syzbot


UBSAN: shift-out-of-bounds in red_adaptative_timer

Status: fixed on 2021/03/10 01:48
Subsystems: net
[Documentation on labels]
Fix commit: bd1248f1ddbc net: sched: prevent invalid Scell_log shift count
First crash: 1197d, last: 1105d
Cause bisection: introduced by (bisect log) [no-op commit]:
commit e9b60476bea058d85f8029e6701d9476f7fdb92f
Author: Amit Daniel Kachhap <amit.kachhap@arm.com>
Date: Fri Oct 2 11:56:25 2020 +0000

  kselftest/arm64: Add utilities and a test to validate mte memory

Crash: UBSAN: shift-out-of-bounds in red_adaptative_timer (log)
Repro: syz .config
  
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: shift-out-of-bounds in red_adaptative_timer (2) net 28 1089d 1105d 20/26 fixed on 2021/11/10 00:50

Sample crash report:
================================================================================
UBSAN: shift-out-of-bounds in ./include/net/red.h:312:18
shift exponent 71 is too large for 64-bit type 'long unsigned int'
CPU: 0 PID: 24 Comm: kworker/u4:1 Not tainted 5.11.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:395
 red_calc_qavg_from_idle_time include/net/red.h:312 [inline]
 red_adaptative_algo include/net/red.h:444 [inline]
 red_adaptative_timer.cold+0x1bd/0x26c net/sched/sch_red.c:324
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1417
 expire_timers kernel/time/timer.c:1462 [inline]
 __run_timers.part.0+0x67c/0xa50 kernel/time/timer.c:1731
 __run_timers kernel/time/timer.c:1712 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1744
 __do_softirq+0x29b/0x9f6 kernel/softirq.c:343
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:226 [inline]
 __irq_exit_rcu kernel/softirq.c:420 [inline]
 irq_exit_rcu+0x134/0x200 kernel/softirq.c:432
 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1100
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:629
RIP: 0010:lock_release+0x3d5/0x710 kernel/locking/lockdep.c:5450
Code: 15 02 00 00 48 c7 c7 a0 a9 4b 89 e8 85 cf a1 07 b8 ff ff ff ff 65 0f c1 05 b8 2f a9 7e 83 f8 01 0f 85 67 01 00 00 ff 34 24 9d <48> b8 00 00 00 00 00 fc ff df 48 01 c5 48 c7 45 00 00 00 00 00 c7
RSP: 0018:ffffc90000defbc8 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 44d8e63185c28a0c RCX: ffffc90000defc18
RDX: 1ffff1100234381f RSI: 0000000000000000 RDI: 0000000000000000
RBP: 1ffff920001bdf7b R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000002
R13: 0000000000000003 R14: ffff888011a1c100 R15: ffff888011a1b780
 rcu_lock_release include/linux/rcupdate.h:264 [inline]
 rcu_read_unlock include/linux/rcupdate.h:702 [inline]
 batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline]
 batadv_nc_worker+0x7a3/0xe50 net/batman-adv/network-coding.c:715
 process_one_work+0x98d/0x15f0 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
================================================================================

