================================================================================
UBSAN: Undefined behaviour in arch/x86/kvm/pmu_intel.c:299:45
shift exponent 134 is too large for 64-bit type 'long long unsigned int'
CPU: 1 PID: 12030 Comm: syz-executor.0 Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 intel_pmu_refresh.cold+0x9b/0xa0 arch/x86/kvm/pmu_intel.c:299
 kvm_update_cpuid+0x6d9/0xaf0 arch/x86/kvm/cpuid.c:147
 kvm_vcpu_ioctl_set_cpuid+0x6ab/0x970 arch/x86/kvm/cpuid.c:232
 kvm_arch_vcpu_ioctl+0xea3/0x2e10 arch/x86/kvm/x86.c:3921
 kvm_vcpu_ioctl+0x8af/0xe30 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2975
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
 __do_sys_ioctl fs/ioctl.c:712 [inline]
 __se_sys_ioctl fs/ioctl.c:710 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45de59
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc10d3b4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000011f00 RCX: 000000000045de59
RDX: 0000000020000380 RSI: 000000004008ae8a RDI: 0000000000000006
RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007fffd61b8eef R14: 00007fc10d3b59c0 R15: 000000000118bf2c
================================================================================
================================================================================
UBSAN: Undefined behaviour in arch/x86/kvm/pmu_intel.c:301:13
shift exponent 113 is too large for 64-bit type 'long long unsigned int'
CPU: 0 PID: 12030 Comm: syz-executor.0 Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 intel_pmu_refresh.cold+0x75/0xa0 arch/x86/kvm/pmu_intel.c:301
 kvm_update_cpuid+0x6d9/0xaf0 arch/x86/kvm/cpuid.c:147
 kvm_vcpu_ioctl_set_cpuid+0x6ab/0x970 arch/x86/kvm/cpuid.c:232
 kvm_arch_vcpu_ioctl+0xea3/0x2e10 arch/x86/kvm/x86.c:3921
netlink: 44371 bytes leftover after parsing attributes in process `syz-executor.1'.
 kvm_vcpu_ioctl+0x8af/0xe30 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2975
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
 __do_sys_ioctl fs/ioctl.c:712 [inline]
 __se_sys_ioctl fs/ioctl.c:710 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45de59
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc10d3b4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000011f00 RCX: 000000000045de59
RDX: 0000000020000380 RSI: 000000004008ae8a RDI: 0000000000000006
RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007fffd61b8eef R14: 00007fc10d3b59c0 R15: 000000000118bf2c
================================================================================
EXT4-fs (loop1): couldn't mount RDWR because of unsupported optional features (8000)
FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
EXT4-fs (loop2): Ignoring removed mblk_io_submit option
EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (60935!=0)
EXT4-fs (loop2): orphan cleanup on readonly fs
EXT4-fs error (device loop2): ext4_orphan_get:1257: comm syz-executor.2: bad orphan inode 33554432
EXT4-fs (loop2): mounted filesystem without journal. Opts: mblk_io_submit,,errors=continue
audit: type=1800 audit(1602857932.464:17): pid=12098 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=15793 res=0
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
raw_sendmsg: syz-executor.3 forgot to set AF_INET. Fix it!
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
kvm [12167]: vcpu0, guest rIP: 0xcc disabled perfctr wrmsr: 0xc2 data 0x0
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
audit: type=1804 audit(1602857933.714:18): pid=12213 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/346/bus" dev="sda1" ino=16155 res=1
audit: type=1804 audit(1602857933.784:19): pid=12213 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/346/bus" dev="sda1" ino=16155 res=1
audit: type=1804 audit(1602857933.984:20): pid=12206 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/346/bus" dev="sda1" ino=16155 res=1
audit: type=1804 audit(1602857933.984:21): pid=12206 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/346/bus" dev="sda1" ino=16155 res=1
audit: type=1804 audit(1602857934.184:22): pid=12247 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/347/bus" dev="sda1" ino=16170 res=1
audit: type=1804 audit(1602857934.224:23): pid=12233 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/347/bus" dev="sda1" ino=16170 res=1
audit: type=1804 audit(1602857934.314:24): pid=12247 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/347/bus" dev="sda1" ino=16170 res=1
audit: type=1804 audit(1602857934.344:25): pid=12233 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/347/bus" dev="sda1" ino=16170 res=1
audit: type=1804 audit(1602857934.394:26): pid=12265 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir617115131/syzkaller.mFTODT/344/bus" dev="sda1" ino=16173 res=1
audit: type=1804 audit(1602857935.174:27): pid=12265 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir617115131/syzkaller.mFTODT/344/bus" dev="sda1" ino=16173 res=1
