| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <68d88c52.a00a0220.102ee.0021.GAE@google.com> Date: Sat, 27 Sep 2025 18:16:02 -0700 From: syzbot <syzbot+9e90a1c5eedb9dc4c6cc@...kaller.appspotmail.com> To: linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com, xandfury@...il.com Subject: Re: [syzbot] [jfs?] UBSAN: shift-out-of-bounds in dbFindBits (2) Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: UBSAN: shift-out-of-bounds in dbFindBits ERROR: (device loop0): dbAllocBits: leaf page corrupt ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:3031:55 shift exponent 32 is too large for 32-bit type 'u32' (aka 'unsigned int') CPU: 0 UID: 0 PID: 5831 Comm: syz.0.16 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 ubsan_epilogue+0xa/0x40 lib/ubsan.c:233 __ubsan_handle_shift_out_of_bounds+0x386/0x410 lib/ubsan.c:494 dbFindBits+0xdf/0x1a0 fs/jfs/jfs_dmap.c:3031 dbAllocDmapLev+0x16b/0x3c0 fs/jfs/jfs_dmap.c:1985 dbAllocCtl+0x14a/0x9c0 fs/jfs/jfs_dmap.c:1825 dbAllocAG+0x1e6/0xff0 fs/jfs/jfs_dmap.c:1353 dbDiscardAG+0x2df/0x900 fs/jfs/jfs_dmap.c:1608 jfs_ioc_trim+0x429/0x690 fs/jfs/jfs_discard.c:106 jfs_ioctl+0x2b5/0x3d0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:598 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:584 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f894198cda9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f894286c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f8941ba5fa0 RCX: 00007f894198cda9 RDX: 00000000200000c0 RSI: 00000000c0185879 RDI: 0000000000000004 RBP: 00007f8941a0e2a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f8941ba5fa0 R15: 00007ffd6f2d8608 </TASK> ---[ end trace ]--- Tested on: commit: 51a24b7d Merge tag 'trace-tools-v6.17-rc5' of git://gi.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=103472e2580000 kernel config: https://syzkaller.appspot.com/x/.config?x=231ef872e038778b dashboard link: https://syzkaller.appspot.com/bug?extid=9e90a1c5eedb9dc4c6cc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 Note: no patches were applied.
Powered by blists - more mailing lists