Hi,
This bug was found in Linux Kernel v4.18-rc2
$ cat report10 
================================================================================
UBSAN: Undefined behaviour in drivers/scsi/sr_ioctl.c:428:9
signed integer overflow:
810238276 * 177 cannot be represented in type 'int'
CPU: 0 PID: 3712 Comm: syz-executor1 Not tainted 4.18.0-rc1 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x122/0x1c8 lib/dump_stack.c:113
 ubsan_epilogue+0x12/0x86 lib/ubsan.c:159
 handle_overflow+0x1c2/0x21f lib/ubsan.c:190
 __ubsan_handle_mul_overflow+0x2a/0x38 lib/ubsan.c:214
 sr_select_speed+0x184/0x1b0 drivers/scsi/sr_ioctl.c:428
 cdrom_ioctl_select_speed drivers/cdrom/cdrom.c:2432 [inline]
 cdrom_ioctl+0x517/0x340e drivers/cdrom/cdrom.c:3344
 sr_block_ioctl+0x10e/0x1b0 drivers/scsi/sr.c:576
 __blkdev_driver_ioctl block/ioctl.c:303 [inline]
 blkdev_ioctl+0xb03/0x1fc0 block/ioctl.c:601
 block_ioctl+0xf5/0x160 fs/block_dev.c:1880
 vfs_ioctl fs/ioctl.c:46 [inline]
 do_vfs_ioctl+0x1e8/0x1340 fs/ioctl.c:686
 ksys_ioctl+0x9c/0xb0 fs/ioctl.c:701
 __do_sys_ioctl fs/ioctl.c:708 [inline]
 __se_sys_ioctl fs/ioctl.c:706 [inline]
 __x64_sys_ioctl+0x81/0xd0 fs/ioctl.c:706
 do_syscall_64+0xb8/0x3a0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x455a09
Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
RSP: 002b:00007f26b265ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f26b265b6d4 RCX: 0000000000455a09
RDX: 00000000304b4144 RSI: 0000000000005322 RDI: 0000000000000013
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000001dc R14: 00000000006f7d40 R15: 0000000000000000
================================================================================
netlink: 36 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 36 bytes leftover after parsing attributes in process `syz-executor1'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=3864 comm=syz-executor0
sr 1:0:0:0: [sr0] unaligned transfer
sr 1:0:0:0: [sr0] unaligned transfer
sg_write: data in/out 17982/46 bytes for SCSI command 0x0-- guessing data in;
   program syz-executor0 not setting count and/or reply_len properly
sg_write: data in/out 17982/46 bytes for SCSI command 0x0-- guessing data in;
   program syz-executor0 not setting count and/or reply_len properly
================================================================================
UBSAN: Undefined behaviour in net/sunrpc/xprt.c:568:22
shift exponent 536870976 is too large for 64-bit type 'long unsigned int'
CPU: 0 PID: 4174 Comm: syz-executor1 Not tainted 4.18.0-rc1 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x122/0x1c8 lib/dump_stack.c:113
 ubsan_epilogue+0x12/0x86 lib/ubsan.c:159
 __ubsan_handle_shift_out_of_bounds+0x29a/0x2ff lib/ubsan.c:425
 xprt_reset_majortimeo+0x323/0x440 net/sunrpc/xprt.c:568
 xprt_request_init+0x4d2/0x730 net/sunrpc/xprt.c:1330
 call_reserveresult+0x9d/0x240 net/sunrpc/clnt.c:1549
 __rpc_execute+0x23a/0xc20 net/sunrpc/sched.c:784
 rpc_execute+0xf5/0x250 net/sunrpc/sched.c:852
 rpc_run_task+0x4a1/0x9f0 net/sunrpc/clnt.c:1053
 rpc_call_sync+0xcf/0x1a0 net/sunrpc/clnt.c:1082
 rpc_ping+0xde/0x140 net/sunrpc/clnt.c:2514
 rpc_create_xprt+0x1e8/0x590 net/sunrpc/clnt.c:479
 rpc_create+0x3a9/0x600 net/sunrpc/clnt.c:587
 nfs_create_rpc_client+0x3a1/0x4d0 fs/nfs/client.c:523
 nfs_init_client+0x7b/0x100 fs/nfs/client.c:634
 nfs_get_client+0xa74/0x1440 fs/nfs/client.c:425
 nfs_init_server+0x236/0xdf0 fs/nfs/client.c:670
 nfs_create_server+0x9a/0x750 fs/nfs/client.c:953
 nfs_try_mount+0x270/0xaf0 fs/nfs/super.c:1884
 nfs_fs_mount+0x151f/0x30e0 fs/nfs/super.c:2695
 mount_fs+0xaf/0x330 fs/super.c:1277
 vfs_kern_mount+0xfc/0x4d0 fs/namespace.c:1037
 do_new_mount fs/namespace.c:2518 [inline]
 do_mount+0x46f/0x2fa0 fs/namespace.c:2848
 ksys_mount+0xb0/0x120 fs/namespace.c:3064
 __do_sys_mount fs/namespace.c:3078 [inline]
 __se_sys_mount fs/namespace.c:3075 [inline]
 __x64_sys_mount+0xcc/0x170 fs/namespace.c:3075
 do_syscall_64+0xb8/0x3a0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x455a09
Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
RSP: 002b:00007f26b265ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f26b265b6d4 RCX: 0000000000455a09
RDX: 00000000200001c0 RSI: 0000000020000100 RDI: 0000000020000200
RBP: 000000000072bea0 R08: 0000000020000180 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000004d1 R14: 00000000006fc438 R15: 0000000000000000
================================================================================
capability: warning: `syz-executor1' uses deprecated v2 capabilities in a way that may be insecure

This bug can be repro, if you need this, please tell me.

Thanks,
Icytxw