syzbot

 sign-in | mailing list | source | docs
🐞 Open [124]
🐞 Fixed [23]
🐞 Invalid [245]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

UBSAN: shift-out-of-bounds in parse_audio_unit

Status: upstream: reported C repro on 2024/07/22 02:50
Bug presence: origin:lts
[Documentation on labels]
Reported-by: syzbot+564c9cc7746f2a77d21e@syzkaller.appspotmail.com
First crash: 122d, last: 10d
Bug presence (2)
Date Name Commit Repro Result
2024/07/22 lts (merge base) 574362648507 C [report] UBSAN: shift-out-of-bounds in parse_audio_unit
2024/07/22 upstream (ToT) 527eff227d43 C Didn't crash
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: shift-out-of-bounds in parse_audio_unit sound C error 3 131d 129d 27/28 fixed on 2024/08/14 03:44
linux-5.15 UBSAN: shift-out-of-bounds in parse_audio_unit origin:lts-only C done 8 4d01h 59d 0/3 upstream: reported C repro on 2024/09/22 18:15
android-6-1 UBSAN: shift-out-of-bounds in parse_audio_unit C done 3 43d 102d 0/2 upstream: reported C repro on 2024/08/11 11:03
Last patch testing requests (1)
Created Duration User Patch Repo Result
2024/08/27 00:26 5m retest repro android13-5.15-lts report log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2024/10/24 05:48 1h24m bisect fix android13-5.15-lts OK (0) job log log

Sample crash report:
usb 1-1: 0:2 : does not exist
================================================================================
UBSAN: shift-out-of-bounds in sound/usb/mixer.c:2035:20
shift exponent 49 is too large for 32-bit type 'int'
CPU: 1 PID: 39 Comm: kworker/1:1 Not tainted 5.15.167-syzkaller-android13-5.15.167_r00 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x151/0x1c0 lib/dump_stack.c:106
 dump_stack+0x15/0x20 lib/dump_stack.c:113
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_shift_out_of_bounds+0x3bf/0x420 lib/ubsan.c:321
 parse_audio_feature_unit sound/usb/mixer.c:2035 [inline]
 parse_audio_unit+0x270d/0x3d90 sound/usb/mixer.c:2885
 snd_usb_mixer_controls sound/usb/mixer.c:3230 [inline]
 snd_usb_create_mixer+0x122f/0x2df0 sound/usb/mixer.c:3577
 usb_audio_probe+0x1412/0x2260 sound/usb/card.c:858
 usb_probe_interface+0x5b6/0xa90 drivers/usb/core/driver.c:396
 really_probe+0x28d/0x970 drivers/base/dd.c:595
 __driver_probe_device+0x1a0/0x310 drivers/base/dd.c:755
 driver_probe_device+0x54/0x3d0 drivers/base/dd.c:785
 __device_attach_driver+0x2c5/0x470 drivers/base/dd.c:907
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:427
 __device_attach+0x312/0x510 drivers/base/dd.c:979
 device_initial_probe+0x1a/0x20 drivers/base/dd.c:1028
 bus_probe_device+0xbe/0x1e0 drivers/base/bus.c:487
 device_add+0xb60/0xf10 drivers/base/core.c:3425
 usb_set_configuration+0x190f/0x1e80 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x8b/0x150 drivers/usb/core/generic.c:238
 usb_probe_device+0x144/0x260 drivers/usb/core/driver.c:293
 really_probe+0x28d/0x970 drivers/base/dd.c:595
 __driver_probe_device+0x1a0/0x310 drivers/base/dd.c:755
 driver_probe_device+0x54/0x3d0 drivers/base/dd.c:785
 __device_attach_driver+0x2c5/0x470 drivers/base/dd.c:907
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:427
 __device_attach+0x312/0x510 drivers/base/dd.c:979
 device_initial_probe+0x1a/0x20 drivers/base/dd.c:1028
 bus_probe_device+0xbe/0x1e0 drivers/base/bus.c:487
 device_add+0xb60/0xf10 drivers/base/core.c:3425
 usb_new_device+0x1038/0x1c00 drivers/usb/core/hub.c:2599
 hub_port_connect drivers/usb/core/hub.c:5513 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5653 [inline]
 port_event drivers/usb/core/hub.c:5803 [inline]
 hub_event+0x2def/0x4770 drivers/usb/core/hub.c:5885
 process_one_work+0x6bb/0xc10 kernel/workqueue.c:2325
 worker_thread+0xad5/0x12a0 kernel/workqueue.c:2472
 kthread+0x421/0x510 kernel/kthread.c:337
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
================================================================================

Crashes (18):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/03 13:30 android13-5.15-lts 5e4635681cf1 f00eed24 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/07/22 02:44 android13-5.15-lts db06c48ab67e b88348e9 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/11/11 03:28 android13-5.15-lts 5e4635681cf1 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/11/06 12:25 android13-5.15-lts 5e4635681cf1 3a465482 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/11/04 05:24 android13-5.15-lts 5e4635681cf1 f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/11/03 15:50 android13-5.15-lts 5e4635681cf1 f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/11/03 13:26 android13-5.15-lts 5e4635681cf1 f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/11/03 12:59 android13-5.15-lts 5e4635681cf1 f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/11/01 16:11 android13-5.15-lts 5e4635681cf1 96eb609f .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/09/21 21:02 android13-5.15-lts b92c0d35d015 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/09/19 09:26 android13-5.15-lts b92c0d35d015 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/08/12 22:33 android13-5.15-lts 70e1a731d986 842184b3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/08/11 20:03 android13-5.15-lts 70e1a731d986 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/08/10 17:39 android13-5.15-lts 70e1a731d986 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/08/08 23:51 android13-5.15-lts 70e1a731d986 61405512 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/08/07 05:57 android13-5.15-lts 70e1a731d986 1ef9fe42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/07/28 13:21 android13-5.15-lts 4edafe6c0231 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
2024/07/22 02:20 android13-5.15-lts db06c48ab67e b88348e9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 UBSAN: shift-out-of-bounds in parse_audio_unit
* Struck through repros no longer work on HEAD.