syzbot

 sign-in | mailing list | source | docs
🐞 Open [979] Subsystems 🐞 Fixed [4543] 🐞 Invalid [10483] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

UBSAN: shift-out-of-bounds in ext2_fill_super

Status: upstream: reported C repro on 2023/02/24 19:48
Labels: ext4 (incorrect?)
Reported-by: syzbot+4fec412f59eba8c01b77@syzkaller.appspotmail.com
Fix commit: 62aeb94433fc ext2: Check block size validity during mount
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 98d, last: 3d12h
Discussions (10)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 4.14 03/13] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:51
[PATCH AUTOSEL 4.19 03/13] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:51
[PATCH AUTOSEL 5.4 02/18] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:50
[PATCH AUTOSEL 5.10 04/24] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:49
[PATCH AUTOSEL 5.15 04/30] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:47
[PATCH AUTOSEL 6.1 06/49] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:45
[PATCH AUTOSEL 6.2 07/53] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:43
[PATCH AUTOSEL 6.3 09/59] ext2: Check block size validity during mount 1 (1) 2023/05/04 19:40
[PATCH 0/2] ext2: Refuse filesystems with invalid block size 5 (5) 2023/03/01 13:05
[syzbot] [ext4?] UBSAN: shift-out-of-bounds in ext2_fill_super 0 (1) 2023/02/24 19:48
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 UBSAN: shift-out-of-bounds in ext2_fill_super origin:lts-only C 771 1d12h 80d 0/3 upstream: reported C repro on 2023/03/10 21:57
linux-5.15 UBSAN: shift-out-of-bounds in ext2_fill_super origin:lts-only C 821 1d00h 80d 0/3 upstream: reported C repro on 2023/03/10 14:44

Sample crash report:
memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5925 'syz-executor251'
loop0: detected capacity change from 0 to 512
================================================================================
UBSAN: shift-out-of-bounds in fs/ext2/super.c:948:25
shift exponent 524290 is too large for 32-bit type 'int'
CPU: 0 PID: 5925 Comm: syz-executor251 Not tainted 6.3.0-rc7-syzkaller-g14f8db1c0f9a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233
 show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
 dump_stack+0x1c/0x28 lib/dump_stack.c:113
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_shift_out_of_bounds+0x2f4/0x36c lib/ubsan.c:387
 ext2_fill_super+0x2074/0x23fc fs/ext2/super.c:948
 mount_bdev+0x26c/0x368 fs/super.c:1380
 ext2_mount+0x44/0x58 fs/ext2/super.c:1484
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:610
 vfs_get_tree+0x90/0x274 fs/super.c:1510
 do_new_mount+0x25c/0x8c8 fs/namespace.c:3042
 path_mount+0x590/0xe04 fs/namespace.c:3372
 do_mount fs/namespace.c:3385 [inline]
 __do_sys_mount fs/namespace.c:3594 [inline]
 __se_sys_mount fs/namespace.c:3571 [inline]
 __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3571
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
 el0_svc+0x4c/0x15c arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
================================================================================

Crashes (2228):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/05/06 10:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 90c93c40 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/05 10:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 518a39a6 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/02/21 05:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a9b06ec42c0f 4f5f5209 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/26 11:56 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci eb0f1697d729 b40ef614 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/26 06:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 b40ef614 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/26 04:20 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 b40ef614 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/26 01:32 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 21:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 20:41 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 18:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 15:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 14:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 10:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 08:29 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/25 06:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/24 21:03 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/24 16:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/24 14:21 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/24 13:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/24 09:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/24 07:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/24 06:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/24 05:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/24 00:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/23 19:20 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/23 17:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/23 15:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/23 02:48 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/23 00:11 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/22 22:56 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/22 17:20 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/22 13:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/21 11:13 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/21 09:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/20 12:25 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/20 11:33 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/20 03:27 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 96689200 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/20 00:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 96689200 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/19 22:09 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 96689200 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/19 14:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/19 08:32 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/18 03:50 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/18 00:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/17 11:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 eaac4681 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/17 00:28 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 11c89444 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/16 21:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 11c89444 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/16 19:52 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 11c89444 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/16 15:46 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 11c89444 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
2023/05/16 11:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 11c89444 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: shift-out-of-bounds in ext2_fill_super
* Struck through repros no longer work on HEAD.