UBSAN: shift-out-of-bounds in xas

Title	Replies (including bot)	Last reply
[syzbot] [mm?] [bcachefs?] KASAN: slab-out-of-bounds Read in folio_try_get	2 (3)	2025/02/14 20:57
[syzbot] [mm?] [bcachefs?] UBSAN: shift-out-of-bounds in xas_create	0 (1)	2025/02/04 15:33

Title

Replies (including bot)

Last reply

[syzbot] [mm?] [bcachefs?] KASAN: slab-out-of-bounds Read in folio_try_get

2 (3)

2025/02/14 20:57

[syzbot] [mm?] [bcachefs?] UBSAN: shift-out-of-bounds in xas_create

0 (1)

2025/02/04 15:33


Created	Duration	User	Repo	Result
2025/05/16 19:28	20m	retest repro	upstream	OK log
2025/05/16 19:28	20m	retest repro	upstream	OK log
2025/05/16 19:28	20m	retest repro	upstream	OK log
2025/05/16 19:28	20m	retest repro	upstream	OK log
2025/03/24 17:43	21m	retest repro	upstream	OK log
2025/03/02 08:10	24m	retest repro	upstream	report log
2025/03/02 08:10	22m	retest repro	upstream	report log
2025/03/02 08:10	18m	retest repro	upstream	report log
2025/03/02 08:10	24m	retest repro	upstream	report log

------------[ cut here ]------------ UBSAN: shift-out-of-bounds in lib/xarray.c:147:16 shift exponent 128 is too large for 64-bit type 'unsigned long' CPU: 0 UID: 0 PID: 82 Comm: kswapd1 Not tainted 6.14.0-rc6-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 get_offset lib/xarray.c:147 [inline] xas_descend lib/xarray.c:207 [inline] xas_create+0x1832/0x1ae0 lib/xarray.c:695 xas_store+0x96/0x1870 lib/xarray.c:794 __xa_store+0x1e0/0x380 lib/xarray.c:1570 xa_store+0x34/0x50 lib/xarray.c:1601 zswap_store_page mm/zswap.c:1465 [inline] zswap_store+0x1024/0x1c20 mm/zswap.c:1571 swap_writepage+0x647/0xce0 mm/page_io.c:278 pageout mm/vmscan.c:696 [inline] shrink_folio_list+0x35c2/0x5ac0 mm/vmscan.c:1402 evict_folios+0x45fd/0x56a0 mm/vmscan.c:4660 try_to_shrink_lruvec+0x713/0x9b0 mm/vmscan.c:4821 shrink_one+0x3b9/0x850 mm/vmscan.c:4866 shrink_many mm/vmscan.c:4929 [inline] lru_gen_shrink_node mm/vmscan.c:5007 [inline] shrink_node+0x379b/0x3e20 mm/vmscan.c:5978 kswapd_shrink_node mm/vmscan.c:6807 [inline] balance_pgdat mm/vmscan.c:6999 [inline] kswapd+0x20f3/0x3b10 mm/vmscan.c:7264 kthread+0x7a9/0x920 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> ---[ end trace ]---

Crashes (5):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Assets (help?)	Manager	Title
2025/03/10 16:33	upstream	80e54e84911a	16256247	.config	console log	report	syz / log		[disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro]	ci-snapshot-upstream-root	UBSAN: shift-out-of-bounds in xas_create
2025/02/16 08:07	upstream	ad1b832bf1cf	40a34ec9	.config	console log	report	syz / log		[disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro]	ci-snapshot-upstream-root	UBSAN: shift-out-of-bounds in xas_create
2025/02/12 15:21	upstream	09fbf3d50205	b27c2402	.config	console log	report	syz / log		[disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro]	ci-snapshot-upstream-root	UBSAN: shift-out-of-bounds in xas_create
2025/02/04 14:33	upstream	0de63bb7d919	8f267cef	.config	console log	report	syz / log	C	[disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro]	ci-snapshot-upstream-root	UBSAN: shift-out-of-bounds in xas_create
2025/01/31 23:52	upstream	69e858e0b8b2	aa47157c	.config	console log	report	syz / log		[disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro]	ci-snapshot-upstream-root	UBSAN: shift-out-of-bounds in xas_create

Crashes (5):

Assets (help?)