From: syzbot <syzbot+13e8cd4926977f8337b6@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
xandfury@gmail.com
Subject: Re: [syzbot] [jfs?] UBSAN: shift-out-of-bounds in extAlloc (2)
Date: Sat, 27 Sep 2025 20:16:01 -0700 [thread overview]
Message-ID: <68d8a871.a00a0220.102ee.0024.GAE@google.com> (raw)
In-Reply-To: <87zfafi8w9.fsf@gmail.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
UBSAN: shift-out-of-bounds in extAlloc
loop0: detected capacity change from 0 to 32768
------------[ cut here ]------------
UBSAN: shift-out-of-bounds in fs/jfs/jfs_extent.c:329:16
shift exponent 64 is too large for 64-bit type 's64' (aka 'long long')
CPU: 0 UID: 0 PID: 6607 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
ubsan_epilogue+0xa/0x40 lib/ubsan.c:233
__ubsan_handle_shift_out_of_bounds+0x386/0x410 lib/ubsan.c:494
extBalloc fs/jfs/jfs_extent.c:329 [inline]
extAlloc+0xd52/0xfb0 fs/jfs/jfs_extent.c:127
jfs_get_block+0x346/0xab0 fs/jfs/inode.c:248
__block_write_begin_int+0x6b2/0x1900 fs/buffer.c:2145
block_write_begin+0x8a/0x120 fs/buffer.c:2256
jfs_write_begin+0x35/0x80 fs/jfs/inode.c:300
generic_perform_write+0x29a/0x8c0 mm/filemap.c:4175
generic_file_write_iter+0x118/0x550 mm/filemap.c:4318
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x5d2/0xb40 fs/read_write.c:686
ksys_write+0x14b/0x260 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fddbbcbebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fddbb32e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fddbbee5fa0 RCX: 00007fddbbcbebe9
RDX: 00000000fffffdef RSI: 00002000000000c0 RDI: 0000000000000005
RBP: 00007fddbbd41e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fddbbee6038 R14: 00007fddbbee5fa0 R15: 00007ffefffbcc18
</TASK>
---[ end trace ]---
Tested on:
commit: 51a24b7d Merge tag 'trace-tools-v6.17-rc5' of git://gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15f67142580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f5b21423ca3f0a96
dashboard link: https://syzkaller.appspot.com/bug?extid=13e8cd4926977f8337b6
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Note: no patches were applied.
next parent reply other threads:[~2025-09-28 3:16 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <87zfafi8w9.fsf@gmail.com>
2025-09-28 3:16 ` syzbot [this message]
[not found] <177644283705.3787593.12153382858474209734@talencesecurity.com>
2026-04-17 17:48 ` [syzbot] [jfs?] UBSAN: shift-out-of-bounds in extAlloc (2) syzbot
[not found] <20260417101220.2490685-1-tristmd@gmail.com>
2026-04-17 11:01 ` syzbot
2024-05-03 13:40 syzbot
2024-05-31 11:06 ` Jeongjun Park
2024-05-31 18:18 ` syzbot
2024-06-01 0:29 ` Changheon LEE
2024-06-01 2:56 ` Jeongjun Park
2024-06-01 3:00 ` Jeongjun Park
2024-06-01 3:31 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=68d8a871.a00a0220.102ee.0024.GAE@google.com \
--to=syzbot+13e8cd4926977f8337b6@syzkaller.appspotmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=xandfury@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.