syzbot

 sign-in | mailing list | source | docs
🐞 Open [1297]
Subsystems
🐞 Fixed [5494]
🐞 Invalid [13049]
Missing Backports [117]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: array-index-out-of-bounds in dbAdjTree (2)

Status: upstream: reported on 2024/05/18 12:29
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+412dea214d8baa3f7483@syzkaller.appspotmail.com
First crash: 73d, last: 70d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [jfs?] UBSAN: array-index-out-of-bounds in dbAdjTree (2) 0 (1) 2024/05/18 12:29
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: array-index-out-of-bounds in dbAdjTree jfs C error error 41 192d 669d 26/27 fixed on 2024/01/30 15:47
linux-4.14 KASAN: slab-out-of-bounds Read in dbAdjTree C 3 516d 663d 0/1 upstream: reported C repro on 2022/10/03 00:17
linux-4.19 KASAN: use-after-free Read in dbAdjTree C error 5 517d 634d 0/1 upstream: reported C repro on 2022/10/31 14:16

Sample crash report:
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2900:31
index -3 is out of range for type 's8 [1365]'
CPU: 0 PID: 111 Comm: jfsCommit Not tainted 6.9.0-syzkaller-08284-gea5f6ad9ad96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:114
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0x110/0x150 lib/ubsan.c:429
 dbAdjTree+0x383/0x3d0 fs/jfs/jfs_dmap.c:2900
 dbJoin+0x24b/0x2b0 fs/jfs/jfs_dmap.c:2841
 dbFreeBits+0x15c/0x8f0 fs/jfs/jfs_dmap.c:2338
 dbFreeDmap+0x62/0x1b0 fs/jfs/jfs_dmap.c:2087
 dbFree+0x266/0x550 fs/jfs/jfs_dmap.c:409
 txFreeMap+0x788/0xe60 fs/jfs/jfs_txnmgr.c:2515
 xtTruncate+0x1e57/0x2c80 fs/jfs/jfs_xtree.c:2467
 jfs_free_zero_link+0x372/0x4f0 fs/jfs/namei.c:759
 jfs_evict_inode+0x423/0x4b0 fs/jfs/inode.c:153
 evict+0x2f0/0x6c0 fs/inode.c:667
 iput_final fs/inode.c:1741 [inline]
 iput.part.0+0x5a8/0x7f0 fs/inode.c:1767
 iput+0x5c/0x80 fs/inode.c:1757
 txUpdateMap+0xaf3/0xd20 fs/jfs/jfs_txnmgr.c:2367
 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]
 jfs_lazycommit+0x5e6/0xb20 fs/jfs/jfs_txnmgr.c:2733
 kthread+0x2c4/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
---[ end trace ]---

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/17 11:41 upstream ea5f6ad9ad96 c2e07261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: array-index-out-of-bounds in dbAdjTree
2024/05/16 10:54 upstream 3c999d1ae3c7 ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root UBSAN: array-index-out-of-bounds in dbAdjTree
2024/05/14 12:21 upstream a5131c3fdf26 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: array-index-out-of-bounds in dbAdjTree
2024/05/14 12:21 upstream a5131c3fdf26 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: array-index-out-of-bounds in dbAdjTree
* Struck through repros no longer work on HEAD.