[Kernel-packages] [Bug 2087853] Re: UFS: uspi->s_3apb UBSAN: shift-out-of-bounds

Marietto Sat, 01 Feb 2025 21:42:39 -0800

On Ubuntu 24.04 :

34539.429634] ------------[ cut here ]------------
[34539.429635] UBSAN: shift-out-of-bounds in 
/build/linux-vCyKs5/linux-6.8.0/fs/ufs/super.c:1247:19
[34539.429637] shift exponent 36 is too large for 32-bit type 'int'
[34539.429639] CPU: 7 PID: 29594 Comm: mount Tainted: P O 6.8.0-51-generic 
#52-Ubuntu
[34539.429641] Hardware name: Gigabyte Technology Co., Ltd. Z390 AORUS PRO/Z390 
AORUS PRO-CF, BIOS F12g GA9 06/08/2020
[34539.429642] Call Trace:
[34539.429644] <TASK>
[34539.429646] dump_stack_lvl+0x76/0xa0
[34539.429649] dump_stack+0x10/0x20
[34539.429650] __ubsan_handle_shift_out_of_bounds+0x199/0x370
[34539.429654] ufs_fill_super.cold+0x16/0x1b7 [ufs]
[34539.429658] ? sb_set_blocksize+0x1d/0x70
[34539.429682] ? __pfx_ufs_fill_super+0x10/0x10 [ufs]
[34539.429685] mount_bdev+0xf3/0x140
[34539.429688] ufs_mount+0x15/0x30 [ufs]
[34539.429711] legacy_get_tree+0x28/0x60
[34539.429714] vfs_get_tree+0x27/0x100
[34539.429716] do_new_mount+0x1a0/0x340
[34539.429718] path_mount+0x1e0/0x830
[34539.429719] ? putname+0x5b/0x80
[34539.429721] __x64_sys_mount+0x127/0x160
[34539.429723] x64_sys_call+0x1e57/0x25a0
[34539.429725] do_syscall_64+0x7f/0x180
[34539.429728] ? put_fs_context+0xff/0x1c0
[34539.429730] ? do_new_mount+0x10d/0x340
[34539.429731] ? rseq_get_rseq_cs+0x22/0x280
[34539.429753] ? rseq_ip_fixup+0x90/0x1f0
[34539.429755] ? syscall_exit_to_user_mode+0x86/0x260
[34539.429757] ? do_syscall_64+0x8c/0x180
[34539.429758] ? do_faccessat+0x1c2/0x2f0
[34539.429780] ? syscall_exit_to_user_mode+0x86/0x260
[34539.429782] ? do_syscall_64+0x8c/0x180
[34539.429783] ? __do_sys_newfstatat+0x53/0x90
[34539.429786] ? syscall_exit_to_user_mode+0x86/0x260
[34539.429787] ? do_syscall_64+0x8c/0x180
[34539.429807] ? syscall_exit_to_user_mode+0x86/0x260
[34539.429809] ? do_syscall_64+0x8c/0x180
[34539.429810] ? irqentry_exit_to_user_mode+0x7b/0x260
[34539.429812] ? irqentry_exit+0x43/0x50
[34539.429813] ? clear_bhb_loop+0x15/0x70
[34539.429815] ? clear_bhb_loop+0x15/0x70
[34539.429816] ? clear_bhb_loop+0x15/0x70
[34539.429817] entry_SYSCALL_64_after_hwframe+0x78/0x80
[34539.429819] RIP: 0033:0x7689eff2af0e
[34539.429838] Code: 48 8b 0d 0d 7f 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 
0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 
f0 ff ff 73 01 c3 48 8b 0d da 7e 0d 00 f7 d8 64 89 01 48
[34539.429839] RSP: 002b:00007ffd8f391668 EFLAGS: 00000246 ORIG_RAX: 
00000000000000a5
[34539.429841] RAX: ffffffffffffffda RBX: 0000575a9b52abe0 RCX: 00007689eff2af0e
[34539.429842] RDX: 0000575a9b52b070 RSI: 0000575a9b52b0b0 RDI: 0000575a9b52b090
[34539.429843] RBP: 00007ffd8f3916d0 R08: 0000575a9b52be30 R09: 0000000000000007
[34539.429844] R10: 0000000000000001 R11: 0000000000000246 R12: 0000575a9b52b090
[34539.429845] R13: 0000575a9b52b0b0 R14: 0000575a9b52b070 R15: 0000575a9b52ad40
[34539.429846] </TASK>
[34539.429847] ---[ end trace ]---
[35018.100057] ufs: error (device sdc2): ufs_check_page: bad entry in directory 
#19957332: rec_len is smaller than minimal - offset=512, rec_len=0, name_len=0
[35018.100082] ufs: error (device sdc2): ufs_readdir: bad page in #19957332


