================================================================================ UBSAN: shift-out-of-bounds in kernel/sched/fair.c:7712:14 shift exponent 70 is too large for 64-bit type 'long unsigned int' CPU: 1 PID: 11179 Comm: syz-executor.1 Not tainted 5.12.0-rc8-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327 detach_tasks kernel/sched/fair.c:7712 [inline] load_balance.cold+0x1d/0x2e kernel/sched/fair.c:9641 rebalance_domains+0x5cc/0xdb0 kernel/sched/fair.c:10029 __do_softirq+0x29b/0x9f6 kernel/softirq.c:345 invoke_softirq kernel/softirq.c:221 [inline] __irq_exit_rcu kernel/softirq.c:422 [inline] irq_exit_rcu+0x134/0x200 kernel/softirq.c:434 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632 RIP: 0010:mm_trace_rss_stat mm/memory.c:173 [inline] RIP: 0010:add_mm_counter include/linux/mm.h:1897 [inline] RIP: 0010:add_mm_rss_vec mm/memory.c:503 [inline] RIP: 0010:zap_pte_range mm/memory.c:1320 [inline] RIP: 0010:zap_pmd_range mm/memory.c:1374 [inline] RIP: 0010:zap_pud_range mm/memory.c:1403 [inline] RIP: 0010:zap_p4d_range mm/memory.c:1424 [inline] RIP: 0010:unmap_page_range+0x1004/0x2650 mm/memory.c:1445 Code: ff ff e8 8f ee cc ff 48 63 f5 48 83 fe 04 0f 87 2e 13 00 00 be 08 00 00 00 4c 89 e7 e8 c5 ac 10 00 4c 89 ea f0 49 0f c1 14 24 <48> 8b 7c 24 48 4c 01 ea 89 ee e8 8d a1 ff ff e9 36 ff ff ff e8 53 RSP: 0018:ffffc900011b7670 EFLAGS: 00000217 RAX: 0000000000000001 RBX: ffffc900011b7768 RCX: ffffffff81a706db RDX: 0000000000000b6b RSI: 0000000000000008 RDI: ffff88801a33e5e0 RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88801a33e5e7 R10: ffffed1003467cbc R11: 0000000000000000 R12: ffff88801a33e5e0 R13: ffffffffffffffe8 R14: dffffc0000000000 R15: 00000000f6bc0000 unmap_single_vma+0x198/0x300 mm/memory.c:1490 unmap_vmas+0x16d/0x2f0 mm/memory.c:1522 exit_mmap+0x2a8/0x590 mm/mmap.c:3218 __mmput+0x122/0x470 kernel/fork.c:1090 mmput+0x58/0x60 kernel/fork.c:1111 dup_mm+0xd12/0x1380 kernel/fork.c:1384 copy_mm kernel/fork.c:1424 [inline] copy_process+0x2bc8/0x71a0 kernel/fork.c:2113 kernel_clone+0xe7/0xab0 kernel/fork.c:2500 __do_compat_sys_ia32_clone+0xac/0xe0 arch/x86/kernel/sys_ia32.c:254 do_syscall_32_irqs_on arch/x86/entry/common.c:77 [inline] __do_fast_syscall_32+0x56/0x90 arch/x86/entry/common.c:140 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:165 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7f16549 Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 RSP: 002b:00000000f54ef5fc EFLAGS: 00000296 ORIG_RAX: 0000000000000078 RAX: ffffffffffffffda RBX: 0000000000008000 RCX: 00000000200004c0 RDX: 0000000020000300 RSI: 0000000020000540 RDI: 0000000020000580 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 ================================================================================