syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12516] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work

Status: fixed on 2023/10/12 12:48
Subsystems: xfs
[Documentation on labels]
Reported-by: syzbot+510dcbdc6befa1e6b2f6@syzkaller.appspotmail.com
Fix commit: a49bbce58ea9 xfs: convert flex-array declarations in xfs attr leaf blocks
First crash: 318d, last: 275d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: fixed by (bisect log) :
commit a49bbce58ea90b14d4cb1d00681023a8606955f2
Author: Darrick J. Wong <djwong@kernel.org>
Date: Mon Jul 10 16:12:20 2023 +0000

  xfs: convert flex-array declarations in xfs attr leaf blocks

  
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] [xfs?] UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work 5 (7) 2023/09/30 20:35
[syzbot] Monthly xfs report (Aug 2023) 0 (1) 2023/08/07 08:36
Last patch testing requests (3)
Created Duration User Patch Repo Result
2023/08/27 23:19 30m retest repro upstream OK log
2023/08/27 23:19 32m retest repro linux-next OK log
2023/07/25 02:52 19m mukattreyee@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK log
Cause bisection attempts (2)
Created Duration User Patch Repo Result
2023/09/17 05:03 12h10m bisect upstream error job log (0)
2023/06/14 23:47 0m bisect linux-next error job log (0)
marked invalid by nogikh@google.com

Sample crash report:
xfs filesystem being mounted at /root/file0 supports timestamps until 2038-01-19 (0x7fffffff)
================================================================================
UBSAN: array-index-out-of-bounds in fs/xfs/libxfs/xfs_attr_leaf.c:1560:3
index 7 is out of range for type '__u8 [1]'
CPU: 0 PID: 4990 Comm: syz-executor217 Not tainted 6.4.0-syzkaller-10062-gf8566aa4f176 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x136/0x150 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_out_of_bounds+0xd5/0x140 lib/ubsan.c:348
 xfs_attr3_leaf_add_work+0x1528/0x1730 fs/xfs/libxfs/xfs_attr_leaf.c:1560
 xfs_attr3_leaf_add+0x750/0x880 fs/xfs/libxfs/xfs_attr_leaf.c:1438
 xfs_attr_leaf_try_add+0x1b7/0x660 fs/xfs/libxfs/xfs_attr.c:1242
 xfs_attr_leaf_addname fs/xfs/libxfs/xfs_attr.c:444 [inline]
 xfs_attr_set_iter+0x16c4/0x2f90 fs/xfs/libxfs/xfs_attr.c:721
 xfs_xattri_finish_update+0x3c/0x140 fs/xfs/xfs_attr_item.c:332
 xfs_attr_finish_item+0x6d/0x280 fs/xfs/xfs_attr_item.c:463
 xfs_defer_finish_one fs/xfs/libxfs/xfs_defer.c:481 [inline]
 xfs_defer_finish_noroll+0x93b/0x1ee0 fs/xfs/libxfs/xfs_defer.c:565
 __xfs_trans_commit+0x566/0xe20 fs/xfs/xfs_trans.c:972
 xfs_attr_set+0x12e5/0x2220 fs/xfs/libxfs/xfs_attr.c:1083
 xfs_initxattrs+0x147/0x1f0 fs/xfs/xfs_iops.c:65
 security_inode_init_security+0x1c8/0x370 security/security.c:1630
 xfs_inode_init_security fs/xfs/xfs_iops.c:84 [inline]
 xfs_generic_create+0x2bc/0x790 fs/xfs/xfs_iops.c:210
 lookup_open.isra.0+0x1050/0x1400 fs/namei.c:3492
 open_last_lookups fs/namei.c:3560 [inline]
 path_openat+0x969/0x2710 fs/namei.c:3790
 do_filp_open+0x1ba/0x410 fs/namei.c:3820
 do_sys_openat2+0x160/0x1c0 fs/open.c:1407
 do_sys_open fs/open.c:1422 [inline]
 __do_sys_openat fs/open.c:1438 [inline]
 __se_sys_openat fs/open.c:1433 [inline]
 __x64_sys_openat+0x143/0x1f0 fs/open.c:1433
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fefc5f5d7a9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff817ac9c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fefc5f5d7a9
RDX: 0000000000141842 RSI: 0000000020000380 RDI: 00000000ffffff9c
RBP: 00007fefc5f1d040 R08: 000000000000bb73 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fefc5f1d0d0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
================================================================================

