syzbot

 sign-in | mailing list | source | docs
🐞 Open [1455]
Subsystems
🐞 Fixed [6864]
🐞 Invalid [17811]
Missing Backports [226]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: array-index-out-of-bounds in dtSplitRoot (2)

Status: upstream: reported C repro on 2024/11/28 23:22
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+99491d74a9931659cf48@syzkaller.appspotmail.com
First crash: 418d, last: 2h17m
Cause bisection: failed (error log, bisect log)
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] jfs: fix a oob in dtSplitRoot 2 (2) 2025/02/19 15:54
[syzbot] [jfs?] UBSAN: array-index-out-of-bounds in dtSplitRoot (2) 1 (3) 2024/11/29 02:15
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: array-index-out-of-bounds in dtSplitRoot jfs 15 C error inconclusive 2 861d 1189d 25/29 fixed on 2024/01/30 15:47
linux-5.15 UBSAN: array-index-out-of-bounds in dtSplitRoot origin:lts-only 19 C error 10 162d 363d 0/3 upstream: reported C repro on 2025/01/18 16:29
linux-4.19 KASAN: slab-out-of-bounds Read in dtSplitRoot 17 C error 1 1191d 1191d 0/1 upstream: reported C repro on 2022/10/14 11:28
linux-4.14 KASAN: slab-out-of-bounds Read in dtSplitRoot 17 C 1 1055d 1189d 0/1 upstream: reported C repro on 2022/10/15 22:33
Last patch testing requests (6)
Created Duration User Patch Repo Result
2025/05/22 22:31 14m retest repro upstream report log
2025/03/09 19:36 13m retest repro upstream report log
2025/03/09 19:36 14m retest repro upstream report log
2024/12/29 17:10 14m retest repro upstream report log
2024/12/29 17:10 14m retest repro upstream report log
2024/11/29 01:52 18m lizhi.xu@windriver.com patch upstream OK log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2025/04/13 19:21 2h44m bisect fix upstream OK (0) job log log

Sample crash report:
 ... Log Wrap ... Log Wrap ... Log Wrap ...
 ... Log Wrap ... Log Wrap ... Log Wrap ...
 ... Log Wrap ... Log Wrap ... Log Wrap ...
find_entry called with index >= next_index
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1998:37
index -128 is out of range for type 'struct dtslot[128]'
CPU: 1 UID: 0 PID: 5986 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 ubsan_epilogue+0xa/0x40 lib/ubsan.c:233
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:455
 dtSplitRoot+0xae9/0x16c0 fs/jfs/jfs_dtree.c:1998
 dtSplitUp fs/jfs/jfs_dtree.c:993 [inline]
 dtInsert+0xef8/0x5f40 fs/jfs/jfs_dtree.c:871
 jfs_create+0x6c8/0xa80 fs/jfs/namei.c:137
 lookup_open fs/namei.c:3796 [inline]
 open_last_lookups fs/namei.c:3895 [inline]
 path_openat+0x1500/0x3840 fs/namei.c:4131
 do_filp_open+0x1fa/0x410 fs/namei.c:4161
 do_sys_openat2+0x121/0x1c0 fs/open.c:1437
 do_sys_open fs/open.c:1452 [inline]
 __do_sys_openat fs/open.c:1468 [inline]
 __se_sys_openat fs/open.c:1463 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1463
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f113667f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc9e073768 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f11368d5fa0 RCX: 00007f113667f749
RDX: 000000000000275a RSI: 0000200000000200 RDI: ffffffffffffff9c
RBP: 00007f1136703f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f11368d5fa0 R14: 00007f11368d5fa0 R15: 0000000000000004
 </TASK>
---[ end trace ]---

Crashes (150):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/22 08:01 upstream 2eba5e05d9bc 4fb8ef37 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/04/22 00:35 upstream 9d7a0577c9db 2a20f901 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/11/25 00:57 upstream 9f16d5e6f220 68da6d95 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/11/25 00:06 upstream 9f16d5e6f220 68da6d95 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/05/02 16:04 upstream ebd297a2affa d7f099d1 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/05 03:06 upstream 54e82e93ca93 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/23 16:41 upstream b927546677c8 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/21 16:20 upstream 9094662f6707 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/22 06:36 upstream 2eba5e05d9bc 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/17 09:39 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/17 06:57 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/17 05:40 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/15 18:19 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/14 05:23 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/12 13:40 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/11 16:26 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/10 18:16 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/09 13:02 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/07 21:43 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/06 13:49 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/05 20:35 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/05 01:38 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/04 22:07 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/04 12:25 upstream aacb0a6d604a d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/02 03:53 upstream b69053dd3ffb d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/01 10:30 upstream 349bd28a86f2 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/27 12:48 upstream c53f467229a7 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/24 13:20 upstream b927546677c8 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/22 08:42 upstream 765b233a9b94 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/22 05:28 upstream 765b233a9b94 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/21 12:28 upstream 9094662f6707 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/21 01:57 upstream d8ba32c5a460 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/19 15:33 upstream dd9b004b7ff3 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/19 04:54 upstream 516471569089 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/18 05:16 upstream ea1013c15392 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/17 01:42 upstream 40fbbd64bba6 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/15 01:35 upstream 8f0b4cce4481 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/10 07:24 upstream c9b47175e913 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/08 07:53 upstream c2f2b01b74be d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/07 09:52 upstream c06c303832ec d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/05 02:47 upstream 6dfafbd0299a d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/30 11:52 upstream 6bda50f4333f d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/28 06:04 upstream aa7243aaf194 e8331348 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/25 02:40 upstream ac3fd01e4c1e bf6fe8fe .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/22 11:40 upstream 2eba5e05d9bc 4fb8ef37 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/18 06:01 upstream e7c375b18160 ef766cd7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/18 06:01 upstream e7c375b18160 ef766cd7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/17 18:41 upstream 6a23ae0a96a6 c1ade9dd .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/16 14:47 upstream f824272b6e3f f7988ea4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/14 22:21 upstream 6da43bbeb691 6d98c1c8 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/11 06:37 upstream 4ea7c1717f3f 4e1406b4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/10 14:34 upstream e9a6fb0bcdd7 4e1406b4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/08/17 21:14 linux-next 931e46dcbc7e 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/15 04:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59e4d31a0470 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/14 19:25 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59e4d31a0470 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/23 17:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/11 04:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05c93f3395ed d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/08 01:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05c93f3395ed d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/29 07:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05c93f3395ed d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/22 20:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 3812f8fa7c83 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
* Struck through repros no longer work on HEAD.