syzbot

 sign-in | mailing list | source | docs
🐞 Open [1593]
Subsystems
🐞 Fixed [6264]
🐞 Invalid [15878]
Missing Backports [186]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: shift-out-of-bounds in dbJoin

Status: fixed on 2024/01/30 15:47
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+411debe54d318eaed386@syzkaller.appspotmail.com
Fix commit: cca974daeb6c jfs: fix shift-out-of-bounds in dbJoin
First crash: 965d, last: 579d
Cause bisection: failed (error log, bisect log)
  
Discussions (9)
Title Replies (including bot) Last reply
[PATCH] jfs: fix shift-out-of-bounds in dbJoin 11 (11) 2024/01/29 22:13
[PATCH AUTOSEL 4.19 01/12] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree 6 (6) 2024/01/16 00:28
[PATCH AUTOSEL 5.4 01/12] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree 6 (6) 2024/01/16 00:27
[PATCH AUTOSEL 5.10 01/12] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree 6 (6) 2024/01/16 00:26
[PATCH AUTOSEL 5.15 01/13] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree 6 (6) 2024/01/16 00:25
[PATCH AUTOSEL 6.1 01/14] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree 6 (6) 2024/01/16 00:24
[PATCH AUTOSEL 6.6 01/19] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree 6 (6) 2024/01/16 00:23
[PATCH AUTOSEL 6.7 01/19] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree 6 (6) 2024/01/16 00:22
[syzbot] UBSAN: shift-out-of-bounds in dbJoin 0 (1) 2022/10/10 07:16
Last patch testing requests (6)
Created Duration User Patch Repo Result
2023/10/29 15:58 16m retest repro upstream report log
2023/10/11 14:15 21m ghandatmanas@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK log
2023/10/11 13:38 10m ghandatmanas@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master report log
2023/09/22 09:08 10m ghandatmanas@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master report log
2023/09/06 07:26 10m retest repro upstream report log
2023/08/23 06:35 45m retest repro linux-next report log
Fix bisection attempts (8)
Created Duration User Patch Repo Result
2023/10/15 11:19 1h15m bisect fix upstream OK (0) job log log
2023/08/07 04:50 1h16m bisect fix upstream OK (0) job log log
2023/06/25 13:48 33m bisect fix upstream OK (0) job log log
2023/05/26 04:45 20m bisect fix upstream OK (0) job log log
2023/04/25 21:57 32m bisect fix upstream OK (0) job log log
2023/03/26 19:30 2h01m bisect fix upstream OK (0) job log log
2023/02/24 08:31 21m bisect fix upstream OK (0) job log log
2023/01/25 07:54 37m bisect fix upstream OK (0) job log log

Sample crash report:
================================================================================
UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:2760:11
shift exponent 78 is too large for 32-bit type 'int'
CPU: 1 PID: 119 Comm: jfsCommit Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 ubsan_epilogue+0xb/0x50 lib/ubsan.c:151
 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 lib/ubsan.c:322
 dbJoin.cold+0x19/0x1e fs/jfs/jfs_dmap.c:2760
 dbAdjCtl+0x703/0x900 fs/jfs/jfs_dmap.c:2500
 dbFreeDmap+0xd3/0x1a0 fs/jfs/jfs_dmap.c:2064
 dbFree+0x250/0x540 fs/jfs/jfs_dmap.c:379
 txFreeMap+0x70a/0xd70 fs/jfs/jfs_txnmgr.c:2510
 xtTruncate+0x1d2a/0x2720 fs/jfs/jfs_xtree.c:2467
 jfs_free_zero_link+0x33b/0x4a0 fs/jfs/namei.c:758
 jfs_evict_inode+0x40f/0x4a0 fs/jfs/inode.c:153
 evict+0x2ed/0x6b0 fs/inode.c:664
 iput_final fs/inode.c:1747 [inline]
 iput.part.0+0x55d/0x810 fs/inode.c:1773
 iput+0x58/0x70 fs/inode.c:1763
 txUpdateMap+0x97c/0xc50 fs/jfs/jfs_txnmgr.c:2362
 txLazyCommit fs/jfs/jfs_txnmgr.c:2659 [inline]
 jfs_lazycommit+0x5bb/0xaa0 fs/jfs/jfs_txnmgr.c:2727
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
================================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/10/15 13:34 upstream 55be6084c8e0 67cb024c .config strace log report syz C [disk image] [vmlinux] [mounted in repro] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in dbJoin
2022/10/08 19:46 upstream 62e6e5940c0c aea5da89 .config strace log report syz C [disk image] [vmlinux] [mounted in repro] ci2-upstream-fs UBSAN: shift-out-of-bounds in dbJoin
2022/11/12 21:27 linux-next f8f60f322f06 3ead01ad .config strace log report syz C [mounted in repro] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in dbJoin
* Struck through repros no longer work on HEAD.