Crashes (260):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/02/18 05:20 upstream f40ddce88593 14052202 .config console log report syz C ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/03 14:42 upstream 3aaf0a27ffc2 624dad51 .config console log report syz C ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/01/27 16:52 upstream 2ab38c17aac1 a0ebf917 .config console log report syz C ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/06 16:31 net-next-old d310ec03a34e e4b4d570 .config console log report syz C ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2020/12/20 12:07 upstream 467f8165a2b0 04201c06 .config console log report syz C ci-upstream-kasan-gce
2020/12/19 02:39 upstream a409ed156a90 04201c06 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/12/18 19:01 net-old d64c6f96ba86 04201c06 .config console log report syz C ci-upstream-net-this-kasan-gce
2021/02/01 12:16 upstream 1048ba83fb1c fc9fd31e .config console log report syz ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/01/31 22:46 upstream 6642d600b541 fc9fd31e .config console log report syz ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/01/27 17:57 upstream 2ab38c17aac1 a0ebf917 .config console log report syz ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/01/25 00:19 upstream e68061375f79 52e37319 .config console log report syz ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2020/12/18 20:12 upstream a409ed156a90 04201c06 .config console log report syz ci-upstream-kasan-gce
2020/12/18 12:09 upstream d64c6f96ba86 04201c06 .config console log report syz ci-upstream-kasan-gce
2020/12/18 06:43 upstream d64c6f96ba86 04201c06 .config console log report syz ci-upstream-kasan-gce-selinux-root
2020/12/16 23:39 upstream 5e60366d56c6 04201c06 .config console log report syz ci-upstream-kasan-gce
2020/12/16 23:13 upstream 5e60366d56c6 04201c06 .config console log report syz ci-upstream-kasan-gce
2020/12/15 04:05 linux-next 14240d4c5b25 97183ed7 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2021/03/08 10:40 upstream 3bb48a850627 09fbf400 .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/04 14:58 upstream f69d02e37a85 d7e4e604 .config console log report info ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/04 08:36 upstream f69d02e37a85 d7e4e604 .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/04 06:17 upstream f69d02e37a85 d7e4e604 .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/04 00:59 upstream f69d02e37a85 06ed56cd .config console log report info ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/03 23:03 upstream f69d02e37a85 06ed56cd .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/03 11:58 upstream f69d02e37a85 e5b64d68 .config console log report info ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/02 23:41 upstream 7a7fd0de4a98 e5b64d68 .config console log report info ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/25 15:14 upstream 29c395c77a9a 76f7fc95 .config console log report info ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/16 21:54 upstream f40ddce88593 98682e5e .config console log report info ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/13 01:50 upstream dcc0b49040c7 98682e5e .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/12 21:33 upstream dcc0b49040c7 98682e5e .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/12 15:59 upstream dcc0b49040c7 a5f86b15 .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/12 10:37 upstream dcc0b49040c7 a5f86b15 .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/11 23:25 upstream 291009f656e8 a5f86b15 .config console log report info ci-upstream-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/11 20:59 upstream 291009f656e8 a5f86b15 .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/11 19:08 upstream 291009f656e8 a5f86b15 .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/11 14:21 upstream 291009f656e8 a52ee10a .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/11 10:32 upstream 291009f656e8 a52ee10a .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/08 06:01 upstream 280d542f6ffa 09fbf400 .config console log report info ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/04 10:20 upstream f69d02e37a85 d7e4e604 .config console log report info ci-upstream-kasan-gce-386 UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/03 20:10 upstream f69d02e37a85 06ed56cd .config console log report info ci-upstream-kasan-gce-386 UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/03 18:49 upstream f69d02e37a85 06ed56cd .config console log report info ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/03 18:23 upstream f69d02e37a85 06ed56cd .config console log report info ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/26 07:14 upstream 2c87f7a38f93 76f7fc95 .config console log report info ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/14 01:25 upstream ac30d8ce28d6 98682e5e .config console log report info ci-upstream-kasan-gce-386 UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/08 14:34 net-old 9270bbe258c8 09fbf400 .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/05 07:51 net-old d93ef301644e 9d751681 .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/05 05:57 net-old d93ef301644e 9d751681 .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/04 13:51 net-old a9ecb0cbf037 d7e4e604 .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/17 04:47 net-old 3af409ca278d 98682e5e .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/10 22:09 net-old 291009f656e8 a52ee10a .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/10 21:03 net-old b8776f14a470 a52ee10a .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/10 19:48 net-old b8776f14a470 2bd9619f .config console log report info ci-upstream-net-this-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/08 23:17 net-next-old d310ec03a34e 09fbf400 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/01 12:42 net-next-old d310ec03a34e 4c37c133 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/28 21:27 net-next-old d310ec03a34e 4c37c133 .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/25 02:43 net-next-old d310ec03a34e fcc6d71b .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/11 09:30 net-next-old dc9d87581d46 a52ee10a .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/02/11 08:05 net-next-old dc9d87581d46 a52ee10a .config console log report info ci-upstream-net-kasan-gce UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/09 15:07 linux-next 3aa6f5082286 09fbf400 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/09 09:10 linux-next 3aa6f5082286 09fbf400 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/08 08:27 linux-next 4641b32307b3 09fbf400 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/08 01:59 linux-next 4641b32307b3 09fbf400 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/07 22:41 linux-next 4641b32307b3 75506d9c .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/07 01:54 linux-next 4641b32307b3 e4b4d570 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/06 09:30 linux-next 4641b32307b3 56722561 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/06 04:44 linux-next 4641b32307b3 56722561 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/05 12:26 linux-next 4641b32307b3 9d751681 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/05 11:09 linux-next 4641b32307b3 9d751681 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/04 20:21 linux-next f5427c2460eb 9d751681 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/03/04 10:19 linux-next f5427c2460eb d7e4e604 .config console log report info ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in red_adaptative_timer
2021/01/16 20:27 net-old bcd0cf19ef82 65a7a854 .config console log report info ci-upstream-net-this-kasan-gce
2020/12/07 13:47 linux-next 15ac8fdb7440 1190297f .config console log report info ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.