syzbot

 sign-in | mailing list | source | docs
🐞 Open [967] Subsystems 🐞 Fixed [4557] 🐞 Invalid [10489] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: use-after-free Read in dbJoin

Status: upstream: reported C repro on 2022/10/10 07:35
Labels: jfs (incorrect?)
Reported-by: syzbot+667a6d667592227b1452@syzkaller.appspotmail.com
First crash: 233d, last: 28d

Cause bisection: failed (error log, bisect log)
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] KASAN: use-after-free Read in dbJoin 0 (2) 2022/11/06 20:02
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 KASAN: use-after-free Read in dbJoin C 2 97d 246d 0/1 upstream: reported C repro on 2022/09/26 07:12
linux-4.19 KASAN: use-after-free Read in dbJoin C error 1 245d 245d 0/1 upstream: reported C repro on 2022/09/26 15:15
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2023/05/01 13:22 44m bisect fix upstream job log (0) log
2023/03/31 17:41 38m bisect fix upstream job log (0) log
2023/03/01 16:31 1h09m bisect fix upstream job log (0) log
2023/01/23 11:44 42m bisect fix upstream job log (0) log

Sample crash report:
================================================================================
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2745:24
index 1426063360 is out of range for type 's8 [1365]'
CPU: 0 PID: 122 Comm: jfsCommit Not tainted 6.1.0-rc3-syzkaller-00288-gb208b9fbbcba #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283
 dbJoin+0x2c7/0x2f0 fs/jfs/jfs_dmap.c:2745
 dbFreeBits+0x50d/0xd40 fs/jfs/jfs_dmap.c:2305
 dbFreeDmap fs/jfs/jfs_dmap.c:2054 [inline]
 dbFree+0x35e/0x660 fs/jfs/jfs_dmap.c:379
 txFreeMap+0x97c/0xd70 fs/jfs/jfs_txnmgr.c:2510
 xtTruncate+0xe74/0x32d0 fs/jfs/jfs_xtree.c:2467
 jfs_free_zero_link+0x3f5/0x680 fs/jfs/namei.c:758
 jfs_evict_inode+0x35a/0x440 fs/jfs/inode.c:153
 evict+0x2a4/0x620 fs/inode.c:664
 txUpdateMap+0x8eb/0xaa0 fs/jfs/jfs_txnmgr.c:2362
 txLazyCommit fs/jfs/jfs_txnmgr.c:2659 [inline]
 jfs_lazycommit+0x488/0xb80 fs/jfs/jfs_txnmgr.c:2727
 kthread+0x266/0x300 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
================================================================================

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2022/11/06 20:01 upstream b208b9fbbcba 6d752409 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbJoin
2022/10/09 08:45 linux-next aaa11ce2ffc8 aea5da89 .config console log report info [disk image] [vmlinux] ci-upstream-linux-next-kasan-gce-root KASAN: use-after-free Read in dbJoin
2022/10/23 14:17 upstream d47136c28015 c0b80a55 .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in dbJoin
2023/01/28 21:56 upstream 5af6ce704936 7374c4e5 .config console log report info ci-qemu-upstream-386 BUG: unable to handle kernel paging request in dbJoin
* Struck through repros no longer work on HEAD.