Crashes (1923):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/07/02 04:34 upstream f8566aa4f176 bfc47836 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-selinux-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/06/14 03:29 linux-next 1f6ce8392d6f d2ee9228 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/21 10:54 upstream 46670259519f 28847498 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/20 16:25 upstream bfa3037d8280 d922ca7e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/20 04:57 upstream bfa3037d8280 4547cdf9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/20 03:40 upstream bfa3037d8280 4547cdf9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/20 03:22 upstream bfa3037d8280 4547cdf9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/20 03:00 upstream bfa3037d8280 4547cdf9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/20 01:34 upstream bfa3037d8280 4547cdf9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/19 23:46 upstream bfa3037d8280 4547cdf9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/19 18:59 upstream ccff6d117d8d 4547cdf9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/19 17:28 upstream ccff6d117d8d 022df2bb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/19 12:15 upstream ccff6d117d8d 022df2bb .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/19 10:55 upstream ccff6d117d8d 022df2bb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/19 04:51 upstream 74f1456c4a5f 022df2bb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/19 04:32 upstream 74f1456c4a5f 022df2bb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/19 03:09 upstream 74f1456c4a5f 022df2bb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/18 12:40 upstream fdf0eaf11452 20f8b3c2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/18 11:03 upstream fdf0eaf11452 20f8b3c2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/17 16:21 upstream fdf0eaf11452 e5f10889 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/17 03:43 upstream 20edcec23f92 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/17 02:43 upstream 20edcec23f92 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/17 01:34 upstream 20edcec23f92 35d9ecc5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/17 00:38 upstream 20edcec23f92 35d9ecc5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/17 00:13 upstream 20edcec23f92 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/16 17:30 upstream 831fe284d827 35d9ecc5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/16 13:27 upstream 831fe284d827 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/16 12:23 upstream 831fe284d827 35d9ecc5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/15 20:33 upstream b6e6cc1f78c7 35d9ecc5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/15 19:31 upstream b6e6cc1f78c7 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/15 14:55 upstream b6e6cc1f78c7 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/15 09:57 upstream 2772d7df3c93 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/17 23:48 upstream fdf0eaf11452 20f8b3c2 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/16 23:16 upstream 20edcec23f92 35d9ecc5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/16 19:11 upstream 831fe284d827 35d9ecc5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/16 12:16 upstream 831fe284d827 35d9ecc5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/16 12:16 upstream 831fe284d827 35d9ecc5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/16 09:24 upstream 831fe284d827 35d9ecc5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/15 17:25 upstream b6e6cc1f78c7 35d9ecc5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/15 14:55 upstream b6e6cc1f78c7 35d9ecc5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/17 22:01 linux-next 2205be537aeb e5f10889 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/16 22:31 linux-next 7c2878be5732 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/27 08:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05d881b85b48 41fe1bae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/27 06:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05d881b85b48 41fe1bae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/27 06:27 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05d881b85b48 41fe1bae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/27 04:52 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05d881b85b48 41fe1bae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/27 02:58 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05d881b85b48 41fe1bae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/27 00:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05d881b85b48 41fe1bae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/26 22:52 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05d881b85b48 41fe1bae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/26 21:49 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05d881b85b48 41fe1bae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/26 21:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05d881b85b48 41fe1bae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
2023/07/26 19:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05d881b85b48 41fe1bae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
* Struck through repros no longer work on HEAD.