Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp759543rwl; Fri, 31 Mar 2023 01:50:58 -0700 (PDT) X-Google-Smtp-Source: AKy350beGxgD8zRWIqF1nBb0UzXa3ktjrxR4cOrqFXw3eIUsjz037C2D2Wc2iGZgmKK4OB53LJFD X-Received: by 2002:a17:906:74c6:b0:8f0:ba09:4abe with SMTP id z6-20020a17090674c600b008f0ba094abemr4590808ejl.2.1680252658528; Fri, 31 Mar 2023 01:50:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680252658; cv=none; d=google.com; s=arc-20160816; b=VwFOiR+p9BIHEuCraQcHejzJNthxgJGbe5nGJfvkQCW/tSKqHuM3V6Pd+Y2a1s1qyM WlqP604cB/Q6yH3ohbNHDTlmcgDueVkpU4vi9VSyNIe+LcayH8AwEulnDFyBHh/7cVNd ZTHg51HXPA+4/3ngm3cJKElgzzbXgHlkJdLkCmTwXf8lnrj/h7Z2iYSkbFoCdnn9vkM3 EbaG1VbXxBEbdG6MtiPA01IDDDXUBo7/nfYdGkTJgMTr5mdLyK/SuTgbqdJNb0io5smr IbPUkg//3BEKAFtJzm4PGUvsrv2dtpAFae+zkYu3p0FNnUBAY+lsmLnKu9bmPo6vMQLj Jwqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=sha7c++P1pbeS2BqNK6x5hml1dJwu4esM9ohuBhGxoo=; b=BJ5TIViDCAugwsXjuHu/qzdirBIGNHem/ZBlTvvaBx3soEytU2ZfTJkDHlrO5F+c8L ymB8CFR+F87FNgcqoF/ee1Hlp6UT/FBXpdZWy+9gr8uK15lv6sktt96AG/vQ5cEBSsLi LE13wnJ75EnP6GSCsmMvkqMVLAGdnZ19qCvVGpyMAC5vAAQwxoqmbg6Ac5nS+UC/yi8z BVOnec4ZuDkxvGeA+zoHdu9WPZV+ncEBv1MpeDx8UpUrJPtRkA6eHkE4wqkHJrI8LLeT lI7/rDkBLMZpUHWEvWeaKzq7nxuRwiYZQ+73jED6Fme6tn+apOhJ3r125Jd4ni0JBp6P nXhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=lNYvkbIy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x12-20020a1709064a8c00b0093bd1b12b6esi1357196eju.385.2023.03.31.01.50.33; Fri, 31 Mar 2023 01:50:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=lNYvkbIy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230496AbjCaIpE (ORCPT + 99 others); Fri, 31 Mar 2023 04:45:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46284 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231958AbjCaIoy (ORCPT ); Fri, 31 Mar 2023 04:44:54 -0400 Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EDCD930F5 for ; Fri, 31 Mar 2023 01:44:30 -0700 (PDT) Received: by mail-qt1-x834.google.com with SMTP id d75a77b69052e-3e0965f70ecso663681cf.0 for ; Fri, 31 Mar 2023 01:44:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1680252244; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=sha7c++P1pbeS2BqNK6x5hml1dJwu4esM9ohuBhGxoo=; b=lNYvkbIyWPH+TukSN5yijUu/JrmZj5WLsnvNYR2WMPTr/aAoGX4PBhqjDnocmACo/T MKxWcIAMY6g3Qj3EA7bH3uhenyiYlZLrcq47lMizoYpId8Y00zJXLJhsXqzYJUDCI+Cs nJFAiwfBkcqXwhCkReUQoQbazemGfu/2fNZZdHzwCN8a/LD6dFtSVYxkOmw8Ts/TZsD9 geCQiwZK6Gadn3rKi2GqtqZonAv/8GNP8y8jMIYB2MnziogexhLHL9zEHNcY8w3arIpM ORlmLAp2o9A8/h4lzpencXFRzCRdmDOFVaEetAa+suLQmmE+ripVLYdvVUFqjg4VtSDS M9JQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680252244; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sha7c++P1pbeS2BqNK6x5hml1dJwu4esM9ohuBhGxoo=; b=TYivSQs6Qi/OhDqFXENSlNYb7SfYY1e0URI//ERyI4wCZPjGqeylILNpg3ASeIM8om fvTDg/nhlxgCdvVlDoKNmDsYH7nfEXqvPZ3o1RRx1/LB1RuOGYwpYK/jpo5gDkmqMxr4 wMh3x6cLedZ7iNJg/hmGF2TnrjlW8CHgNT5XLYEkdRbUJWiLnpBZxNUu+6d8Yq98NMm4 0s61JAFa0WnsqWsdeE6JnZwIo6OtArEaz1ezABwjBrKzQQ8zK26xZNZmDsnlvx3OgPQU xE5P0EKmAZQB8A4IPKef7iy/akBiWGgLhTGf1j6ATYGqwGwZR3d7agIXH2ieOcrqaUUy jGdw== X-Gm-Message-State: AAQBX9cp/73XG6xosXRqtHEqBerE6QHp4DlistlhJGXuhNyInDDfu8bz xpQnjyv7hmVaTPC2+0bZRv1CpUbnz803pF8kHLiz6A== X-Received: by 2002:a05:622a:189a:b0:3df:6cbb:c76 with SMTP id v26-20020a05622a189a00b003df6cbb0c76mr199176qtc.13.1680252244119; Fri, 31 Mar 2023 01:44:04 -0700 (PDT) MIME-Version: 1.0 References: <00000000000093079705ea9aada2@google.com> <0000000000004ee9b405f82355d8@google.com> In-Reply-To: <0000000000004ee9b405f82355d8@google.com> From: Aleksandr Nogikh Date: Fri, 31 Mar 2023 10:43:50 +0200 Message-ID: Subject: Re: [syzbot] [jfs?] UBSAN: shift-out-of-bounds in dbFindCtl To: syzbot Cc: dave.kleikamp@oracle.com, jfs-discussion@lists.sourceforge.net, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, liushixin2@huawei.com, shaggy@kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-13.2 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH, RCVD_IN_DNSWL_NONE,SORTED_RECIPS,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 30, 2023 at 9:45=E2=80=AFPM syzbot wrote: > > syzbot suspects this issue was fixed by commit: > > commit fad376fce0af58deebc5075b8539dc05bf639af3 > Author: Liu Shixin via Jfs-discussion > Date: Thu Nov 3 03:01:59 2022 +0000 > > fs/jfs: fix shift exponent db_agl2size negative > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=3D146d74a5c8= 0000 > start commit: b229b6ca5abb Merge tag 'perf-tools-fixes-for-v6.1-2022-10= -.. > git tree: upstream > kernel config: https://syzkaller.appspot.com/x/.config?x=3Da66c6c673fb55= 5e8 > dashboard link: https://syzkaller.appspot.com/bug?extid=3D7edb85bc97be9f3= 50d90 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D16d5817a880= 000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D15d68cde88000= 0 > > If the result looks correct, please mark the issue as fixed by replying w= ith: > > #syz fix: fs/jfs: fix shift exponent db_agl2size negative It might well be possible. The patch improves the validation of db_agl2size parameter, which affects the execution some frames up in the crash stack trace: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/= jfs/jfs_dmap.c?id=3D6d36c728bc2e2d632f4b0dea00df5532e20dfdab#n729 #syz fix: fs/jfs: fix shift exponent db_agl2size negative > > For information about bisection process see: https://goo.gl/tpsmEJ#bisect= ion >