syzbot


UBSAN: array-index-out-of-bounds in dtReadFirst (2)

Status: upstream: reported C repro on 2024/12/21 07:08
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+9120834fc227768625ba@syzkaller.appspotmail.com
First crash: 54d, last: 7h01m
Cause bisection: failed (error log, bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [jfs?] UBSAN: array-index-out-of-bounds in dtReadFirst (2) 0 (2) 2024/12/30 00:27
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 UBSAN: array-index-out-of-bounds in dtReadFirst origin:lts-only C 16 4d23h 76d 0/3 upstream: reported C repro on 2024/11/25 10:09
upstream UBSAN: array-index-out-of-bounds in dtReadFirst jfs C error 200 57d 284d 28/28 fixed on 2024/12/16 09:50
linux-5.15 UBSAN: array-index-out-of-bounds in dtReadFirst origin:upstream C error 18 4d20h 287d 0/3 upstream: reported C repro on 2024/04/28 12:32
Last patch testing requests (1)
Created Duration User Patch Repo Result
2025/02/01 23:58 12m retest repro upstream report log

Sample crash report:
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:3096:10
index 237 is out of range for type 'struct dtslot[128]'
CPU: 0 UID: 0 PID: 5822 Comm: syz-executor740 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429
 dtReadFirst+0x622/0xc50 fs/jfs/jfs_dtree.c:3096
 dtReadNext fs/jfs/jfs_dtree.c:3147 [inline]
 jfs_readdir+0x9aa/0x3c50 fs/jfs/jfs_dtree.c:2862
 wrap_directory_iterator+0x91/0xd0 fs/readdir.c:65
 iterate_dir+0x571/0x800 fs/readdir.c:108
 __do_sys_getdents64 fs/readdir.c:403 [inline]
 __se_sys_getdents64+0x1e2/0x4b0 fs/readdir.c:389
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1a02212fa3
Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 a2 48 fb ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8
RSP: 002b:00007fffd5e0be18 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
RAX: ffffffffffffffda RBX: 000055557b4c7730 RCX: 00007f1a02212fa3
RDX: 0000000000008000 RSI: 000055557b4c7730 RDI: 0000000000000004
RBP: 000055557b4c7704 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb8
R13: 0000000000000010 R14: 000055557b4c7700 R15: 00007fffd5e0e090
 </TASK>
---[ end trace ]---

Crashes (33):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/12/30 00:26 upstream 4099a71718b0 d3ccff63 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/18 17:13 upstream 595523945be0 f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/18 13:13 upstream 595523945be0 f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/14 05:49 upstream c45323b7560e b1f1cd88 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/13 17:18 upstream 5bc55a333a2f 249ceea9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/13 01:56 upstream be548645527a 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/11 05:33 upstream 2144da25584e 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/10 06:50 upstream 643e2e259c2b 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/10 06:50 upstream 643e2e259c2b 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/10 05:47 upstream 643e2e259c2b 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/09 00:21 upstream 0b7958fa05d5 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/07 03:41 upstream 5428dc1906dd f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/02 01:44 upstream 56e6a3499e14 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/01 17:25 upstream ccb98ccef0e5 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2024/12/29 23:55 upstream 4099a71718b0 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/16 10:01 upstream 619f0b6fad52 968edaf4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/08 08:40 upstream 09a0fa92e5b4 f3558dbf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2025/01/02 18:26 upstream 56e6a3499e14 d3ccff63 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/12/23 05:40 upstream bcde95ce32b6 b4fbdbd4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/12/17 22:11 upstream 59dbb9d81adf bc1a1b50 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2024/12/17 06:56 upstream f44d154d6e3d f93b2b55 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtReadFirst
2025/02/09 23:36 linux-next ed58d103e6da ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in dtReadFirst
2025/02/09 09:47 linux-next ed58d103e6da ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in dtReadFirst
2025/02/05 00:45 upstream d009de7d5428 4baca3d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in dtReadFirst
2025/02/05 00:45 upstream d009de7d5428 4baca3d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-out-of-bounds Read in dtReadFirst
2025/01/12 12:56 upstream b62cef9a5c67 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtReadFirst
2025/01/03 19:22 upstream 0bc21e701a6f f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in dtReadFirst
2024/12/20 04:14 upstream eabcdba3ad40 1d58202c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in dtReadFirst
2024/12/25 05:54 upstream 9b2ffa6148b1 444551c4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in dtReadFirst
2025/02/05 09:54 upstream 5c8c229261f1 5896748e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtReadFirst
2025/02/04 21:25 upstream d009de7d5428 44c01590 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtReadFirst
2024/12/25 19:54 upstream 9b2ffa6148b1 444551c4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtReadFirst
2024/12/26 12:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 573067a5a685 444551c4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtReadFirst
* Struck through repros no longer work on HEAD.