syzbot

 sign-in | mailing list | source | docs
🐞 Open [1413]
Subsystems
🐞 Fixed [5827]
🐞 Invalid [14217]
Missing Backports [92]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: shift-out-of-bounds in befs_check_sb

Status: upstream: reported C repro on 2023/07/12 13:47
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+fc26c366038b54261e53@syzkaller.appspotmail.com
First crash: 501d, last: 20d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: fixed by (bisect log) :
commit 6f861765464f43a71462d52026fbddfc858239a5
Author: Jan Kara <jack@suse.cz>
Date: Wed Nov 1 17:43:10 2023 +0000

  fs: Block writes to mounted block devices

  
Discussions (4)
Title Replies (including bot) Last reply
[PATCH] fs/befs: fix shift-out-of-bounds in befs_check_sb 9 (9) 2024/07/04 15:04
[syzbot] [fs?] UBSAN: shift-out-of-bounds in befs_check_sb 0 (2) 2024/03/03 08:30
[PATCH RESEND] fs/befs: fix shift-out-of-bounds in befs_check_sb 2 (2) 2023/08/13 09:07
Ping 3 (3) 2023/08/13 07:50
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 UBSAN: shift-out-of-bounds in befs_check_sb origin:upstream C error 5 306d 474d 0/3 upstream: reported C repro on 2023/08/05 00:55
linux-5.15 UBSAN: shift-out-of-bounds in befs_check_sb origin:upstream C error 8 46d 482d 0/3 upstream: reported C repro on 2023/07/28 00:42
Last patch testing requests (11)
Created Duration User Patch Repo Result
2024/10/31 15:28 11m retest repro upstream report log
2024/10/17 08:12 28m retest repro upstream report log
2024/08/22 14:54 26m retest repro upstream report log
2024/08/08 07:40 15m retest repro upstream report log
2024/06/27 18:32 3h30m retest repro upstream OK log
2024/06/13 14:35 19m retest repro upstream report log
2024/05/30 06:23 1h01m retest repro upstream error
2024/03/20 22:40 24m retest repro upstream error
2024/03/20 22:40 6h42m retest repro upstream error
2024/03/20 22:40 24m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci OK log
2023/07/25 13:10 25m ghandatmanas@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v6.5-rc1 OK log

Sample crash report:
loop0: detected capacity change from 0 to 128
------------[ cut here ]------------
UBSAN: shift-out-of-bounds in fs/befs/super.c:96:9
shift exponent 3229888891 is too large for 32-bit type 'int'
CPU: 1 PID: 5062 Comm: syz-executor485 Not tainted 6.8.0-rc6-syzkaller-00250-g04b8076df253 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x125/0x1b0 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_shift_out_of_bounds+0x2a6/0x480 lib/ubsan.c:386
 befs_check_sb.cold+0x19/0x6f fs/befs/super.c:96
 befs_fill_super+0x9ea/0x1140 fs/befs/linuxvfs.c:871
 mount_bdev+0x1e3/0x2d0 fs/super.c:1658
 legacy_get_tree+0x109/0x220 fs/fs_context.c:662
 vfs_get_tree+0x8f/0x380 fs/super.c:1779
 do_new_mount fs/namespace.c:3352 [inline]
 path_mount+0x14ea/0x1f20 fs/namespace.c:3679
 do_mount fs/namespace.c:3692 [inline]
 __do_sys_mount fs/namespace.c:3898 [inline]
 __se_sys_mount fs/namespace.c:3875 [inline]
 __x64_sys_mount+0x297/0x320 fs/namespace.c:3875
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd5/0x270 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7fde7091ddaa
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff16284938 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fff16284940 RCX: 00007fde7091ddaa
RDX: 0000000020000100 RSI: 0000000020009e40 RDI: 00007fff16284940
RBP: 0000000000000004 R08: 00007fff16284980 R09: 0000000000009e1f
R10: 0000000003008001 R11: 0000000000000282 R12: 00007fff16284980
R13: 0000000000000003 R14: 0000000000010000 R15: 00007fde7096503b
 </TASK>
---[ end trace ]---

Crashes (36):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/03 08:39 upstream 04b8076df253 25905f5d .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in befs_check_sb
2024/05/30 14:31 upstream 4a4be1ad3a6e c2e07261 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-qemu-upstream UBSAN: shift-out-of-bounds in befs_check_sb
2023/12/13 04:01 upstream eaadbbaaff74 ebcad15c .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in befs_check_sb
2023/08/20 09:49 upstream 9e6c269de404 d216d8a0 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
2023/07/12 03:23 upstream 3f01e9fed845 2f19aa4f .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-badwrites-root UBSAN: shift-out-of-bounds in befs_check_sb
2023/07/08 17:44 upstream 8689f4f2ea56 668cb1fa .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: shift-out-of-bounds in befs_check_sb
2023/07/08 13:56 linux-next 123212f53f3e 668cb1fa .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
2023/07/09 23:21 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e40939bbfc68 668cb1fa .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/23 05:29 upstream 5d9248eed480 1c0ecc51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 04:48 upstream 86c4d58a99ab 21772ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 04:47 upstream 296455ade1fd 239abf84 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 04:44 upstream 296455ade1fd 239abf84 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 04:43 upstream 296455ade1fd 239abf84 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/17 00:41 upstream 052d534373b7 2a7bcc7f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/14 20:24 upstream 052d534373b7 551587c1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root UBSAN: shift-out-of-bounds in befs_check_sb
2023/10/12 08:54 upstream 8182d7a3f1b8 83165b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 04:50 upstream b0d326da462e 21772ce4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/21 17:27 linux-next ad5c60d66016 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
2023/09/13 03:26 linux-next 3c13c772fc23 59da8366 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/22 21:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/22 07:46 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/22 03:04 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/22 02:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/21 19:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/21 13:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/21 12:01 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/21 05:11 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/20 23:32 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/20 19:33 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/20 05:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/20 04:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 12:14 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 21772ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 10:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 21772ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2024/01/19 04:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 239abf84 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in befs_check_sb
2023/07/17 03:33 linux-next 7c2878be5732 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
2023/07/08 13:43 linux-next 123212f53f3e 668cb1fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in befs_check_sb
* Struck through repros no longer work on HEAD.