UBSAN: shift-out-of-bounds in gfs2_dir

Date	Name	Commit	Repro	Result
2025/07/15	upstream (ToT)	155a3c003e55	C	[report] UBSAN: shift-out-of-bounds in gfs2_dir_read

Date

Name

Commit

Repro

Result

2025/07/15

upstream (ToT)

155a3c003e55

[report] UBSAN: shift-out-of-bounds in gfs2_dir_read

Kernel	Title	Rank 🛈	Repro	Count	Last	Reported	Patched	Status
upstream	UBSAN: shift-out-of-bounds in gfs2_dir_read gfs2	-1		1	202d	198d	0/29	auto-obsoleted due to no activity on 2025/04/06 22:03
upstream	UBSAN: shift-out-of-bounds in gfs2_dir_read (2) gfs2	-1	C	11	3d02h	3d15h	2/29	upstream: reported C repro on 2025/07/14 17:53
linux-6.1	UBSAN: shift-out-of-bounds in gfs2_dir_read	-1	C	4	2d16h	3d07h	0/3	upstream: reported C repro on 2025/07/15 01:59

gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms gfs2: fsid=syz:syz.s: first mount done, others may mount ================================================================================ UBSAN: shift-out-of-bounds in fs/gfs2/dir.c:1542:15 shift exponent 32 is too large for 32-bit type 'u32' (aka 'unsigned int') CPU: 1 PID: 4165 Comm: syz.0.16 Not tainted 5.15.188-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call trace: dump_backtrace+0x0/0x43c arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack+0x30/0x40 lib/dump_stack.c:88 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106 dump_stack+0x1c/0x5c lib/dump_stack.c:113 ubsan_epilogue+0x14/0x48 lib/ubsan.c:151 __ubsan_handle_shift_out_of_bounds+0x2b4/0x358 lib/ubsan.c:321 dir_e_read fs/gfs2/dir.c:1542 [inline] gfs2_dir_read+0x1348/0x138c fs/gfs2/dir.c:1583 gfs2_readdir+0x134/0x194 fs/gfs2/file.c:115 iterate_dir+0x1f0/0x4cc fs/readdir.c:-1 __do_sys_getdents64 fs/readdir.c:369 [inline] __se_sys_getdents64 fs/readdir.c:354 [inline] __arm64_sys_getdents64+0x11c/0x340 fs/readdir.c:354 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 ================================================================================ gfs2: fsid=syz:syz.s: fatal: filesystem consistency error inode = 12 2341 function = gfs2_dir_get_hash_table, file = fs/gfs2/dir.c, line = 350 gfs2: fsid=syz:syz.s: about to withdraw this file system gfs2: fsid=syz:syz.s: Journal recovery skipped for jid 0 until next mount. gfs2: fsid=syz:syz.s: Glock dequeues delayed: 0 gfs2: fsid=syz:syz.s: File system withdrawn CPU: 0 PID: 4165 Comm: syz.0.16 Not tainted 5.15.188-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call trace: dump_backtrace+0x0/0x43c arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack+0x30/0x40 lib/dump_stack.c:88 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106 dump_stack+0x1c/0x5c lib/dump_stack.c:113 gfs2_withdraw+0xc60/0x129c fs/gfs2/util.c:355 gfs2_consist_inode_i+0xcc/0xe8 fs/gfs2/util.c:456 gfs2_dir_get_hash_table+0x194/0x830 fs/gfs2/dir.c:350 dir_e_read fs/gfs2/dir.c:1546 [inline] gfs2_dir_read+0x2b8/0x138c fs/gfs2/dir.c:1583 gfs2_readdir+0x134/0x194 fs/gfs2/file.c:115 iterate_dir+0x1f0/0x4cc fs/readdir.c:-1 __do_sys_getdents64 fs/readdir.c:369 [inline] __se_sys_getdents64 fs/readdir.c:354 [inline] __arm64_sys_getdents64+0x11c/0x340 fs/readdir.c:354 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Crashes (7):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/07/15 19:58	linux-5.15.y	89950c454265	03fcfc4b	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-linux-5-15-kasan-arm64	UBSAN: shift-out-of-bounds in gfs2_dir_read
2025/07/15 19:32	linux-5.15.y	89950c454265	03fcfc4b	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-linux-5-15-kasan-arm64	UBSAN: shift-out-of-bounds in gfs2_dir_read
2025/07/15 18:54	linux-5.15.y	89950c454265	03fcfc4b	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-linux-5-15-kasan-arm64	UBSAN: shift-out-of-bounds in gfs2_dir_read
2025/07/15 18:27	linux-5.15.y	89950c454265	03fcfc4b	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-linux-5-15-kasan-arm64	UBSAN: shift-out-of-bounds in gfs2_dir_read
2025/07/15 17:57	linux-5.15.y	89950c454265	03fcfc4b	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-linux-5-15-kasan-arm64	UBSAN: shift-out-of-bounds in gfs2_dir_read
2025/07/15 02:48	linux-5.15.y	89950c454265	d8fc7335	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan-arm64	UBSAN: shift-out-of-bounds in gfs2_dir_read
2025/07/15 02:47	linux-5.15.y	89950c454265	d8fc7335	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan-arm64	UBSAN: shift-out-of-bounds in gfs2_dir_read

Crashes (7):

Assets (help?)