syzbot

 sign-in | mailing list | source | docs
🐞 Open [1217]
Subsystems
🐞 Fixed [5619]
🐞 Invalid [13498]
Missing Backports [100]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: array-index-out-of-bounds in dbSplit

Status: upstream: reported C repro on 2024/07/26 05:45
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+dca05492eff41f604890@syzkaller.appspotmail.com
Fix commit: jfs: check if leafidx greater than num leaves per dmap tree
Patched on: [ci-upstream-linux-next-kasan-gce-root], missing on: [ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 47d, last: 8d00h
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: lost connection to test machine (log)
Repro: C syz .config
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] jfs: check if dmt_leafidx is less than zero 6 (6) 2024/08/27 16:23
[syzbot] [jfs?] UBSAN: array-index-out-of-bounds in dbSplit 2 (5) 2024/07/27 01:32
Last patch testing requests (2)
Created Duration User Patch Repo Result
2024/07/27 01:08 22m eadavis@qq.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 7846b618e0a4 OK log
2024/07/26 13:40 15m eadavis@qq.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 7846b618e0a4 report log

Sample crash report:
loop0: detected capacity change from 0 to 32768
loop0: detected capacity change from 32768 to 32745
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2628:27
index 4294967295 is out of range for type 's8[1365]' (aka 'signed char[1365]')
CPU: 0 PID: 5087 Comm: syz-executor157 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429
 dbSplit+0x1fd/0x220 fs/jfs/jfs_dmap.c:2628
 dbAllocBits+0x4e5/0x9a0 fs/jfs/jfs_dmap.c:2191
 dbAllocDmap fs/jfs/jfs_dmap.c:2032 [inline]
 dbAllocDmapLev+0x250/0x4a0 fs/jfs/jfs_dmap.c:1986
 dbAllocCtl+0x113/0x920 fs/jfs/jfs_dmap.c:1823
 dbAllocAG+0x28f/0x10b0 fs/jfs/jfs_dmap.c:1364
 dbAlloc+0x658/0xca0 fs/jfs/jfs_dmap.c:888
 dtSplitUp fs/jfs/jfs_dtree.c:979 [inline]
 dtInsert+0xda7/0x6b00 fs/jfs/jfs_dtree.c:868
 jfs_create+0x7ba/0xbb0 fs/jfs/namei.c:137
 lookup_open fs/namei.c:3578 [inline]
 open_last_lookups fs/namei.c:3647 [inline]
 path_openat+0x1a9a/0x3470 fs/namei.c:3883
 do_filp_open+0x235/0x490 fs/namei.c:3913
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1416
 do_sys_open fs/open.c:1431 [inline]
 __do_sys_openat fs/open.c:1447 [inline]
 __se_sys_openat fs/open.c:1442 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1442
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff80ad14019
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcebdf6708 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ff80ad5d095 RCX: 00007ff80ad14019
RDX: 000000000000275a RSI: 0000000020000080 RDI: 00000000ffffff9c
RBP: 00007ff80ad8e5f0 R08: 00005555712cc4c0 R09: 00005555712cc4c0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcebdf6730
R13: 00007ffcebdf6958 R14: 431bde82d7b634db R15: 00007ff80ad5d03b
 </TASK>
---[ end trace ]---

Crashes (30):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/22 07:15 upstream 7846b618e0a4 b88348e9 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/30 23:01 upstream 20371ba12063 1eda0d14 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/30 08:00 upstream 20371ba12063 ee2602b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/30 07:59 upstream 20371ba12063 ee2602b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/30 07:59 upstream 20371ba12063 ee2602b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/30 07:58 upstream 20371ba12063 ee2602b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/30 07:57 upstream 20371ba12063 ee2602b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/30 07:57 upstream 20371ba12063 ee2602b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/24 01:39 upstream 3d5f968a177d d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/23 21:20 upstream 3d5f968a177d d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/23 15:36 upstream 3d5f968a177d d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/20 23:07 upstream 521b1e7f4cf0 9f0ab3fb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/20 23:07 upstream 521b1e7f4cf0 9f0ab3fb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/20 23:06 upstream 521b1e7f4cf0 9f0ab3fb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/20 23:06 upstream 521b1e7f4cf0 9f0ab3fb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/20 23:06 upstream 521b1e7f4cf0 9f0ab3fb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/20 23:05 upstream 521b1e7f4cf0 9f0ab3fb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/20 23:03 upstream 521b1e7f4cf0 9f0ab3fb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/20 23:02 upstream 521b1e7f4cf0 9f0ab3fb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/18 08:13 upstream 810996a36309 dbc93b08 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/18 08:13 upstream 810996a36309 dbc93b08 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/18 08:07 upstream 810996a36309 dbc93b08 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/15 01:37 upstream 9d5906799f7d e6b88e20 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/14 00:47 upstream 6b4aa469f049 f21a18ca .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/10 23:45 upstream 34ac1e82e5a7 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/01 14:02 upstream 21b136cc63d2 1e9c4cf3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/08/01 01:52 upstream 21b136cc63d2 1e9c4cf3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/07/29 23:29 upstream dc1c8034e31b 5187fc86 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/07/26 04:29 upstream 1722389b0d86 3f86dfed .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
2024/07/22 05:43 upstream 7846b618e0a4 b88348e9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dbSplit
* Struck through repros no longer work on HEAD.