syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

UBSAN: array-index-out-of-bounds in diNewExt

Status: fixed on 2024/01/30 15:47
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+553d90297e6d2f50dbc7@syzkaller.appspotmail.com
Fix commit: 49f9637aafa6 jfs: fix array-index-out-of-bounds in diNewExt
First crash: 143d, last: 87d
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: BUG: unable to handle kernel paging request in diNewExt (log)
Repro: C syz .config
  
Discussions (9)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 4.19 01/12] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree 6 (6) 2024/01/16 00:28
[PATCH AUTOSEL 5.4 01/12] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree 6 (6) 2024/01/16 00:27
[PATCH AUTOSEL 5.10 01/12] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree 6 (6) 2024/01/16 00:26
[PATCH AUTOSEL 5.15 01/13] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree 6 (6) 2024/01/16 00:25
[PATCH AUTOSEL 6.1 01/14] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree 6 (6) 2024/01/16 00:24
[PATCH AUTOSEL 6.6 01/19] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree 6 (6) 2024/01/16 00:23
[PATCH AUTOSEL 6.7 01/19] FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree 6 (6) 2024/01/16 00:22
[PATCH] jfs: fix array-index-out-of-bounds in diNewExt 4 (4) 2024/01/02 17:10
[syzbot] [jfs?] UBSAN: array-index-out-of-bounds in diNewExt 0 (4) 2023/12/12 00:30
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 UBSAN: array-index-out-of-bounds in diNewExt origin:lts-only C done 2 94d 94d 3/3 fixed on 2024/03/04 11:50
Last patch testing requests (3)
Created Duration User Patch Repo Result
2023/12/12 00:30 32m eadavis@qq.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git bee0e7762ad2 OK log
2023/12/11 12:30 16m eadavis@qq.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git bee0e7762ad2 report log
2023/12/10 07:24 11m eadavis@qq.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git bee0e7762ad2 report log

Sample crash report:
loop0: detected capacity change from 0 to 32768
================================================================================
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2
index -878706688 is out of range for type 'struct iagctl[128]'
CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348
 diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360
 diAllocExt fs/jfs/jfs_imap.c:1949 [inline]
 diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666
 diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587
 ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56
 jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225
 vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106
 do_mkdirat+0x264/0x3a0 fs/namei.c:4129
 __do_sys_mkdir fs/namei.c:4149 [inline]
 __se_sys_mkdir fs/namei.c:4147 [inline]
 __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fcb7e6a0b57
Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57
RDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140
RBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
================================================================================

Crashes (31):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/12/06 06:31 upstream bee0e7762ad2 858d62d1 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in diNewExt
2024/01/23 10:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 1c0ecc51 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2023/12/14 22:53 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci d5b235ec8eab 3222d10c .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/02 16:26 upstream 610a9b8f49fb fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in diNewExt
2023/12/30 13:45 upstream f016f7547aee fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in diNewExt
2023/12/25 06:35 upstream 861deac3b092 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in diNewExt
2023/12/25 00:50 upstream 861deac3b092 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in diNewExt
2023/12/20 14:10 upstream 55cb5f43689d 3ad490ea .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in diNewExt
2023/12/19 11:33 upstream 2cf4f94d8e86 3ad490ea .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in diNewExt
2023/12/19 11:18 upstream 2cf4f94d8e86 3ad490ea .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in diNewExt
2023/12/06 06:04 upstream bee0e7762ad2 858d62d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in diNewExt
2024/01/30 13:52 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 7f400fcb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/30 11:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 991a98f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/30 02:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 991a98f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/29 14:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 991a98f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/28 21:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/28 13:58 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/28 09:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/28 05:16 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/28 05:03 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/27 09:03 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/26 17:33 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/26 08:49 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/25 20:01 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/25 18:49 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/25 17:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/25 10:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 1e153dc8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/25 05:08 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 1e153dc8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/23 17:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 1e153dc8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2024/01/23 08:20 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 1c0ecc51 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
2023/12/22 08:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci aafe7ad77b91 4f9530a3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in diNewExt
* Struck through repros no longer work on HEAD.