syzbot

 sign-in | mailing list | source | docs
🐞 Open [1497]
Subsystems
🐞 Fixed [6505]
🐞 Invalid [16518]
Missing Backports [201]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: array-index-out-of-bounds in dtSplitRoot (2)

Status: upstream: reported C repro on 2024/11/28 23:22
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+99491d74a9931659cf48@syzkaller.appspotmail.com
First crash: 258d, last: 3d00h
Cause bisection: failed (error log, bisect log)
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] jfs: fix a oob in dtSplitRoot 2 (2) 2025/02/19 15:54
[syzbot] [jfs?] UBSAN: array-index-out-of-bounds in dtSplitRoot (2) 1 (3) 2024/11/29 02:15
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: array-index-out-of-bounds in dtSplitRoot jfs 15 C error inconclusive 2 702d 1030d 25/29 fixed on 2024/01/30 15:47
linux-5.15 UBSAN: array-index-out-of-bounds in dtSplitRoot origin:upstream 19 C error 10 2d19h 204d 0/3 upstream: reported C repro on 2025/01/18 16:29
linux-4.19 KASAN: slab-out-of-bounds Read in dtSplitRoot 17 C error 1 1031d 1031d 0/1 upstream: reported C repro on 2022/10/14 11:28
linux-4.14 KASAN: slab-out-of-bounds Read in dtSplitRoot 17 C 1 895d 1029d 0/1 upstream: reported C repro on 2022/10/15 22:33
Last patch testing requests (6)
Created Duration User Patch Repo Result
2025/05/22 22:31 14m retest repro upstream report log
2025/03/09 19:36 13m retest repro upstream report log
2025/03/09 19:36 14m retest repro upstream report log
2024/12/29 17:10 14m retest repro upstream report log
2024/12/29 17:10 14m retest repro upstream report log
2024/11/29 01:52 18m lizhi.xu@windriver.com patch upstream OK log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2025/04/13 19:21 2h44m bisect fix upstream OK (0) job log log

Sample crash report:
 ... Log Wrap ... Log Wrap ... Log Wrap ...
 ... Log Wrap ... Log Wrap ... Log Wrap ...
find_entry called with index >= next_index
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1998:37
index -128 is out of range for type 'struct dtslot[128]'
CPU: 0 UID: 0 PID: 5831 Comm: syz-executor140 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:453
 dtSplitRoot+0xca0/0x1900 fs/jfs/jfs_dtree.c:1998
 dtSplitUp fs/jfs/jfs_dtree.c:993 [inline]
 dtInsert+0x141d/0x6fa0 fs/jfs/jfs_dtree.c:871
 jfs_create+0x7c4/0xbb0 fs/jfs/namei.c:137
 lookup_open fs/namei.c:3701 [inline]
 open_last_lookups fs/namei.c:3800 [inline]
 path_openat+0x194b/0x35d0 fs/namei.c:4036
 do_filp_open+0x284/0x4e0 fs/namei.c:4066
 do_sys_openat2+0x12b/0x1d0 fs/open.c:1429
 do_sys_open fs/open.c:1444 [inline]
 __do_sys_openat fs/open.c:1460 [inline]
 __se_sys_openat fs/open.c:1455 [inline]
 __x64_sys_openat+0x249/0x2a0 fs/open.c:1455
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7eff170d16f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe8e945ee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007eff170d16f9
RDX: 000000000000275a RSI: 0000200000000c80 RDI: 00000000ffffff9c
RBP: 00007eff1714a610 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffe8e9460b8 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
---[ end trace ]---

Crashes (49):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/04/22 00:35 upstream 9d7a0577c9db 2a20f901 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/11/25 00:57 upstream 9f16d5e6f220 68da6d95 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/11/25 00:06 upstream 9f16d5e6f220 68da6d95 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/05/02 16:04 upstream ebd297a2affa d7f099d1 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/08/07 20:13 upstream 6e64f4580381 04cffc22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/08/01 17:06 upstream f2d282e1dfb3 40127d41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/07/26 00:29 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/07/15 11:04 upstream 155a3c003e55 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/06/16 19:26 upstream e04c78d86a96 d1716036 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/06/16 12:26 upstream e04c78d86a96 5f4b362d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/06/03 09:59 upstream d00a83477e7a a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/06/02 21:37 upstream d00a83477e7a b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/06/02 21:37 upstream d00a83477e7a b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/06/02 21:36 upstream d00a83477e7a b396b4bf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/05/08 22:14 upstream 2c89c1b655c0 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/04/21 23:30 upstream 9d7a0577c9db 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/01/25 18:46 upstream b46c89c08f41 9fbd772e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/01/10 19:42 upstream 2144da25584e 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/12/14 20:40 upstream a446e965a188 7cbfbb3a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/12/13 15:45 upstream f932fb9b4074 3547e30f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/12/01 20:12 upstream bcc8eda6d349 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/11/30 01:46 upstream 509f806f7f70 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/11/24 23:17 upstream 9f16d5e6f220 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/08/05 14:41 upstream 7e161a991ea7 37880f40 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/07/31 10:18 upstream 260f6f4fda93 f8f2b4da .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/07/28 03:24 upstream b711733e89a3 fb8f743d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/07/24 18:22 upstream 25fae0b93d1d 65d60d73 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/07/20 18:05 upstream f4a40a4282f4 7117feec .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/07/18 16:29 upstream 6832a9317eee 7117feec .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/07/09 11:12 upstream 733923397fd9 f4e5e155 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/07/07 15:21 upstream d7b8f8e20813 4f67c4ae .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/06/26 00:45 upstream 92ca6c498a5e 26d77996 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/06/21 04:17 upstream 11313e2f7812 d6cdfb8a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/06/14 20:01 upstream 4774cfe3543a 5f4b362d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/06/05 21:20 upstream ec7714e49479 6b6b5f21 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/06/03 05:27 upstream 7f9039c524a3 a30356b7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/06/02 13:19 upstream cd2e103d57e5 aaaaf5ea .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/04/30 16:20 upstream b6ea1680d0ac 937aafd7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/04/27 12:32 upstream 5bc1018675ec c6b4fb39 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/02/21 01:17 upstream e9a8cac0bf89 0808a665 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/02/11 06:15 upstream febbc555cf0f 43f51a00 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/12/11 18:01 upstream f92f4749861b ff949d25 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/06/07 04:20 linux-next 475c850a7fdd f61267d4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/01/01 20:05 linux-next 8155b4ef3466 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/12/30 11:23 linux-next 8155b4ef3466 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/07/20 22:36 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci aaef6f251176 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/07/17 23:30 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci aaef6f251176 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/06/28 22:31 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9aa9b43d689e fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/01/26 23:12 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1950a0af2d55 9fbd772e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
* Struck through repros no longer work on HEAD.