================================================================================
UBSAN: Undefined behaviour in ./include/net/red.h:272:18
shift exponent 71 is too large for 64-bit type 'long unsigned int'
CPU: 1 PID: 9492 Comm: syz-executor.5 Not tainted 4.19.147-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 red_calc_qavg_from_idle_time include/net/red.h:272 [inline]
 red_adaptative_algo include/net/red.h:404 [inline]
 red_adaptative_timer+0x7ed/0x870 net/sched/sch_red.c:266
 call_timer_fn+0x177/0x760 kernel/time/timer.c:1338
 expire_timers+0x243/0x500 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1703 [inline]
 run_timer_softirq+0x259/0x730 kernel/time/timer.c:1716
 __do_softirq+0x27d/0xad2 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x22d/0x270 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x15f/0x5d0 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:__sanitizer_cov_trace_const_cmp8+0xa/0x20 kernel/kcov.c:195
Code: 48 8b 0c 24 89 f2 89 fe bf 05 00 00 00 e9 ce fe ff ff 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 48 8b 0c 24 48 89 f2 48 89 fe <bf> 07 00 00 00 e9 ac fe ff ff 66 90 66 2e 0f 1f 84 00 00 00 00 00
RSP: 0018:ffff8880448a7758 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: dead000000000100 RBX: 0000000000000000 RCX: ffffffff819d89f2
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffea000148cbc0 R08: 0000000000000000 R09: ffffffffffffffff
R10: 0000000000000007 R11: 0000000000000001 R12: ffffea000148cbc0
R13: 00007efc516db000 R14: dffffc0000000000 R15: ffffea000148cbc8
 compound_head include/linux/page-flags.h:144 [inline]
 PageSwapBacked include/linux/page-flags.h:295 [inline]
 mm_counter_file include/linux/mm.h:1639 [inline]
 mm_counter include/linux/mm.h:1648 [inline]
 zap_pte_range mm/memory.c:1337 [inline]
 zap_pmd_range mm/memory.c:1440 [inline]
 zap_pud_range mm/memory.c:1469 [inline]
 zap_p4d_range mm/memory.c:1490 [inline]
 unmap_page_range+0x1262/0x2ec0 mm/memory.c:1511
 unmap_single_vma+0x198/0x300 mm/memory.c:1556
 unmap_vmas+0xa9/0x180 mm/memory.c:1586
 exit_mmap+0x2b9/0x530 mm/mmap.c:3091
 __mmput kernel/fork.c:1015 [inline]
 mmput+0x14e/0x4a0 kernel/fork.c:1036
 exit_mm kernel/exit.c:546 [inline]
 do_exit+0xb12/0x2d80 kernel/exit.c:874
 do_group_exit+0x125/0x320 kernel/exit.c:990
 get_signal+0x3f3/0x2270 kernel/signal.c:2588
 do_signal+0x8f/0x1690 arch/x86/kernel/signal.c:821
 exit_to_usermode_loop+0x204/0x2c0 arch/x86/entry/common.c:163
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x57c/0x670 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45e179
Code: 3d b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007efc50566cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 000000000118cff0 RCX: 000000000045e179
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000118cff0
RBP: 000000000118cfe8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cff4
R13: 00007ffdfea2eb7f R14: 00007efc505679c0 R15: 000000000118cff4
================================================================================
================================================================================
UBSAN: Undefined behaviour in drivers/vhost/vhost.c:116:62
load of value 8 is not a valid value for type '_Bool'
CPU: 1 PID: 9516 Comm: syz-executor.1 Not tainted 4.19.147-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_load_invalid_value.cold+0x63/0x6f lib/ubsan.c:454
 vhost_init_is_le drivers/vhost/vhost.c:116 [inline]
 vhost_reset_is_le drivers/vhost/vhost.c:143 [inline]
 vhost_vq_reset.constprop.0.cold+0x15/0x1a drivers/vhost/vhost.c:325
 vhost_dev_init+0x442/0x780 drivers/vhost/vhost.c:463
 vhost_net_open+0x54c/0x730 drivers/vhost/net.c:1103
 misc_open+0x372/0x4a0 drivers/char/misc.c:141
 chrdev_open+0x266/0x770 fs/char_dev.c:423
 do_dentry_open+0x4aa/0x1160 fs/open.c:796
 do_last fs/namei.c:3421 [inline]
 path_openat+0x7d5/0x2e90 fs/namei.c:3537
 do_filp_open+0x18c/0x3f0 fs/namei.c:3567
 do_sys_open+0x3b3/0x520 fs/open.c:1085
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45e179
Code: 3d b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f09f0ec0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000024a80 RCX: 000000000045e179
RDX: 0000000000000002 RSI: 0000000020000100 RDI: ffffffffffffff9c
RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c
R13: 00007ffc3447349f R14: 00007f09f0ec19c0 R15: 000000000118cf4c
================================================================================
================================================================================
