syzbot


KASAN: slab-out-of-bounds Read in dtSearch

Status: fixed on 2024/02/13 12:02
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+9924e2a08d9ba0fd4ce2@syzkaller.appspotmail.com
Fix commit: 6f861765464f fs: Block writes to mounted block devices
First crash: 808d, last: 345d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: fixed by (bisect log) :
commit 6f861765464f43a71462d52026fbddfc858239a5
Author: Jan Kara <jack@suse.cz>
Date: Wed Nov 1 17:43:10 2023 +0000

  fs: Block writes to mounted block devices

  
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] KASAN: slab-out-of-bounds Read in dtSearch 1 (3) 2024/02/07 08:40
[PATCH] jfs: fix slab-out-of-bounds Read in dtSearch 3 (3) 2023/10/24 12:00
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 KASAN: slab-out-of-bounds Read in dtSearch jfs C 2 651d 809d 0/1 upstream: reported C repro on 2022/09/24 21:35
upstream KASAN: slab-use-after-free Read in dtSearch jfs C inconclusive 226 9h12m 227d 0/28 upstream: reported C repro on 2024/04/29 00:37
linux-6.1 KASAN: slab-out-of-bounds Read in dtSearch (2) origin:upstream C 4 2d18h 2d21h 0/3 upstream: reported C repro on 2024/12/09 07:03
linux-5.15 KASAN: slab-out-of-bounds Read in dtSearch origin:upstream C error 57 4d23h 227d 0/3 upstream: reported C repro on 2024/04/28 11:04
linux-6.1 KASAN: slab-out-of-bounds Read in dtSearch 5 108d 171d 0/3 auto-obsoleted due to no activity on 2024/12/03 23:18
linux-4.19 KASAN: slab-out-of-bounds Read in dtSearch C error 1 809d 809d 0/1 upstream: reported C repro on 2022/09/24 21:36
Last patch testing requests (13)
Created Duration User Patch Repo Result
2024/01/24 04:48 18m retest repro upstream OK log
2024/01/24 04:48 16m retest repro upstream OK log
2024/01/16 01:44 22m retest repro upstream OK log
2024/01/16 01:44 20m retest repro upstream OK log
2024/01/15 22:56 23m retest repro linux-next OK log
2024/01/15 22:56 21m retest repro linux-next OK log
2024/01/15 22:32 20m retest repro upstream OK log
2023/12/21 08:58 22m retest repro upstream report log
2023/12/21 08:58 17m retest repro upstream report log
2023/12/21 08:52 10m retest repro upstream report log
2023/10/25 05:19 22m ghandatmanas@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK log
2023/10/16 16:31 39m ghandatmanas@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK log
2023/10/16 15:26 32m ghandatmanas@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master report log
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2024/02/06 10:08 4h40m bisect fix upstream OK (1) job log
2023/06/19 04:50 37m bisect fix upstream OK (0) job log log
2023/05/19 06:35 25m bisect fix upstream OK (0) job log log
2023/04/19 01:53 25m bisect fix upstream OK (0) job log log

Sample crash report:
loop0: detected capacity change from 0 to 32768
================================================================================
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:3392:30
index -1 is out of range for type 'struct dtslot[128]'
CPU: 0 PID: 5063 Comm: syz-executor202 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348
 ciCompare fs/jfs/jfs_dtree.c:3392 [inline]
 dtSearch+0x16d7/0x24d0 fs/jfs/jfs_dtree.c:639
 jfs_lookup+0x17f/0x410 fs/jfs/namei.c:1461
 lookup_open fs/namei.c:3455 [inline]
 open_last_lookups fs/namei.c:3546 [inline]
 path_openat+0x1010/0x3290 fs/namei.c:3776
 do_filp_open+0x234/0x490 fs/namei.c:3809
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1440
 do_sys_open fs/open.c:1455 [inline]
 __do_sys_open fs/open.c:1463 [inline]
 __se_sys_open fs/open.c:1459 [inline]
 __x64_sys_open+0x225/0x270 fs/open.c:1459
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fed4e85e639
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcf8f54ee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007ffcf8f550c8 RCX: 00007fed4e85e639
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180
RBP: 00007fed4e8d7610 R08: 0000000000005e05 R09: 0000000000000000
R10: 00007ffcf8f54db0 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffcf8f550b8 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
================================================================================

