syzbot

 sign-in | mailing list | source | docs
🐞 Open [1593]
Subsystems
🐞 Fixed [6224]
🐞 Invalid [15741]
Missing Backports [182]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: shift-out-of-bounds in __kfifo_alloc

Status: upstream: reported C repro on 2025/03/31 02:14
Subsystems: input usb
[Documentation on labels]
Reported-by: syzbot+d5204cbbdd921f1f7cad@syzkaller.appspotmail.com
First crash: 46d, last: now
Discussions (4)
Title Replies (including bot) Last reply
[PATCH v2 RESEND] HID: wacom: fix shift OOB in kfifo allocation for zero pktlen 2 (2) 2025/04/24 10:13
[PATCH v2] HID: wacom: fix shift OOB in kfifo allocation for zero pktlen 3 (3) 2025/04/02 08:06
[PATCH] HID: wacom: fix shift OOB in kfifo allocation for zero pktlen 2 (2) 2025/04/01 19:06
[syzbot] [input?] [usb?] UBSAN: shift-out-of-bounds in __kfifo_alloc 0 (4) 2025/04/01 11:04
Last patch testing requests (3)
Created Duration User Patch Repo Result
2025/04/01 11:04 13m qasdev00@gmail.com patch upstream error
2025/04/01 10:24 13m qasdev00@gmail.com patch upstream error
2025/04/01 10:18 9m qasdev00@gmail.com patch upstream error

Sample crash report:
usb 5-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00
usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 5-1: config 0 descriptor??
------------[ cut here ]------------
UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13
shift exponent 64 is too large for 64-bit type 'long unsigned int'
CPU: 0 UID: 0 PID: 835 Comm: kworker/0:2 Not tainted 6.14.0-syzkaller-03565-gf6e0150b2003 #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_shift_out_of_bounds+0x27f/0x420 lib/ubsan.c:492
 __roundup_pow_of_two include/linux/log2.h:57 [inline]
 __kfifo_alloc.cold+0x18/0x1d lib/kfifo.c:32
 wacom_devm_kfifo_alloc drivers/hid/wacom_sys.c:1308 [inline]
 wacom_parse_and_register+0x28e/0x5d10 drivers/hid/wacom_sys.c:2368
 wacom_probe+0xa1c/0xe10 drivers/hid/wacom_sys.c:2867
 __hid_device_probe drivers/hid/hid-core.c:2717 [inline]
 hid_device_probe+0x354/0x710 drivers/hid/hid-core.c:2754
 call_driver_probe drivers/base/dd.c:579 [inline]
 really_probe+0x23e/0xa90 drivers/base/dd.c:658
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
 bus_for_each_drv+0x156/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1030
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x1148/0x1a70 drivers/base/core.c:3666
 hid_add_device+0x373/0xa60 drivers/hid/hid-core.c:2900
 usbhid_probe+0xd38/0x13f0 drivers/hid/usbhid/hid-core.c:1432
 usb_probe_interface+0x300/0x9c0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:579 [inline]
 really_probe+0x23e/0xa90 drivers/base/dd.c:658
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
 bus_for_each_drv+0x156/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1030
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x1148/0x1a70 drivers/base/core.c:3666
 usb_set_configuration+0x1187/0x1e20 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:250
 usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:579 [inline]
 really_probe+0x23e/0xa90 drivers/base/dd.c:658
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
 bus_for_each_drv+0x156/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1030
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x1148/0x1a70 drivers/base/core.c:3666
 usb_new_device+0xd07/0x1a20 drivers/usb/core/hub.c:2663
 hub_port_connect drivers/usb/core/hub.c:5533 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5673 [inline]
 port_event drivers/usb/core/hub.c:5833 [inline]
 hub_event+0x2eb7/0x4fa0 drivers/usb/core/hub.c:5915
 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c1/0xef0 kernel/workqueue.c:3400
 kthread+0x3a4/0x760 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
---[ end trace ]---

Crashes (24560):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/03/27 08:31 upstream f6e0150b2003 20510e88 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/03/27 03:01 upstream f6e0150b2003 20510e88 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/15 03:06 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 169263214645 0bd6db41 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/15 02:21 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 169263214645 0bd6db41 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/15 01:36 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 169263214645 0bd6db41 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 18:30 upstream 3ce9925823c7 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 17:34 upstream 3ce9925823c7 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 17:04 upstream 3ce9925823c7 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 11:21 upstream 3ce9925823c7 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 07:53 upstream bec6f00f120e 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 05:32 upstream bec6f00f120e 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 05:22 upstream bec6f00f120e 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 00:34 upstream 345030986df8 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/10 23:44 upstream 345030986df8 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/09 17:29 upstream 9c69f8884904 bb813bcc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 06:56 upstream 345030986df8 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 06:04 upstream 345030986df8 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 01:29 upstream 345030986df8 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 05:52 upstream 3ce9925823c7 77908e5f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/10 22:51 upstream 1a33418a69cc 77908e5f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/08 19:59 upstream 2c89c1b655c0 bb813bcc .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 06:43 upstream 3ce9925823c7 77908e5f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 05:48 upstream 3ce9925823c7 77908e5f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/10 22:38 upstream 1a33418a69cc 77908e5f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/03/27 02:03 upstream f6e0150b2003 20510e88 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/12 03:28 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/12 02:17 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/12 01:18 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/12 00:08 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/12 00:07 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 23:06 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 22:03 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 21:20 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 20:15 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 19:54 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 18:54 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 16:48 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 15:37 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 15:01 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 13:51 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 12:52 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 12:28 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 11:27 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 10:11 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 09:58 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 08:53 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 06:46 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 06:35 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 05:59 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 05:56 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 04:13 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 04:07 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 03:06 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 02:37 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/11 01:06 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/10 22:08 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/10 21:36 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/10 20:31 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 588d032e9e56 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/04/17 07:00 linux-next 01c6df60d5d4 23b969b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in __kfifo_alloc
2025/05/10 00:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c32f8dc5aaf9 bb813bcc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in __kfifo_alloc
* Struck through repros no longer work on HEAD.