================================================================================ UBSAN: Undefined behaviour in ./include/linux/log2.h:71:13 shift exponent 4294967295 is too large for 64-bit type 'long unsigned int' CPU: 0 PID: 18949 Comm: syz-executor.2 Not tainted 4.19.152-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 __rounddown_pow_of_two include/linux/log2.h:71 [inline] snd_pcm_oss_period_size sound/core/oss/pcm_oss.c:711 [inline] snd_pcm_oss_change_params_locked.cold+0x115/0x11a sound/core/oss/pcm_oss.c:943 snd_pcm_oss_change_params sound/core/oss/pcm_oss.c:1102 [inline] snd_pcm_oss_get_active_substream+0x164/0x1c0 sound/core/oss/pcm_oss.c:1119 snd_pcm_oss_get_channels sound/core/oss/pcm_oss.c:1806 [inline] snd_pcm_oss_ioctl+0x1ecd/0x33c0 sound/core/oss/pcm_oss.c:2649 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f439d0d5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000018bc0 RCX: 000000000045de59 RDX: 0000000000000000 RSI: 0000000080045006 RDI: 0000000000000003 RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000 audit: type=1400 audit(1603235756.783:56): avc: denied { write } for pid=18954 comm="syz-executor.4" name="net" dev="proc" ino=75428 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007ffd543d151f R14: 00007f439d0d69c0 R15: 000000000118bf2c ================================================================================ device wlan1 left promiscuous mode kvm [18948]: vcpu0, guest rIP: 0x13c Hyper-V uhandled wrmsr: 0x40000024 data 0xf audit: type=1400 audit(1603235756.853:57): avc: denied { add_name } for pid=18954 comm="syz-executor.4" name="pfkey" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1 audit: type=1400 audit(1603235756.863:58): avc: denied { create } for pid=18954 comm="syz-executor.4" name="pfkey" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:kernel_t:s0 tclass=file permissive=1 ================================================================================ UBSAN: Undefined behaviour in ./include/linux/log2.h:61:13 shift exponent 64 is too large for 64-bit type 'long unsigned int' CPU: 0 PID: 18949 Comm: syz-executor.2 Not tainted 4.19.152-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x22c/0x33e lib/dump_stack.c:118 ubsan_epilogue+0xe/0x3a lib/ubsan.c:161 __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 lib/ubsan.c:422 __roundup_pow_of_two include/linux/log2.h:61 [inline] snd_pcm_oss_period_size sound/core/oss/pcm_oss.c:747 [inline] snd_pcm_oss_change_params_locked.cold+0x6d/0x11a sound/core/oss/pcm_oss.c:943 snd_pcm_oss_change_params sound/core/oss/pcm_oss.c:1102 [inline] snd_pcm_oss_get_active_substream+0x164/0x1c0 sound/core/oss/pcm_oss.c:1119 snd_pcm_oss_get_channels sound/core/oss/pcm_oss.c:1806 [inline] snd_pcm_oss_ioctl+0x1ecd/0x33c0 sound/core/oss/pcm_oss.c:2649 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45de59 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f439d0d5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000018bc0 RCX: 000000000045de59 RDX: 0000000000000000 RSI: 0000000080045006 RDI: 0000000000000003 RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007ffd543d151f R14: 00007f439d0d69c0 R15: 000000000118bf2c ================================================================================ device wlan1 left promiscuous mode kvm [18948]: vcpu0, guest rIP: 0x13c Hyper-V uhandled wrmsr: 0x40000024 data 0xf device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device wlan1 left promiscuous mode kvm [18997]: vcpu0, guest rIP: 0x13c Hyper-V uhandled wrmsr: 0x40000024 data 0xf kvm [19027]: vcpu0, guest rIP: 0x13c Hyper-V uhandled wrmsr: 0x40000029 data 0xf kvm [19027]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x4000007e data 0x59 device wlan1 left promiscuous mode kvm [19042]: vcpu0, guest rIP: 0x13c Hyper-V uhandled wrmsr: 0x40000024 data 0xf kvm [19056]: vcpu0, guest rIP: 0x13c Hyper-V uhandled wrmsr: 0x40000024 data 0x1 device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready kvm [19056]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x4000000f data 0x1 device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready kvm [19056]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x40000029 data 0x1 kvm [19056]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x4000001d data 0x1 device wlan1 left promiscuous mode device wlan1 left promiscuous mode device wlan1 left promiscuous mode device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. device wlan1 left promiscuous mode device wlan1 left promiscuous mode device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device wlan1 left promiscuous mode audit: type=1400 audit(1603235762.263:59): avc: denied { sys_admin } for pid=19218 comm="syz-executor.2" capability=21 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=cap_userns permissive=1 *** Guest State *** CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device wlan1 left promiscuous mode CR3 = 0x0000000000000000 RSP = 0x00000000000004cb RIP = 0x0000000000000000 RFLAGS=0x000cbc86 DR7 = 0x0000000000000400 Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 GDTR: limit=0x0000ffff, base=0x0000000000000000 LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 IDTR: limit=0x0000ffff, base=0x0000000000000000 TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 device wlan1 left promiscuous mode EFER = 0x0000000000000000 PAT = 0x0007040600070406 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffffffff811ca2ea RSP = 0xffff888045dc7878 CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 FSBase=00007f0b87aab700 GSBase=ffff8880ae200000 TRBase=fffffe0000003000 GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 CR0=0000000080050033 CR3=00000000a0fc3000 CR4=00000000001426f0 Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff87c013e0 EFER = 0x0000000000000d01 PAT = 0x0407050600070106 *** Control State *** PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e3 EntryControls=0000d1ff ExitControls=002fefff ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000001 reason=80000021 qualification=0000000000000000 IDTVectoring: info=00000000 errcode=00000000 TSC Offset = 0xffffff2d71999e86 TPR Threshold = 0x00 EPT pointer = 0x000000009f9c701e Virtual processor ID = 0x0001 device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device wlan1 left promiscuous mode kvm_hv_set_msr: 6 callbacks suppressed kvm [19271]: vcpu0, guest rIP: 0x13c Hyper-V uhandled wrmsr: 0x40000024 data 0xf device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device wlan1 left promiscuous mode device wlan1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready device wlan1 left promiscuous mode VFS: could not find a valid V7 on loop5. kvm [19327]: vcpu0, guest rIP: 0x13c Hyper-V uhandled wrmsr: 0x40000024 data 0xb4e capability: warning: `syz-executor.4' uses 32-bit capabilities (legacy support in use) kvm [19365]: vcpu0, guest rIP: 0x13c Hyper-V uhandled wrmsr: 0x40000024 data 0x1d kvm [19365]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x40000061 data 0x71 Unknown ioctl -1068739767 Unknown ioctl -1068739767 kvm [19365]: vcpu0, guest rIP: 0x13c Hyper-V uhandled wrmsr: 0x40000024 data 0x1d kvm [19365]: vcpu0, guest rIP: 0x14c Hyper-V uhandled wrmsr: 0x40000061 data 0x71 device wlan1 entered promiscuous mode IPVS: set_ctl: invalid protocol: 136 255.255.255.255:20004 IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready VFS: could not find a valid V7 on loop5. IPVS: set_ctl: invalid protocol: 136 255.255.255.255:20004 device wlan1 left promiscuous mode