syzbot

 sign-in | mailing list | source | docs
🐞 Open [1595]
Subsystems
🐞 Fixed [6224]
🐞 Invalid [15741]
Missing Backports [182]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: shift-out-of-bounds in ntfs_read_inode_mount

Status: auto-obsoleted due to no activity on 2024/04/18 03:17
Subsystems: ntfs3
[Documentation on labels]
Reported-by: syzbot+c601e38d15ce8253186a@syzkaller.appspotmail.com
First crash: 800d, last: 489d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: fixed by (bisect log) :
commit 6f861765464f43a71462d52026fbddfc858239a5
Author: Jan Kara <jack@suse.cz>
Date: Wed Nov 1 17:43:10 2023 +0000

  fs: Block writes to mounted block devices

  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [ntfs?] UBSAN: shift-out-of-bounds in ntfs_read_inode_mount 0 (3) 2024/02/19 22:18
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 UBSAN: shift-out-of-bounds in ntfs_read_inode_mount origin:upstream missing-backport C done 1 5d16h 666d 0/3 upstream: reported C repro on 2023/07/15 21:00
linux-6.1 UBSAN: shift-out-of-bounds in ntfs_read_inode_mount origin:upstream missing-backport C done 2 311d 701d 0/3 upstream: reported C repro on 2023/06/11 05:24
Last patch testing requests (10)
Created Duration User Patch Repo Result
2024/03/23 20:52 25m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci OK log
2024/02/10 20:52 21m retest repro upstream OK log
2024/01/28 04:01 21m retest repro upstream OK log
2024/01/09 02:48 28m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log
2024/01/09 02:45 16m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log
2023/12/17 21:39 10m retest repro upstream report log
2023/12/02 07:45 13m retest repro upstream report log
2023/11/18 07:26 15m retest repro upstream report log
2023/10/31 01:46 17m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log
2023/09/05 03:37 9m retest repro upstream report log
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2024/02/19 17:27 4h49m bisect fix upstream OK (1) job log
2023/10/08 20:12 1h19m bisect fix upstream OK (0) job log log

Sample crash report:
loop0: detected capacity change from 0 to 4096
ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
================================================================================
UBSAN: shift-out-of-bounds in fs/ntfs/inode.c:1080:43
shift exponent 267 is too large for 32-bit type 'unsigned int'
CPU: 1 PID: 5056 Comm: syz-executor112 Not tainted 6.6.0-syzkaller-12401-g8f6f76a6a29f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_shift_out_of_bounds+0x3c3/0x420 lib/ubsan.c:387
 ntfs_read_locked_inode+0x45eb/0x4940 fs/ntfs/inode.c:1080
 ntfs_read_inode_mount+0xda6/0x2660 fs/ntfs/inode.c:2098
 ntfs_fill_super+0x1883/0x2bd0 fs/ntfs/super.c:2863
 mount_bdev+0x237/0x300 fs/super.c:1650
 legacy_get_tree+0xef/0x190 fs/fs_context.c:662
 vfs_get_tree+0x8c/0x280 fs/super.c:1771
 do_new_mount+0x28f/0xae0 fs/namespace.c:3337
 do_mount fs/namespace.c:3677 [inline]
 __do_sys_mount fs/namespace.c:3886 [inline]
 __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3863
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fefc31cacfa
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffce7479ba8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffce7479bc0 RCX: 00007fefc31cacfa
RDX: 0000000020000000 RSI: 000000002001ee80 RDI: 00007ffce7479bc0
RBP: 0000000000000004 R08: 00007ffce7479c00 R09: 000000000001ee6c
R10: 0000000000800804 R11: 0000000000000286 R12: 0000000000800804
R13: 00007ffce7479c00 R14: 0000000000000003 R15: 0000000000200000
 </TASK>
================================================================================

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/04 05:12 upstream 8f6f76a6a29f 500bfdc4 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in ntfs_read_inode_mount
2023/07/10 22:41 upstream 3f01e9fed845 52ae002a .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in ntfs_read_inode_mount
2023/06/11 05:05 upstream 022ce8862dff 49519f06 .config strace log report syz C [mounted in repro] ci2-upstream-fs UBSAN: shift-out-of-bounds in ntfs_read_inode_mount
2023/06/11 04:58 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci d8b213732169 7086cdb9 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ntfs_read_inode_mount
2023/03/03 07:59 upstream 04a357b1f6f0 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: shift-out-of-bounds in ntfs_read_inode_mount
2023/03/17 09:16 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ntfs_read_inode_mount
* Struck through repros no longer work on HEAD.