syzbot

 sign-in | mailing list | source | docs
🐞 Open [1280] Subsystems 🐞 Fixed [5427] 🐞 Invalid [12863] Missing Backports [106] 📈 Kernel Health 📈 Bugs/Month 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 📈 Coverage 💬 Send us feedback

UBSAN: shift-out-of-bounds in read_one_super

Status: fixed on 2024/06/05 13:52
Subsystems: bcachefs
[Documentation on labels]
Reported-by: syzbot+a8b0fb419355c91dda7f@syzkaller.appspotmail.com
Fix commit: 71dac2482ad3 bcachefs: BCH_SB_LAYOUT_SIZE_BITS_MAX
First crash: 52d, last: 22d
Cause bisection: introduced by (bisect log) :
commit 03ef80b469d5d83530ce1ce15be78a40e5300f9b
Author: Kent Overstreet <kent.overstreet@linux.dev>
Date: Sat Sep 23 22:41:51 2023 +0000

  bcachefs: Ignore unknown mount options

Crash: UBSAN: shift-out-of-bounds in read_one_super (log)
Repro: syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [bcachefs?] UBSAN: shift-out-of-bounds in read_one_super 0 (2) 2024/05/07 11:30
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: shift-out-of-bounds in read_one_super (2) bcachefs 4 13d 9d13h 20/27 upstream: reported on 2024/06/17 08:59

Sample crash report:
loop3: detected capacity change from 0 to 32799
------------[ cut here ]------------
UBSAN: shift-out-of-bounds in fs/bcachefs/super-io.c:652:18
shift exponent 32 is too large for 32-bit type 'int'
CPU: 1 PID: 7180 Comm: syz-executor245 Not tainted 6.9.0-rc6-syzkaller-g78186bd77b47 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:317
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:324
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:114
 dump_stack+0x1c/0x28 lib/dump_stack.c:123
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_shift_out_of_bounds+0x2f4/0x36c lib/ubsan.c:468
 read_one_super+0xab8/0x2614 fs/bcachefs/super-io.c:652
 __bch2_read_super+0x714/0x10a8 fs/bcachefs/super-io.c:750
 bch2_read_super+0x38/0x4c fs/bcachefs/super-io.c:842
 bch2_fs_open+0x1e0/0xb64 fs/bcachefs/super.c:2049
 bch2_mount+0x558/0xe10 fs/bcachefs/fs.c:1903
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:662
 vfs_get_tree+0x90/0x288 fs/super.c:1779
 do_new_mount+0x278/0x900 fs/namespace.c:3352
 path_mount+0x590/0xe04 fs/namespace.c:3679
 do_mount fs/namespace.c:3692 [inline]
 __do_sys_mount fs/namespace.c:3898 [inline]
 __se_sys_mount fs/namespace.c:3875 [inline]
 __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3875
 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
---[ end trace ]---
bcachefs (/dev/loop3): error reading default superblock: Invalid superblock: too big (got 4696 bytes, layout max 2199023255552)
bcachefs (/dev/loop3): error reading superblock: Not a bcachefs superblock (got magic 00000000-0000-0000-0000-000000000000)Not a bcachefs superblock (got magic 00000000-0000-0000-0000-000000000000)

Crashes (31):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/06 08:31 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 78186bd77b47 610f2a54 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/06 13:17 upstream dd5a440a31fa d884b519 .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: shift-out-of-bounds in read_one_super
2024/05/06 04:31 upstream b9158815de52 610f2a54 .config strace log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: shift-out-of-bounds in read_one_super
2024/05/06 02:11 upstream b9158815de52 610f2a54 .config console log report syz [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-qemu-upstream UBSAN: shift-out-of-bounds in read_one_super
2024/05/05 14:26 upstream 7367539ad4b0 610f2a54 .config console log report syz [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-qemu-upstream UBSAN: shift-out-of-bounds in read_one_super
2024/05/07 18:16 upstream dccb07f2914c cb2dcc0e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in read_one_super
2024/05/05 11:33 upstream 7367539ad4b0 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in read_one_super
2024/05/06 02:04 upstream b9158815de52 610f2a54 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in read_one_super
2024/05/05 14:17 upstream 7367539ad4b0 610f2a54 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: shift-out-of-bounds in read_one_super
2024/05/09 09:22 upstream 6d7ddd805123 20bf80e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in read_one_super
2024/06/04 15:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c a1feae05 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/06/03 23:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c 0aba2352 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/06/01 23:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c 3113787f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/06/01 23:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c 3113787f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/24 22:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/21 22:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c 1014eca7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/21 22:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c 1014eca7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/19 22:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/19 13:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/19 05:29 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/14 06:41 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/14 05:29 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/14 05:16 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/13 03:28 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/11 15:37 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/10 07:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c4d6737dc9da de979bc2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/09 19:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c4d6737dc9da de979bc2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/07 06:28 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 78186bd77b47 c035c6de .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/06 08:01 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 78186bd77b47 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/05 05:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 78186bd77b47 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
2024/05/05 01:21 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 78186bd77b47 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in read_one_super
* Struck through repros no longer work on HEAD.