-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2087853

Title:
  UFS: uspi->s_3apb UBSAN: shift-out-of-bounds

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Jammy:
  Fix Committed
Status in linux source package in Noble:
  Fix Committed
Status in linux source package in Oracular:
  Fix Committed

Bug description:
  [ Impact ]

  UBSAN shift-out-of-bounds warning appears on system when some UFS
  filesystems are mounted.

  [ Test Plan ]

  Mount the UFS partition with the proposed kernel and verify that the warning
  is gone.

  [ Where problems could occur ]

  Should have zero impact, removes dead code.

  [ Original Bug Report ]

  Hello!

  I have mounted UFS partition (ufstype=ufs2).
  Ubuntu allows only read only mounts for UFS by default, so it is mounted with 
ro option.

  I see those messages in the log:

  kernel: ------------[ cut here ]------------
  kernel: UBSAN: shift-out-of-bounds in 
/build/linux-21sZ5Q/linux-6.8.0/fs/ufs/super.c:1247:19
  kernel: shift exponent 36 is too large for 32-bit type 'int'
  kernel: CPU: 3 PID: 2212 Comm: mount Not tainted 6.8.0-48-generic #48-Ubuntu
  kernel: Hardware name: SOYO SY-YL B550M/SY-YL B550M, BIOS 5.17 05/19/2023
  kernel: Call Trace:
  kernel:  <TASK>
  kernel:  dump_stack_lvl+0x76/0xa0
  kernel:  dump_stack+0x10/0x20
  kernel:  __ubsan_handle_shift_out_of_bounds+0x199/0x370
  kernel:  ufs_fill_super.cold+0x16/0x1b7 [ufs]
  kernel:  ? sb_set_blocksize+0x1d/0x70
  kernel:  ? __pfx_ufs_fill_super+0x10/0x10 [ufs]
  kernel:  mount_bdev+0xf6/0x140
  kernel:  ufs_mount+0x15/0x30 [ufs]
  kernel:  legacy_get_tree+0x2b/0x60
  kernel:  vfs_get_tree+0x2a/0x100
  kernel:  do_new_mount+0x1a0/0x340
  kernel:  path_mount+0x1e0/0x830
  kernel:  ? putname+0x5b/0x80
  kernel:  __x64_sys_mount+0x127/0x160
  kernel:  x64_sys_call+0x1df5/0x25c0
  kernel:  do_syscall_64+0x7f/0x180
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? mntput+0x24/0x50
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? path_put+0x1e/0x30
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? do_faccessat+0x1c2/0x2f0
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? syscall_exit_to_user_mode+0x86/0x260
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? do_syscall_64+0x8c/0x180
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? syscall_exit_to_user_mode+0x86/0x260
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? do_syscall_64+0x8c/0x180
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? __do_sys_newfstatat+0x53/0x90
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? syscall_exit_to_user_mode+0x86/0x260
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? do_syscall_64+0x8c/0x180
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? irqentry_exit+0x43/0x50
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? exc_page_fault+0x94/0x1b0
  kernel:  entry_SYSCALL_64_after_hwframe+0x78/0x80
  kernel: RIP: 0033:0x7417b2d2af0e
  kernel: Code: 48 8b 0d 0d 7f 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 
84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff 
ff 73 01 c3 48 8b 0d da 7e 0d 00 f7 d8 64 89 01 48
  kernel: RSP: 002b:00007fff1145f4d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
  kernel: RAX: ffffffffffffffda RBX: 000059b6f92e7b00 RCX: 00007417b2d2af0e
  kernel: RDX: 000059b6f92e7f10 RSI: 000059b6f92e81b0 RDI: 000059b6f92e83f0
  kernel: RBP: 00007fff1145f540 R08: 000059b6f92e8150 R09: 00007fff1145f5b0
  kernel: R10: 0000000000000401 R11: 0000000000000246 R12: 000059b6f92e83f0
  kernel: R13: 000059b6f92e81b0 R14: 000059b6f92e7f10 R15: 000059b6f92e7c60
  kernel:  </TASK>
  kernel: ---[ end trace ]---

