================================================================================ UBSAN: shift-out-of-bounds in kernel/sched/fair.c:7712:14 shift exponent 94 is too large for 64-bit type 'unsigned long' CPU: 1 PID: 15566 Comm: syz-executor.1 Not tainted 5.12.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x176/0x24e lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:148 [inline] __ubsan_handle_shift_out_of_bounds+0x42e/0x4d0 lib/ubsan.c:327 detach_tasks+0xd04/0x1110 kernel/sched/fair.c:7712 load_balance+0x39f6/0x5a80 kernel/sched/fair.c:9641 rebalance_domains+0x4ca/0x9c0 kernel/sched/fair.c:10029 __do_softirq+0x318/0x714 kernel/softirq.c:345 invoke_softirq kernel/softirq.c:221 [inline] __irq_exit_rcu+0x1d8/0x200 kernel/softirq.c:422 irq_exit_rcu+0x5/0x20 kernel/softirq.c:434 sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632 RIP: 0010:PagePoisoned include/linux/page-flags.h:204 [inline] RIP: 0010:PageSlab include/linux/page-flags.h:342 [inline] RIP: 0010:page_memcg+0x71/0x150 include/linux/memcontrol.h:380 Code: 4c 89 ff e8 31 45 fb ff 49 8b 44 24 08 89 c1 83 e1 01 4c 89 e3 48 85 c9 0f 85 97 00 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 <74> 08 48 89 df e8 05 45 fb ff 4c 8b 2b 48 b8 00 00 00 00 00 fc ff RSP: 0018:ffffc90001ac76f0 EFLAGS: 00000246 RAX: 1ffffd40002e5b88 RBX: ffffea000172dc40 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffffea000172dc78 RBP: 1ffffd40002e5b89 R08: dffffc0000000000 R09: fffffbfff1f270b1 R10: fffffbfff1f270b1 R11: 0000000000000000 R12: ffffea000172dc40 R13: dffffc0000000000 R14: 0000000000000000 R15: ffffea000172dc48 lock_page_memcg+0xb8/0x290 mm/memcontrol.c:2147 page_remove_rmap+0x2b/0x1080 mm/rmap.c:1348 zap_pte_range+0x907/0x1b40 mm/memory.c:1270 zap_pmd_range mm/memory.c:1374 [inline] zap_pud_range mm/memory.c:1403 [inline] zap_p4d_range mm/memory.c:1424 [inline] unmap_page_range+0x55a/0x890 mm/memory.c:1445 unmap_vmas+0x15d/0x2c0 mm/memory.c:1522 exit_mmap+0x26d/0x590 mm/mmap.c:3218 __mmput+0x111/0x370 kernel/fork.c:1090 exit_mm+0x5ec/0x710 kernel/exit.c:501 do_exit+0x635/0x2290 kernel/exit.c:812 do_group_exit+0x168/0x2d0 kernel/exit.c:922 get_signal+0x186f/0x2030 kernel/signal.c:2781 arch_do_signal_or_restart+0x41/0x620 arch/x86/kernel/signal.c:789 handle_signal_work kernel/entry/common.c:147 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0xac/0x1e0 kernel/entry/common.c:208 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline] syscall_exit_to_user_mode+0x26/0x70 kernel/entry/common.c:301 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x467881 Code: Unable to access opcode bytes at RIP 0x467857. RSP: 002b:00007ffe59f952f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 RAX: fffffffffffffffc RBX: 00007f8f87479700 RCX: 0000000000467881 RDX: 00007f8f874799d0 RSI: 00007f8f874792f0 RDI: 00000000003d0f00 RBP: 00007ffe59f95530 R08: 00007f8f87479700 R09: 00007f8f87479700 R10: 00007f8f874799d0 R11: 0000000000000206 R12: 00007ffe59f953ae R13: 00007ffe59f953af R14: 00007f8f87479300 R15: 0000000000022000 ================================================================================