syzbot


UBSAN: array-index-out-of-bounds in xtLookup

Status: upstream: reported on 2024/04/27 16:26
Reported-by: syzbot+d096957e6d0093838223@syzkaller.appspotmail.com
First crash: 52d, last: 52d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 UBSAN: array-index-out-of-bounds in xtLookup origin:upstream missing-backport C inconclusive 1 350d 350d 0/3 upstream: reported C repro on 2023/07/04 11:41
upstream UBSAN: array-index-out-of-bounds in xtLookup jfs 3 552d 590d 0/27 auto-obsoleted due to no activity on 2023/04/14 02:21

Sample crash report:
================================================================================
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_xtree.c:179:9
index 19 is out of range for type 'xad_t[18]' (aka 'struct xad[18]')
CPU: 1 PID: 5896 Comm: syz-executor.1 Not tainted 6.1.88-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_out_of_bounds+0xfc/0x148 lib/ubsan.c:282
 xtLookup+0x70c/0x710 fs/jfs/jfs_xtree.c:179
 extHint+0x200/0x544 fs/jfs/jfs_extent.c:215
 jfs_get_block+0x2e4/0xb98 fs/jfs/inode.c:246
 __block_write_begin_int+0x340/0x13b4 fs/buffer.c:1991
 __block_write_begin fs/buffer.c:2041 [inline]
 block_write_begin+0x98/0x11c fs/buffer.c:2102
 jfs_write_begin+0x44/0x88 fs/jfs/inode.c:304
 generic_perform_write+0x278/0x55c mm/filemap.c:3817
 __generic_file_write_iter+0x168/0x388 mm/filemap.c:3945
 generic_file_write_iter+0xb8/0x2b4 mm/filemap.c:3977
 call_write_iter include/linux/fs.h:2265 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x610/0x914 fs/read_write.c:584
 ksys_write+0x15c/0x26c fs/read_write.c:637
 __do_sys_write fs/read_write.c:649 [inline]
 __se_sys_write fs/read_write.c:646 [inline]
 __arm64_sys_write+0x7c/0x90 fs/read_write.c:646
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
================================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/27 16:25 linux-6.1.y f2295faba5e8 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 UBSAN: array-index-out-of-bounds in xtLookup
* Struck through repros no longer work on HEAD.