syzbot


UBSAN: shift-out-of-bounds in xa_load

Status: auto-obsoleted due to no activity on 2024/03/14 12:54
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+bd5b57a026c028fc99b1@syzkaller.appspotmail.com
First crash: 135d, last: 135d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [mm?] UBSAN: shift-out-of-bounds in xa_load 0 (1) 2023/12/12 13:42

Sample crash report:
================================================================================
UBSAN: shift-out-of-bounds in lib/xarray.c:195:22
shift exponent 72 is too large for 64-bit type 'long unsigned int'
CPU: 0 PID: 5105 Comm: syz-executor.3 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x125/0x1b0 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_shift_out_of_bounds+0x2a6/0x480 lib/ubsan.c:387
 xas_start.cold+0x35/0x3a lib/xarray.c:195
 xas_load+0x1c/0x140 lib/xarray.c:237
 xa_load+0xf9/0x2c0 lib/xarray.c:1461
 list_lru_from_memcg_idx mm/list_lru.c:56 [inline]
 list_lru_from_memcg_idx mm/list_lru.c:53 [inline]
 list_lru_from_kmem mm/list_lru.c:78 [inline]
 list_lru_add+0x3d2/0x540 mm/list_lru.c:128
 __inode_add_lru.part.0+0x109/0x1d0 fs/inode.c:467
 __inode_add_lru fs/inode.c:460 [inline]
 iput_final fs/inode.c:1754 [inline]
 iput.part.0+0x6a9/0x7b0 fs/inode.c:1803
 iput+0x5c/0x80 fs/inode.c:1793
 dentry_unlink_inode+0x292/0x430 fs/dcache.c:401
 __dentry_kill+0x3b8/0x640 fs/dcache.c:607
 shrink_dentry_list+0x11e/0x4a0 fs/dcache.c:1201
 shrink_dcache_parent+0xdf/0x3b0 fs/dcache.c:1652
 do_one_tree fs/dcache.c:1681 [inline]
 shrink_dcache_for_umount+0x79/0x340 fs/dcache.c:1698
 generic_shutdown_super+0x76/0x3d0 fs/super.c:668
 kill_block_super+0x3b/0x90 fs/super.c:1667
 deactivate_locked_super+0xbc/0x1a0 fs/super.c:484
 deactivate_super+0xde/0x100 fs/super.c:517
 cleanup_mnt+0x222/0x450 fs/namespace.c:1256
 task_work_run+0x14d/0x240 kernel/task_work.c:180
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xa92/0x2ae0 kernel/exit.c:871
 do_group_exit+0xd4/0x2a0 kernel/exit.c:1021
 __do_sys_exit_group kernel/exit.c:1032 [inline]
 __se_sys_exit_group kernel/exit.c:1030 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1030
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7faf0c27cae9
Code: Unable to access opcode bytes at 0x7faf0c27cabf.
RSP: 002b:00007fff1203b1f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007faf0c27cae9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b
RBP: 00007fff1203b88c R08: 0000000000000001 R09: 000000000000000b
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000032
R13: 000000000012dca2 R14: 000000000012d97d R15: 0000000000000004
 </TASK>
================================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/12/05 12:53 upstream bee0e7762ad2 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in xa_load
* Struck through repros no longer work on HEAD.