syzbot


UBSAN: shift-out-of-bounds in befs_check_sb

Status: upstream: reported C repro on 2023/07/12 13:47
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+fc26c366038b54261e53@syzkaller.appspotmail.com
First crash: 238d, last: 40d
Cause bisection: failed (error log, bisect log)
  
Discussions (4)
Title Replies (including bot) Last reply
[PATCH] fs/befs: fix shift-out-of-bounds in befs_check_sb 2 (2) 2023/08/27 16:47
[PATCH RESEND] fs/befs: fix shift-out-of-bounds in befs_check_sb 2 (2) 2023/08/13 09:07
Ping 3 (3) 2023/08/13 07:50
[syzbot] [fs?] UBSAN: shift-out-of-bounds in befs_check_sb 0 (1) 2023/07/12 13:47
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 UBSAN: shift-out-of-bounds in befs_check_sb origin:upstream C error 5 43d 211d 0/3 upstream: reported C repro on 2023/08/05 00:55
linux-5.15 UBSAN: shift-out-of-bounds in befs_check_sb origin:upstream C error 8 39d 219d 0/3 upstream: reported C repro on 2023/07/28 00:42
Last patch testing requests (11)
Created Duration User Patch Repo Result
2024/02/14 11:54 25m retest repro upstream OK log
2024/02/06 08:44 17m retest repro upstream OK log
2024/01/10 06:13 27m retest repro linux-next OK log
2024/01/10 04:42 20m retest repro upstream OK log
2023/12/27 04:08 27m retest repro upstream report log
2023/12/27 04:08 17m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log
2023/12/06 04:14 16m retest repro upstream report log
2023/11/12 10:58 10m retest repro upstream report log
2023/10/11 16:43 20m retest repro linux-next error OK
2023/10/11 16:43 14m retest repro upstream report log
2023/07/25 13:10 25m ghandatmanas@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v6.5-rc1 OK log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2024/03/03 03:33 bisect fix upstream running

Sample crash report:
memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5020 'syz-executor219'
loop0: detected capacity change from 0 to 128
================================================================================
UBSAN: shift-out-of-bounds in fs/befs/super.c:96:9
shift exponent 3229888891 is too large for 32-bit type 'int'
CPU: 0 PID: 5020 Comm: syz-executor219 Not tainted 6.5.0-rc6-syzkaller-00253-g9e6c269de404 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x125/0x1b0 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_shift_out_of_bounds+0x27a/0x600 lib/ubsan.c:387
 befs_check_sb.cold+0x19/0x6f fs/befs/super.c:96
 befs_fill_super+0x9e6/0x1140 fs/befs/linuxvfs.c:873
 mount_bdev+0x30d/0x3d0 fs/super.c:1391
 legacy_get_tree+0x109/0x220 fs/fs_context.c:611
 vfs_get_tree+0x88/0x350 fs/super.c:1519
 do_new_mount fs/namespace.c:3335 [inline]
 path_mount+0x1492/0x1ed0 fs/namespace.c:3662
 do_mount fs/namespace.c:3675 [inline]
 __do_sys_mount fs/namespace.c:3884 [inline]
 __se_sys_mount fs/namespace.c:3861 [inline]
 __x64_sys_mount+0x293/0x310 fs/namespace.c:3861
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f5635d3e8ba
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd321ef8c8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffd321ef8d0 RCX: 00007f5635d3e8ba
RDX: 0000000020000100 RSI: 0000000020009e40 RDI: 00007ffd321ef8d0
RBP: 0000000000000004 R08: 00007ffd321ef910 R09: 0000000000009e1f
R10: 0000000003008001 R11: 0000000000000282 R12: 00007ffd321ef910
R13: 0000000000000003 R14: 0000000000010000 R15: 0000000000000001
 </TASK>
================================================================================

Crashes (34):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/08/20 09:49 upstream 9e6c269de404 d216d8a0 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
2023/07/09 23:21 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e40939bbfc68 668cb1fa .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2023/12/13 04:01 upstream eaadbbaaff74 ebcad15c .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in befs_check_sb
2023/07/12 03:23 upstream 3f01e9fed845 2f19aa4f .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-badwrites-root UBSAN: shift-out-of-bounds in befs_check_sb
2023/07/08 17:44 upstream 8689f4f2ea56 668cb1fa .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: shift-out-of-bounds in befs_check_sb
2023/07/08 13:56 linux-next 123212f53f3e 668cb1fa .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/23 05:29 upstream 5d9248eed480 1c0ecc51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 04:48 upstream 86c4d58a99ab 21772ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 04:47 upstream 296455ade1fd 239abf84 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 04:44 upstream 296455ade1fd 239abf84 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 04:43 upstream 296455ade1fd 239abf84 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/17 00:41 upstream 052d534373b7 2a7bcc7f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/14 20:24 upstream 052d534373b7 551587c1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in befs_check_sb
2023/10/12 08:54 upstream 8182d7a3f1b8 83165b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 04:50 upstream b0d326da462e 21772ce4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/21 17:27 linux-next ad5c60d66016 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
2023/09/13 03:26 linux-next 3c13c772fc23 59da8366 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/22 21:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/22 07:46 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/22 03:04 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/22 02:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/21 19:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/21 13:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/21 12:01 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/21 05:11 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/20 23:32 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/20 19:33 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/20 05:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/20 04:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 12:14 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 21772ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 10:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 21772ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 04:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 239abf84 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2023/07/17 03:33 linux-next 7c2878be5732 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
2023/07/08 13:43 linux-next 123212f53f3e 668cb1fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
* Struck through repros no longer work on HEAD.