syzbot

 sign-in | mailing list | source | docs
🐞 Open [1548]
Subsystems
🐞 Fixed [6437]
🐞 Invalid [16302]
Missing Backports [199]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: shift-out-of-bounds in das16m1_attach

Status: upstream: reported C repro on 2025/07/04 16:20
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+c52293513298e0fd9a94@syzkaller.appspotmail.com
Fix commit: comedi: das16m1: Fix bit shift out of bounds
Patched on: [ci-upstream-linux-next-kasan-gce-root ci-upstream-rust-kasan-gce], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 15d, last: 4h23m
Discussions (3)
Title Replies (including bot) Last reply
[PATCH] comedi: das16m1: Fix bit shift out of bounds 1 (1) 2025/07/07 13:09
Re: [syzbot] [kernel?] UBSAN: shift-out-of-bounds in das16m1_attach 1 (1) 2025/07/07 11:01
[syzbot] [kernel?] UBSAN: shift-out-of-bounds in das16m1_attach 2 (4) 2025/07/07 10:18
Last patch testing requests (1)
Created Duration User Patch Repo Result
2025/07/04 18:11 47m enjuk@amazon.com patch upstream OK log

Sample crash report:
UBSAN: shift-out-of-bounds in drivers/comedi/drivers/das16m1.c:525:9
shift exponent 67108867 is too large for 32-bit type 'int'
CPU: 0 UID: 0 PID: 6101 Comm: syz.0.16 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:233 [inline]
 __ubsan_handle_shift_out_of_bounds+0x27f/0x420 lib/ubsan.c:494
 das16m1_attach.cold+0x19/0x1e drivers/comedi/drivers/das16m1.c:525
 comedi_device_attach+0x3b3/0x900 drivers/comedi/drivers.c:996
 do_devconfig_ioctl+0x1a7/0x580 drivers/comedi/comedi_fops.c:855
 comedi_unlocked_ioctl+0x15bb/0x2e90 drivers/comedi/comedi_fops.c:2136
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1d8718e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe20aa5098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f1d873b5fa0 RCX: 00007f1d8718e929
RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
RBP: 00007f1d87210b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1d873b5fa0 R14: 00007f1d873b5fa0 R15: 0000000000000003
 </TASK>
---[ end trace ]---

Crashes (84):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/04 15:05 upstream 4c06e63b9203 d869b261 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/04 14:47 upstream 4c06e63b9203 d869b261 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/08 23:23 linux-next 58ba80c47402 abade794 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/16 19:43 upstream 155a3c003e55 c118d736 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/15 02:42 upstream 347e9f5043c8 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/14 05:59 upstream 5d5d62298b8b 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/13 13:30 upstream 3f31a806a62e 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/20 01:25 upstream 4871b7cb27f4 7117feec .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/19 23:02 upstream 4871b7cb27f4 7117feec .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/19 17:15 upstream 4871b7cb27f4 7117feec .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/19 14:34 upstream 4871b7cb27f4 7117feec .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/19 04:51 upstream d786aba32000 7117feec .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/18 10:19 upstream 6832a9317eee 88248e14 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/18 03:47 upstream 6832a9317eee 88248e14 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/18 02:27 upstream 6832a9317eee 88248e14 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/17 17:47 upstream e2291551827f 0ea0ca3f .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/17 15:39 upstream e2291551827f 89164500 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/16 15:07 upstream 155a3c003e55 124ec9cc .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/16 09:36 upstream 155a3c003e55 124ec9cc .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/16 05:36 upstream 155a3c003e55 03fcfc4b .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/16 03:38 upstream 155a3c003e55 03fcfc4b .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/16 03:37 upstream 155a3c003e55 03fcfc4b .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/15 22:37 upstream 155a3c003e55 03fcfc4b .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/15 20:05 upstream 155a3c003e55 03fcfc4b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/15 18:38 upstream 155a3c003e55 03fcfc4b .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/15 16:18 upstream 155a3c003e55 03fcfc4b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/15 13:06 upstream 155a3c003e55 03fcfc4b .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/15 01:16 upstream 347e9f5043c8 03fcfc4b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/13 17:05 upstream 3f31a806a62e 3cda49cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/13 15:01 upstream 3f31a806a62e 3cda49cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/13 06:35 upstream 3f31a806a62e 3cda49cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/13 02:59 upstream 3f31a806a62e 3cda49cf .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/13 02:12 upstream 3f31a806a62e 3cda49cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/12 16:44 upstream 379f604cc3dc 3cda49cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/12 09:14 upstream 379f604cc3dc 3cda49cf .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/12 09:14 upstream 379f604cc3dc 3cda49cf .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/12 02:58 upstream 40f92e79b0aa 3cda49cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/11 21:19 upstream 40f92e79b0aa 3cda49cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/11 16:50 upstream bc9ff192a6c9 3cda49cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/11 14:03 upstream bc9ff192a6c9 3cda49cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/11 10:39 upstream bc9ff192a6c9 3cda49cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/11 03:51 upstream bc9ff192a6c9 3cda49cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/10 20:37 upstream bc9ff192a6c9 d7384b6d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/10 12:15 upstream 8c2e52ebbe88 d7384b6d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/10 09:40 upstream 8c2e52ebbe88 d7384b6d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/10 07:08 upstream 8c2e52ebbe88 956bd956 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/10 03:57 upstream 8c2e52ebbe88 956bd956 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/10 01:56 upstream 8c2e52ebbe88 956bd956 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/10 00:31 upstream 8c2e52ebbe88 956bd956 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/19 07:51 upstream c7de79e662b8 7117feec .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/16 02:10 linux-next 0be23810e32e 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/15 06:53 linux-next 0be23810e32e 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/14 17:56 linux-next 0be23810e32e 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce UBSAN: shift-out-of-bounds in das16m1_attach
2025/07/12 15:28 linux-next a62b7a37e6fc 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in das16m1_attach
* Struck through repros no longer work on HEAD.