linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* UBSAN: array-index-out-of-bounds in f2fs_iget
@ 2023-02-16 21:44 Sanan Hasanov
  0 siblings, 0 replies; only message in thread
From: Sanan Hasanov @ 2023-02-16 21:44 UTC (permalink / raw)
  To: jaegeuk, chao, terrelln, linux-f2fs-devel, linux-kernel
  Cc: syzkaller, contact

Good day, dear maintainers,

We found a bug using a modified kernel configuration file used by syzbot.

We enhanced the coverage of the configuration file using our tool, klocalizer.

Kernel Branch: 6.2.0-rc7-next-20230206
Kernel config: https://drive.google.com/file/d/16AAzfA1DqiaTS8ohH7X80kud8QTCKBB6/view?usp=share_link
C Reproducer: https://drive.google.com/file/d/1mWS9BHAKuQcf9R1BiMX17-h9GQ9OI_v9/view?usp=share_link

Thank you!

Best regards,
Sanan Hasanov

================================================================================
UBSAN: array-index-out-of-bounds in fs/f2fs/f2fs.h:3272:29
index 1409 is out of range for type '__le32 [923]'
CPU: 6 PID: 27613 Comm: syz-executor.5 Not tainted 6.2.0-rc7-next-20230206+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x136/0x150 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_out_of_bounds+0xd5/0x130 lib/ubsan.c:348
 inline_data_addr fs/f2fs/f2fs.h:3272 [inline]
 __recover_inline_status fs/f2fs/inode.c:111 [inline]
 do_read_inode fs/f2fs/inode.c:418 [inline]
 f2fs_iget+0x5300/0x5620 fs/f2fs/inode.c:536
 f2fs_fill_super+0x3c09/0x8a10 fs/f2fs/super.c:4363
 mount_bdev+0x351/0x410 fs/super.c:1372
 legacy_get_tree+0x109/0x220 fs/fs_context.c:610
 vfs_get_tree+0x8d/0x350 fs/super.c:1502
 do_new_mount fs/namespace.c:3042 [inline]
 path_mount+0x675/0x1e30 fs/namespace.c:3372
 do_mount fs/namespace.c:3385 [inline]
 __do_sys_mount fs/namespace.c:3594 [inline]
 __se_sys_mount fs/namespace.c:3571 [inline]
 __x64_sys_mount+0x283/0x300 fs/namespace.c:3571
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7c3449176e
Code: 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7c35569a08 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7c3449176e
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7c35569a60
RBP: 00007f7c35569aa0 R08: 00007f7c35569aa0 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000
R13: 0000000020000100 R14: 00007f7c35569a60 R15: 0000000020011c40
 </TASK>
================================================================================
F2FS-fs (loop5): sanity_check_inode: inode (ino=3) is with extra_attr, but extra_attr feature is off
F2FS-fs (loop5): Failed to read root inode

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2023-02-16 21:45 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-16 21:44 UBSAN: array-index-out-of-bounds in f2fs_iget Sanan Hasanov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).