syzbot


UBSAN: shift-out-of-bounds in ext2_fill_super

Status: fixed on 2023/06/08 14:41
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+4fec412f59eba8c01b77@syzkaller.appspotmail.com
Fix commit: 62aeb94433fc ext2: Check block size validity during mount
First crash: 597d, last: 489d
Discussions (10)
Title Replies (including bot) Last reply
[syzbot] [ext4?] UBSAN: shift-out-of-bounds in ext2_fill_super 2 (4) 2024/06/12 06:13
[PATCH AUTOSEL 4.14 03/13] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:51
[PATCH AUTOSEL 4.19 03/13] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:51
[PATCH AUTOSEL 5.4 02/18] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:50
[PATCH AUTOSEL 5.10 04/24] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:49
[PATCH AUTOSEL 5.15 04/30] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:47
[PATCH AUTOSEL 6.1 06/49] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:45
[PATCH AUTOSEL 6.2 07/53] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:43
[PATCH AUTOSEL 6.3 09/59] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:40
[PATCH 0/2] ext2: Refuse filesystems with invalid block size 5 (5) 2023/03/01 13:05
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 UBSAN: shift-out-of-bounds in ext2_fill_super origin:lts-only C inconclusive 1037 426d 578d 0/3 upstream: reported C repro on 2023/03/10 21:57
upstream UBSAN: shift-out-of-bounds in ext2_fill_super (2) ext4 C 571 441d 484d 23/28 fixed on 2023/10/12 12:48
linux-5.15 UBSAN: shift-out-of-bounds in ext2_fill_super origin:lts-only C error 1031 425d 579d 0/3 auto-obsoleted due to no activity on 2024/10/05 12:58

Sample crash report:
memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5925 'syz-executor251'
loop0: detected capacity change from 0 to 512
================================================================================
UBSAN: shift-out-of-bounds in fs/ext2/super.c:948:25
shift exponent 524290 is too large for 32-bit type 'int'
CPU: 0 PID: 5925 Comm: syz-executor251 Not tainted 6.3.0-rc7-syzkaller-g14f8db1c0f9a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233
 show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
 dump_stack+0x1c/0x28 lib/dump_stack.c:113
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_shift_out_of_bounds+0x2f4/0x36c lib/ubsan.c:387
 ext2_fill_super+0x2074/0x23fc fs/ext2/super.c:948
 mount_bdev+0x26c/0x368 fs/super.c:1380
 ext2_mount+0x44/0x58 fs/ext2/super.c:1484
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:610
 vfs_get_tree+0x90/0x274 fs/super.c:1510
 do_new_mount+0x25c/0x8c8 fs/namespace.c:3042
 path_mount+0x590/0xe04 fs/namespace.c:3372
 do_mount fs/namespace.c:3385 [inline]
 __do_sys_mount fs/namespace.c:3594 [inline]
 __se_sys_mount fs/namespace.c:3571 [inline]
 __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3571
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
 el0_svc+0x4c/0x15c arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
================================================================================

Crashes (2265):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/05/06 10:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 90c93c40 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/05 10:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 518a39a6 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/02/21 05:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a9b06ec42c0f 4f5f5209 .config console log report syz C [mounted in repro] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/08 12:13 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 3bb1a3e1674b 7086cdb9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/08 09:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 3bb1a3e1674b 7086cdb9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/07 21:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7579d8f9bf90 7086cdb9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/07 13:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci cd6bd67ad7ab 7086cdb9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/07 11:27 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci cd6bd67ad7ab 7086cdb9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/07 08:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci cd6bd67ad7ab a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/07 00:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci cd6bd67ad7ab a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/06 22:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci cd6bd67ad7ab a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/06 19:53 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci cd6bd67ad7ab a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/06 15:27 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/06 07:16 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/06 02:09 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/05 23:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/05 20:06 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/05 10:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/05 07:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/04 21:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/04 18:06 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/01 04:58 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 babc4389 .config console log report info ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/06/01 02:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 babc4389 .config console log report info ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/31 16:28 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 e2a77acd .config console log report info ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/31 14:31 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 e2a77acd .config console log report info ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/31 08:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 09898419 .config console log report info ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/31 07:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 09898419 .config console log report info ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/31 05:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 09898419 .config console log report info ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/31 02:29 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 09898419 .config console log report info ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/30 23:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 09898419 .config console log report info ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/30 21:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 09898419 .config console log report info ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/30 17:52 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 8d5c7541 .config console log report info ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/30 12:52 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 8d5c7541 .config console log report info ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/26 11:56 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 b40ef614 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/26 06:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 b40ef614 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/26 04:20 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 b40ef614 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/26 01:32 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 21:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 20:41 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 18:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 15:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 14:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 10:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 08:29 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 06:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/24 21:03 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/24 16:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/24 14:21 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/24 13:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
* Struck through repros no longer work on HEAD.