Crashes (33):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/12/07 03:11 upstream bee0e7762ad2 e3299f55 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in dtSearch
2023/06/23 18:34 upstream 8a28a0b6f1a1 09ffe269 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in dtSearch
2023/02/22 10:22 upstream 4a7d37e824f5 42a4d508 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root KASAN: slab-out-of-bounds Read in dtSearch
2022/09/25 08:46 upstream 1a61b828566f 0042f2b4 .config strace log report syz C [disk image] [vmlinux] ci-upstream-kasan-gce-root KASAN: slab-out-of-bounds Read in dtSearch
2023/03/20 01:41 linux-next 6f08c1de13a9 7939252e .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root KASAN: slab-out-of-bounds Read in dtSearch
2022/10/24 07:22 linux-next 4d48f589d294 23bf86af .config strace log report syz C [disk image] [vmlinux] [mounted in repro] ci-upstream-linux-next-kasan-gce-root KASAN: slab-out-of-bounds Read in dtSearch
2023/12/07 08:41 upstream bee0e7762ad2 e3299f55 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2023/08/23 03:41 upstream 53663f4103ff b81ca3f6 .config strace log report syz C [mounted in repro] ci-upstream-kasan-gce-selinux-root UBSAN: array-index-out-of-bounds in dtSearch
2023/01/01 06:51 upstream c8451c141e07 ab32d508 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2022/09/25 09:32 upstream 3db61221f4e8 0042f2b4 .config strace log report syz C ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2023/01/29 16:11 upstream c96618275234 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-out-of-bounds Read in dtSearch
2024/01/01 21:39 upstream 610a9b8f49fb fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSearch
2023/12/07 02:45 upstream bee0e7762ad2 e3299f55 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in dtSearch
2023/10/16 07:16 upstream 58720809f527 6388bc36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSearch
2023/11/24 11:42 upstream f1a09972a45a 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in dtSearch
2023/01/29 16:21 upstream c96618275234 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2023/01/29 16:12 upstream c96618275234 9dfcf09c .config console log report info ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in dtSearch
2022/11/18 16:31 upstream 84368d882b96 5bb70014 .config console log report info ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2022/11/13 03:37 upstream fef7fd48922d f42ee5d8 .config console log report info ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2022/10/28 09:20 upstream b229b6ca5abb 5c716ff6 .config console log report info ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2022/10/28 00:28 upstream b229b6ca5abb 5c716ff6 .config console log report info ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2022/10/26 04:30 upstream 1a2dcbdde82e 2159e4d2 .config console log report info ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2022/10/24 23:02 upstream 247f34f7b803 faae2fda .config console log report info [disk image] [vmlinux] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2022/10/23 05:40 upstream 4da34b7d175d c0b80a55 .config console log report info [disk image] [vmlinux] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2022/10/20 13:01 upstream 493ffd6605b2 b31320fc .config console log report info [disk image] [vmlinux] ci2-upstream-fs KASAN: use-after-free Read in dtSearch
2022/10/20 09:20 upstream 493ffd6605b2 b31320fc .config console log report info [disk image] [vmlinux] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2022/10/17 19:27 upstream 493ffd6605b2 94744d21 .config console log report info ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2022/10/15 05:48 upstream 493ffd6605b2 67cb024c .config console log report info ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2022/10/15 02:16 upstream 493ffd6605b2 67cb024c .config console log report info ci2-upstream-fs KASAN: use-after-free Read in dtSearch
2022/10/03 10:44 upstream a962b54e162c feb56351 .config console log report info [disk image] [vmlinux] ci2-upstream-fs KASAN: use-after-free Read in dtSearch
2023/07/22 16:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e40939bbfc68 27cbe77f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSearch
2022/12/30 19:32 https://github.com/google/kmsan.git master 5c6259d6d19f 44712fbc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in dtSearch
2022/12/28 02:38 https://github.com/google/kmsan.git master 5c6259d6d19f 44712fbc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386 KMSAN: uninit-value in dtSearch
* Struck through repros no longer work on HEAD.