================================================================================ UBSAN: shift-out-of-bounds in drivers/media/rc/mceusb.c:1173:29 shift exponent 49 is too large for 32-bit type 'int' CPU: 1 PID: 19596 Comm: systemd-udevd Not tainted 5.11.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0xfa/0x151 lib/dump_stack.c:120 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:395 mceusb_handle_command drivers/media/rc/mceusb.c:1173 [inline] mceusb_process_ir_data drivers/media/rc/mceusb.c:1278 [inline] mceusb_dev_recv.cold+0x178/0x1d8 drivers/media/rc/mceusb.c:1376 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1656 usb_hcd_giveback_urb+0x367/0x410 drivers/usb/core/hcd.c:1726 dummy_timer+0x11f4/0x32a0 drivers/usb/gadget/udc/dummy_hcd.c:1971 call_timer_fn+0x1a5/0x630 kernel/time/timer.c:1417 expire_timers kernel/time/timer.c:1462 [inline] __run_timers.part.0+0x67c/0xa10 kernel/time/timer.c:1731 __run_timers kernel/time/timer.c:1712 [inline] run_timer_softirq+0x80/0x120 kernel/time/timer.c:1744 __do_softirq+0x1b0/0x944 kernel/softirq.c:343 asm_call_irq_on_stack+0xf/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:226 [inline] __irq_exit_rcu kernel/softirq.c:420 [inline] irq_exit_rcu+0x110/0x1a0 kernel/softirq.c:432 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:stack_trace_consume_entry+0x6f/0x160 kernel/stacktrace.c:88 Code: 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e a5 00 00 00 31 c0 3b 6b 08 0f 83 81 00 00 00 48 8d 7b 0c 48 b8 00 00 00 00 00 fc ff df <48> 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 RSP: 0018:ffffc90005a0f770 EFLAGS: 00000283 RAX: dffffc0000000000 RBX: ffffc90005a0f848 RCX: 1ffff92000b41e01 RDX: 1ffff92000b41f0a RSI: ffffffff81da7493 RDI: ffffc90005a0f854 RBP: 0000000000000002 R08: ffffffff891bf344 R09: 0000000000000001 R10: 000000000001d872 R11: ffffc90005a0fb00 R12: ffffc90005a0f848 R13: 0000000000000000 R14: ffff88810aa23580 R15: 0000000000001000 arch_stack_walk+0x6d/0xe0 arch/x86/kernel/stacktrace.c:27 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:401 [inline] ____kasan_kmalloc.constprop.0+0x82/0xa0 mm/kasan/common.c:429 kmalloc include/linux/slab.h:557 [inline] tomoyo_realpath_from_path+0xc3/0x620 security/tomoyo/realpath.c:254 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_path_perm+0x21b/0x400 security/tomoyo/file.c:822 security_inode_getattr+0xcf/0x140 security/security.c:1280 vfs_getattr fs/stat.c:121 [inline] vfs_fstat+0x43/0xb0 fs/stat.c:146 __do_sys_newfstat+0x81/0x100 fs/stat.c:386 do_syscall_64+0x2d/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f3a9dd182e2 Code: 48 8b 05 b9 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 77 33 48 63 fe b8 05 00 00 00 48 89 d6 0f 05 <48> 3d 00 f0 ff ff 77 06 f3 c3 0f 1f 40 00 48 8b 15 81 db 2b 00 f7 RSP: 002b:00007fff2a119748 EFLAGS: 00000246 ORIG_RAX: 0000000000000005 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3a9dd182e2 RDX: 00007fff2a119760 RSI: 00007fff2a119760 RDI: 0000000000000007 RBP: 00007fff2a119900 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000080000 R11: 0000000000000246 R12: 000055905a6f3ac0 R13: 00005590589e9885 R14: 000055905a6f6cc0 R15: 00007fff2a1198c0 ================================================================================