syzbot

 sign-in | mailing list | source | docs
🐞 Open [1540]
Subsystems
🐞 Fixed [6208]
🐞 Invalid [15619]
Missing Backports [182]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: shift-out-of-bounds in __kfifo_alloc

Status: upstream: reported C repro on 2025/03/31 02:14
Subsystems: input usb
[Documentation on labels]
Reported-by: syzbot+d5204cbbdd921f1f7cad@syzkaller.appspotmail.com
First crash: 30d, last: 12m
Discussions (4)
Title Replies (including bot) Last reply
[PATCH v2 RESEND] HID: wacom: fix shift OOB in kfifo allocation for zero pktlen 2 (2) 2025/04/24 10:13
[PATCH v2] HID: wacom: fix shift OOB in kfifo allocation for zero pktlen 3 (3) 2025/04/02 08:06
[PATCH] HID: wacom: fix shift OOB in kfifo allocation for zero pktlen 2 (2) 2025/04/01 19:06
[syzbot] [input?] [usb?] UBSAN: shift-out-of-bounds in __kfifo_alloc 0 (4) 2025/04/01 11:04
Last patch testing requests (3)
Created Duration User Patch Repo Result
2025/04/01 11:04 13m qasdev00@gmail.com patch upstream error
2025/04/01 10:24 13m qasdev00@gmail.com patch upstream error
2025/04/01 10:18 9m qasdev00@gmail.com patch upstream error

Sample crash report:
usb 5-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00
usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 5-1: config 0 descriptor??
------------[ cut here ]------------
UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13
shift exponent 64 is too large for 64-bit type 'long unsigned int'
CPU: 0 UID: 0 PID: 835 Comm: kworker/0:2 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_shift_out_of_bounds+0x27f/0x420 lib/ubsan.c:492
 __roundup_pow_of_two include/linux/log2.h:57 [inline]
 __kfifo_alloc.cold+0x18/0x1d lib/kfifo.c:32
 wacom_devm_kfifo_alloc drivers/hid/wacom_sys.c:1308 [inline]
 wacom_parse_and_register+0x28e/0x5d10 drivers/hid/wacom_sys.c:2368
 wacom_probe+0xa1c/0xe10 drivers/hid/wacom_sys.c:2867
 __hid_device_probe drivers/hid/hid-core.c:2717 [inline]
 hid_device_probe+0x354/0x710 drivers/hid/hid-core.c:2754
 call_driver_probe drivers/base/dd.c:579 [inline]
 really_probe+0x23e/0xa90 drivers/base/dd.c:658
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
 bus_for_each_drv+0x156/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1030
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x1148/0x1a70 drivers/base/core.c:3666
 hid_add_device+0x373/0xa60 drivers/hid/hid-core.c:2900
 usbhid_probe+0xd38/0x13f0 drivers/hid/usbhid/hid-core.c:1432
 usb_probe_interface+0x300/0x9c0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:579 [inline]
 really_probe+0x23e/0xa90 drivers/base/dd.c:658
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
 bus_for_each_drv+0x156/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1030
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x1148/0x1a70 drivers/base/core.c:3666
 usb_set_configuration+0x1187/0x1e20 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:250
 usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:579 [inline]
 really_probe+0x23e/0xa90 drivers/base/dd.c:658
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
 bus_for_each_drv+0x156/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1030
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x1148/0x1a70 drivers/base/core.c:3666
 usb_new_device+0xd07/0x1a20 drivers/usb/core/hub.c:2663
 hub_port_connect drivers/usb/core/hub.c:5533 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5673 [inline]
 port_event drivers/usb/core/hub.c:5833 [inline]
 hub_event+0x2eb7/0x4fa0 drivers/usb/core/hub.c:5915
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c1/0xef0 kernel/workqueue.c:3400
 kthread+0x3a4/0x760 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
---[ end trace ]---

Crashes (15746):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/03/27 08:31 upstream f6e0150b2003 20510e88 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/03/27 03:01 upstream f6e0150b2003 20510e88 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/15 03:06 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 169263214645 0bd6db41 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/15 02:21 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 169263214645 0bd6db41 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/15 01:36 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 169263214645 0bd6db41 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/26 04:48 upstream 02ddfb981de8 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/26 04:10 upstream 02ddfb981de8 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/26 04:09 upstream 02ddfb981de8 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 22:35 upstream 02ddfb981de8 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 22:26 upstream 02ddfb981de8 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 21:51 upstream 02ddfb981de8 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 11:45 upstream 02ddfb981de8 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 11:29 upstream 02ddfb981de8 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 11:13 upstream 02ddfb981de8 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 10:00 upstream 02ddfb981de8 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 09:52 upstream 02ddfb981de8 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 09:36 upstream 02ddfb981de8 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 07:41 upstream 02ddfb981de8 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 07:25 upstream 02ddfb981de8 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/26 00:23 upstream 02ddfb981de8 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 23:21 upstream c3137514f1f1 c6b4fb39 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/24 09:50 upstream a79be02bba5c 9c80ffa0 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 23:59 upstream c3137514f1f1 c6b4fb39 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 19:53 upstream 02ddfb981de8 dea5c7e4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/03/27 02:03 upstream f6e0150b2003 20510e88 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/26 08:03 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 3baea29dc0a7 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/26 07:25 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 3baea29dc0a7 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/26 06:15 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/26 05:49 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/26 02:55 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/26 02:09 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/26 01:14 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/26 00:56 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 22:10 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 21:02 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 20:02 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 18:51 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 18:05 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 16:59 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 16:57 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 15:52 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 14:50 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 13:43 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 12:47 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing e94b19bf8e91 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 10:39 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f41f7b3d9daf e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 09:24 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f41f7b3d9daf e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 09:23 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f41f7b3d9daf e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 08:22 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f41f7b3d9daf e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 07:00 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f41f7b3d9daf e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 06:30 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f41f7b3d9daf e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 05:47 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f41f7b3d9daf e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 04:51 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f41f7b3d9daf e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 03:32 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f41f7b3d9daf 9882047a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 03:13 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f41f7b3d9daf 9882047a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 02:09 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f41f7b3d9daf 9882047a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 01:50 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f41f7b3d9daf 9882047a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/25 00:47 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f41f7b3d9daf 9882047a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/17 07:00 linux-next 01c6df60d5d4 23b969b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/24 04:28 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c72692105976 9882047a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in __kfifo_alloc
* Struck through repros no longer work on HEAD.