| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <68774a31.a70a0220.693ce.0020.GAE@google.com> Date: Tue, 15 Jul 2025 23:44:01 -0700 From: syzbot <syzbot+4708579bb230a0582a57@...kaller.appspotmail.com> To: linux-kernel@...r.kernel.org, purvayeshi550@...il.com, syzkaller-bugs@...glegroups.com Subject: Re: [syzbot] [gfs2?] UBSAN: shift-out-of-bounds in gfs2_dir_read (2) Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: UBSAN: shift-out-of-bounds in gfs2_dir_read gfs2: fsid=syz:syz: Now mounting FS (format 1801)... gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms gfs2: fsid=syz:syz.s: first mount done, others may mount ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in fs/gfs2/dir.c:1544:15 shift exponent 32 is too large for 32-bit type 'u32' (aka 'unsigned int') CPU: 0 UID: 0 PID: 5893 Comm: syz.0.16 Not tainted 6.16.0-rc6-syzkaller-g155a3c003e55-dirty #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 ubsan_epilogue+0xa/0x40 lib/ubsan.c:233 __ubsan_handle_shift_out_of_bounds+0x386/0x410 lib/ubsan.c:494 dir_e_read fs/gfs2/dir.c:1544 [inline] gfs2_dir_read+0x1730/0x1780 fs/gfs2/dir.c:1585 gfs2_readdir+0x14c/0x1b0 fs/gfs2/file.c:116 iterate_dir+0x5ac/0x770 fs/readdir.c:108 __do_sys_getdents64 fs/readdir.c:410 [inline] __se_sys_getdents64+0xe4/0x260 fs/readdir.c:396 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f9c54f8e929 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f9c55da0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 RAX: ffffffffffffffda RBX: 00007f9c551b5fa0 RCX: 00007f9c54f8e929 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00007f9c55010b39 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f9c551b5fa0 R15: 00007ffeba75d678 </TASK> ---[ end trace ]--- Tested on: commit: 155a3c00 Merge tag 'for-6.16/dm-fixes-2' of git://git... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=122b88f0580000 kernel config: https://syzkaller.appspot.com/x/.config?x=f62a2ef17395702a dashboard link: https://syzkaller.appspot.com/bug?extid=4708579bb230a0582a57 compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 patch: https://syzkaller.appspot.com/x/patch.diff?x=1449a7d4580000
Powered by blists - more mailing lists