syzbot

 sign-in | mailing list | source | docs
🐞 Open [701]
🐞 Fixed [78]
🐞 Invalid [280]
Missing Backports [52]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
💬 Send us feedback

UBSAN: array-index-out-of-bounds in dbJoin

Status: upstream: reported C repro on 2024/05/14 08:42
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+815a5691fe6de3cdb492@syzkaller.appspotmail.com
First crash: 73d, last: 4d13h
Bug presence (1)
Date Name Commit Repro Result
2024/05/14 upstream (ToT) a5131c3fdf26 C [report] UBSAN: array-index-out-of-bounds in dbJoin
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in dbJoin jfs C error 152 18h25m 656d 0/27 upstream: reported C repro on 2022/10/10 07:35
linux-5.15 UBSAN: array-index-out-of-bounds in dbJoin origin:upstream C 5 31d 80d 0/3 upstream: reported C repro on 2024/05/08 02:35
linux-4.14 KASAN: use-after-free Read in dbJoin C 2 521d 670d 0/1 upstream: reported C repro on 2022/09/26 07:12
linux-4.19 KASAN: use-after-free Read in dbJoin C error 1 669d 669d 0/1 upstream: reported C repro on 2022/09/26 15:15
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2024/06/25 04:07 1h18m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
================================================================================
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2778:24
index 4294967295 is out of range for type 's8[1365]' (aka 'signed char[1365]')
CPU: 1 PID: 133 Comm: jfsCommit Not tainted 6.1.90-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_out_of_bounds+0x118/0x140 lib/ubsan.c:282
 dbJoin+0x2e9/0x310 fs/jfs/jfs_dmap.c:2778
 dbFreeBits+0x4ef/0xdb0 fs/jfs/jfs_dmap.c:2338
 dbFreeDmap fs/jfs/jfs_dmap.c:2087 [inline]
 dbFree+0x357/0x670 fs/jfs/jfs_dmap.c:409
 txFreeMap+0x966/0xd50 fs/jfs/jfs_txnmgr.c:2515
 xtTruncate+0xe58/0x3260 fs/jfs/jfs_xtree.c:2467
 jfs_free_zero_link+0x46a/0x6e0 fs/jfs/namei.c:758
 jfs_evict_inode+0x35b/0x440 fs/jfs/inode.c:153
 evict+0x2a4/0x620 fs/inode.c:666
 txUpdateMap+0x825/0x9e0 fs/jfs/jfs_txnmgr.c:2367
 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]
 jfs_lazycommit+0x476/0xb60 fs/jfs/jfs_txnmgr.c:2732
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
================================================================================

Crashes (16):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/14 13:58 linux-6.1.y 909ba1f1b414 fdb4c10c .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/07/22 18:17 linux-6.1.y 9b3f9a5b12dc df655b64 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/07/10 14:14 linux-6.1.y 7753af06eebf bc144f9a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/07/10 14:13 linux-6.1.y 7753af06eebf bc144f9a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/07/10 14:13 linux-6.1.y 7753af06eebf bc144f9a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/07/10 14:12 linux-6.1.y 7753af06eebf bc144f9a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/07/10 14:03 linux-6.1.y 7753af06eebf bc144f9a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/07/10 14:03 linux-6.1.y 7753af06eebf bc144f9a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/07/10 14:03 linux-6.1.y 7753af06eebf bc144f9a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/07/10 00:31 linux-6.1.y 7753af06eebf 79d68ada .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/07/10 00:30 linux-6.1.y 7753af06eebf 79d68ada .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/07/10 00:30 linux-6.1.y 7753af06eebf 79d68ada .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/05/17 06:24 linux-6.1.y 909ba1f1b414 c2e07261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/05/17 06:24 linux-6.1.y 909ba1f1b414 c2e07261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/05/17 06:24 linux-6.1.y 909ba1f1b414 c2e07261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
2024/05/14 08:42 linux-6.1.y 909ba1f1b414 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan UBSAN: array-index-out-of-bounds in dbJoin
* Struck through repros no longer work on HEAD.