From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5959C433FE for ; Thu, 10 Dec 2020 13:58:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7D73D23119 for ; Thu, 10 Dec 2020 13:58:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389715AbgLJN6N (ORCPT ); Thu, 10 Dec 2020 08:58:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55696 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387691AbgLJN5v (ORCPT ); Thu, 10 Dec 2020 08:57:51 -0500 Received: from mail-qv1-xf43.google.com (mail-qv1-xf43.google.com [IPv6:2607:f8b0:4864:20::f43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 806A4C061793 for ; Thu, 10 Dec 2020 05:57:11 -0800 (PST) Received: by mail-qv1-xf43.google.com with SMTP id b18so2370366qvt.10 for ; Thu, 10 Dec 2020 05:57:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KyrMMU0omj6NS8PnhNAq4zKjR5kYFuT9HRGwfp3GnV0=; b=ULeEqyb056eyx8EiootK7RvHCnxkIU9jq28VFsRh/sxEfXUNy0zQKilqwunnEg6A0w 67vLdEwQVVlFRVdfzc3nDO5m3MI9roIHwkmE8rmUUjSwEYhLy95JLC/GnpSsT47lAgru YqRzsBl6MCj8rD93nXeHISMBcFzUu5TRIeFhKKimC3fA6wYgHywopPCOPBvbBHki/UYz dWq+rFFCDVaPK/80+IMmfPis8SHwUVQ0piMf1Wp5dyTC6YhD5G8uWygyxEVvUKst4sKo 66aK6Lf/Ba3gkcbq7f58478FiJ+HAbLCjfiszYyZi9croU9h72fIrGrB5tgqlJrj2NJi Yhfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KyrMMU0omj6NS8PnhNAq4zKjR5kYFuT9HRGwfp3GnV0=; b=qlWwmLF3kz5gnMvaGR/m8FaZL/BSh4O7dnG+lsfExy1Gd2gBH4W3Dtiq0BqOmN0Gxq Z27K0MNF7DmPMdLVJ6hzpzqWyviU3Wrb62iQg6xrxsycXaMYMRequY4FiUVB0cHKAFuj Vm8PPGgI9bmxHZ4RAcKud0CL+sXuYa8c2mH4Rs7QvgrG5dm9woIg3Z0ulKmGnWNDVP9g 3K8KHgBEM5aJLORuOB8Ce/Xj+9u0fUlRKGD2VTwNNohAqSLgGserD4PV+fHopKdcNURo 2gtmrOfCJVSUUDcRiK25gkidzGDcq0AGpiR2tpsmMuiMV15K5lDEcu2/8qspajWsLWvm JaBA== X-Gm-Message-State: AOAM530LskFLG/Oq1agghLGBABmAXmMgJ3u8wf7NCPA4HbPQ3LLb9qTD QZBmgxBw2mD8ZZP/IFfk3BQSC9ZXK8qSAC8qcVvS9Q== X-Google-Smtp-Source: ABdhPJy9MpIaNivKN4A0rekYPQ+E7wYjFJcXc6cZ81XnIBiWFZhqXPzZp3NzpSJBLeHNLXwKZPDeef4OvcRn0oPHab4= X-Received: by 2002:a0c:d80e:: with SMTP id h14mr9359940qvj.13.1607608630272; Thu, 10 Dec 2020 05:57:10 -0800 (PST) MIME-Version: 1.0 References: <20201210023638.GP52960@mit.edu> <00000000000024030c05b61412e6@google.com> In-Reply-To: From: Dmitry Vyukov Date: Thu, 10 Dec 2020 14:56:58 +0100 Message-ID: Subject: Re: UBSAN: shift-out-of-bounds in ext4_fill_super To: syzbot Cc: Andreas Dilger , clang-built-linux , linux-ext4@vger.kernel.org, LKML , Nathan Chancellor , Nick Desaulniers , syzkaller-bugs , "Theodore Ts'o" Content-Type: multipart/mixed; boundary="0000000000005903b905b61c8d61" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --0000000000005903b905b61c8d61 