syzbot

 sign-in | mailing list | source | docs
🐞 Open [560] 🐞 Fixed [32] 🐞 Invalid [300] Missing Backports [45] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

UBSAN: shift-out-of-bounds in parse_options

Status: upstream: reported C repro on 2023/11/19 20:08
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+de6af439f087e7e7b142@syzkaller.appspotmail.com
First crash: 164d, last: 164d
Bug presence (2)
Date Name Commit Repro Result
2023/11/19 linux-5.15.y (ToT) 80529b4968a8 C [report] UBSAN: shift-out-of-bounds in parse_options
2023/11/19 upstream (ToT) 037266a5f723 C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-15 UBSAN: shift-out-of-bounds in parse_options ext4 origin:lts C error 9 14d 480d 0/2 upstream: reported C repro on 2023/01/08 05:56
Fix bisection attempts (3)
Created Duration User Patch Repo Result
2024/02/27 12:08 6h19m fix candidate upstream job log (1)
2024/01/22 16:01 12h12m fix candidate upstream error job log (0)
2023/12/14 01:21 12h00m fix candidate upstream error job log (0)

Sample crash report:
loop0: detected capacity change from 0 to 512
EXT4-fs (loop0): Mount option "nouser_xattr" will be removed by 3.5
Contact linux-ext4@vger.kernel.org if you think we should keep it.
================================================================================
UBSAN: shift-out-of-bounds in fs/ext4/super.c:2494:15
shift exponent 1919383155 is too large for 32-bit type 'int'
CPU: 1 PID: 3698 Comm: syz-executor195 Not tainted 5.15.138-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_shift_out_of_bounds+0x3bf/0x420 lib/ubsan.c:321
 parse_options+0x324d/0x32b0 fs/ext4/super.c:2494
 ext4_fill_super+0x236e/0xa110 fs/ext4/super.c:4168
 mount_bdev+0x2c9/0x3f0 fs/super.c:1387
 legacy_get_tree+0xeb/0x180 fs/fs_context.c:611
 vfs_get_tree+0x88/0x270 fs/super.c:1517
 do_new_mount+0x28b/0xae0 fs/namespace.c:2994
 do_mount fs/namespace.c:3337 [inline]
 __do_sys_mount fs/namespace.c:3545 [inline]
 __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3522
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f48459ca0aa
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4845985088 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f48459ca0aa
RDX: 0000000020000040 RSI: 0000000020000500 RDI: 00007f48459850a0
RBP: 00007f48459850a0 R08: 00007f48459850e0 R09: 00007f48459850e0
R10: 0000000000004500 R11: 0000000000000206 R12: 00007f48459850e0
R13: 0000000000004500 R14: 0000000000000003 R15: 0000000000040000
 </TASK>
================================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/19 20:07 linux-5.15.y 80529b4968a8 cb976f63 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan UBSAN: shift-out-of-bounds in parse_options
* Struck through repros no longer work on HEAD.