridge1: port 1(geneve0) entered blocking state
bridge1: port 1(geneve0) entered disabled state
overlayfs: failed to decode file handle (len=84, type=251, flags=0, err=-22)
device geneve0 entered promiscuous mode
usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
overlayfs: failed to decode file handle (len=84, type=251, flags=0, err=-22)
audit: type=1800 audit(1601273396.348:31): pid=9566 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=15909 res=0
audit: type=1800 audit(1601273396.528:32): pid=9566 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=15909 res=0
overlayfs: failed to decode file handle (len=84, type=251, flags=0, err=-22)
audit: type=1800 audit(1601273396.828:33): pid=9589 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=4 res=0
overlayfs: failed to decode file handle (len=84, type=251, flags=0, err=-22)
audit: type=1804 audit(1601273396.888:34): pid=9589 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir961882498/syzkaller.vFoJTi/50/file1/file0" dev="loop5" ino=4 res=1
audit: type=1804 audit(1601273397.158:35): pid=9612 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir799998416/syzkaller.vaEGE6/50/file0" dev="sda1" ino=15914 res=1
audit: type=1804 audit(1601273397.288:36): pid=9618 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir961882498/syzkaller.vFoJTi/51/bus" dev="sda1" ino=15888 res=1
audit: type=1804 audit(1601273397.298:37): pid=9618 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir961882498/syzkaller.vFoJTi/51/bus" dev="sda1" ino=15888 res=1