syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

UBSAN: shift-out-of-bounds in nl802154_new_interface

Status: fixed on 2022/03/08 16:11
Subsystems: wpan
[Documentation on labels]
Reported-by: syzbot+7bf7b22759195c9a21e9@syzkaller.appspotmail.com
Fix commit: 451dc48c806a net: ieee802154: handle iftypes as u32
First crash: 1162d, last: 882d
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: UBSAN: undefined-behaviour in nl802154_new_interface (log)
Repro: C syz .config
  
Fix bisection: fixed by (bisect log) :
commit 451dc48c806a7ce9fbec5e7a24ccf4b2c936e834
Author: Alexander Aring <aahringo@redhat.com>
Date: Fri Nov 12 03:09:16 2021 +0000

  net: ieee802154: handle iftypes as u32

  
Discussions (3)
Title Replies (including bot) Last reply
UBSAN: shift-out-of-bounds in nl802154_new_interface 5 (7) 2022/01/24 12:59
[PATCH] net: fix shift-out-of-bounds in nl802154_new_interface 3 (3) 2021/04/06 13:16
[PATCH wpan 00/17] ieee802154: syzbot fixes 25 (25) 2021/03/06 23:35
Last patch testing requests (2)
Created Duration User Patch Repo Result
2021/07/15 19:13 16m paskripkin@gmail.com patch upstream OK
2021/03/07 14:38 10m anant.thazhemadam@gmail.com git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git master report log

Sample crash report:
================================================================================
UBSAN: shift-out-of-bounds in net/ieee802154/nl802154.c:919:44
shift exponent -1 is negative
CPU: 0 PID: 6526 Comm: syz-executor563 Not tainted 5.15.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 ubsan_epilogue+0xb/0x5a lib/ubsan.c:151
 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:330
 nl802154_new_interface.cold+0x19/0x1e net/ieee802154/nl802154.c:919
 genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:731
 genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]
 genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:792
 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2510
 genl_rcv+0x24/0x40 net/netlink/genetlink.c:803
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1935
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:724
 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463
 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f1347612c29
Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe780a8068 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1347612c29
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 00007f13475d6690 R08: 000000000000000a R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000246 R12: 00007f13475d6720
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
================================================================================

Crashes (879):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/10/15 23:52 upstream ec681c53f8d2 0c5d9412 .config console log report syz C ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/08/26 04:31 upstream fe67f4dd8daa b599f2fc .config console log report syz C ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/02/20 02:49 net-old 3af409ca278d f689d40a .config console log report syz C ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/02/20 02:20 net-next-old 38b5133ad607 f689d40a .config console log report syz C ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/10/11 23:58 linux-next d3134eb5de85 838e7e2c .config console log report syz C ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/24 06:32 upstream 5d9f4cf36721 545ab074 .config console log report info ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/18 02:28 upstream ee1703cda8dc cafff8b6 .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/17 22:49 upstream ee1703cda8dc cafff8b6 .config console log report info ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/17 15:22 upstream 8ab774587903 cafff8b6 .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/16 05:45 upstream 8ab774587903 83f5c9b5 .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/12 07:37 upstream 5833291ab6de 75b04091 .config console log report info ci-qemu-upstream UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/11 15:53 upstream debe436e77c7 75b04091 .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/11 04:24 upstream 881007522c8f 75b04091 .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/09 22:45 upstream d2f38a3c6507 59bcaf9a .config console log report info ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/09 04:32 upstream e851dfae4371 8ab17e57 .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/09 01:55 upstream e851dfae4371 8ab17e57 .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/18 18:56 upstream 42eb8fdac2fc 31a30fc0 .config console log report info ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/13 15:04 upstream 66f4beaa6c1d 83f5c9b5 .config console log report info ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/03/07 05:56 upstream a38fd8748464 e4b4d570 .config console log report info ci-qemu2-arm64 UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/25 01:08 net-old ac132852147a 545ab074 .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/22 10:29 net-old f9390b249c90 4eb20a4e .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/21 18:50 net-old f9390b249c90 4eb20a4e .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/21 07:15 net-old f9390b249c90 4eb20a4e .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/12 14:35 net-old 5833291ab6de 75b04091 .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/07 12:56 net-old 70bf363d7adb 4c1be0be .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/06 01:19 net-old a46a5036e7d2 4c1be0be .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/02/20 01:39 net-old 3af409ca278d f689d40a .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/27 02:49 net-next-old 35bf8c86eeb8 63eeac02 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/26 16:47 net-next-old a0341b73d843 63eeac02 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/24 14:21 net-next-old 91eddd309c67 545ab074 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/24 03:16 net-next-old 2106efda785b 545ab074 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/24 01:22 net-next-old 2106efda785b 545ab074 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/23 09:59 net-next-old 3b0e04140bc3 545ab074 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/22 11:52 net-next-old 89f971182417 4eb20a4e .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/21 22:53 net-next-old 89f971182417 4eb20a4e .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/19 06:10 net-next-old 3b1abcf12894 31a30fc0 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/18 09:51 net-next-old 75082e7f4680 cafff8b6 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/17 18:10 net-next-old b9241f54138c cafff8b6 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/17 10:26 net-next-old 62803fec52f8 cafff8b6 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/15 12:33 net-next-old 1274a4eb318d 83f5c9b5 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/14 22:51 net-next-old 1274a4eb318d 83f5c9b5 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/14 21:43 net-next-old 1274a4eb318d 83f5c9b5 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/13 01:02 net-next-old 5833291ab6de 83f5c9b5 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/11 13:21 net-next-old cc0356d6a02e 75b04091 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/11 06:00 net-next-old cc0356d6a02e 75b04091 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/10 16:18 net-next-old cc0356d6a02e 75b04091 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/10 06:33 net-next-old cc0356d6a02e 55fa030c .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/10 04:06 net-next-old cc0356d6a02e 55fa030c .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/09 11:09 net-next-old cc0356d6a02e 8ab17e57 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/09 09:55 net-next-old cc0356d6a02e 8ab17e57 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/08 05:50 net-next-old cc0356d6a02e 4c1be0be .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/07 21:01 net-next-old cc0356d6a02e 4c1be0be .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/07 11:08 net-next-old cc0356d6a02e 4c1be0be .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/07 08:20 net-next-old cc0356d6a02e 4c1be0be .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/06 11:34 net-next-old cc0356d6a02e 4c1be0be .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/06 01:28 net-next-old cc0356d6a02e 4c1be0be .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/05 23:48 net-next-old cc0356d6a02e 4c1be0be .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/05 18:23 net-next-old cc0356d6a02e 4c1be0be .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/05 13:12 net-next-old cc0356d6a02e 4c1be0be .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/04 12:19 net-next-old cc0356d6a02e 4c1be0be .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/26 13:29 linux-next f81e94e91878 63eeac02 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/18 20:32 linux-next 5191249f8803 31a30fc0 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/08 13:49 linux-next e844ee04dee0 d29682f1 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in nl802154_new_interface
2021/11/08 09:13 linux-next e844ee04dee0 4c1be0be .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in nl802154_new_interface
* Struck through repros no longer work on HEAD.