  kernel: ------------[ cut here ]------------
  kernel: UBSAN: shift-out-of-bounds in 
/build/linux-21sZ5Q/linux-6.8.0/fs/ufs/super.c:1247:19
  kernel: shift exponent 36 is too large for 32-bit type 'int'
  kernel: CPU: 6 PID: 2113 Comm: mount Not tainted 6.8.0-48-generic #48-Ubuntu
  kernel: Hardware name: SOYO SY-YL B550M/SY-YL B550M, BIOS 5.17 05/19/2023
  kernel: Call Trace:
  kernel:  <TASK>
  kernel:  dump_stack_lvl+0x76/0xa0
  kernel:  dump_stack+0x10/0x20
  kernel:  __ubsan_handle_shift_out_of_bounds+0x199/0x370
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ufs_fill_super.cold+0x16/0x1b7 [ufs]
  kernel:  ? sb_set_blocksize+0x1d/0x70
  kernel:  ? __pfx_ufs_fill_super+0x10/0x10 [ufs]
  kernel:  mount_bdev+0xf6/0x140
  kernel:  ufs_mount+0x15/0x30 [ufs]
  kernel:  legacy_get_tree+0x2b/0x60
  kernel:  vfs_get_tree+0x2a/0x100
  kernel:  do_new_mount+0x1a0/0x340
  kernel:  path_mount+0x1e0/0x830
  kernel:  ? putname+0x5b/0x80
  kernel:  __x64_sys_mount+0x127/0x160
  kernel:  x64_sys_call+0x1df5/0x25c0
  kernel:  do_syscall_64+0x7f/0x180
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? syscall_exit_to_user_mode+0x86/0x260
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? do_syscall_64+0x8c/0x180
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? do_syscall_64+0x8c/0x180
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? do_syscall_64+0x8c/0x180
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? irqentry_exit+0x43/0x50
  kernel:  ? srso_return_thunk+0x5/0x5f
  kernel:  ? exc_page_fault+0x94/0x1b0
  kernel:  entry_SYSCALL_64_after_hwframe+0x78/0x80
  kernel: RIP: 0033:0x7b616d52af0e
  kernel: Code: 48 8b 0d 0d 7f 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 
84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff 
ff 73 01 c3 48 8b 0d da 7e 0d 00 f7 d8 64 89 01 48
  kernel: RSP: 002b:00007ffc10c387b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
  kernel: RAX: ffffffffffffffda RBX: 00005d6eb3bc9b00 RCX: 00007b616d52af0e
  kernel: RDX: 00005d6eb3bc9f10 RSI: 00005d6eb3bca1b0 RDI: 00005d6eb3bca3f0
  kernel: RBP: 00007ffc10c38820 R08: 00005d6eb3bca150 R09: 00007ffc10c38890
  kernel: R10: 0000000000000401 R11: 0000000000000246 R12: 00005d6eb3bca3f0
  kernel: R13: 00005d6eb3bca1b0 R14: 00005d6eb3bc9f10 R15: 00005d6eb3bc9c60
  kernel:  </TASK>
  kernel: ---[ end trace ]---

  cat /proc/version_signature
  Ubuntu 6.8.0-48.48-generic 6.8.12

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2087853/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2087853] Re: UFS: uspi->s_3apb UBSAN: shift-out-of-bounds

Reply via email to