syzbot


UBSAN: shift-out-of-bounds in chkSuper

Status: fixed on 2021/04/09 19:46
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+36315852ece4132ec193@syzkaller.appspotmail.com
Fix commit: 3bef198f1b17 JFS: more checks for invalid superblock
First crash: 1287d, last: 1217d
Cause bisection: introduced by (bisect log) [release commit]:
commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sun Sep 15 21:19:32 2019 +0000

  Linux 5.3

Crash: UBSAN: undefined-behaviour in chkSuper (log)
Repro: C syz .config
  
Duplicate bugs (1)
duplicates (1):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
UBSAN: shift-out-of-bounds in diReadSpecial jfs 18 1216d 1263d 0/27 closed as dup on 2021/01/05 16:08
Discussions (13)
Title Replies (including bot) Last reply
[PATCH 4.9 00/41] 4.9.260-rc1 review 47 (47) 2021/03/12 20:24
[PATCH 5.10 000/102] 5.10.21-rc1 review 119 (119) 2021/03/08 13:21
[PATCH 4.19 00/52] 4.19.179-rc1 review 57 (57) 2021/03/07 22:57
[PATCH 4.4 00/30] 4.4.260-rc1 review 40 (40) 2021/03/07 20:18
[PATCH 5.11 000/104] 5.11.4-rc1 review 119 (119) 2021/03/07 11:37
[PATCH AUTOSEL 5.11 01/67] ath10k: prevent deinitializing NAPI twice 80 (80) 2021/03/06 17:52
[PATCH 5.4 00/72] 5.4.103-rc1 review 80 (80) 2021/03/06 16:33
[PATCH 4.14 00/39] 4.14.224-rc1 review 42 (42) 2021/03/06 16:30
[PATCH AUTOSEL 5.10 01/56] EDAC/amd64: Do not load on family 0x15, model 0x13 59 (59) 2021/03/05 12:40
UBSAN: shift-out-of-bounds in diReadSpecial 1 (2) 2021/01/05 16:07
[PATCH v2] JFS: more checks for invalid superblock 2 (2) 2020/12/18 20:31
[PATCH] JFS: more checks for invalid superblock 3 (3) 2020/12/18 20:14
UBSAN: shift-out-of-bounds in chkSuper 0 (1) 2020/12/16 14:14

Sample crash report:
loop0: detected capacity change from 128 to 0
================================================================================
UBSAN: shift-out-of-bounds in fs/jfs/jfs_mount.c:373:25
shift exponent -9716 is negative
CPU: 0 PID: 8511 Comm: syz-executor446 Not tainted 5.10.0-rc7-next-20201210-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:395
 chkSuper.cold+0x1e/0x8b fs/jfs/jfs_mount.c:373
 jfs_mount+0x47/0x3d0 fs/jfs/jfs_mount.c:82
 jfs_fill_super+0x5b1/0xbc0 fs/jfs/super.c:562
 mount_bdev+0x34d/0x410 fs/super.c:1366
 legacy_get_tree+0x105/0x220 fs/fs_context.c:592
 vfs_get_tree+0x89/0x2f0 fs/super.c:1496
 do_new_mount fs/namespace.c:2896 [inline]
 path_mount+0x12ae/0x1e70 fs/namespace.c:3227
 do_mount fs/namespace.c:3240 [inline]
 __do_sys_mount fs/namespace.c:3448 [inline]
 __se_sys_mount fs/namespace.c:3425 [inline]
 __x64_sys_mount+0x27f/0x300 fs/namespace.c:3425
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x446d5a
Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007fff49981e98 EFLAGS: 00000283 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fff49981ee0 RCX: 0000000000446d5a
RDX: 0000000020000000 RSI: 0000000020000080 RDI: 00007fff49981ea0
RBP: 00007fff49981ea0 R08: 00007fff49981ee0 R09: 6f6f6c2f7665642f
R10: 0000000000000001 R11: 0000000000000283 R12: 0000000000000004
R13: 0000000000000003 R14: 0000000000000003 R15: 0000000000000001
================================================================================

Crashes (28):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/12/12 21:22 linux-next 14240d4c5b25 bca53db9 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2021/02/20 13:00 upstream f40ddce88593 3e5ed8b4 .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in chkSuper
2021/02/15 03:25 upstream f40ddce88593 98682e5e .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in chkSuper
2021/02/13 12:28 upstream c6d8570e4d64 98682e5e .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in chkSuper
2021/02/13 09:53 upstream c6d8570e4d64 98682e5e .config console log report info ci-qemu-upstream UBSAN: shift-out-of-bounds in chkSuper
2021/02/12 13:54 upstream dcc0b49040c7 a5f86b15 .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in chkSuper
2021/02/12 13:45 upstream dcc0b49040c7 a5f86b15 .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in chkSuper
2021/02/12 13:40 upstream dcc0b49040c7 a5f86b15 .config console log report info ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in chkSuper
2021/02/12 03:06 upstream 291009f656e8 a5f86b15 .config console log report info ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in chkSuper
2021/02/12 02:20 upstream 291009f656e8 a5f86b15 .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in chkSuper
2021/02/11 22:50 upstream 291009f656e8 a5f86b15 .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in chkSuper
2021/02/11 22:43 upstream 291009f656e8 a5f86b15 .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in chkSuper
2021/02/06 22:36 upstream 1e0d27fce010 0655e081 .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in chkSuper
2021/01/31 14:32 upstream 6642d600b541 fc9fd31e .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in chkSuper
2021/01/31 01:44 upstream 8c947645151c fc9fd31e .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in chkSuper
2021/01/26 18:33 upstream 13391c60da33 55a7d4df .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in chkSuper
2021/01/20 10:55 upstream 45dfb8a5659a d4f4eca5 .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in chkSuper
2021/01/18 00:06 upstream a1339d6355ac 813be542 .config console log report info ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in chkSuper
2021/01/17 22:10 upstream a1339d6355ac 813be542 .config console log report info ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in chkSuper
2021/02/04 13:11 upstream 61556703b610 42b90a7c .config console log report info ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in chkSuper
2021/01/16 01:24 upstream f4e087c666f5 65a7a854 .config console log report info ci-upstream-kasan-gce-smack-root
2021/01/16 00:42 upstream 5ee88057889b 65a7a854 .config console log report info ci-upstream-kasan-gce-selinux-root
2021/01/11 00:19 upstream 0653161f0fac 2c1f2513 .config console log report info ci-upstream-kasan-gce-root
2021/01/10 22:48 upstream 0653161f0fac 2c1f2513 .config console log report info ci-qemu-upstream
2020/12/25 06:04 upstream 3913d00ac51a c2c1d1dd .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/22 20:24 upstream 8653b778e454 04201c06 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/16 20:07 linux-next 26aed0ea32c8 04201c06 .config console log report info ci-upstream-linux-next-kasan-gce-root
2020/12/12 14:11 linux-next 14240d4c5b25 bca53db9 .config console log report info ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.