================================================================================
UBSAN: Undefined behaviour in drivers/vhost/vhost.c:116:62
load of value 255 is not a valid value for type '_Bool'
CPU: 0 PID: 12319 Comm: syz-executor.3 Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_load_invalid_value.cold+0x63/0x6f lib/ubsan.c:454
 vhost_init_is_le drivers/vhost/vhost.c:116 [inline]
 vhost_reset_is_le drivers/vhost/vhost.c:143 [inline]
 vhost_vq_reset.constprop.0.cold+0x15/0x1a drivers/vhost/vhost.c:325
 vhost_dev_init+0x442/0x780 drivers/vhost/vhost.c:463
 vhost_net_open+0x54c/0x730 drivers/vhost/net.c:1103
 misc_open+0x372/0x4a0 drivers/char/misc.c:141
 chrdev_open+0x266/0x770 fs/char_dev.c:423
 do_dentry_open+0x4aa/0x1160 fs/open.c:796
 do_last fs/namei.c:3421 [inline]
 path_openat+0x7d5/0x2e90 fs/namei.c:3537
 do_filp_open+0x18c/0x3f0 fs/namei.c:3567
 do_sys_open+0x3b3/0x520 fs/open.c:1085
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45de59
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f2ce61e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000024a80 RCX: 000000000045de59
RDX: 0000000000000002 RSI: 0000000020000200 RDI: ffffffffffffff9c
RBP: 000000000118bf68 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007ffd06c075ff R14: 00007f2ce61e59c0 R15: 000000000118bf2c
================================================================================
audit: type=1804 audit(1602857935.754:28): pid=12322 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir617115131/syzkaller.mFTODT/345/bus" dev="sda1" ino=16139 res=1
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
audit: type=1804 audit(1602857936.284:29): pid=12344 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir617115131/syzkaller.mFTODT/346/bus" dev="sda1" ino=16166 res=1
ptrace attach of "/root/syz-executor.5"[12348] was attempted by "/root/syz-executor.5"[12350]
overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
ptrace attach of "/root/syz-executor.5"[12370] was attempted by "/root/syz-executor.5"[12372]
ptrace attach of "/root/syz-executor.4"[12371] was attempted by "/root/syz-executor.4"[12375]
EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
EXT4-fs (loop5): group descriptors corrupted!
ptrace attach of "/root/syz-executor.4"[12389] was attempted by "/root/syz-executor.4"[12390]
ptrace attach of "/root/syz-executor.0"[12406] was attempted by "/root/syz-executor.0"[12408]
EXT4-fs (loop1): Couldn't mount because of unsupported optional features (7de80821)
EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
EXT4-fs (loop5): group descriptors corrupted!
EXT4-fs (loop1): Couldn't mount because of unsupported optional features (7de80821)
EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
EXT4-fs (loop5): group descriptors corrupted!
ptrace attach of "/root/syz-executor.0"[12438] was attempted by "/root/syz-executor.0"[12439]
ptrace attach of "/root/syz-executor.0"[12451] was attempted by "/root/syz-executor.0"[12452]
EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (46507!=0)
EXT4-fs warning (device loop5): ext4_enable_quotas:5872: Failed to enable quota tracking (type=0, err=-22). Please run e2fsck to fix.
EXT4-fs (loop4): group descriptors corrupted!
EXT4-fs (loop5): mount failed
EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (46507!=0)
EXT4-fs (loop4): group descriptors corrupted!
EXT4-fs warning (device loop5): ext4_enable_quotas:5872: Failed to enable quota tracking (type=0, err=-22). Please run e2fsck to fix.
EXT4-fs (loop5): mount failed
ptrace attach of "/root/syz-executor.2"[12505] was attempted by "/root/syz-executor.2"[12506]
EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop2): bad s_min_extra_isize: 44973
EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop2): bad s_min_extra_isize: 44973
ptrace attach of "/root/syz-executor.0"[12542] was attempted by "/root/syz-executor.0"[12543]
ptrace attach of "/root/syz-executor.5"[12548] was attempted by "/root/syz-executor.5"[12549]
EXT4-fs error (device loop5): ext4_fill_super:4448: inode #2: comm syz-executor.5: iget: root inode unallocated
EXT4-fs (loop5): get root inode failed
EXT4-fs (loop5): mount failed
IPVS: ftp: loaded support on port[0] = 21
EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 not in group (block 0)!
EXT4-fs error (device loop5): ext4_fill_super:4448: inode #2: comm syz-executor.5: iget: root inode unallocated
EXT4-fs (loop2): group descriptors corrupted!
EXT4-fs (loop5): get root inode failed
EXT4-fs (loop5): mount failed
IPVS: ftp: loaded support on port[0] = 21
FAT-fs (loop1): bogus number of reserved sectors
FAT-fs (loop1): Can't find a valid FAT filesystem
FAT-fs (loop1): bogus number of reserved sectors
FAT-fs (loop1): Can't find a valid FAT filesystem
EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 0)!
EXT4-fs (loop5): group descriptors corrupted!
EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 0)!
EXT4-fs (loop5): group descriptors corrupted!