syzbot


UBSAN: shift-out-of-bounds in ntfs_read_inode_mount

Status: upstream: reported on 2023/03/03 17:36
Labels: ntfs (incorrect?)
Reported-by: syzbot+c601e38d15ce8253186a@syzkaller.appspotmail.com
First crash: 89d, last: 75d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [ntfs?] UBSAN: shift-out-of-bounds in ntfs_read_inode_mount 0 (1) 2023/03/03 17:36

Sample crash report:
loop1: detected capacity change from 0 to 4096
================================================================================
UBSAN: shift-out-of-bounds in fs/ntfs/inode.c:1080:43
shift exponent 48 is too large for 32-bit type 'unsigned int'
CPU: 0 PID: 2557 Comm: syz-executor.1 Not tainted 6.2.0-syzkaller-13163-g04a357b1f6f0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_shift_out_of_bounds+0x3c3/0x420 lib/ubsan.c:387
 ntfs_read_locked_inode+0x4665/0x49c0 fs/ntfs/inode.c:1080
 ntfs_read_inode_mount+0xda6/0x2660 fs/ntfs/inode.c:2098
 ntfs_fill_super+0x1884/0x2bd0 fs/ntfs/super.c:2863
 mount_bdev+0x271/0x3a0 fs/super.c:1371
 legacy_get_tree+0xef/0x190 fs/fs_context.c:610
 vfs_get_tree+0x8c/0x270 fs/super.c:1501
 do_new_mount+0x28f/0xae0 fs/namespace.c:3042
 do_mount fs/namespace.c:3385 [inline]
 __do_sys_mount fs/namespace.c:3594 [inline]
 __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3571
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fee1468d62a
Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fee1548af88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 000000000001f6d9 RCX: 00007fee1468d62a
RDX: 000000002001f6c0 RSI: 000000002001f640 RDI: 00007fee1548afe0
RBP: 00007fee1548b020 R08: 00007fee1548b020 R09: 000000000000870b
R10: 000000000000870b R11: 0000000000000202 R12: 000000002001f6c0
R13: 000000002001f640 R14: 00007fee1548afe0 R15: 0000000020000000
 </TASK>
================================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/03/03 07:59 upstream 04a357b1f6f0 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: shift-out-of-bounds in ntfs_read_inode_mount
2023/03/17 09:16 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ntfs_read_inode_mount
* Struck through repros no longer work on HEAD.