UBSAN: Undefined behaviour in ./include/linux/log2.h:71:13
shift exponent 4294967295 is too large for 64-bit type 'long unsigned int'
CPU: 0 PID: 9682 Comm: syz-executor.5 Not tainted 4.19.147-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 __rounddown_pow_of_two include/linux/log2.h:71 [inline]
 snd_pcm_oss_period_size sound/core/oss/pcm_oss.c:711 [inline]
 snd_pcm_oss_change_params_locked.cold+0x115/0x11a sound/core/oss/pcm_oss.c:943
 snd_pcm_oss_change_params sound/core/oss/pcm_oss.c:1102 [inline]
 snd_pcm_oss_get_active_substream+0x164/0x1c0 sound/core/oss/pcm_oss.c:1119
 snd_pcm_oss_get_channels sound/core/oss/pcm_oss.c:1806 [inline]
 snd_pcm_oss_ioctl+0x1ecd/0x33c0 sound/core/oss/pcm_oss.c:2649
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
 __do_sys_ioctl fs/ioctl.c:712 [inline]
 __se_sys_ioctl fs/ioctl.c:710 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45e179
Code: 3d b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007efc50587c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000018bc0 RCX: 000000000045e179
RDX: 0000000000000000 RSI: 0000000080045006 RDI: 0000000000000003
RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c
R13: 00007ffdfea2eb7f R14: 00007efc505889c0 R15: 000000000118cf4c
================================================================================
================================================================================
UBSAN: Undefined behaviour in ./include/linux/log2.h:61:13
shift exponent 64 is too large for 64-bit type 'long unsigned int'
CPU: 0 PID: 9682 Comm: syz-executor.5 Not tainted 4.19.147-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x22c/0x33e lib/dump_stack.c:118
 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161
 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422
 __roundup_pow_of_two include/linux/log2.h:61 [inline]
 snd_pcm_oss_period_size sound/core/oss/pcm_oss.c:747 [inline]
 snd_pcm_oss_change_params_locked.cold+0x6d/0x11a sound/core/oss/pcm_oss.c:943
 snd_pcm_oss_change_params sound/core/oss/pcm_oss.c:1102 [inline]
 snd_pcm_oss_get_active_substream+0x164/0x1c0 sound/core/oss/pcm_oss.c:1119
 snd_pcm_oss_get_channels sound/core/oss/pcm_oss.c:1806 [inline]
 snd_pcm_oss_ioctl+0x1ecd/0x33c0 sound/core/oss/pcm_oss.c:2649
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
 __do_sys_ioctl fs/ioctl.c:712 [inline]
 __se_sys_ioctl fs/ioctl.c:710 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45e179
Code: 3d b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b b2 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007efc50587c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000018bc0 RCX: 000000000045e179
RDX: 0000000000000000 RSI: 0000000080045006 RDI: 0000000000000003
RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c
R13: 00007ffdfea2eb7f R14: 00007efc505889c0 R15: 000000000118cf4c
================================================================================
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
*** Guest State ***
CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
CR3 = 0x0000000000000000
RSP = 0x0000000000000000  RIP = 0x0000000000000000
raw_sendmsg: syz-executor.4 forgot to set AF_INET. Fix it!
RFLAGS=0x00000002         DR7 = 0x0000000000000400
Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
GDTR:                           limit=0x00000000, base=0x0000000000000000
LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
IDTR:                           limit=0x00000000, base=0x0000000000000000
TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
EFER =     0x0000000000000000  PAT = 0x0007040600070406
DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
Interruptibility = 00000000  ActivityState = 00000000
*** Host State ***
RIP = 0xffffffff811ca0ca  RSP = 0xffff888043bbf878
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
FSBase=00007efc50588700 GSBase=ffff8880ae200000 TRBase=fffffe0000003000
GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
CR0=0000000080050033 CR3=00000000a4a47000 CR4=00000000001426f0
Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff87c013e0
EFER = 0x0000000000000d01  PAT = 0x0407050600070106
*** Control State ***
PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e2
EntryControls=0000d1ff ExitControls=002fefff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
        reason=80000021 qualification=0000000000000000
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffff9a6a46760a
TPR Threshold = 0x00
EPT pointer = 0x000000008814a01e
Virtual processor ID = 0x0002
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.