Re: [syzbot] [mm?] [bcachefs?] UBSAN: shift-out-of-bounds in shmem_add_to_page_cache

From: Hillf Danton
Date: Wed Feb 05 2025 - 05:37:04 EST

Next message: Robert Richter: "Re: [PATCH v1 16/29] cxl/region: Use translated HPA ranges to calculate the endpoint position"
Previous message: Emil Renner Berthing: "Re: [PATCH v2 5/5] riscv: dts: starfive: jh7110-common: bootph-pre-ram hinting needed by boot loader"
In reply to: syzbot: "[syzbot] [mm?] [bcachefs?] UBSAN: shift-out-of-bounds in shmem_add_to_page_cache"
Next in thread: syzbot: "Re: [syzbot] [mm?] [bcachefs?] UBSAN: shift-out-of-bounds in shmem_add_to_page_cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 04 Feb 2025 07:34:26 -0800
> syzbot found the following issue on:
>
> HEAD commit: 69e858e0b8b2 Merge tag 'uml-for-linus-6.14-rc1' of git://g..
> git tree: upstream
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=160983df980000

#syz test upstream master

--- x/lib/xarray.c
+++ y/lib/xarray.c
@@ -390,6 +390,7 @@ static void *xas_alloc(struct xa_state *
XA_NODE_BUG_ON(node, shift > BITS_PER_LONG);
XA_NODE_BUG_ON(node, !list_empty(&node->private_list));
node->shift = shift;
+ BUG_ON(shift > BITS_PER_LONG);
node->count = 0;
node->nr_values = 0;
RCU_INIT_POINTER(node->parent, xas->xa_node);
--

Next message: Robert Richter: "Re: [PATCH v1 16/29] cxl/region: Use translated HPA ranges to calculate the endpoint position"
Previous message: Emil Renner Berthing: "Re: [PATCH v2 5/5] riscv: dts: starfive: jh7110-common: bootph-pre-ram hinting needed by boot loader"
In reply to: syzbot: "[syzbot] [mm?] [bcachefs?] UBSAN: shift-out-of-bounds in shmem_add_to_page_cache"
Next in thread: syzbot: "Re: [syzbot] [mm?] [bcachefs?] UBSAN: shift-out-of-bounds in shmem_add_to_page_cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]