syzbot

 sign-in | mailing list | source | docs
🐞 Open [984] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12475] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

UBSAN: shift-out-of-bounds in profile_init

Status: fixed on 2021/11/10 00:50
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+e68c89a9510c159d9684@syzkaller.appspotmail.com
Fix commit: 2d186afd04d6 profiling: fix shift-out-of-bounds bugs
First crash: 1014d, last: 960d
Cause bisection: introduced by (bisect log) [release commit]:
commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sun Sep 15 21:19:32 2019 +0000

  Linux 5.3

Crash: UBSAN: undefined-behaviour in profile_init (log)
Repro: C syz .config
  
Discussions (10)
Title Replies (including bot) Last reply
[PATCH 5.10 00/63] 5.10.69-rc1 review 71 (71) 2021/09/27 08:39
[PATCH 5.14 000/100] 5.14.8-rc1 review 106 (106) 2021/09/25 11:53
[PATCH 4.4 00/23] 4.4.285-rc1 review 28 (28) 2021/09/25 11:45
[PATCH 5.4 00/50] 5.4.149-rc1 review 54 (54) 2021/09/24 22:03
[PATCH 4.19 00/34] 4.19.208-rc1 review 38 (38) 2021/09/24 21:54
[PATCH 4.9 00/26] 4.9.284-rc1 review 30 (30) 2021/09/24 21:53
[PATCH 4.14 00/27] 4.14.248-rc1 review 29 (29) 2021/09/24 13:55
[patch 095/147] profiling: fix shift-out-of-bounds bugs 1 (1) 2021/09/08 02:58
[PATCH] profiling: fix shift-out-of-bounds in profile_setup 7 (7) 2021/08/29 01:57
[syzbot] UBSAN: shift-out-of-bounds in profile_init 5 (8) 2021/07/16 16:36
Last patch testing requests (2)
Created Duration User Patch Repo Result
2021/07/16 14:38 16m paskripkin@gmail.com patch upstream OK
2021/07/16 13:55 17m paskripkin@gmail.com patch upstream OK

Sample crash report:
kernel profiling enabled (shift: 1000000)
================================================================================
UBSAN: shift-out-of-bounds in kernel/profile.c:110:31
shift exponent 1000000 is too large for 64-bit type 'long int'
CPU: 0 PID: 8450 Comm: syz-executor540 Not tainted 5.14.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:105
 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327
 profile_init+0xfc/0x110 kernel/profile.c:110
 profiling_store+0x5e/0xd0 kernel/ksysfs.c:80
 kobj_attr_store+0x50/0x80 lib/kobject.c:856
 sysfs_kf_write+0x110/0x160 fs/sysfs/file.c:139
 kernfs_fop_write_iter+0x342/0x500 fs/kernfs/file.c:296
 call_write_iter include/linux/fs.h:2114 [inline]
 new_sync_write+0x426/0x650 fs/read_write.c:518
 vfs_write+0x75a/0xa40 fs/read_write.c:605
 ksys_write+0x12d/0x250 fs/read_write.c:658
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x43ee69
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe1a5bd2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043ee69
RDX: 00000000ffffff82 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 0000000000402e50 R08: 0000000000000000 R09: 0000000000400488
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402ee0
R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488
================================================================================

Crashes (23):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/08/21 10:29 upstream fa54d366a6e4 b599f2fc .config console log report syz C ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in profile_init
2021/08/21 08:44 upstream fa54d366a6e4 b599f2fc .config console log report syz C ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in profile_init
2021/08/21 05:25 upstream d992fe5318d8 b599f2fc .config console log report syz C ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in profile_init
2021/08/21 05:05 upstream d992fe5318d8 b599f2fc .config console log report syz C ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in profile_init
2021/07/10 12:59 upstream 3dbdb38e2869 8f5a7b8c .config console log report syz C ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in profile_init
2021/07/10 12:59 upstream 3dbdb38e2869 8f5a7b8c .config console log report syz C ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in profile_init
2021/07/10 12:57 upstream 3dbdb38e2869 8f5a7b8c .config console log report syz C ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in profile_init
2021/08/31 01:47 upstream 7d2a07b76933 8f58a0ef .config console log report syz C ci-upstream-kasan-gce-386 UBSAN: shift-out-of-bounds in profile_init
2021/08/31 00:05 upstream 7d2a07b76933 8f58a0ef .config console log report syz C ci-upstream-kasan-gce-386 UBSAN: shift-out-of-bounds in profile_init
2021/08/30 23:45 upstream 7d2a07b76933 8f58a0ef .config console log report syz C ci-upstream-kasan-gce-386 UBSAN: shift-out-of-bounds in profile_init
2021/08/30 23:12 upstream 7d2a07b76933 8f58a0ef .config console log report syz C ci-upstream-kasan-gce-386 UBSAN: shift-out-of-bounds in profile_init
2021/07/10 15:31 upstream 3dbdb38e2869 8f5a7b8c .config console log report syz C ci-upstream-kasan-gce-386 UBSAN: shift-out-of-bounds in profile_init
2021/07/10 13:04 linux-next 92510a7fd93c 8f5a7b8c .config console log report syz C ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in profile_init
2021/09/03 00:24 upstream 4ac6d90867a4 15cea0a3 .config console log report info ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in profile_init
2021/08/13 05:28 upstream f8fbb47c6e86 3fd2ea69 .config console log report info ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in profile_init
2021/07/10 12:51 upstream 3dbdb38e2869 8f5a7b8c .config console log report info ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in profile_init
2021/07/10 12:46 upstream 3dbdb38e2869 8f5a7b8c .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in profile_init
2021/07/10 12:45 upstream 3dbdb38e2869 8f5a7b8c .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in profile_init
2021/07/10 12:43 upstream 3dbdb38e2869 8f5a7b8c .config console log report info ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in profile_init
2021/07/10 12:57 upstream 3dbdb38e2869 8f5a7b8c .config console log report info ci-upstream-kasan-gce-386 UBSAN: shift-out-of-bounds in profile_init
2021/08/08 17:25 linux-next 7999516e20bd 6972b106 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in profile_init
2021/08/01 05:00 linux-next 8d4b477da1a8 6c236867 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in profile_init
2021/07/10 12:49 linux-next 92510a7fd93c 8f5a7b8c .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in profile_init
* Struck through repros no longer work on HEAD.