syzbot

 sign-in | mailing list | source | docs
🐞 Open [870] Subsystems 🐞 Fixed [4877] 🐞 Invalid [11670] Missing Backports [69] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

UBSAN: shift-out-of-bounds in dbJoin

Status: upstream: reported C repro on 2022/10/10 07:16
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+411debe54d318eaed386@syzkaller.appspotmail.com
Fix commit: jfs: fix shift-out-of-bounds in dbJoin
Patched on: [ci-upstream-linux-next-kasan-gce-root], missing on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 423d, last: 37d
Cause bisection: failed (error log, bisect log)
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] jfs: fix shift-out-of-bounds in dbJoin 4 (4) 2023/11/01 15:57
[syzbot] UBSAN: shift-out-of-bounds in dbJoin 0 (1) 2022/10/10 07:16
Last patch testing requests (6)
Created Duration User Patch Repo Result
2023/10/29 15:58 16m retest repro upstream report log
2023/10/11 14:15 21m ghandatmanas@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK log
2023/10/11 13:38 10m ghandatmanas@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master report log
2023/09/22 09:08 10m ghandatmanas@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master report log
2023/09/06 07:26 10m retest repro upstream report log
2023/08/23 06:35 45m retest repro linux-next report log
Fix bisection attempts (8)
Created Duration User Patch Repo Result
2023/10/15 11:19 1h15m bisect fix upstream job log (0) log
2023/08/07 04:50 1h16m bisect fix upstream job log (0) log
2023/06/25 13:48 33m bisect fix upstream job log (0) log
2023/05/26 04:45 20m bisect fix upstream job log (0) log
2023/04/25 21:57 32m bisect fix upstream job log (0) log
2023/03/26 19:30 2h01m bisect fix upstream job log (0) log
2023/02/24 08:31 21m bisect fix upstream job log (0) log
2023/01/25 07:54 37m bisect fix upstream job log (0) log

Sample crash report:
================================================================================
UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:2760:11
shift exponent 78 is too large for 32-bit type 'int'
CPU: 1 PID: 119 Comm: jfsCommit Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 ubsan_epilogue+0xb/0x50 lib/ubsan.c:151
 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 lib/ubsan.c:322
 dbJoin.cold+0x19/0x1e fs/jfs/jfs_dmap.c:2760
 dbAdjCtl+0x703/0x900 fs/jfs/jfs_dmap.c:2500
 dbFreeDmap+0xd3/0x1a0 fs/jfs/jfs_dmap.c:2064
 dbFree+0x250/0x540 fs/jfs/jfs_dmap.c:379
 txFreeMap+0x70a/0xd70 fs/jfs/jfs_txnmgr.c:2510
 xtTruncate+0x1d2a/0x2720 fs/jfs/jfs_xtree.c:2467
 jfs_free_zero_link+0x33b/0x4a0 fs/jfs/namei.c:758
 jfs_evict_inode+0x40f/0x4a0 fs/jfs/inode.c:153
 evict+0x2ed/0x6b0 fs/inode.c:664
 iput_final fs/inode.c:1747 [inline]
 iput.part.0+0x55d/0x810 fs/inode.c:1773
 iput+0x58/0x70 fs/inode.c:1763
 txUpdateMap+0x97c/0xc50 fs/jfs/jfs_txnmgr.c:2362
 txLazyCommit fs/jfs/jfs_txnmgr.c:2659 [inline]
 jfs_lazycommit+0x5bb/0xaa0 fs/jfs/jfs_txnmgr.c:2727
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
================================================================================

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/10/15 13:34 upstream 55be6084c8e0 67cb024c .config strace log report syz C [disk image] [vmlinux] [mounted in repro] ci-upstream-kasan-gce-root UBSAN: shift-out-of-bounds in dbJoin
2022/10/08 19:46 upstream 62e6e5940c0c aea5da89 .config strace log report syz C [disk image] [vmlinux] [mounted in repro] ci2-upstream-fs UBSAN: shift-out-of-bounds in dbJoin
2022/11/12 21:27 linux-next f8f60f322f06 3ead01ad .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root UBSAN: shift-out-of-bounds in dbJoin
* Struck through repros no longer work on HEAD.