UBSAN: shift-out-of-bounds in load

UBSAN: shift-out-of-bounds in load_balance
Status: upstream: reported syz repro on 2021/01/24 09:30
Reported-by: syzbot+d7581744d5fd27c9fbe1@syzkaller.appspotmail.com
First crash: 39d, last: 1h17m

Sample crash report:

================================================================================
UBSAN: shift-out-of-bounds in kernel/sched/fair.c:7712:14
shift exponent 75 is too large for 64-bit type 'long unsigned int'
CPU: 0 PID: 9899 Comm: kworker/u4:5 Not tainted 5.11.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy5 ieee80211_iface_work
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0xfa/0x151 lib/dump_stack.c:120
 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:395
 detach_tasks kernel/sched/fair.c:7712 [inline]
 load_balance.cold+0x1d/0x2e kernel/sched/fair.c:9641
 rebalance_domains+0x5cc/0xdb0 kernel/sched/fair.c:10029
 __do_softirq+0x29b/0x9f6 kernel/softirq.c:343
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:226 [inline]
 __irq_exit_rcu kernel/softirq.c:420 [inline]
 irq_exit_rcu+0x134/0x200 kernel/softirq.c:432
 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:deref_stack_reg+0x12/0x150 arch/x86/kernel/unwind_orc.c:351
Code: 14 24 e9 48 ff ff ff 48 89 0c 24 e8 58 7a 84 00 48 8b 0c 24 eb 9d 66 90 48 b8 00 00 00 00 00 fc ff df 41 55 41 54 49 89 fc 55 <48> 89 f5 53 48 89 d3 48 89 fa 48 c1 ea 03 48 83 ec 08 0f b6 04 02
RSP: 0018:ffffc9000afceb60 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: 1ffff920015f9d78 RCX: ffffffff8e4861a3
RDX: ffffc9000afceca0 RSI: ffffc9000afcef88 RDI: ffffc9000afcec58
RBP: 0000000000000001 R08: ffffffff8e48619e R09: ffffffff8e4861a2
R10: 0000000000084087 R11: 0000000000000001 R12: ffffc9000afcec58
R13: ffffc9000afcec8d R14: ffffc9000afceca8 R15: ffffc9000afcec58
 unwind_next_frame+0xbea/0x2000 arch/x86/kernel/unwind_orc.c:534
 arch_stack_walk+0x7d/0xe0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121
 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:401 [inline]
 ____kasan_kmalloc.constprop.0+0x82/0xa0 mm/kasan/common.c:429
 kasan_slab_alloc include/linux/kasan.h:209 [inline]
 slab_post_alloc_hook mm/slab.h:512 [inline]
 slab_alloc_node mm/slub.c:2892 [inline]
 slab_alloc mm/slub.c:2900 [inline]
 __kmalloc+0x1db/0x3f0 mm/slub.c:4021
 kmalloc include/linux/slab.h:559 [inline]
 kzalloc include/linux/slab.h:684 [inline]
 cfg80211_inform_single_bss_frame_data+0x302/0xe90 net/wireless/scan.c:2372
 cfg80211_inform_bss_frame_data+0xa7/0xb10 net/wireless/scan.c:2433
 ieee80211_bss_info_update+0x3ce/0xb20 net/mac80211/scan.c:190
 ieee80211_rx_bss_info net/mac80211/ibss.c:1126 [inline]
 ieee80211_rx_mgmt_probe_beacon+0xccd/0x16b0 net/mac80211/ibss.c:1615
 ieee80211_ibss_rx_queued_mgmt+0xe43/0x1870 net/mac80211/ibss.c:1642
 ieee80211_iface_work+0x761/0x9e0 net/mac80211/iface.c:1439
 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
================================================================================

Crashes (168):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	VM info	Title
ci-upstream-kasan-gce	2021/02/24 14:26	upstream	c03c21ba	fcc6d71b	.config	log	report	syz		UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/22 18:16	upstream	31caf8b2	a659b3f1	.config	log	report	syz		UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/22 17:11	upstream	31caf8b2	a659b3f1	.config	log	report	syz		UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/02/28 16:20	upstream	5695e516	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/02/28 07:21	upstream	5695e516	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/02/27 23:26	upstream	5695e516	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/02/27 22:32	upstream	5695e516	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/02/27 20:31	upstream	3fb6d0e0	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/27 07:46	upstream	3fb6d0e0	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/02/27 06:44	upstream	8b83369d	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/27 04:52	upstream	3fb6d0e0	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/02/27 03:39	upstream	8b83369d	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/02/26 21:52	upstream	8b83369d	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/26 19:53	upstream	2c87f7a3	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/26 18:09	upstream	2c87f7a3	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/02/26 16:24	upstream	2c87f7a3	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/26 15:23	upstream	2c87f7a3	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/26 11:53	upstream	2c87f7a3	76f7fc95	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce	2021/02/26 09:38	upstream	2c87f7a3	76f7fc95	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/02/26 01:57	upstream	29c395c7	76f7fc95	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/02/25 19:32	upstream	29c395c7	76f7fc95	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/25 17:40	upstream	29c395c7	76f7fc95	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/25 16:26	upstream	29c395c7	76f7fc95	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/25 16:02	upstream	29c395c7	76f7fc95	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/24 23:55	upstream	062c84fc	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/24 22:36	upstream	c03c21ba	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/02/24 13:25	upstream	c03c21ba	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/02/24 12:18	upstream	c03c21ba	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/24 09:31	upstream	c03c21ba	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/02/24 06:33	upstream	c03c21ba	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu2-arm64	2021/02/28 21:29	upstream	cd278456	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu2-arm64-compat	2021/02/28 06:14	upstream	5695e516	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/27 18:11	upstream	5ceabb60	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/27 16:58	upstream	5ceabb60	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/27 14:28	upstream	3fb6d0e0	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/27 12:40	upstream	3fb6d0e0	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/27 09:51	upstream	3fb6d0e0	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/27 01:59	upstream	3fb6d0e0	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/26 23:56	upstream	3fb6d0e0	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-386	2021/02/26 23:45	upstream	8b83369d	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/26 10:50	upstream	2c87f7a3	4c37c133	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/26 08:42	upstream	2c87f7a3	76f7fc95	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/26 04:21	upstream	2c87f7a3	76f7fc95	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/26 00:01	upstream	29c395c7	76f7fc95	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu2-arm64	2021/02/25 20:59	upstream	29c395c7	76f7fc95	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/25 13:54	upstream	29c395c7	76f7fc95	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/25 10:52	upstream	29c395c7	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/25 09:24	upstream	29c395c7	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu2-arm64	2021/02/25 05:37	upstream	719bbd4a	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/25 02:44	upstream	719bbd4a	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/24 19:29	upstream	c03c21ba	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/24 18:03	upstream	c03c21ba	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/24 16:05	upstream	c03c21ba	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/02/24 11:24	upstream	c03c21ba	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu2-arm64-compat	2021/02/23 21:29	upstream	3b9cdafb	fcc6d71b	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-linux-next-kasan-gce-root	2021/01/30 00:45	linux-next	b01f250d	fc9fd31e	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-linux-next-kasan-gce-root	2021/01/22 20:12	linux-next	bc085f8f	4080af96	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-linux-next-kasan-gce-root	2021/01/20 09:21	linux-next	647060f3	d4f4eca5	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance