UBSAN: shift-out-of-bounds in load

UBSAN: shift-out-of-bounds in load_balance
Status: upstream: reported syz repro on 2021/01/24 09:30
Reported-by: syzbot+d7581744d5fd27c9fbe1@syzkaller.appspotmail.com
Fix commit: 39a2a6eb5c9b sched/fair: Fix shift-out-of-bounds in load_balance()
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm32]
First crash: 186d, last: 78d

duplicates (1):
Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
UBSAN: shift-out-of-bounds in detach_tasks	syz	error	error	11	88d	152d	0/22	closed as dup on 2021/06/12 08:25

Sample crash report:

================================================================================
UBSAN: shift-out-of-bounds in kernel/sched/fair.c:7712:14
shift exponent 75 is too large for 64-bit type 'long unsigned int'
CPU: 0 PID: 9899 Comm: kworker/u4:5 Not tainted 5.11.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy5 ieee80211_iface_work
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0xfa/0x151 lib/dump_stack.c:120
 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:395
 detach_tasks kernel/sched/fair.c:7712 [inline]
 load_balance.cold+0x1d/0x2e kernel/sched/fair.c:9641
 rebalance_domains+0x5cc/0xdb0 kernel/sched/fair.c:10029
 __do_softirq+0x29b/0x9f6 kernel/softirq.c:343
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:226 [inline]
 __irq_exit_rcu kernel/softirq.c:420 [inline]
 irq_exit_rcu+0x134/0x200 kernel/softirq.c:432
 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:deref_stack_reg+0x12/0x150 arch/x86/kernel/unwind_orc.c:351
Code: 14 24 e9 48 ff ff ff 48 89 0c 24 e8 58 7a 84 00 48 8b 0c 24 eb 9d 66 90 48 b8 00 00 00 00 00 fc ff df 41 55 41 54 49 89 fc 55 <48> 89 f5 53 48 89 d3 48 89 fa 48 c1 ea 03 48 83 ec 08 0f b6 04 02
RSP: 0018:ffffc9000afceb60 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: 1ffff920015f9d78 RCX: ffffffff8e4861a3
RDX: ffffc9000afceca0 RSI: ffffc9000afcef88 RDI: ffffc9000afcec58
RBP: 0000000000000001 R08: ffffffff8e48619e R09: ffffffff8e4861a2
R10: 0000000000084087 R11: 0000000000000001 R12: ffffc9000afcec58
R13: ffffc9000afcec8d R14: ffffc9000afceca8 R15: ffffc9000afcec58
 unwind_next_frame+0xbea/0x2000 arch/x86/kernel/unwind_orc.c:534
 arch_stack_walk+0x7d/0xe0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121
 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:401 [inline]
 ____kasan_kmalloc.constprop.0+0x82/0xa0 mm/kasan/common.c:429
 kasan_slab_alloc include/linux/kasan.h:209 [inline]
 slab_post_alloc_hook mm/slab.h:512 [inline]
 slab_alloc_node mm/slub.c:2892 [inline]
 slab_alloc mm/slub.c:2900 [inline]
 __kmalloc+0x1db/0x3f0 mm/slub.c:4021
 kmalloc include/linux/slab.h:559 [inline]
 kzalloc include/linux/slab.h:684 [inline]
 cfg80211_inform_single_bss_frame_data+0x302/0xe90 net/wireless/scan.c:2372
 cfg80211_inform_bss_frame_data+0xa7/0xb10 net/wireless/scan.c:2433
 ieee80211_bss_info_update+0x3ce/0xb20 net/mac80211/scan.c:190
 ieee80211_rx_bss_info net/mac80211/ibss.c:1126 [inline]
 ieee80211_rx_mgmt_probe_beacon+0xccd/0x16b0 net/mac80211/ibss.c:1615
 ieee80211_ibss_rx_queued_mgmt+0xe43/0x1870 net/mac80211/ibss.c:1642
 ieee80211_iface_work+0x761/0x9e0 net/mac80211/iface.c:1439
 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
================================================================================

