syzbot

 sign-in | mailing list | source | docs
🐞 Open [979] Subsystems 🐞 Fixed [5235] 🐞 Invalid [12492] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

UBSAN: shift-out-of-bounds in gred_enqueue

Status: fixed on 2021/11/10 00:50
Subsystems: net
[Documentation on labels]
Fix commit: e323d865b361 net: sched: validate stab values
First crash: 1133d, last: 1133d

Sample crash report:
================================================================================
UBSAN: shift-out-of-bounds in ./include/net/red.h:312:18
shift exponent 240 is too large for 64-bit type 'long unsigned int'
CPU: 0 PID: 10313 Comm: syz-executor.5 Not tainted 5.12.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x141/0x1d7 lib/dump_stack.c:120
 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327
 red_calc_qavg_from_idle_time include/net/red.h:312 [inline]
 red_calc_qavg include/net/red.h:353 [inline]
 gred_enqueue.cold+0xc3/0x40e net/sched/sch_gred.c:211
 __dev_xmit_skb net/core/dev.c:3837 [inline]
 __dev_queue_xmit+0x18b8/0x2e30 net/core/dev.c:4150
 __netlink_deliver_tap_skb net/netlink/af_netlink.c:303 [inline]
 __netlink_deliver_tap net/netlink/af_netlink.c:321 [inline]
 netlink_deliver_tap+0x92e/0xb70 net/netlink/af_netlink.c:334
 netlink_deliver_tap_kernel net/netlink/af_netlink.c:343 [inline]
 netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline]
 netlink_unicast+0x5e5/0x7d0 net/netlink/af_netlink.c:1338
 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
 sock_sendmsg_nosec net/socket.c:654 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:674
 ____sys_sendmsg+0x331/0x810 net/socket.c:2350
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
 __sys_sendmmsg+0x195/0x470 net/socket.c:2490
 __do_sys_sendmmsg net/socket.c:2519 [inline]
 __se_sys_sendmmsg net/socket.c:2516 [inline]
 __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2516
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x465f69
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f88eac91188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465f69
RDX: 010efe10675dec16 RSI: 0000000020000200 RDI: 0000000000000003
RBP: 00000000004bfa8f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007fff291b3aef R14: 00007f88eac91300 R15: 0000000000022000
================================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/03/17 02:43 net-next-old 578ce0468f0b fdb2bb2c .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in gred_enqueue
* Struck through repros no longer work on HEAD.