Re: [syzbot] UBSAN: shift-out-of-bounds in jfs_open

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+027aa1f5f8487ba60a97@syzkaller.appspotmail.com>
To: jfs-discussion@lists.sourceforge.net,
	linux-kernel@vger.kernel.org, shaggy@kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] UBSAN: shift-out-of-bounds in jfs_open
Date: Tue, 27 Sep 2022 14:49:55 -0700	[thread overview]
Message-ID: <000000000000eb6db305e9af9f59@google.com> (raw)
In-Reply-To: <000000000000df57ee05e9978cce@google.com>

syzbot has found a reproducer for the following issue on:

HEAD commit:    3800a713b607 Merge tag 'mm-hotfixes-stable-2022-09-26' of ..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1073ecd4880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=ba0d23aa7e1ffaf5
dashboard link: https://syzkaller.appspot.com/bug?extid=027aa1f5f8487ba60a97
compiler:       Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=103ceaa8880000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=125bd024880000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+027aa1f5f8487ba60a97@syzkaller.appspotmail.com

================================================================================
UBSAN: shift-out-of-bounds in fs/jfs/file.c:65:20
shift exponent 8205 is too large for 64-bit type '__u64' (aka 'unsigned long long')
CPU: 1 PID: 3690 Comm: syz-executor342 Not tainted 6.0.0-rc7-syzkaller-00029-g3800a713b607 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_shift_out_of_bounds+0x33d/0x3b0 lib/ubsan.c:322
 jfs_open+0x3a2/0x3d0 fs/jfs/file.c:65
 do_dentry_open+0x777/0x1180 fs/open.c:880
 do_open fs/namei.c:3557 [inline]
 path_openat+0x25fc/0x2df0 fs/namei.c:3691
 do_filp_open+0x264/0x4f0 fs/namei.c:3718
 do_sys_openat2+0x124/0x4e0 fs/open.c:1313
 do_sys_open fs/open.c:1329 [inline]
 __do_sys_openat fs/open.c:1345 [inline]
 __se_sys_openat fs/open.c:1340 [inline]
 __x64_sys_openat+0x243/0x290 fs/open.c:1340
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f2044cd6ed9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2044c4c278 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f2044d624b0 RCX: 00007f2044cd6ed9
RDX: 0000000000161842 RSI: 000000002000c380 RDI: 00000000ffffff9c
RBP: 00007f2044d2de4c R08: 00007f2044c4c700 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2044d29108
R13: 0030656c69662f2e R14: 00007f2044c4c400 R15: 00007f2044d624b8
 </TASK>
================================================================================

     prev parent reply	other threads:[~2022-09-27 21:50 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-26 17:06 [syzbot] UBSAN: shift-out-of-bounds in jfs_open syzbot
2022-09-27 21:49 ` syzbot [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000eb6db305e9af9f59@google.com \
    --to=syzbot+027aa1f5f8487ba60a97@syzkaller.appspotmail.com \
    --cc=jfs-discussion@lists.sourceforge.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=shaggy@kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.