syzbot

 sign-in | mailing list | source | docs
🐞 Open [1429]
Subsystems
🐞 Fixed [6773]
🐞 Invalid [17470]
Missing Backports [225]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: array-index-out-of-bounds in dtSplitRoot (2)

Status: upstream: reported C repro on 2024/11/28 23:22
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+99491d74a9931659cf48@syzkaller.appspotmail.com
First crash: 373d, last: 2d13h
Cause bisection: failed (error log, bisect log)
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] jfs: fix a oob in dtSplitRoot 2 (2) 2025/02/19 15:54
[syzbot] [jfs?] UBSAN: array-index-out-of-bounds in dtSplitRoot (2) 1 (3) 2024/11/29 02:15
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: array-index-out-of-bounds in dtSplitRoot jfs 15 C error inconclusive 2 816d 1144d 25/29 fixed on 2024/01/30 15:47
linux-5.15 UBSAN: array-index-out-of-bounds in dtSplitRoot origin:lts-only 19 C error 10 117d 318d 0/3 upstream: reported C repro on 2025/01/18 16:29
linux-4.19 KASAN: slab-out-of-bounds Read in dtSplitRoot 17 C error 1 1145d 1145d 0/1 upstream: reported C repro on 2022/10/14 11:28
linux-4.14 KASAN: slab-out-of-bounds Read in dtSplitRoot 17 C 1 1009d 1144d 0/1 upstream: reported C repro on 2022/10/15 22:33
Last patch testing requests (6)
Created Duration User Patch Repo Result
2025/05/22 22:31 14m retest repro upstream report log
2025/03/09 19:36 13m retest repro upstream report log
2025/03/09 19:36 14m retest repro upstream report log
2024/12/29 17:10 14m retest repro upstream report log
2024/12/29 17:10 14m retest repro upstream report log
2024/11/29 01:52 18m lizhi.xu@windriver.com patch upstream OK log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2025/04/13 19:21 2h44m bisect fix upstream OK (0) job log log

Sample crash report:
 ... Log Wrap ... Log Wrap ... Log Wrap ...
 ... Log Wrap ... Log Wrap ... Log Wrap ...
 ... Log Wrap ... Log Wrap ... Log Wrap ...
find_entry called with index >= next_index
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1998:37
index -128 is out of range for type 'struct dtslot[128]'
CPU: 1 UID: 0 PID: 5986 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 ubsan_epilogue+0xa/0x40 lib/ubsan.c:233
 __ubsan_handle_out_of_bounds+0xe9/0xf0 lib/ubsan.c:455
 dtSplitRoot+0xae9/0x16c0 fs/jfs/jfs_dtree.c:1998
 dtSplitUp fs/jfs/jfs_dtree.c:993 [inline]
 dtInsert+0xef8/0x5f40 fs/jfs/jfs_dtree.c:871
 jfs_create+0x6c8/0xa80 fs/jfs/namei.c:137
 lookup_open fs/namei.c:3796 [inline]
 open_last_lookups fs/namei.c:3895 [inline]
 path_openat+0x1500/0x3840 fs/namei.c:4131
 do_filp_open+0x1fa/0x410 fs/namei.c:4161
 do_sys_openat2+0x121/0x1c0 fs/open.c:1437
 do_sys_open fs/open.c:1452 [inline]
 __do_sys_openat fs/open.c:1468 [inline]
 __se_sys_openat fs/open.c:1463 [inline]
 __x64_sys_openat+0x138/0x170 fs/open.c:1463
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f113667f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc9e073768 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f11368d5fa0 RCX: 00007f113667f749
RDX: 000000000000275a RSI: 0000200000000200 RDI: ffffffffffffff9c
RBP: 00007f1136703f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f11368d5fa0 R14: 00007f11368d5fa0 R15: 0000000000000004
 </TASK>
---[ end trace ]---