Content-Type: text/plain; charset="UTF-8" On Thu, Dec 10, 2020 at 9:09 AM Dmitry Vyukov wrote: > > On Thu, Dec 10, 2020 at 4:50 AM syzbot > wrote: > > > > Hello, > > > > syzbot tried to test the proposed patch but the build/boot failed: > > > > failed to checkout kernel repo git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git on commit e360ba58d067a30a4e3e7d55ebdd919885a058d6: failed to run ["git" "fetch" "--tags" "d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8"]: exit status 1 > > From git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 > > * [new branch] bisect-test-ext4-035 -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/bisect-test-ext4-035 > > * [new branch] bisect-test-generic-307 -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/bisect-test-generic-307 > > * [new branch] dev -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/dev > > * [new branch] ext4-3.18 -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/ext4-3.18 > > * [new branch] ext4-4.1 -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/ext4-4.1 > > * [new branch] ext4-4.4 -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/ext4-4.4 > > * [new branch] ext4-4.9 -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/ext4-4.9 > > * [new branch] ext4-dax -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/ext4-dax > > * [new branch] ext4-tools -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/ext4-tools > > * [new branch] fix-bz-206443 -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/fix-bz-206443 > > * [new branch] for-stable -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/for-stable > > * [new branch] fsverity -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/fsverity > > * [new branch] lazy_journal -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/lazy_journal > > * [new branch] master -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/master > > * [new branch] origin -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/origin > > * [new branch] pu -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/pu > > * [new branch] test -> d06f7b29746c7f0a52f349ff7fbf2a3f22d27cf8/test > > * [new tag] ext4-for-linus-5.8-rc1-2 -> ext4-for-linus-5.8-rc1-2 > > ! [rejected] ext4_for_linus -> ext4_for_linus (would clobber existing tag) > > Interesting. First time I see this. Should syzkaller use 'git fetch > --tags --force"?... > StackOverflow suggests it should help: > https://stackoverflow.com/questions/58031165/how-to-get-rid-of-would-clobber-existing-tag I've added --force to fetches: https://github.com/google/syzkaller/commit/9a72bc3440b65a01187ba4277b49d6bd821079cd and it should be deployed by now. Let's try again: #syz test git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git e360ba58d067a30a4e3e7d55ebdd919885a058d6 --0000000000005903b905b61c8d61 Content-Type: application/octet-stream; name=patch Content-Disposition: attachment; filename=patch Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_kiiwnrjf0 RnJvbSAzZDNiYzMwM2E4YThmNzEyM2NmNDg2ZjQ5ZmE5MDYwMTE2ZmExNDY1IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBUaGVvZG9yZSBUcydvIDx0eXRzb0BtaXQuZWR1PgpEYXRlOiBX ZWQsIDkgRGVjIDIwMjAgMTU6NTk6MTEgLTA1MDAKU3ViamVjdDogW1BBVENIXSBleHQ0OiBjaGVj ayBmb3IgaW52YWxpZCBibG9jayBzaXplIGVhcmx5IHdoZW4gbW91bnRpbmcgYSBmaWxlCiBzeXN0 ZW0KCkNoZWNrIGZvciB2YWxpZCBibG9jayBzaXplIGRpcmVjdGx5IGJ5IHZhbGlkYXRpbmcgc19s b2dfYmxvY2tfc2l6ZTsgd2UKd2VyZSBkb2luZyB0aGlzIGluIHR3byBwbGFjZXMuICBGaXJzdCwg YnkgY2FsY3VsYXRpbmcgYmxvY2tzaXplIHZpYQpCTE9DS19TSVpFIDw8IHNfbG9nX2Jsb2NrX3Np emUsIGFuZCB0aGVuIGNoZWNraW5nIHRoYXQgdGhlIGJsb2Nrc2l6ZQp3YXMgdmFsaWQuICBBbmQg dGhlbiBzZWNvbmRseSwgYnkgY2hlY2tpbmcgc19sb2dfYmxvY2tfc2l6ZSBkaXJlY3RseS4KClRo ZSBmaXJzdCBjaGVjayBpcyBub3QgcmVsaWFibGUsIGFuZCBjYW4gdHJpZ2dlciBhbiBVQlNBTiB3 YXJuaW5nIGlmCnNfbG9nX2Jsb2NrX3NpemUgb24gYSBtYWxpY2lvdXNseSBjb3JydXB0ZWQgc3Vw ZXJibG9jayBpcyBncmVhdGVyIHRoYW4KMjIuICBUaGlzIGlzIGhhcm1sZXNzLCBzaW5jZSB0aGUg c2Vjb25kIHRlc3Qgd2lsbCBjb3JyZWN0bHkgcmVqZWN0IHRoZQptYWxpY2lvdXNseSBmdXp6ZWQg ZmlsZSBzeXN0ZW0sIGJ1dCB0byBtYWtlIHN5emJvdCBzaHV0IHVwLCBhbmQKYmVjYXVzZSB0aGUg dHdvIGNoZWNrcyBhcmUgZHVwbGljYXRpdmUgaW4gYW55IGNhc2UsIGRlbGV0ZSB0aGUKYmxvY2tz aXplIGNoZWNrLCBhbmQgbW92ZSB0aGUgc19sb2dfYmxvY2tfc2l6ZSBlYXJsaWVyIGluCmV4dDRf ZmlsbF9zdXBlcigpLgoKU2lnbmVkLW9mZi1ieTogVGhlb2RvcmUgVHMnbyA8dHl0c29AbWl0LmVk dT4KUmVwb3J0ZWQtYnk6IHN5emJvdCszNDViNzU2NTJiMWQyNDIyNzQ0M0BzeXprYWxsZXIuYXBw c3BvdG1haWwuY29tCi0tLQogZnMvZXh0NC9zdXBlci5jIHwgNDAgKysrKysrKysrKysrKysrKy0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQsIDE2IGluc2VydGlvbnMoKyks IDI0IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2ZzL2V4dDQvc3VwZXIuYyBiL2ZzL2V4dDQv c3VwZXIuYwppbmRleCBmODYyMjBhOGRmNTAuLjRhMTZiYmYwNDMyYyAxMDA2NDQKLS0tIGEvZnMv ZXh0NC9zdXBlci5jCisrKyBiL2ZzL2V4dDQvc3VwZXIuYwpAQCAtNDIwMiwxOCArNDIwMiwyNSBA QCBzdGF0aWMgaW50IGV4dDRfZmlsbF9zdXBlcihzdHJ1Y3Qgc3VwZXJfYmxvY2sgKnNiLCB2b2lk ICpkYXRhLCBpbnQgc2lsZW50KQogCSAqLwogCXNiaS0+c19saV93YWl0X211bHQgPSBFWFQ0X0RF