syzbot

 sign-in | mailing list | source | docs
🐞 Open [1166] 🐞 Fixed [4299] 🐞 Invalid [9646] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

UBSAN: shift-out-of-bounds in load_balance

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+d7581744d5fd27c9fbe1@syzkaller.appspotmail.com
Fix commit: 39a2a6eb5c9b sched/fair: Fix shift-out-of-bounds in load_balance()
First crash: 739d, last: 631d
duplicates (1):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
UBSAN: shift-out-of-bounds in detach_tasks syz error error 11 641d 705d 0/24 closed as dup on 2021/06/12 08:25

Sample crash report:
================================================================================
UBSAN: shift-out-of-bounds in kernel/sched/fair.c:7712:14
shift exponent 75 is too large for 64-bit type 'long unsigned int'
CPU: 0 PID: 9899 Comm: kworker/u4:5 Not tainted 5.11.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy5 ieee80211_iface_work
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0xfa/0x151 lib/dump_stack.c:120
 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:395
 detach_tasks kernel/sched/fair.c:7712 [inline]
 load_balance.cold+0x1d/0x2e kernel/sched/fair.c:9641
 rebalance_domains+0x5cc/0xdb0 kernel/sched/fair.c:10029
 __do_softirq+0x29b/0x9f6 kernel/softirq.c:343
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:226 [inline]
 __irq_exit_rcu kernel/softirq.c:420 [inline]
 irq_exit_rcu+0x134/0x200 kernel/softirq.c:432
 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:deref_stack_reg+0x12/0x150 arch/x86/kernel/unwind_orc.c:351
Code: 14 24 e9 48 ff ff ff 48 89 0c 24 e8 58 7a 84 00 48 8b 0c 24 eb 9d 66 90 48 b8 00 00 00 00 00 fc ff df 41 55 41 54 49 89 fc 55 <48> 89 f5 53 48 89 d3 48 89 fa 48 c1 ea 03 48 83 ec 08 0f b6 04 02
RSP: 0018:ffffc9000afceb60 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: 1ffff920015f9d78 RCX: ffffffff8e4861a3
RDX: ffffc9000afceca0 RSI: ffffc9000afcef88 RDI: ffffc9000afcec58
RBP: 0000000000000001 R08: ffffffff8e48619e R09: ffffffff8e4861a2
R10: 0000000000084087 R11: 0000000000000001 R12: ffffc9000afcec58
R13: ffffc9000afcec8d R14: ffffc9000afceca8 R15: ffffc9000afcec58
 unwind_next_frame+0xbea/0x2000 arch/x86/kernel/unwind_orc.c:534
 arch_stack_walk+0x7d/0xe0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121
 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:401 [inline]
 ____kasan_kmalloc.constprop.0+0x82/0xa0 mm/kasan/common.c:429
 kasan_slab_alloc include/linux/kasan.h:209 [inline]
 slab_post_alloc_hook mm/slab.h:512 [inline]
 slab_alloc_node mm/slub.c:2892 [inline]
 slab_alloc mm/slub.c:2900 [inline]
 __kmalloc+0x1db/0x3f0 mm/slub.c:4021
 kmalloc include/linux/slab.h:559 [inline]
 kzalloc include/linux/slab.h:684 [inline]
 cfg80211_inform_single_bss_frame_data+0x302/0xe90 net/wireless/scan.c:2372
 cfg80211_inform_bss_frame_data+0xa7/0xb10 net/wireless/scan.c:2433
 ieee80211_bss_info_update+0x3ce/0xb20 net/mac80211/scan.c:190
 ieee80211_rx_bss_info net/mac80211/ibss.c:1126 [inline]
 ieee80211_rx_mgmt_probe_beacon+0xccd/0x16b0 net/mac80211/ibss.c:1615
 ieee80211_ibss_rx_queued_mgmt+0xe43/0x1870 net/mac80211/ibss.c:1642
 ieee80211_iface_work+0x761/0x9e0 net/mac80211/iface.c:1439
 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
================================================================================