Crashes (110):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/22 08:01 upstream 2eba5e05d9bc 4fb8ef37 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/04/22 00:35 upstream 9d7a0577c9db 2a20f901 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/11/25 00:57 upstream 9f16d5e6f220 68da6d95 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/11/25 00:06 upstream 9f16d5e6f220 68da6d95 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/05/02 16:04 upstream ebd297a2affa d7f099d1 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/22 06:36 upstream 2eba5e05d9bc 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/10 11:58 upstream e9a6fb0bcdd7 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/02 03:45 upstream 080ffb4bec4d 267f56c6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/09/14 02:00 upstream 5cd64d4f9268 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/30 11:52 upstream 6bda50f4333f d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/28 06:04 upstream aa7243aaf194 e8331348 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/25 02:40 upstream ac3fd01e4c1e bf6fe8fe .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/22 11:40 upstream 2eba5e05d9bc 4fb8ef37 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/18 06:01 upstream e7c375b18160 ef766cd7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/18 06:01 upstream e7c375b18160 ef766cd7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/17 18:41 upstream 6a23ae0a96a6 c1ade9dd .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/16 14:47 upstream f824272b6e3f f7988ea4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/14 22:21 upstream 6da43bbeb691 6d98c1c8 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/11 06:37 upstream 4ea7c1717f3f 4e1406b4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/10 14:34 upstream e9a6fb0bcdd7 4e1406b4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/07 18:36 upstream 4a0c9b339199 4e1406b4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/01 14:05 upstream ba36dd5ee6fd 2c50b6a9 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/31 16:40 upstream d127176862a9 2c50b6a9 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/30 21:06 upstream e53642b87a4f 2c50b6a9 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/29 18:53 upstream e53642b87a4f fd2207e7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/27 22:38 upstream dcb6fa37fd7b fd2207e7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/27 02:36 upstream dbfc6422a34d c0460fcd .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/22 10:23 upstream 552c50713f27 252fbbad .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/20 19:45 upstream 211ddde0823f d422939c .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/19 08:38 upstream 1c64efcb083c 1c8c8cd8 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/16 22:28 upstream 634ec1fc7982 19568248 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/15 00:04 upstream 9b332cece987 b6605ba8 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/11 13:01 upstream 0739473694c4 ff1712fe .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/10 12:10 upstream 5472d60c129f ff1712fe .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/08 15:38 upstream 0d97f2067c16 7e2882b3 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/08 12:06 upstream 0d97f2067c16 7e2882b3 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/07 18:16 upstream c746c3b51698 7e2882b3 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/09/30 16:45 upstream 30d4efb2f5a5 65a0eece .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/09/27 21:51 upstream fec734e8d564 001c9061 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/09/24 08:21 upstream cec1e6e5d1ab 0abd0691 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/09/21 14:08 upstream 3b08f56fbbb9 67c37560 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/09/21 11:44 upstream 3b08f56fbbb9 67c37560 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/09/20 09:54 upstream 1522b530ac3e 67c37560 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/09/19 03:01 upstream cbf658dd0941 e2beed91 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/09/15 03:32 upstream 79e8447ec662 e2beed91 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/09/12 12:57 upstream 320475fbd590 e2beed91 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/09/12 02:52 upstream 02ffd6f89c50 e2beed91 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/09/10 00:19 upstream 9dd1835ecda5 fdeaa69b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/09/08 08:13 upstream 76eeb9b8de98 d291dd2d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/08/31 22:48 upstream 5c3b3264e585 807a3b61 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/08/31 10:44 upstream c8bc81a52d5a 807a3b61 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/08/17 21:14 linux-next 931e46dcbc7e 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/29 07:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05c93f3395ed d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/22 20:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 3812f8fa7c83 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/10/30 07:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci b98c94eed4a9 fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/09/18 19:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6edf2885ebeb e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/08/29 14:08 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f5ae30d69d7 3e1beec6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
* Struck through repros no longer work on HEAD.