Hello, syzbot found the following issue on: HEAD commit: 0a8db05b571a Merge tag 'platform-drivers-x86-v6.5-3' of gi.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=145f2726a80000 kernel config: https://syzkaller.appspot.com/x/.config?x=5d10d93e1ae1f229 dashboard link: https://syzkaller.appspot.com/bug?extid=abb7222a58e4ebc930ad compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/58a518a693f4/disk-0a8db05b.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/22cc85e51a4d/vmlinux-0a8db05b.xz kernel image: https://storage.googleapis.com/syzbot-assets/daeac90304b9/bzImage-0a8db05b.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+abb7222a58e4ebc930ad@xxxxxxxxxxxxxxxxxxxxxxxxx ================================================================================ UBSAN: array-index-out-of-bounds in fs/udf/super.c:1365:9 index 4 is out of range for type '__le32[4]' (aka 'unsigned int[4]') CPU: 0 PID: 10089 Comm: syz-executor.0 Not tainted 6.5.0-rc3-syzkaller-00044-g0a8db05b571a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 udf_load_sparable_map fs/udf/super.c:1365 [inline] udf_load_logicalvol fs/udf/super.c:1457 [inline] udf_process_sequence+0x300d/0x4e70 fs/udf/super.c:1773 udf_load_sequence fs/udf/super.c:1820 [inline] udf_check_anchor_block+0x2a6/0x550 fs/udf/super.c:1855 udf_scan_anchors fs/udf/super.c:1909 [inline] udf_load_vrs+0xa71/0x1100 fs/udf/super.c:1969 udf_fill_super+0x95d/0x23a0 fs/udf/super.c:2147 mount_bdev+0x276/0x3b0 fs/super.c:1391 legacy_get_tree+0xef/0x190 fs/fs_context.c:611 vfs_get_tree+0x8c/0x270 fs/super.c:1519 do_new_mount+0x28f/0xae0 fs/namespace.c:3335 do_mount fs/namespace.c:3675 [inline] __do_sys_mount fs/namespace.c:3884 [inline] __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3861 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f838747e22a Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f838819eee8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f838819ef80 RCX: 00007f838747e22a RDX: 0000000020000100 RSI: 0000000020000200 RDI: 00007f838819ef40 RBP: 0000000020000100 R08: 00007f838819ef80 R09: 0000000000214856 R10: 0000000000214856 R11: 0000000000000202 R12: 0000000020000200 R13: 00007f838819ef40 R14: 0000000000000c1d R15: 0000000020000240 </TASK> ================================================================================ --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to change bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
