syzbot

 sign-in | mailing list | source | docs
🐞 Open [706]
🐞 Fixed [89]
🐞 Invalid [349]
Missing Backports [43]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
💬 Send us feedback

UBSAN: shift-out-of-bounds in dbUpdatePMap

Status: fixed on 2023/09/28 03:03
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+c398d37c5b23e0e0c9ca@syzkaller.appspotmail.com
Fix commit: c7feb54b1138 jfs: jfs_dmap: Validate db_l2nbperpage while mounting
First crash: 453d, last: 412d
Fix bisection: fixed by (bisect log) :
commit c7feb54b113802d2aba98708769d3c33fb017254
Author: Siddh Raman Pant <code@siddh.me>
Date: Tue Jun 20 16:47:00 2023 +0000

  jfs: jfs_dmap: Validate db_l2nbperpage while mounting

  
Bug presence (2)
Date Name Commit Repro Result
2023/06/12 upstream (ToT) 858fd168a95c C [report] UBSAN: shift-out-of-bounds in dbUpdatePMap
2023/07/27 upstream (ToT) 0a8db05b571a C Didn't crash
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 UBSAN: shift-out-of-bounds in dbUpdatePMap C error 2 419d 453d 0/3 auto-obsoleted due to no activity on 2023/10/24 09:05
upstream UBSAN: shift-out-of-bounds in dbUpdatePMap (2) jfs C error error 4 395d 450d 0/27 auto-obsoleted due to no activity on 2023/11/17 21:23
upstream UBSAN: shift-out-of-bounds in dbUpdatePMap jfs C error inconclusive 149 656d 707d 0/27 auto-obsoleted due to no activity on 2023/03/01 17:05
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2023/09/27 23:23 3h37m bisect fix linux-6.1.y OK (1) job log
2023/07/23 00:27 3h52m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
================================================================================
UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:470:12
shift exponent 131072 is too large for 64-bit type 'long long'
CPU: 0 PID: 91 Comm: jfsCommit Not tainted 6.1.33-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_shift_out_of_bounds+0x2f4/0x36c lib/ubsan.c:321
 dbUpdatePMap+0xb74/0xcb8 fs/jfs/jfs_dmap.c:470
 txAllocPMap+0x4a4/0x5e0 fs/jfs/jfs_txnmgr.c:2420
 txUpdateMap+0x6e8/0x8e4 fs/jfs/jfs_txnmgr.c:2358
 txLazyCommit fs/jfs/jfs_txnmgr.c:2659 [inline]
 jfs_lazycommit+0x3a0/0x988 fs/jfs/jfs_txnmgr.c:2727
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
================================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/06/12 03:33 linux-6.1.y 2f3918bc53fb 49519f06 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 UBSAN: shift-out-of-bounds in dbUpdatePMap
* Struck through repros no longer work on HEAD.