syzbot

 sign-in | mailing list | source | docs
🐞 Open [1631]
Subsystems
🐞 Fixed [6115]
🐞 Invalid [15310]
Missing Backports [171]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: array-index-out-of-bounds in dtReadFirst

Status: fixed on 2024/12/16 09:50
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+65fa06e29859e41a83f3@syzkaller.appspotmail.com
Fix commit: ca84a2c9be48 jfs: array-index-out-of-bounds fix in dtReadFirst
First crash: 335d, last: 103d
Cause bisection: failed (error log, bisect log)
  
Discussions (10)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 4.19 13/21] jfs: array-index-out-of-bounds fix in dtReadFirst 1 (1) 2024/11/24 13:56
[PATCH AUTOSEL 5.4 16/28] jfs: array-index-out-of-bounds fix in dtReadFirst 1 (1) 2024/11/24 13:55
[PATCH AUTOSEL 5.10 20/33] jfs: array-index-out-of-bounds fix in dtReadFirst 1 (1) 2024/11/24 13:53
[PATCH AUTOSEL 5.15 23/36] jfs: array-index-out-of-bounds fix in dtReadFirst 1 (1) 2024/11/24 13:51
[PATCH AUTOSEL 6.1 31/48] jfs: array-index-out-of-bounds fix in dtReadFirst 1 (1) 2024/11/24 13:48
[PATCH AUTOSEL 6.6 38/61] jfs: array-index-out-of-bounds fix in dtReadFirst 1 (1) 2024/11/24 13:45
[PATCH AUTOSEL 6.11 55/87] jfs: array-index-out-of-bounds fix in dtReadFirst 1 (1) 2024/11/24 13:38
[PATCH AUTOSEL 6.12 070/107] jfs: array-index-out-of-bounds fix in dtReadFirst 1 (1) 2024/11/24 13:29
[PATCH] jfs: array-index-out-of-bounds fix in dtReadFirst 2 (2) 2024/10/29 21:34
[syzbot] [jfs?] UBSAN: array-index-out-of-bounds in dtReadFirst 1 (4) 2024/09/28 08:10
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 UBSAN: array-index-out-of-bounds in dtReadFirst origin:lts-only C 18 31d 123d 0/3 upstream: reported C repro on 2024/11/25 10:09
linux-5.15 UBSAN: array-index-out-of-bounds in dtReadFirst origin:upstream C error 25 25d 333d 0/3 upstream: reported C repro on 2024/04/28 12:32
upstream UBSAN: array-index-out-of-bounds in dtReadFirst (2) jfs C error 114 1d06h 97d 18/28 upstream: reported C repro on 2024/12/21 07:08
Last patch testing requests (3)
Created Duration User Patch Repo Result
2024/09/28 08:10 19m ghanshyam1898@gmail.com patch upstream OK log
2024/07/21 21:29 37m retest repro upstream report log
2024/05/06 12:25 17m eadavis@qq.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5eb4573ea63d OK log

Sample crash report:
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:3089:20
index -1 is out of range for type 'struct dtslot[128]'
CPU: 0 UID: 0 PID: 5218 Comm: syz-executor414 Not tainted 6.12.0-rc4-syzkaller-00047-gc2ee9f594da8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429
 dtReadFirst+0x612/0xbe0 fs/jfs/jfs_dtree.c:3089
 jfs_readdir+0x817/0x4660 fs/jfs/jfs_dtree.c:2820
 wrap_directory_iterator+0x91/0xd0 fs/readdir.c:65
 iterate_dir+0x571/0x800 fs/readdir.c:108
 __do_sys_getdents64 fs/readdir.c:407 [inline]
 __se_sys_getdents64+0x1d3/0x4a0 fs/readdir.c:392
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdc4f10d679
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff955d1758 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
RAX: ffffffffffffffda RBX: 00007fff955d1928 RCX: 00007fdc4f10d679
RDX: 0000000000001000 RSI: 0000000020000f80 RDI: 0000000000000005
RBP: 00007fdc4f186610 R08: 0000000000000000 R09: 00007fff955d1928
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff955d1918 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
---[ end trace ]---

