================================================================================ UBSAN: Undefined behaviour in arch/x86/kvm/pmu_intel.c:299:45 shift exponent 134 is too large for 64-bit type 'long long unsigned int' CPU: 1 PID: 12030 Comm: syz-executor.0 Not tainted 4.19.150-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 intel_pmu_refresh.cold+0x9b/0xa0 arch/x86/kvm/pmu_intel.c:299 kvm_update_cpuid+0x6d9/0xaf0 arch/x86/kvm/cpuid.c:147 kvm_vcpu_ioctl_set_cpuid+0x6ab/0x970 arch/x86/kvm/cpuid.c:232 kvm_arch_vcpu_ioctl+0xea3/0x2e10 arch/x86/kvm/x86.c:3921 kvm_vcpu_ioctl+0x8af/0xe30 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2975 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fc10d3b4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000011f00 RCX: 000000000045de59 RDX: 0000000020000380 RSI: 000000004008ae8a RDI: 0000000000000006 RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007fffd61b8eef R14: 00007fc10d3b59c0 R15: 000000000118bf2c ================================================================================ ================================================================================ UBSAN: Undefined behaviour in arch/x86/kvm/pmu_intel.c:301:13 shift exponent 113 is too large for 64-bit type 'long long unsigned int' CPU: 0 PID: 12030 Comm: syz-executor.0 Not tainted 4.19.150-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 intel_pmu_refresh.cold+0x75/0xa0 arch/x86/kvm/pmu_intel.c:301 kvm_update_cpuid+0x6d9/0xaf0 arch/x86/kvm/cpuid.c:147 kvm_vcpu_ioctl_set_cpuid+0x6ab/0x970 arch/x86/kvm/cpuid.c:232 kvm_arch_vcpu_ioctl+0xea3/0x2e10 arch/x86/kvm/x86.c:3921 netlink: 44371 bytes leftover after parsing attributes in process `syz-executor.1'. kvm_vcpu_ioctl+0x8af/0xe30 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2975 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fc10d3b4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000011f00 RCX: 000000000045de59 RDX: 0000000020000380 RSI: 000000004008ae8a RDI: 0000000000000006 RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007fffd61b8eef R14: 00007fc10d3b59c0 R15: 000000000118bf2c ================================================================================ EXT4-fs (loop1): couldn't mount RDWR because of unsupported optional features (8000) FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) EXT4-fs (loop2): Ignoring removed mblk_io_submit option EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (60935!=0) EXT4-fs (loop2): orphan cleanup on readonly fs EXT4-fs error (device loop2): ext4_orphan_get:1257: comm syz-executor.2: bad orphan inode 33554432 EXT4-fs (loop2): mounted filesystem without journal. Opts: mblk_io_submit,,errors=continue audit: type=1800 audit(1602857932.464:17): pid=12098 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=15793 res=0 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. raw_sendmsg: syz-executor.3 forgot to set AF_INET. Fix it! netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. kvm [12167]: vcpu0, guest rIP: 0xcc disabled perfctr wrmsr: 0xc2 data 0x0 nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. audit: type=1804 audit(1602857933.714:18): pid=12213 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/346/bus" dev="sda1" ino=16155 res=1 audit: type=1804 audit(1602857933.784:19): pid=12213 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/346/bus" dev="sda1" ino=16155 res=1 audit: type=1804 audit(1602857933.984:20): pid=12206 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/346/bus" dev="sda1" ino=16155 res=1 audit: type=1804 audit(1602857933.984:21): pid=12206 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/346/bus" dev="sda1" ino=16155 res=1 audit: type=1804 audit(1602857934.184:22): pid=12247 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/347/bus" dev="sda1" ino=16170 res=1 audit: type=1804 audit(1602857934.224:23): pid=12233 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/347/bus" dev="sda1" ino=16170 res=1 audit: type=1804 audit(1602857934.314:24): pid=12247 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/347/bus" dev="sda1" ino=16170 res=1 audit: type=1804 audit(1602857934.344:25): pid=12233 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir098478851/syzkaller.yiVGVk/347/bus" dev="sda1" ino=16170 res=1 audit: type=1804 audit(1602857934.394:26): pid=12265 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir617115131/syzkaller.mFTODT/344/bus" dev="sda1" ino=16173 res=1 audit: type=1804 audit(1602857935.174:27): pid=12265 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir617115131/syzkaller.mFTODT/344/bus" dev="sda1" ino=16173 res=1 ================================================================================ UBSAN: Undefined