Crashes (2167):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kasan-gce 2021/02/24 14:26 upstream c03c21ba6f4e fcc6d71b .config console log report syz UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root 2021/02/22 18:16 upstream 31caf8b2a847 a659b3f1 .config console log report syz UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root 2021/02/22 17:11 upstream 31caf8b2a847 a659b3f1 .config console log report syz UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/08 15:39 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/08 14:05 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/08 11:59 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/08 08:45 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/08 06:27 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/08 05:16 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/08 03:57 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/07 22:15 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/07 17:31 upstream 18a3c5f7abfd f6da8120 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/07 10:02 upstream 18a3c5f7abfd f6da8120 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/07 03:02 upstream 18a3c5f7abfd 06585184 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/06 22:46 upstream 18a3c5f7abfd 06585184 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/06 20:10 upstream 18a3c5f7abfd 06c27ff5 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/06 18:51 upstream 18a3c5f7abfd 06c27ff5 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/06 16:15 upstream 18a3c5f7abfd 06c27ff5 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/05/06 09:44 upstream 18a3c5f7abfd 06c27ff5 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-selinux-root 2021/04/28 03:56 upstream 57fa2369ab17 805b5003 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce 2021/04/27 08:05 upstream 4a0225c3d208 805b5003 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce 2021/04/27 06:53 upstream 4a0225c3d208 805b5003 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root 2021/04/27 04:16 upstream 4a0225c3d208 805b5003 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/04/23 14:27 upstream 18a3c5f7abfd 17f0b706 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream 2021/04/23 13:17 upstream 18a3c5f7abfd 17f0b706 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/08 12:49 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/08 10:59 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/08 07:27 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/08 02:14 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/08 00:51 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/07 23:44 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/07 23:33 upstream 18a3c5f7abfd bc5434be .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/07 19:08 upstream 18a3c5f7abfd f6da8120 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/07 16:27 upstream 18a3c5f7abfd f6da8120 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/07 13:35 upstream 18a3c5f7abfd f6da8120 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/07 12:31 upstream 18a3c5f7abfd f6da8120 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/07 11:21 upstream 18a3c5f7abfd f6da8120 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/07 04:53 upstream 18a3c5f7abfd 06585184 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/07 01:46 upstream 18a3c5f7abfd 06585184 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/07 00:45 upstream 18a3c5f7abfd 06585184 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/06 21:45 upstream 18a3c5f7abfd 06585184 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/06 17:30 upstream 18a3c5f7abfd 06c27ff5 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/06 14:11 upstream 18a3c5f7abfd 06c27ff5 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/06 13:00 upstream 18a3c5f7abfd 06c27ff5 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386 2021/05/06 11:09 upstream 18a3c5f7abfd 06c27ff5 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu2-arm64 2021/04/28 23:52 upstream 68a32ba14177 77e2b668 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-386 2021/04/25 11:19 upstream 2a1d7946fa53 36c88236 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-386 2021/04/25 07:45 upstream 2a1d7946fa53 36c88236 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-qemu2-arm64-compat 2021/04/24 18:35 upstream 8db5efb83fa9 17f0b706 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-bpf-kasan-gce 2021/05/05 04:33 bpf bbd6f0a94813 06c27ff5 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-bpf-kasan-gce 2021/04/25 13:25 bpf b02265429681 36c88236 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-bpf-kasan-gce 2021/04/23 20:39 bpf b02265429681 17f0b706 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-net-this-kasan-gce 2021/04/05 11:14 net a14d273ba159 6a81331a .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-bpf-next-kasan-gce 2021/05/06 23:42 bpf-next 3733bfbbdd28 06585184 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-bpf-next-kasan-gce 2021/05/03 21:12 bpf-next 3733bfbbdd28 ad61f371 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-bpf-next-kasan-gce 2021/04/25 09:10 bpf-next 350a62ca065b 36c88236 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-bpf-next-kasan-gce 2021/04/25 02:06 bpf-next 350a62ca065b 17f0b706 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-linux-next-kasan-gce-root 2021/01/30 00:45 linux-next b01f250d83f6 fc9fd31e .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-linux-next-kasan-gce-root 2021/01/22 20:12 linux-next bc085f8fc88f 4080af96 .config console log report info UBSAN: shift-out-of-bounds in load_balance
ci-upstream-linux-next-kasan-gce-root 2021/01/20 09:21 linux-next 647060f3b592 d4f4eca5 .config console log report info UBSAN: shift-out-of-bounds in load_balance
* Struck through repros no longer work on HEAD.