syzbot

 sign-in | mailing list | source | docs
🐞 Open [120] 🐞 Fixed [1] 🐞 Invalid [36] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

UBSAN: array-index-out-of-bounds in check_stack_range_initialized

Status: upstream: reported C repro on 2024/03/18 21:17
Reported-by: syzbot+aafd0513053a1cbf52ef@syzkaller.appspotmail.com
First crash: 51d, last: 36d
Fix bisection: fixed by (bisect log) :
commit 3ca4271578e1cc2bcf4fceb08d794c56b9fd58b8
Author: Greg Kroah-Hartman <gregkh@google.com>
Date: Thu Mar 28 12:36:28 2024 +0000

  Reapply "Merge tag 'android14-6.1.75_r00' into android14-6.1"

  
Discussions (1)
Title Replies (including bot) Last reply
[PATCH V2 bpf 2/2] bpf: Protect against int overflow for stack access size 2 (2) 2024/03/27 16:46
Bug presence (3)
Date Name Commit Repro Result
2024/03/19 android14-6.1 (ToT) e623dd5ac2ac C [report] UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/03/19 lts (merge base) 883d1a956208 C Didn't crash
2024/04/02 upstream (ToT) 026e680b0a08 C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: array-index-out-of-bounds in check_stack_range_initialized bpf C error 21 17d 50d 25/26 upstream: reported C repro on 2024/03/19 18:12
Last patch testing requests (1)
Created Duration User Patch Repo Result
2024/04/17 03:58 14m retest repro android14-6.1 OK log

Sample crash report:
================================================================================
UBSAN: array-index-out-of-bounds in kernel/bpf/verifier.c:5393:12
index -1 is out of range for type 'u8[8]' (aka 'unsigned char[8]')
CPU: 0 PID: 294 Comm: syz-executor674 Not tainted 6.1.68-syzkaller-00062-g4292d259032a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106
 dump_stack+0x15/0x1b lib/dump_stack.c:113
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_out_of_bounds+0x13a/0x160 lib/ubsan.c:282
 check_stack_range_initialized+0x1349/0x1770 kernel/bpf/verifier.c:5393
 check_helper_mem_access+0x4c3/0xf80 kernel/bpf/verifier.c:5497
 check_helper_call+0x2fcf/0x6cd0 kernel/bpf/verifier.c:7564
 do_check+0x78b7/0xe040 kernel/bpf/verifier.c:12672
 do_check_common+0x6ce/0xed0 kernel/bpf/verifier.c:14940
 do_check_main kernel/bpf/verifier.c:15003 [inline]
 bpf_check+0x673b/0x16560 kernel/bpf/verifier.c:15577
 bpf_prog_load+0x1304/0x1bf0 kernel/bpf/syscall.c:2605
 __sys_bpf+0x52c/0x7f0 kernel/bpf/syscall.c:4972
 __do_sys_bpf kernel/bpf/syscall.c:5076 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5074 [inline]
 __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5074
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f4a48189629
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffee168eab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007ffee168ec88 RCX: 0000

Crashes (3803):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/18 21:20 android14-6.1 4292d259032a baa80228 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-6-1 UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/03/18 21:16 android14-6.1 4292d259032a baa80228 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/03 01:35 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/03 01:11 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/03 00:10 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 23:21 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 22:44 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 21:37 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 20:25 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 19:31 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 18:30 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 17:52 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 16:45 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 15:38 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 14:54 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 13:45 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 13:24 android14-6.1 f085398f0e8f eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 12:10 android14-6.1 f085398f0e8f 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 11:04 android14-6.1 f085398f0e8f 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 10:00 android14-6.1 f085398f0e8f 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 08:48 android14-6.1 f085398f0e8f 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 06:59 android14-6.1 f085398f0e8f 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 06:08 android14-6.1 931187cc187d 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 04:22 android14-6.1 931187cc187d 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 03:18 android14-6.1 931187cc187d 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 02:07 android14-6.1 931187cc187d 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/02 00:44 android14-6.1 931187cc187d 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 23:59 android14-6.1 931187cc187d 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 21:33 android14-6.1 931187cc187d 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 19:59 android14-6.1 931187cc187d 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 18:39 android14-6.1 931187cc187d 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 17:45 android14-6.1 931187cc187d 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 16:21 android14-6.1 5b8114ec3c92 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 15:11 android14-6.1 5b8114ec3c92 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 14:10 android14-6.1 5b8114ec3c92 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 13:58 android14-6.1 5b8114ec3c92 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 12:55 android14-6.1 5b8114ec3c92 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 12:28 android14-6.1 5b8114ec3c92 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 11:26 android14-6.1 5b8114ec3c92 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 10:32 android14-6.1 5b8114ec3c92 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 10:17 android14-6.1 5b8114ec3c92 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 09:13 android14-6.1 5b8114ec3c92 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 09:04 android14-6.1 5b8114ec3c92 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/04/01 07:57 android14-6.1 5b8114ec3c92 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf UBSAN: array-index-out-of-bounds in check_stack_range_initialized
2024/03/19 02:13 android14-6.1 4292d259032a baa80228 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 UBSAN: array-index-out-of-bounds in check_stack_range_initialized
* Struck through repros no longer work on HEAD.