syzbot

 sign-in | mailing list | source | docs
🐞 Open [1595]
Subsystems
🐞 Fixed [6144]
🐞 Invalid [15381]
Missing Backports [172]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: array-index-out-of-bounds in dtReadFirst (2)

Status: upstream: reported C repro on 2024/12/21 07:08
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+9120834fc227768625ba@syzkaller.appspotmail.com
Fix commit: a8dfb2168906 jfs: add index corruption check to DT_GETPAGE()
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci2-upstream-fs ci2-upstream-kcsan-gce], missing on: [ci-qemu-native-arm64-kvm ci-qemu2-arm32 ci-qemu2-riscv64 ci-upstream-gce-arm64 ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-usb]
First crash: 105d, last: 2d21h
Cause bisection: failed (error log, bisect log)
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] jfs: add index corruption check to DT_GETPAGE() 2 (2) 2025/03/11 16:58
[syzbot] [jfs?] UBSAN: array-index-out-of-bounds in dtReadFirst (2) 0 (2) 2024/12/30 00:27
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 UBSAN: array-index-out-of-bounds in dtReadFirst origin:lts-only C error 18 35d 127d 0/3 upstream: reported C repro on 2024/11/25 10:09
upstream UBSAN: array-index-out-of-bounds in dtReadFirst jfs C error 200 108d 335d 28/28 fixed on 2024/12/16 09:50
linux-5.15 UBSAN: array-index-out-of-bounds in dtReadFirst origin:upstream C error 26 2d13h 338d 0/3 upstream: reported C repro on 2024/04/28 12:32
Last patch testing requests (1)
Created Duration User Patch Repo Result
2025/02/01 23:58 12m retest repro upstream report log

Sample crash report:
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:3096:10
index 237 is out of range for type 'struct dtslot[128]'
CPU: 0 UID: 0 PID: 5822 Comm: syz-executor740 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429
 dtReadFirst+0x622/0xc50 fs/jfs/jfs_dtree.c:3096
 dtReadNext fs/jfs/jfs_dtree.c:3147 [inline]
 jfs_readdir+0x9aa/0x3c50 fs/jfs/jfs_dtree.c:2862
 wrap_directory_iterator+0x91/0xd0 fs/readdir.c:65
 iterate_dir+0x571/0x800 fs/readdir.c:108
 __do_sys_getdents64 fs/readdir.c:403 [inline]
 __se_sys_getdents64+0x1e2/0x4b0 fs/readdir.c:389
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1a02212fa3
Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 a2 48 fb ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8
RSP: 002b:00007fffd5e0be18 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
RAX: ffffffffffffffda RBX: 000055557b4c7730 RCX: 00007f1a02212fa3
RDX: 0000000000008000 RSI: 000055557b4c7730 RDI: 0000000000000004
RBP: 000055557b4c7704 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb8
R13: 0000000000000010 R14: 000055557b4c7700 R15: 00007fffd5e0e090
 </TASK>
---[ end trace ]---

Crashes (115):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/12/30 00:26 upstream 4099a71718b0 d3ccff63 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/03/13 12:34 upstream b7f94fcf5546 44be8b44 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/02/23 15:41 upstream 27102b38b8ca d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in dtReadFirst
2025/02/17 15:55 upstream 0ad2507d5d93 4121cf9d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/02/15 17:14 upstream 78a632a2086c 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/02/15 10:19 upstream 78a632a2086c 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/02/23 13:32 upstream 27102b38b8ca d34966d1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2025/02/16 16:09 upstream ad1b832bf1cf 40a34ec9 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/12/17 22:11 upstream 59dbb9d81adf bc1a1b50 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/12/17 06:56 upstream f44d154d6e3d f93b2b55 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2025/03/14 20:34 upstream 695caca9345a e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/03/06 08:16 upstream bb2281fb05e5 831e3629 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/03/01 04:42 upstream 7a5668899f54 67cf5345 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/28 23:59 upstream 76544811c850 67cf5345 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/28 21:49 upstream 76544811c850 67cf5345 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/28 16:23 upstream 76544811c850 67cf5345 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/28 15:20 upstream 76544811c850 67cf5345 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/28 15:20 upstream 76544811c850 67cf5345 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/28 09:58 upstream 1e15510b71c9 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/28 02:44 upstream 1e15510b71c9 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/27 21:42 upstream dd83757f6e68 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/27 18:36 upstream dd83757f6e68 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/27 15:12 upstream dd83757f6e68 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/27 12:51 upstream dd83757f6e68 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/27 07:26 upstream 5394eea10651 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/27 05:32 upstream 5394eea10651 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/27 02:25 upstream 5394eea10651 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/26 23:30 upstream 5394eea10651 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/26 21:10 upstream ac9c34d1e45a 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/26 17:44 upstream ac9c34d1e45a d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/26 15:28 upstream ac9c34d1e45a d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/26 11:47 upstream ac9c34d1e45a d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/26 10:38 upstream ac9c34d1e45a d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/26 08:05 upstream ac9c34d1e45a d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/25 22:43 upstream 2a1944bff549 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/25 18:44 upstream 2a1944bff549 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/25 16:45 upstream d082ecbc71e9 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/24 19:41 upstream d082ecbc71e9 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/24 13:48 upstream d082ecbc71e9 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/24 11:22 upstream d082ecbc71e9 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/24 09:08 upstream d082ecbc71e9 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/24 03:45 upstream d082ecbc71e9 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/17 10:08 upstream 0ad2507d5d93 4121cf9d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/17 10:08 upstream 0ad2507d5d93 4121cf9d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/17 03:23 upstream 224e74511041 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/17 01:47 upstream ad1b832bf1cf 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/16 22:52 upstream 224e74511041 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/16 20:08 upstream ad1b832bf1cf 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/02/16 13:35 upstream ad1b832bf1cf 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/16 13:35 upstream ad1b832bf1cf 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtReadFirst
2025/01/03 19:22 upstream 0bc21e701a6f f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in dtReadFirst
2024/12/20 04:14 upstream eabcdba3ad40 1d58202c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in dtReadFirst
2024/12/25 05:54 upstream 9b2ffa6148b1 444551c4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in dtReadFirst
2025/03/30 01:58 upstream 7d06015d936c d3999433 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtReadFirst
2025/03/27 04:03 upstream f6e0150b2003 20510e88 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/23 16:50 upstream 27102b38b8ca d34966d1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/16 23:52 linux-next 0ae0fa3bf0b4 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-out-of-bounds Read in dtReadFirst
2024/12/26 12:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 573067a5a685 444551c4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtReadFirst
* Struck through repros no longer work on HEAD.