syzbot

 sign-in | mailing list | source | docs
🐞 Open [1159] Subsystems 🐞 Fixed [4412] 🐞 Invalid [9928] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

UBSAN: shift-out-of-bounds in dbJoin

Status: upstream: reported C repro on 2022/10/10 07:16
Subsystems: jfs (incorrect?)
Reported-by: syzbot+411debe54d318eaed386@syzkaller.appspotmail.com
First crash: 172d, last: 3d16h

Cause bisection: failed (error log, bisect log)

Sample crash report:
================================================================================
UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:2760:11
shift exponent 78 is too large for 32-bit type 'int'
CPU: 1 PID: 119 Comm: jfsCommit Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 ubsan_epilogue+0xb/0x50 lib/ubsan.c:151
 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 lib/ubsan.c:322
 dbJoin.cold+0x19/0x1e fs/jfs/jfs_dmap.c:2760
 dbAdjCtl+0x703/0x900 fs/jfs/jfs_dmap.c:2500
 dbFreeDmap+0xd3/0x1a0 fs/jfs/jfs_dmap.c:2064
 dbFree+0x250/0x540 fs/jfs/jfs_dmap.c:379
 txFreeMap+0x70a/0xd70 fs/jfs/jfs_txnmgr.c:2510
 xtTruncate+0x1d2a/0x2720 fs/jfs/jfs_xtree.c:2467
 jfs_free_zero_link+0x33b/0x4a0 fs/jfs/namei.c:758
 jfs_evict_inode+0x40f/0x4a0 fs/jfs/inode.c:153
 evict+0x2ed/0x6b0 fs/inode.c:664
 iput_final fs/inode.c:1747 [inline]
 iput.part.0+0x55d/0x810 fs/inode.c:1773
 iput+0x58/0x70 fs/inode.c:1763
 txUpdateMap+0x97c/0xc50 fs/jfs/jfs_txnmgr.c:2362
 txLazyCommit fs/jfs/jfs_txnmgr.c:2659 [inline]
 jfs_lazycommit+0x5bb/0xaa0 fs/jfs/jfs_txnmgr.c:2727
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
================================================================================

Fix bisection attempts:
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci2-upstream-fs 2023/03/26 21:32 upstream 0ec57cfa721f aea5da89 .config console log report syz C
ci-upstream-kasan-gce-root 2023/02/24 08:52 upstream d2980d8d8265 67cb024c .config console log report syz C
ci2-upstream-fs 2023/01/25 08:31 upstream 948ef7bb70c4 aea5da89 .config console log report syz C
* Struck through repros no longer work on HEAD.
Crashes (3):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kasan-gce-root 2022/10/15 13:34 upstream 55be6084c8e0 67cb024c .config strace log report syz C [disk image] [vmlinux] [mounted in repro] UBSAN: shift-out-of-bounds in dbJoin
ci2-upstream-fs 2022/10/08 19:46 upstream 62e6e5940c0c aea5da89 .config strace log report syz C [disk image] [vmlinux] [mounted in repro] UBSAN: shift-out-of-bounds in dbJoin
ci-upstream-linux-next-kasan-gce-root 2022/11/12 21:27 linux-next f8f60f322f06 3ead01ad .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] UBSAN: shift-out-of-bounds in dbJoin
* Struck through repros no longer work on HEAD.