lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BL0PR11MB3106CA1E8C251C8B564106E4E1EEA@BL0PR11MB3106.namprd11.prod.outlook.com>
Date:   Tue, 12 Sep 2023 23:03:08 +0000
From:   Sanan Hasanov <Sanan.Hasanov@....edu>
To:     "jfs-discussion@...ts.sourceforge.net" 
        <jfs-discussion@...ts.sourceforge.net>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC:     "syzkaller@...glegroups.com" <syzkaller@...glegroups.com>,
        "contact@...zz.com" <contact@...zz.com>
Subject: UBSAN: shift-out-of-bounds in extAlloc

Good day, dear maintainers,

We found a bug using a modified kernel configuration file used by syzbot.

We enhanced the coverage of the configuration file using our tool, klocalizer.

Kernel Branch: 6.3.0-next-20230426
Kernel Config: https://drive.google.com/file/d/1v6xpOJVgzbn78LEAq5eX9bZiPJPqhfZf/view?usp=sharing
Reproducer: https://drive.google.com/file/d/1-HrYhFL6t4xZ-fRhqo9yswIFG3Sk1FoV/view?usp=sharing
Thank you!

Best regards,
Sanan Hasanov

================================================================================
UBSAN: shift-out-of-bounds in fs/jfs/jfs_extent.c:314:16
shift exponent -1 is negative
CPU: 2 PID: 23961 Comm: syz-executor.1 Not tainted 6.3.0-next-20230426 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x136/0x150 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_shift_out_of_bounds+0x21f/0x5a0 lib/ubsan.c:387
 extBalloc fs/jfs/jfs_extent.c:314 [inline]
 extAlloc.cold+0x8d/0x92 fs/jfs/jfs_extent.c:122
 jfs_get_block+0x662/0xa90 fs/jfs/inode.c:248
 __block_write_begin_int+0x3bd/0x14b0 fs/buffer.c:2064
 __block_write_begin fs/buffer.c:2114 [inline]
 block_write_begin+0xb9/0x4d0 fs/buffer.c:2175
 jfs_write_begin+0x31/0xd0 fs/jfs/inode.c:299
 generic_perform_write+0x259/0x580 mm/filemap.c:3923
 __generic_file_write_iter+0x2ae/0x500 mm/filemap.c:4051
 generic_file_write_iter+0xe3/0x350 mm/filemap.c:4083
 __kernel_write_iter+0x262/0x7a0 fs/read_write.c:517
 dump_emit_page fs/coredump.c:886 [inline]
 dump_user_range+0x23c/0x710 fs/coredump.c:913
 elf_core_dump+0x2786/0x36e0 fs/binfmt_elf.c:2142
 do_coredump+0x2ed8/0x3fd0 fs/coredump.c:762
 get_signal+0x1c11/0x25c0 kernel/signal.c:2860
 arch_do_signal_or_restart+0x79/0x5a0 arch/x86/kernel/signal.c:307
 exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
 exit_to_user_mode_prepare+0x11f/0x240 kernel/entry/common.c:204
 irqentry_exit_to_user_mode+0x9/0x40 kernel/entry/common.c:310
 exc_page_fault+0xc4/0x180 arch/x86/mm/fault.c:1615
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x9800
Code: Unable to access opcode bytes at 0x97d6.
RSP: 002b:0000000020000248 EFLAGS: 00010217
RAX: 0000000000000000 RBX: 00007f7356dbbf80 RCX: 00007f7356c8edcd
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000000
RBP: 00007f7356cfc59c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffbb79ec8f R14: 00007fffbb79ee30 R15: 00007f7357ecbd80
 </TASK>
================================================================================

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