syzbot

 sign-in | mailing list | source | docs
🐞 Open [711]
🐞 Fixed [60]
🐞 Invalid [634]
Missing Backports [62]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

UBSAN: array-index-out-of-bounds in dtReadFirst

Status: upstream: reported C repro on 2024/04/28 12:32
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+77ed0aca57849509422b@syzkaller.appspotmail.com
First crash: 236d, last: 19d
Fix bisection: failed (error log, bisect log)
  
Bug presence (1)
Date Name Commit Repro Result
2024/04/28 upstream (ToT) e67572cd2204 C [report] UBSAN: array-index-out-of-bounds in dtReadFirst
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 UBSAN: array-index-out-of-bounds in dtReadFirst origin:lts-only C 14 11d 26d 0/3 upstream: reported C repro on 2024/11/25 10:09
upstream UBSAN: array-index-out-of-bounds in dtReadFirst jfs C error 200 6d17h 234d 28/28 fixed on 2024/12/16 09:50
upstream UBSAN: array-index-out-of-bounds in dtReadFirst (2) jfs 3 1d08h 5h18m 0/28 upstream: reported on 2024/12/21 07:08
Last patch testing requests (2)
Created Duration User Patch Repo Result
2024/10/20 07:51 15m retest repro linux-5.15.y report log
2024/10/20 07:51 11m retest repro linux-5.15.y report log

Sample crash report:
loop0: detected capacity change from 0 to 32768
================================================================================
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:3385:20
index -1 is out of range for type 'struct dtslot[128]'
CPU: 0 PID: 4016 Comm: syz-executor349 Not tainted 5.15.167-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_out_of_bounds+0x108/0x15c lib/ubsan.c:282
 dtReadFirst+0x4bc/0x9bc fs/jfs/jfs_dtree.c:3385
 jfs_readdir+0x6f0/0x385c fs/jfs/jfs_dtree.c:3116
 iterate_dir+0x1f4/0x4ec
 __do_sys_getdents64 fs/readdir.c:369 [inline]
 __se_sys_getdents64 fs/readdir.c:354 [inline]
 __arm64_sys_getdents64+0x1c4/0x4c4 fs/readdir.c:354
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
================================================================================
ERROR: (device loop0): dtReadFirst: btstack overrun

ERROR: (device loop0): remounting filesystem as read-only
btstack dump:
bn = 0, index = 0
bn = 0, index = 0
bn = 0, index = 0
bn = 0, index = 0
bn = 0, index = 0
bn = 0, index = 0
bn = 0, index = 0
bn = 0, index = 0

Crashes (14):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/10/05 21:53 linux-5.15.y 3a5928702e71 d7906eff .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/04/28 13:09 linux-5.15.y b925f60c6ee7 07b455f9 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/12/01 23:23 linux-5.15.y 0a51d2d4527b 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan UBSAN: array-index-out-of-bounds in dtReadFirst
2024/12/01 23:21 linux-5.15.y 0a51d2d4527b 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/26 05:26 linux-5.15.y 0a51d2d4527b 11dbc254 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan UBSAN: array-index-out-of-bounds in dtReadFirst
2024/12/01 23:13 linux-5.15.y 0a51d2d4527b 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/12/01 23:11 linux-5.15.y 0a51d2d4527b 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/26 03:48 linux-5.15.y 0a51d2d4527b 11dbc254 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/11/26 03:48 linux-5.15.y 0a51d2d4527b 11dbc254 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/10/05 21:22 linux-5.15.y 3a5928702e71 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/05/27 23:22 linux-5.15.y c61bd26ae81a 761766e6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/05/27 22:08 linux-5.15.y c61bd26ae81a 761766e6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/05/12 13:01 linux-5.15.y 284087d4f7d5 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
2024/04/28 12:31 linux-5.15.y b925f60c6ee7 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtReadFirst
* Struck through repros no longer work on HEAD.