From: Matthew Wilcox <willy@infradead.org>
To: syzbot <syzbot+a0ae55e3dde11d2d790c@syzkaller.appspotmail.com>
Cc: akpm@linux-foundation.org, hughd@google.com,
kent.overstreet@linux.dev, linux-bcachefs@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [mm?] [bcachefs?] UBSAN: shift-out-of-bounds in filemap_get_entry
Date: Sun, 2 Feb 2025 22:11:32 +0000 [thread overview]
Message-ID: <Z5_tlJZcIfANfmnV@casper.infradead.org> (raw)
In-Reply-To: <679fb148.050a0220.d7c5a.0074.GAE@google.com>
On Sun, Feb 02, 2025 at 09:54:16AM -0800, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 69e858e0b8b2 Merge tag 'uml-for-linus-6.14-rc1' of git://g..
>
> ------------[ cut here ]------------
> UBSAN: shift-out-of-bounds in lib/xarray.c:147:16
> shift exponent 192 is too large for 64-bit type 'unsigned long'
> CPU: 0 UID: 0 PID: 2666 Comm: kworker/u4:9 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
> Workqueue: loop0 loop_rootcg_workfn
> Call Trace:
> <TASK>
> __dump_stack lib/dump_stack.c:94 [inline]
> dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
> ubsan_epilogue lib/ubsan.c:231 [inline]
> __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468
> get_offset lib/xarray.c:147 [inline]
> xas_descend lib/xarray.c:207 [inline]
> xas_load+0x583/0x5c0 lib/xarray.c:246
> filemap_get_entry+0x1f0/0x3b0 mm/filemap.c:1860
This is an xarray issue. I suspect it's a race condition, although it
could be somebody doing a misplaced DMA or something. How easy is it to
reproduce?
(nb: I am on holiday for the next week, so I'm not going to be focused
on this, I just don't want other people wasting their time looking for a
bug somewhere that it isn't)
next prev parent reply other threads:[~2025-02-02 22:11 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-02 17:54 syzbot
2025-02-02 22:11 ` Matthew Wilcox [this message]
2025-02-03 4:29 ` Kent Overstreet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z5_tlJZcIfANfmnV@casper.infradead.org \
--to=willy@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=hughd@google.com \
--cc=kent.overstreet@linux.dev \
--cc=linux-bcachefs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=syzbot+a0ae55e3dde11d2d790c@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox