UBSAN: array-index-out-of-bounds in dtSplitRoot (2)

Title	Replies (including bot)	Last reply
[PATCH] jfs: fix a oob in dtSplitRoot	2 (2)	2025/02/19 15:54
[syzbot] [jfs?] UBSAN: array-index-out-of-bounds in dtSplitRoot (2)	1 (3)	2024/11/29 02:15

Title

Replies (including bot)

Last reply

[PATCH] jfs: fix a oob in dtSplitRoot

2 (2)

2025/02/19 15:54

[syzbot] [jfs?] UBSAN: array-index-out-of-bounds in dtSplitRoot (2)

1 (3)

2024/11/29 02:15

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	UBSAN: array-index-out-of-bounds in dtSplitRoot jfs	C	error	inconclusive	2	599d	926d	25/28	fixed on 2024/01/30 15:47
linux-5.15	UBSAN: array-index-out-of-bounds in dtSplitRoot origin:upstream	C		error	5	16d	101d	0/3	upstream: reported C repro on 2025/01/18 16:29
linux-4.19	KASAN: slab-out-of-bounds Read in dtSplitRoot	C		error	1	928d	928d	0/1	upstream: reported C repro on 2022/10/14 11:28
linux-4.14	KASAN: slab-out-of-bounds Read in dtSplitRoot	C			1	792d	926d	0/1	upstream: reported C repro on 2022/10/15 22:33

upstream

UBSAN: array-index-out-of-bounds in dtSplitRoot jfs

error

inconclusive

599d

926d

25/28

fixed on 2024/01/30 15:47

linux-5.15

UBSAN: array-index-out-of-bounds in dtSplitRoot origin:upstream

error

16d

101d

0/3

upstream: reported C repro on 2025/01/18 16:29

linux-4.19

KASAN: slab-out-of-bounds Read in dtSplitRoot

error

928d

0/1

upstream: reported C repro on 2022/10/14 11:28

linux-4.14

KASAN: slab-out-of-bounds Read in dtSplitRoot

792d

926d

0/1

upstream: reported C repro on 2022/10/15 22:33


Created	Duration	User	Patch	Repo	Result
2025/03/09 19:36	13m	retest repro		upstream	report log
2025/03/09 19:36	14m	retest repro		upstream	report log
2024/12/29 17:10	14m	retest repro		upstream	report log
2024/12/29 17:10	14m	retest repro		upstream	report log
2024/11/29 01:52	18m	lizhi.xu@windriver.com	patch	upstream	OK log

Created	Duration	User	Patch	Repo	Result
2025/04/13 19:21	2h44m	bisect fix		upstream	OK (0) job log log

Created

Duration

User

Patch

Repo

Result

2025/04/13 19:21

2h44m

bisect fix

upstream

OK (0) job log log

... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... find_entry called with index >= next_index ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1998:37 index -128 is out of range for type 'struct dtslot[128]' CPU: 0 UID: 0 PID: 5831 Comm: syz-executor140 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:453 dtSplitRoot+0xca0/0x1900 fs/jfs/jfs_dtree.c:1998 dtSplitUp fs/jfs/jfs_dtree.c:993 [inline] dtInsert+0x141d/0x6fa0 fs/jfs/jfs_dtree.c:871 jfs_create+0x7c4/0xbb0 fs/jfs/namei.c:137 lookup_open fs/namei.c:3701 [inline] open_last_lookups fs/namei.c:3800 [inline] path_openat+0x194b/0x35d0 fs/namei.c:4036 do_filp_open+0x284/0x4e0 fs/namei.c:4066 do_sys_openat2+0x12b/0x1d0 fs/open.c:1429 do_sys_open fs/open.c:1444 [inline] __do_sys_openat fs/open.c:1460 [inline] __se_sys_openat fs/open.c:1455 [inline] __x64_sys_openat+0x249/0x2a0 fs/open.c:1455 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf3/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7eff170d16f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe8e945ee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007eff170d16f9 RDX: 000000000000275a RSI: 0000200000000c80 RDI: 00000000ffffff9c RBP: 00007eff1714a610 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffe8e9460b8 R14: 0000000000000001 R15: 0000000000000001 </TASK> ---[ end trace ]---

Crashes (18):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/04/22 00:35	upstream	9d7a0577c9db	2a20f901	.config	strace log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/11/25 00:57	upstream	9f16d5e6f220	68da6d95	.config	strace log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/11/25 00:06	upstream	9f16d5e6f220	68da6d95	.config	strace log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/04/21 23:30	upstream	9d7a0577c9db	2a20f901	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/01/25 18:46	upstream	b46c89c08f41	9fbd772e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/01/10 19:42	upstream	2144da25584e	6dbc6a9b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/12/14 20:40	upstream	a446e965a188	7cbfbb3a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/12/13 15:45	upstream	f932fb9b4074	3547e30f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/12/01 20:12	upstream	bcc8eda6d349	68914665	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/11/30 01:46	upstream	509f806f7f70	68914665	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/11/24 23:17	upstream	9f16d5e6f220	68da6d95	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/04/27 12:32	upstream	5bc1018675ec	c6b4fb39	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/02/21 01:17	upstream	e9a8cac0bf89	0808a665	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/02/11 06:15	upstream	febbc555cf0f	43f51a00	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/12/11 18:01	upstream	f92f4749861b	ff949d25	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/01/01 20:05	linux-next	8155b4ef3466	d3ccff63	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/12/30 11:23	linux-next	8155b4ef3466	d3ccff63	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/01/26 23:12	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	1950a0af2d55	9fbd772e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-gce-arm64	UBSAN: array-index-out-of-bounds in dtSplitRoot

Crashes (18):

Assets (help?)

2025/04/22 00:35

upstream