Re: [syzbot] [mm?] [bcachefs?] UBSAN: shift-out-of-bounds in filemap_get_entry

[Matthew Wilcox]

On Sun, Feb 02, 2025 at 09:54:16AM -0800, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    69e858e0b8b2 Merge tag 'uml-for-linus-6.14-rc1' of git://g..
> 
> ------------[ cut here ]------------
> UBSAN: shift-out-of-bounds in lib/xarray.c:147:16
> shift exponent 192 is too large for 64-bit type 'unsigned long'
> CPU: 0 UID: 0 PID: 2666 Comm: kworker/u4:9 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
> Workqueue: loop0 loop_rootcg_workfn
> Call Trace:
>  <TASK>
>  __dump_stack lib/dump_stack.c:94 [inline]
>  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
>  ubsan_epilogue lib/ubsan.c:231 [inline]
>  __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468
>  get_offset lib/xarray.c:147 [inline]
>  xas_descend lib/xarray.c:207 [inline]
>  xas_load+0x583/0x5c0 lib/xarray.c:246
>  filemap_get_entry+0x1f0/0x3b0 mm/filemap.c:1860

This is an xarray issue.  I suspect it's a race condition, although it
could be somebody doing a misplaced DMA or something.  How easy is it to
reproduce?

(nb: I am on holiday for the next week, so I'm not going to be focused
on this, I just don't want other people wasting their time looking for a
bug somewhere that it isn't)