Crashes (2167):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	VM info	Title
ci-upstream-kasan-gce	2021/02/24 14:26	upstream	c03c21ba6f4e	fcc6d71b	.config	log	report	syz		UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/22 18:16	upstream	31caf8b2a847	a659b3f1	.config	log	report	syz		UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/02/22 17:11	upstream	31caf8b2a847	a659b3f1	.config	log	report	syz		UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/08 15:39	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/08 14:05	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/08 11:59	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/08 08:45	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/08 06:27	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/08 05:16	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/08 03:57	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/07 22:15	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/07 17:31	upstream	18a3c5f7abfd	f6da8120	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/07 10:02	upstream	18a3c5f7abfd	f6da8120	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/07 03:02	upstream	18a3c5f7abfd	06585184	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/06 22:46	upstream	18a3c5f7abfd	06585184	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/06 20:10	upstream	18a3c5f7abfd	06c27ff5	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/06 18:51	upstream	18a3c5f7abfd	06c27ff5	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/06 16:15	upstream	18a3c5f7abfd	06c27ff5	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/05/06 09:44	upstream	18a3c5f7abfd	06c27ff5	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-selinux-root	2021/04/28 03:56	upstream	57fa2369ab17	805b5003	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce	2021/04/27 08:05	upstream	4a0225c3d208	805b5003	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce	2021/04/27 06:53	upstream	4a0225c3d208	805b5003	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-root	2021/04/27 04:16	upstream	4a0225c3d208	805b5003	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/04/23 14:27	upstream	18a3c5f7abfd	17f0b706	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream	2021/04/23 13:17	upstream	18a3c5f7abfd	17f0b706	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/08 12:49	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/08 10:59	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/08 07:27	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/08 02:14	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/08 00:51	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/07 23:44	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/07 23:33	upstream	18a3c5f7abfd	bc5434be	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/07 19:08	upstream	18a3c5f7abfd	f6da8120	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/07 16:27	upstream	18a3c5f7abfd	f6da8120	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/07 13:35	upstream	18a3c5f7abfd	f6da8120	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/07 12:31	upstream	18a3c5f7abfd	f6da8120	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/07 11:21	upstream	18a3c5f7abfd	f6da8120	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/07 04:53	upstream	18a3c5f7abfd	06585184	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/07 01:46	upstream	18a3c5f7abfd	06585184	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/07 00:45	upstream	18a3c5f7abfd	06585184	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/06 21:45	upstream	18a3c5f7abfd	06585184	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/06 17:30	upstream	18a3c5f7abfd	06c27ff5	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/06 14:11	upstream	18a3c5f7abfd	06c27ff5	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/06 13:00	upstream	18a3c5f7abfd	06c27ff5	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu-upstream-386	2021/05/06 11:09	upstream	18a3c5f7abfd	06c27ff5	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu2-arm64	2021/04/28 23:52	upstream	68a32ba14177	77e2b668	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-386	2021/04/25 11:19	upstream	2a1d7946fa53	36c88236	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-kasan-gce-386	2021/04/25 07:45	upstream	2a1d7946fa53	36c88236	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-qemu2-arm64-compat	2021/04/24 18:35	upstream	8db5efb83fa9	17f0b706	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-bpf-kasan-gce	2021/05/05 04:33	bpf	bbd6f0a94813	06c27ff5	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-bpf-kasan-gce	2021/04/25 13:25	bpf	b02265429681	36c88236	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-bpf-kasan-gce	2021/04/23 20:39	bpf	b02265429681	17f0b706	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-net-this-kasan-gce	2021/04/05 11:14	net	a14d273ba159	6a81331a	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-bpf-next-kasan-gce	2021/05/06 23:42	bpf-next	3733bfbbdd28	06585184	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-bpf-next-kasan-gce	2021/05/03 21:12	bpf-next	3733bfbbdd28	ad61f371	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-bpf-next-kasan-gce	2021/04/25 09:10	bpf-next	350a62ca065b	36c88236	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-bpf-next-kasan-gce	2021/04/25 02:06	bpf-next	350a62ca065b	17f0b706	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-linux-next-kasan-gce-root	2021/01/30 00:45	linux-next	b01f250d83f6	fc9fd31e	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-linux-next-kasan-gce-root	2021/01/22 20:12	linux-next	bc085f8fc88f	4080af96	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance
ci-upstream-linux-next-kasan-gce-root	2021/01/20 09:21	linux-next	647060f3b592	d4f4eca5	.config	log	report		info	UBSAN: shift-out-of-bounds in load_balance