Rl9MSV9XQUlUX01VTFQ7CiAKLQlibG9ja3NpemUgPSBCTE9DS19TSVpFIDw8IGxlMzJfdG9fY3B1 KGVzLT5zX2xvZ19ibG9ja19zaXplKTsKLQotCWlmIChibG9ja3NpemUgPT0gUEFHRV9TSVpFKQot CQlzZXRfb3B0KHNiLCBESU9SRUFEX05PTE9DSyk7Ci0KLQlpZiAoYmxvY2tzaXplIDwgRVhUNF9N SU5fQkxPQ0tfU0laRSB8fAotCSAgICBibG9ja3NpemUgPiBFWFQ0X01BWF9CTE9DS19TSVpFKSB7 CisJaWYgKGxlMzJfdG9fY3B1KGVzLT5zX2xvZ19ibG9ja19zaXplKSA+CisJICAgIChFWFQ0X01B WF9CTE9DS19MT0dfU0laRSAtIEVYVDRfTUlOX0JMT0NLX0xPR19TSVpFKSkgewogCQlleHQ0X21z ZyhzYiwgS0VSTl9FUlIsCi0JCSAgICAgICAiVW5zdXBwb3J0ZWQgZmlsZXN5c3RlbSBibG9ja3Np emUgJWQgKCVkIGxvZ19ibG9ja19zaXplKSIsCi0JCQkgYmxvY2tzaXplLCBsZTMyX3RvX2NwdShl cy0+c19sb2dfYmxvY2tfc2l6ZSkpOworCQkJICJJbnZhbGlkIGxvZyBibG9jayBzaXplOiAldSIs CisJCQkgbGUzMl90b19jcHUoZXMtPnNfbG9nX2Jsb2NrX3NpemUpKTsKIAkJZ290byBmYWlsZWRf bW91bnQ7CiAJfQorCWlmIChsZTMyX3RvX2NwdShlcy0+c19sb2dfY2x1c3Rlcl9zaXplKSA+CisJ ICAgIChFWFQ0X01BWF9DTFVTVEVSX0xPR19TSVpFIC0gRVhUNF9NSU5fQkxPQ0tfTE9HX1NJWkUp KSB7CisJCWV4dDRfbXNnKHNiLCBLRVJOX0VSUiwKKwkJCSAiSW52YWxpZCBsb2cgY2x1c3RlciBz aXplOiAldSIsCisJCQkgbGUzMl90b19jcHUoZXMtPnNfbG9nX2NsdXN0ZXJfc2l6ZSkpOworCQln b3RvIGZhaWxlZF9tb3VudDsKKwl9CisKKwlibG9ja3NpemUgPSBFWFQ0X01JTl9CTE9DS19TSVpF IDw8IGxlMzJfdG9fY3B1KGVzLT5zX2xvZ19ibG9ja19zaXplKTsKKworCWlmIChibG9ja3NpemUg PT0gUEFHRV9TSVpFKQorCQlzZXRfb3B0KHNiLCBESU9SRUFEX05PTE9DSyk7CiAKIAlpZiAobGUz Ml90b19jcHUoZXMtPnNfcmV2X2xldmVsKSA9PSBFWFQ0X0dPT0RfT0xEX1JFVikgewogCQlzYmkt PnNfaW5vZGVfc2l6ZSA9IEVYVDRfR09PRF9PTERfSU5PREVfU0laRTsKQEAgLTQ0MzIsMjEgKzQ0 MzksNiBAQCBzdGF0aWMgaW50IGV4dDRfZmlsbF9zdXBlcihzdHJ1Y3Qgc3VwZXJfYmxvY2sgKnNi LCB2b2lkICpkYXRhLCBpbnQgc2lsZW50KQogCWlmICghZXh0NF9mZWF0dXJlX3NldF9vayhzYiwg KHNiX3Jkb25seShzYikpKSkKIAkJZ290byBmYWlsZWRfbW91bnQ7CiAKLQlpZiAobGUzMl90b19j cHUoZXMtPnNfbG9nX2Jsb2NrX3NpemUpID4KLQkgICAgKEVYVDRfTUFYX0JMT0NLX0xPR19TSVpF IC0gRVhUNF9NSU5fQkxPQ0tfTE9HX1NJWkUpKSB7Ci0JCWV4dDRfbXNnKHNiLCBLRVJOX0VSUiwK LQkJCSAiSW52YWxpZCBsb2cgYmxvY2sgc2l6ZTogJXUiLAotCQkJIGxlMzJfdG9fY3B1KGVzLT5z X2xvZ19ibG9ja19zaXplKSk7Ci0JCWdvdG8gZmFpbGVkX21vdW50OwotCX0KLQlpZiAobGUzMl90 b19jcHUoZXMtPnNfbG9nX2NsdXN0ZXJfc2l6ZSkgPgotCSAgICAoRVhUNF9NQVhfQ0xVU1RFUl9M T0dfU0laRSAtIEVYVDRfTUlOX0JMT0NLX0xPR19TSVpFKSkgewotCQlleHQ0X21zZyhzYiwgS0VS Tl9FUlIsCi0JCQkgIkludmFsaWQgbG9nIGNsdXN0ZXIgc2l6ZTogJXUiLAotCQkJIGxlMzJfdG9f Y3B1KGVzLT5zX2xvZ19jbHVzdGVyX3NpemUpKTsKLQkJZ290byBmYWlsZWRfbW91bnQ7Ci0JfQot CiAJaWYgKGxlMTZfdG9fY3B1KHNiaS0+c19lcy0+c19yZXNlcnZlZF9nZHRfYmxvY2tzKSA+IChi bG9ja3NpemUgLyA0KSkgewogCQlleHQ0X21zZyhzYiwgS0VSTl9FUlIsCiAJCQkgIk51bWJlciBv ZiByZXNlcnZlZCBHRFQgYmxvY2tzIGluc2FuZWx5IGxhcmdlOiAlZCIsCg== --0000000000005903b905b61c8d61--