KASAN: slab-use-after-free Write in dtSplitPage

Title	Replies (including bot)	Last reply
[syzbot] [jfs?] KASAN: slab-use-after-free Write in dtSplitPage	0 (3)	2025/01/03 12:54

Title

Replies (including bot)

Last reply

[syzbot] [jfs?] KASAN: slab-use-after-free Write in dtSplitPage

0 (3)

2025/01/03 12:54

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-6.1	UBSAN: array-index-out-of-bounds in dtSplitPage				6	5d23h	87d	0/3	upstream: reported on 2024/12/30 07:45
linux-5.15	UBSAN: array-index-out-of-bounds in dtSplitPage origin:upstream	C			11	19h43m	89d	0/3	upstream: reported C repro on 2024/12/29 06:57

------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1600:11 index 27 is out of range for type 'struct lv[20]' CPU: 1 UID: 0 PID: 5827 Comm: syz-executor354 Not tainted 6.14.0-rc6-syzkaller-00244-g31d7109a19f6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429 dtSplitPage+0x3e58/0x3ec0 fs/jfs/jfs_dtree.c:1600 dtSplitUp fs/jfs/jfs_dtree.c:1091 [inline] dtInsert+0x14d5/0x6d10 fs/jfs/jfs_dtree.c:870 jfs_rename+0xafe/0x1bf0 fs/jfs/namei.c:1225 vfs_rename+0xbdb/0xf00 fs/namei.c:5069 do_renameat2+0xd94/0x13f0 fs/namei.c:5226 __do_sys_rename fs/namei.c:5273 [inline] __se_sys_rename fs/namei.c:5271 [inline] __x64_sys_rename+0x82/0x90 fs/namei.c:5271 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fdc2d0d0f39 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd6f6245a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 RAX: ffffffffffffffda RBX: 00007ffd6f6245b0 RCX: 00007fdc2d0d0f39 RDX: 0000000000000000 RSI: 0000400000000f40 RDI: 0000400000000300 RBP: 00007ffd6f6245b8 R08: 00007fdc2d09cea0 R09: 00007fdc2d09cea0 R10: 00007fdc2d09cea0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd6f624818 R14: 0000000000000001 R15: 0000000000000001 </TASK> ---[ end trace ]---

Crashes (179):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/03/16 12:34	upstream	31d7109a19f6	e2826670	.config	strace log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/01/03 12:53	upstream	0bc21e701a6f	d3ccff63	.config	strace log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/01/01 01:54	upstream	ccb98ccef0e5	d3ccff63	.config	console log	report	syz / log			[disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] [mounted in repro #3] [mounted in repro #4] [mounted in repro #5]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2024/12/27 12:50	upstream	d6ef8b40d075	d3ccff63	.config	console log	report	syz / log			[disk image] [vmlinux] [kernel image] [mounted in repro]	ci-upstream-kasan-badwrites-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/27 07:29	upstream	1e1ba8d23dae	20510e88	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	KASAN: slab-use-after-free Write in dtSplitPage
2025/03/22 18:05	upstream	88d324e69ea9	c6512ef7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	KASAN: slab-use-after-free Write in dtSplitPage
2025/03/22 15:22	upstream	88d324e69ea9	c6512ef7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	KASAN: slab-use-after-free Write in dtSplitPage
2025/03/22 06:00	upstream	d07de43e3f05	c6512ef7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	KASAN: slab-use-after-free Write in dtSplitPage
2025/03/13 00:14	upstream	0fed89a961ea	1a5d9317	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	KASAN: slab-use-after-free Write in dtSplitPage
2025/03/12 18:03	upstream	0fed89a961ea	ee70e6db	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	KASAN: slab-use-after-free Write in dtSplitPage
2024/10/16 07:37	upstream	2f87d0916ce0	bde2d81c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	KASAN: slab-use-after-free Write in dtSplitPage
2025/03/27 01:02	upstream	2df0c02dab82	20510e88	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/26 19:52	upstream	2df0c02dab82	89d30d73	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/26 18:14	upstream	2df0c02dab82	89d30d73	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/26 03:39	upstream	2df0c02dab82	89d30d73	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-badwrites-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/26 02:15	upstream	2df0c02dab82	89d30d73	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/25 06:22	upstream	2f2d52945852	875573af	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/24 23:11	upstream	38fec10eb60d	875573af	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/24 20:51	upstream	38fec10eb60d	875573af	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/24 00:04	upstream	586de92313fc	875573af	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/23 17:59	upstream	586de92313fc	4e8d3850	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/23 10:41	upstream	183601b78a9b	4e8d3850	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/22 19:44	upstream	88d324e69ea9	c6512ef7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/20 20:17	upstream	5fc319360819	62330552	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/19 18:29	upstream	81e4f8d68c66	e20d7b13	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/18 04:43	upstream	fc444ada1310	ce3352cd	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/18 01:54	upstream	4701f33a1070	ce3352cd	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/17 19:51	upstream	4701f33a1070	948c34e4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/17 10:46	upstream	4701f33a1070	948c34e4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/16 22:41	upstream	cb82ca153949	e2826670	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-badwrites-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/16 10:51	upstream	31d7109a19f6	e2826670	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/15 20:16	upstream	3571e8b091f4	e2826670	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/15 15:55	upstream	a29967be967e	e2826670	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/15 10:19	upstream	a29967be967e	e2826670	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/14 18:13	upstream	695caca9345a	e2826670	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/13 23:20	upstream	4003c9e78778	44be8b44	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/13 12:58	upstream	b7f94fcf5546	44be8b44	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-badwrites-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/12 14:46	upstream	0fed89a961ea	ee70e6db	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/11 16:18	upstream	4d872d51bc9d	16256247	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/25 13:20	upstream	2f2d52945852	875573af	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/25 11:22	upstream	2f2d52945852	875573af	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/25 04:04	upstream	38fec10eb60d	875573af	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/23 12:32	upstream	183601b78a9b	4e8d3850	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/22 13:23	upstream	88d324e69ea9	c6512ef7	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/22 00:25	upstream	d07de43e3f05	c6512ef7	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/21 10:46	upstream	b3ee1e460951	62330552	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/20 12:40	upstream	a7f2e10ecd8f	62330552	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/20 10:30	upstream	a7f2e10ecd8f	62330552	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	KASAN: use-after-free Write in dtSplitPage
2025/03/19 16:51	upstream	81e4f8d68c66	8d0a2921	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/19 13:23	upstream	81e4f8d68c66	8d0a2921	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/16 08:54	upstream	eb88e6bfbc0a	e2826670	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/15 17:33	upstream	3571e8b091f4	e2826670	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/15 13:49	upstream	3571e8b091f4	e2826670	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/14 04:59	upstream	4003c9e78778	e2826670	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/14 02:11	upstream	4003c9e78778	e2826670	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/03/13 14:53	upstream	b7f94fcf5546	44be8b44	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	UBSAN: array-index-out-of-bounds in dtSplitPage
2025/01/13 17:07	linux-next	7b4b9bf203da	6dbc6a9b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	UBSAN: array-index-out-of-bounds in dtSplitPage

Crashes (179):

Assets (help?)

2025/03/16 12:34

upstream