behaviour in drivers/vhost/vhost.c:116:62 load of value 255 is not a valid value for type '_Bool' CPU: 0 PID: 12319 Comm: syz-executor.3 Not tainted 4.19.150-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_load_invalid_value.cold+0x63/0x6f lib/ubsan.c:454 vhost_init_is_le drivers/vhost/vhost.c:116 [inline] vhost_reset_is_le drivers/vhost/vhost.c:143 [inline] vhost_vq_reset.constprop.0.cold+0x15/0x1a drivers/vhost/vhost.c:325 vhost_dev_init+0x442/0x780 drivers/vhost/vhost.c:463 vhost_net_open+0x54c/0x730 drivers/vhost/net.c:1103 misc_open+0x372/0x4a0 drivers/char/misc.c:141 chrdev_open+0x266/0x770 fs/char_dev.c:423 do_dentry_open+0x4aa/0x1160 fs/open.c:796 do_last fs/namei.c:3421 [inline] path_openat+0x7d5/0x2e90 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f2ce61e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000000000024a80 RCX: 000000000045de59 RDX: 0000000000000002 RSI: 0000000020000200 RDI: ffffffffffffff9c RBP: 000000000118bf68 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007ffd06c075ff R14: 00007f2ce61e59c0 R15: 000000000118bf2c ================================================================================ audit: type=1804 audit(1602857935.754:28): pid=12322 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir617115131/syzkaller.mFTODT/345/bus" dev="sda1" ino=16139 res=1 FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) audit: type=1804 audit(1602857936.284:29): pid=12344 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir617115131/syzkaller.mFTODT/346/bus" dev="sda1" ino=16166 res=1 ptrace attach of "/root/syz-executor.5"[12348] was attempted by "/root/syz-executor.5"[12350] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. ptrace attach of "/root/syz-executor.5"[12370] was attempted by "/root/syz-executor.5"[12372] ptrace attach of "/root/syz-executor.4"[12371] was attempted by "/root/syz-executor.4"[12375] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors EXT4-fs (loop5): group descriptors corrupted! ptrace attach of "/root/syz-executor.4"[12389] was attempted by "/root/syz-executor.4"[12390] ptrace attach of "/root/syz-executor.0"[12406] was attempted by "/root/syz-executor.0"[12408] EXT4-fs (loop1): Couldn't mount because of unsupported optional features (7de80821) EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock EXT4-fs (loop5): group descriptors corrupted! EXT4-fs (loop1): Couldn't mount because of unsupported optional features (7de80821) EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock EXT4-fs (loop5): group descriptors corrupted! ptrace attach of "/root/syz-executor.0"[12438] was attempted by "/root/syz-executor.0"[12439] ptrace attach of "/root/syz-executor.0"[12451] was attempted by "/root/syz-executor.0"[12452] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (46507!=0) EXT4-fs warning (device loop5): ext4_enable_quotas:5872: Failed to enable quota tracking (type=0, err=-22). Please run e2fsck to fix. EXT4-fs (loop4): group descriptors corrupted! EXT4-fs (loop5): mount failed EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (46507!=0) EXT4-fs (loop4): group descriptors corrupted! EXT4-fs warning (device loop5): ext4_enable_quotas:5872: Failed to enable quota tracking (type=0, err=-22). Please run e2fsck to fix. EXT4-fs (loop5): mount failed ptrace attach of "/root/syz-executor.2"[12505] was attempted by "/root/syz-executor.2"[12506] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop2): bad s_min_extra_isize: 44973 EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop2): bad s_min_extra_isize: 44973 ptrace attach of "/root/syz-executor.0"[12542] was attempted by "/root/syz-executor.0"[12543] ptrace attach of "/root/syz-executor.5"[12548] was attempted by "/root/syz-executor.5"[12549] EXT4-fs error (device loop5): ext4_fill_super:4448: inode #2: comm syz-executor.5: iget: root inode unallocated EXT4-fs (loop5): get root inode failed EXT4-fs (loop5): mount failed IPVS: ftp: loaded support on port[0] = 21 EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 not in group (block 0)! EXT4-fs error (device loop5): ext4_fill_super:4448: inode #2: comm syz-executor.5: iget: root inode unallocated EXT4-fs (loop2): group descriptors corrupted! EXT4-fs (loop5): get root inode failed EXT4-fs (loop5): mount failed IPVS: ftp: loaded support on port[0] = 21 FAT-fs (loop1): bogus number of reserved sectors FAT-fs (loop1): Can't find a valid FAT filesystem FAT-fs (loop1): bogus number of reserved sectors FAT-fs (loop1): Can't find a valid FAT filesystem EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 0)! EXT4-fs (loop5): group descriptors corrupted! EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 0)! EXT4-fs (loop5): group descriptors corrupted!