Crashes (200):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/10/23 11:06 upstream c2ee9f594da8 15fa2979 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2024/08/11 03:11 upstream 34ac1e82e5a7 6f4edef4 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2024/04/27 10:07 upstream 5eb4573ea63d 07b455f9 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2024/04/27 08:53 linux-next bb7a2467e6be 07b455f9 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/08/10 20:33 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c912bf709078 6f4edef4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/21 15:29 upstream 43fb83c17ba2 4b25d554 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/17 14:32 upstream 4a5df3796467 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/09 09:39 upstream 50643bbc9eb6 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/06 05:39 upstream 2e1b3cc9d7f7 3a465482 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/03 18:26 upstream 3e5e6c9900c3 f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/03 07:40 upstream 3e5e6c9900c3 f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/02 16:55 upstream 11066801dd4b f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/31 18:39 upstream 0fc810ae3ae1 96eb609f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/29 19:22 upstream e42b1a9a2557 66aeb999 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/25 16:39 upstream ae90f6a6170d 045e728d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2024/05/15 15:20 upstream 1b294a1f3561 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/20 08:43 upstream bf9aa14fc523 7d02db5a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/18 16:39 upstream adc218676eef e7bb5d6e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/16 23:55 upstream e8bdb3c8be08 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/15 08:34 upstream cfaaa7d010d1 f6ede3a3 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/15 04:36 upstream cfaaa7d010d1 f6ede3a3 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/14 22:45 upstream cfaaa7d010d1 77f3eeb7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/14 12:33 upstream 0a9b9d17f3a7 a8c99394 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/14 04:18 upstream 0a9b9d17f3a7 a8c99394 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/13 10:06 upstream 3022e9d00ebe 62026c85 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/12 04:56 upstream 2d5404caa8c7 75bb1b32 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/11 00:13 upstream a9cda7c0ffed 6b856513 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/10 08:08 upstream de2f378f2b77 6b856513 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/08 02:39 upstream 906bd684e4b1 179b040e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/03 21:24 upstream b9021de3ec2f f00eed24 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/01 18:27 upstream 6c52d4da1c74 f00eed24 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/30 15:21 upstream c1e939a21eb1 f3a00767 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/29 14:59 upstream e42b1a9a2557 66aeb999 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/27 08:40 upstream 850925a8133c 65e8686b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/26 07:27 upstream c71f8fb4dc91 65e8686b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/25 19:37 upstream ae90f6a6170d 2a61f980 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/24 06:21 upstream c2ee9f594da8 15fa2979 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/23 21:55 upstream c2ee9f594da8 15fa2979 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/23 13:56 upstream c2ee9f594da8 15fa2979 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/22 21:03 upstream c2ee9f594da8 a573a9f4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/20 01:06 upstream 3d5ad2d4eca3 cd6fc0a3 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/19 01:21 upstream b04ae0f45168 cd6fc0a3 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/06/17 22:52 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream UBSAN: array-index-out-of-bounds in dtReadFirst
2024/05/31 12:55 upstream 4a4be1ad3a6e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/05/05 19:05 linux-next 9221b2819b8a 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/12/04 13:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 b50eb251 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/12/01 23:09 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/25 23:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7b1d1d4cfac0 a84878fc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/17 16:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 887407160d72 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/16 13:06 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 887407160d72 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/16 11:27 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 887407160d72 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/13 23:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8e9a54d7181b a8c99394 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/01 21:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1bf329c696cf f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/12/11 23:31 upstream 231825b2e1ff ff949d25 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2024/12/11 18:47 upstream f92f4749861b ff949d25 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2024/12/11 09:06 upstream f92f4749861b cfc402b4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2024/11/30 16:12 upstream 2ba9f676d0a2 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in dtReadFirst
2024/11/30 21:42 upstream 2ba9f676d0a2 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in dtReadFirst
2024/11/26 18:58 upstream 7eef7e306d3c 11dbc254 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in dtReadFirst
2024/11/29 01:36 upstream 65ae975e97d5 5df23865 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtReadFirst
2024/11/04 20:29 upstream 59b723cd2adb 0754ea12 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtReadFirst
2024/11/02 07:25 upstream 11066801dd4b f00eed24 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtReadFirst
2024/10/22 06:20 upstream c2ee9f594da8 a93682b3 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtReadFirst
2024/12/14 18:30 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2e7aff49b5da 7cbfbb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtReadFirst
* Struck through repros no longer work on HEAD.