From: syzbot <syzbot+4b717071f1eecb2972df@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org
Subject: Forwarded: UBSAN: shift-out-of-bounds in dbAllocAG (3)
Date: Fri, 17 Oct 2025 13:13:14 -0700 [thread overview]
Message-ID: <68f2a35a.050a0220.91a22.0429.GAE@google.com> (raw)
In-Reply-To: <68f1c794.a00a0220.361615.000f.GAE@google.com>
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject: UBSAN: shift-out-of-bounds in dbAllocAG (3)
Author: hsukrut3@gmail.com
#syz test
---
fs/jfs/jfs_dmap.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index cdfa699cd7c8..76f4b9322034 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -1372,6 +1372,12 @@ dbAllocAG(struct bmap * bmp, int agno, s64 nblocks, int l2nb, s64 * results)
dcp = (struct dmapctl *) mp->data;
budmin = dcp->budmin;
+ if (unlikely(budmin < 0)) {
+ jfs_err("JFS: dmapctl corruption: budmin=%d", budmin);
+ release_metapage(mp);
+ return -EIO;
+ }
+
if (dcp->leafidx != cpu_to_le32(CTLLEAFIND)) {
jfs_error(bmp->db_ipbmap->i_sb, "Corrupt dmapctl page\n");
release_metapage(mp);
--
2.43.0
next prev parent reply other threads:[~2025-10-17 20:13 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-17 4:35 [syzbot] [jfs?] UBSAN: shift-out-of-bounds in dbAllocAG (3) syzbot
2025-10-17 8:13 ` [PATCH] jfs: test syz test Pei Xiao
2025-10-17 8:24 ` Pei Xiao
2025-10-17 10:52 ` [syzbot] [jfs?] UBSAN: shift-out-of-bounds in dbAllocAG (3) syzbot
2025-10-17 19:25 ` Forwarded: " syzbot
2025-10-17 20:13 ` syzbot [this message]
2026-04-17 10:12 ` Forwarded: [PATCH] jfs: validate budmin from dmapctl to prevent shift-out-of-bounds syzbot
2026-04-17 16:20 ` Forwarded: Re: [syzbot] UBSAN: shift-out-of-bounds in dbAllocAG syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=68f2a35a.050a0220.91a22.0429.GAE@google.com \
--to=syzbot+4b717071f1eecb2972df@syzkaller.appspotmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.