[syzbot] UBSAN: array-index-out-of-bounds in dbAdjTree
22 views
Skip to first unread message
syzbot
Sep 26, 2022, 12:44:46 PM9/26/22
Hello,
syzbot found the following issue on:
HEAD commit: 1a61b828566f Merge tag 'char-misc-6.0-rc7' of git://git.ke..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=141e2650880000
kernel config: https://syzkaller.appspot.com/x/.config?x=122d7bd4fc8e0ecb
dashboard link: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15dde8a8880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12018470880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/367e34e7ff83/disk-1a61b828.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/91a2819fe451/vmlinux-1a61b828.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
================================================================================
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2841:19
index 262145 is out of range for type 's8 [1365]'
CPU: 1 PID: 119 Comm: jfsCommit Not tainted 6.0.0-rc6-syzkaller-00309-g1a61b828566f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
ubsan_epilogue+0xb/0x50 lib/ubsan.c:151
__ubsan_handle_out_of_bounds.cold+0x62/0x6c lib/ubsan.c:283
dbAdjTree+0x34c/0x360 fs/jfs/jfs_dmap.c:2841
dbJoin+0x1f0/0x240 fs/jfs/jfs_dmap.c:2808
dbFreeBits+0x15d/0x8c0 fs/jfs/jfs_dmap.c:2305
dbFreeDmap+0x61/0x1a0 fs/jfs/jfs_dmap.c:2054
dbFree+0x250/0x540 fs/jfs/jfs_dmap.c:379
txFreeMap+0x8f1/0xd70 fs/jfs/jfs_txnmgr.c:2529
txUpdateMap+0x3cd/0xc50 fs/jfs/jfs_txnmgr.c:2325
txLazyCommit fs/jfs/jfs_txnmgr.c:2659 [inline]
jfs_lazycommit+0x610/0xb70 fs/jfs/jfs_txnmgr.c:2727
kthread+0x2e4/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
================================================================================
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 119 Comm: jfsCommit Not tainted 6.0.0-rc6-syzkaller-00309-g1a61b828566f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
panic+0x2c8/0x627 kernel/panic.c:274
ubsan_epilogue+0x4a/0x50 lib/ubsan.c:158
__ubsan_handle_out_of_bounds.cold+0x62/0x6c lib/ubsan.c:283
dbAdjTree+0x34c/0x360 fs/jfs/jfs_dmap.c:2841
dbJoin+0x1f0/0x240 fs/jfs/jfs_dmap.c:2808
dbFreeBits+0x15d/0x8c0 fs/jfs/jfs_dmap.c:2305
dbFreeDmap+0x61/0x1a0 fs/jfs/jfs_dmap.c:2054
dbFree+0x250/0x540 fs/jfs/jfs_dmap.c:379
txFreeMap+0x8f1/0xd70 fs/jfs/jfs_txnmgr.c:2529
txUpdateMap+0x3cd/0xc50 fs/jfs/jfs_txnmgr.c:2325
txLazyCommit fs/jfs/jfs_txnmgr.c:2659 [inline]
jfs_lazycommit+0x610/0xb70 fs/jfs/jfs_txnmgr.c:2727
kthread+0x2e4/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 1a61b828566f Merge tag 'char-misc-6.0-rc7' of git://git.ke..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=141e2650880000
kernel config: https://syzkaller.appspot.com/x/.config?x=122d7bd4fc8e0ecb
dashboard link: https://syzkaller.appspot.com/bug?extid=39ba34a099ac2e9bd3cb
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15dde8a8880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12018470880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/367e34e7ff83/disk-1a61b828.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/91a2819fe451/vmlinux-1a61b828.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
================================================================================
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2841:19
index 262145 is out of range for type 's8 [1365]'
CPU: 1 PID: 119 Comm: jfsCommit Not tainted 6.0.0-rc6-syzkaller-00309-g1a61b828566f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
ubsan_epilogue+0xb/0x50 lib/ubsan.c:151
__ubsan_handle_out_of_bounds.cold+0x62/0x6c lib/ubsan.c:283
dbAdjTree+0x34c/0x360 fs/jfs/jfs_dmap.c:2841
dbJoin+0x1f0/0x240 fs/jfs/jfs_dmap.c:2808
dbFreeBits+0x15d/0x8c0 fs/jfs/jfs_dmap.c:2305
dbFreeDmap+0x61/0x1a0 fs/jfs/jfs_dmap.c:2054
dbFree+0x250/0x540 fs/jfs/jfs_dmap.c:379
txFreeMap+0x8f1/0xd70 fs/jfs/jfs_txnmgr.c:2529
txUpdateMap+0x3cd/0xc50 fs/jfs/jfs_txnmgr.c:2325
txLazyCommit fs/jfs/jfs_txnmgr.c:2659 [inline]
jfs_lazycommit+0x610/0xb70 fs/jfs/jfs_txnmgr.c:2727
kthread+0x2e4/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
================================================================================
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 119 Comm: jfsCommit Not tainted 6.0.0-rc6-syzkaller-00309-g1a61b828566f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
panic+0x2c8/0x627 kernel/panic.c:274
ubsan_epilogue+0x4a/0x50 lib/ubsan.c:158
__ubsan_handle_out_of_bounds.cold+0x62/0x6c lib/ubsan.c:283
dbAdjTree+0x34c/0x360 fs/jfs/jfs_dmap.c:2841
dbJoin+0x1f0/0x240 fs/jfs/jfs_dmap.c:2808
dbFreeBits+0x15d/0x8c0 fs/jfs/jfs_dmap.c:2305
dbFreeDmap+0x61/0x1a0 fs/jfs/jfs_dmap.c:2054
dbFree+0x250/0x540 fs/jfs/jfs_dmap.c:379
txFreeMap+0x8f1/0xd70 fs/jfs/jfs_txnmgr.c:2529
txUpdateMap+0x3cd/0xc50 fs/jfs/jfs_txnmgr.c:2325
txLazyCommit fs/jfs/jfs_txnmgr.c:2659 [inline]
jfs_lazycommit+0x610/0xb70 fs/jfs/jfs_txnmgr.c:2727
kthread+0x2e4/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages