| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2025/02/02 | upstream (ToT) | a86bf2283d2c | C | Failed due to an error; will retry later |
syzbot |
sign-in | mailing list | source | docs |
| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2025/02/02 | upstream (ToT) | a86bf2283d2c | C | Failed due to an error; will retry later |
... Log Wrap ... Log Wrap ... Log Wrap ... ================================================================================ UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:2945:28 index -128 is out of range for type 'struct dtslot[128]' CPU: 0 PID: 4019 Comm: syz-executor179 Not tainted 5.15.178-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_out_of_bounds+0x108/0x15c lib/ubsan.c:282 add_missing_indices+0x6e8/0xaa8 fs/jfs/jfs_dtree.c:2945 jfs_readdir+0x1948/0x3030 fs/jfs/jfs_dtree.c:3315 iterate_dir+0x1f4/0x4ec __do_sys_getdents64 fs/readdir.c:369 [inline] __se_sys_getdents64 fs/readdir.c:354 [inline] __arm64_sys_getdents64+0x1c4/0x4c4 fs/readdir.c:354 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 ================================================================================ ================================================================== BUG: KASAN: slab-out-of-bounds in diWrite+0xb48/0x1604 fs/jfs/jfs_imap.c:753 Read of size 32 at addr ffff0000d472c130 by task syz-executor179/4019 CPU: 0 PID: 4019 Comm: syz-executor179 Not tainted 5.15.178-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 print_address_description+0x7c/0x3f0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:434 [inline] kasan_report+0x174/0x1e4 mm/kasan/report.c:451 kasan_check_range+0x274/0x2b4 mm/kasan/generic.c:189 memcpy+0x90/0xe8 mm/kasan/shadow.c:65 diWrite+0xb48/0x1604 fs/jfs/jfs_imap.c:753 txCommit+0x754/0x55b0 fs/jfs/jfs_txnmgr.c:1255 add_missing_indices+0x764/0xaa8 fs/jfs/jfs_dtree.c:2959 jfs_readdir+0x1948/0x3030 fs/jfs/jfs_dtree.c:3315 iterate_dir+0x1f4/0x4ec __do_sys_getdents64 fs/readdir.c:369 [inline] __se_sys_getdents64 fs/readdir.c:354 [inline] __arm64_sys_getdents64+0x1c4/0x4c4 fs/readdir.c:354 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 Allocated by task 0: (stack is not available) The buggy address belongs to the object at ffff0000d472c0c0 which belongs to the cache jfs_ip of size 2240 The buggy address is located 112 bytes inside of 2240-byte region [ffff0000d472c0c0, ffff0000d472c980) The buggy address belongs to the page: page:00000000c86e30d4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114728 head:00000000c86e30d4 order:3 compound_mapcount:0 compound_pincount:0 flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c6904000 raw: 0000000000000000 00000000800d000d 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000d472c000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc ffff0000d472c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff0000d472c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff0000d472c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff0000d472c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0 ERROR: (device loop0): remounting filesystem as read-only JFS: Invalid stbl[1] = -128 for inode 2, block = 0
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/02/02 14:15 | linux-5.15.y | c16c81c81336 | 568559e4 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-5-15-kasan-arm64 | UBSAN: array-index-out-of-bounds in add_missing_indices | |
| 2025/02/02 09:26 | linux-5.15.y | c16c81c81336 | 568559e4 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-5-15-kasan-arm64 | UBSAN: array-index-out-of-bounds in add_missing_indices | |
| 2025/02/02 08:00 | linux-5.15.y | c16c81c81336 | 568559e4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | UBSAN: array-index-out-of-bounds in add_missing_indices |