On Tue, 31 May 2022 at 10:45, Jens Axboe <axboe@xxxxxxxxx> wrote: > > On 5/31/22 1:55 AM, syzbot wrote: > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: 3b46e4e44180 Add linux-next specific files for 20220531 > > git tree: linux-next > > console output: https://syzkaller.appspot.com/x/log.txt?x=16e151f5f00000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=ccb8d66fc9489ef > > dashboard link: https://syzkaller.appspot.com/bug?extid=b6c9b65b6753d333d833 > > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > > > > Unfortunately, I don't have any reproducer for this issue yet. > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+b6c9b65b6753d333d833@xxxxxxxxxxxxxxxxxxxxxxxxx > > > > ================================================================================ > > ================================================================================ > > UBSAN: array-index-out-of-bounds in fs/io_uring.c:8860:19 > > index 75 is out of range for type 'io_op_def [47]' > > 'def' is just set here, it's not actually used after 'opcode' has been > verified. An interesting thing about C is that now the compiler is within its rights to actually remove the check that is supposed to validate the index because indexing io_op_defs[opcode] implies that opcode is already within bounds, otherwise the program already has undefined behavior, so removing the check is that case is also OK ;)
