syzbot

 sign-in | mailing list | source | docs
🐞 Open [1572]
Subsystems
🐞 Fixed [6334]
🐞 Invalid [16145]
Missing Backports [192]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: slab-use-after-free Read in dtSearch

Status: upstream: reported C repro on 2024/04/29 00:37
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+bd3506d55fa4e2fd9030@syzkaller.appspotmail.com
First crash: 430d, last: 1h52m
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: KASAN: slab-out-of-bounds Read in dtSearch (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [jfs?] KASAN: slab-use-after-free Read in dtSearch 0 (1) 2024/04/29 00:37
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: slab-out-of-bounds Read in dtSearch jfs C error done 33 544d 1007d 25/29 fixed on 2024/02/13 12:02
linux-4.14 KASAN: slab-out-of-bounds Read in dtSearch jfs C 2 850d 1008d 0/1 upstream: reported C repro on 2022/09/24 21:35
linux-6.1 KASAN: slab-out-of-bounds Read in dtSearch (2) origin:upstream C error 50 27d 202d 0/3 upstream: reported C repro on 2024/12/09 07:03
linux-5.15 KASAN: slab-out-of-bounds Read in dtSearch origin:upstream C error 173 6d15h 426d 0/3 upstream: reported C repro on 2024/04/28 11:04
linux-6.1 KASAN: slab-out-of-bounds Read in dtSearch 5 307d 370d 0/3 auto-obsoleted due to no activity on 2024/12/03 23:18
linux-4.19 KASAN: slab-out-of-bounds Read in dtSearch C error 1 1008d 1008d 0/1 upstream: reported C repro on 2022/09/24 21:36

Sample crash report:
blkno = 8ed2c, nblocks = 1
ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
ERROR: (device loop0): dbAlloc: the hint is outside the map
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:628:10
index 237 is out of range for type 'struct dtslot[128]'
CPU: 1 UID: 0 PID: 5822 Comm: syz-executor179 Not tainted 6.14.0-rc3-syzkaller-00166-g334426094588 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429
 dtSearch+0x1bde/0x2520 fs/jfs/jfs_dtree.c:628
 jfs_lookup+0x17f/0x410 fs/jfs/namei.c:1461
 lookup_one_qstr_excl+0x126/0x2b0 fs/namei.c:1693
 filename_create+0x297/0x540 fs/namei.c:4083
 do_mkdirat+0xbd/0x3a0 fs/namei.c:4328
 __do_sys_mkdir fs/namei.c:4356 [inline]
 __se_sys_mkdir fs/namei.c:4354 [inline]
 __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4354
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3549acd117
Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff68fe9d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3549acd117
RDX: 0000000000004800 RSI: 00000000000001ff RDI: 0000400000000180
RBP: 0000400000000180 R08: 0000000000000000 R09: 0000000000000000
R10: 00007fff68fe9e10 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff68fe9e10 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
---[ end trace ]---

Crashes (1409):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/21 12:44 upstream 334426094588 0808a665 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2024/11/13 11:06 upstream f1b785f4c787 62026c85 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2024/07/22 05:21 upstream 7846b618e0a4 b88348e9 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2024/04/25 03:07 upstream e88c4cfcb7b8 8bdc0f22 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2024/04/25 02:43 upstream e88c4cfcb7b8 8bdc0f22 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/10 15:38 upstream f09079bd04a9 5d7e17ca .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2024/10/31 06:51 upstream 4236f913808c fb888278 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2024/05/04 16:48 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 78186bd77b47 610f2a54 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2025/06/28 14:05 upstream aaf724ed6926 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/06/20 16:30 upstream 41687a5c6f8b 804b3919 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/06/15 01:24 upstream 4774cfe3543a 5f4b362d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/06/09 20:43 upstream 19272b37aa4f 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in dtSearch
2025/05/31 01:49 upstream 8477ab143069 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/05/11 23:35 upstream cd802e7e5f1e 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2024/05/12 22:08 upstream ba16c1cf11c9 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in dtSearch
2025/05/29 19:28 linux-next 2a628f951ed5 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in dtSearch
2025/06/14 09:56 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 39dfc971e42d 0e8da31f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in dtSearch
2025/06/25 10:54 upstream 7595b66ae9de 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/06/23 09:09 upstream b67ec639010f d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/06/23 01:00 upstream b67ec639010f d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/06/21 06:23 upstream 11313e2f7812 d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/06/19 09:40 upstream fb4d33ab452e ed3e87f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/06/16 00:40 upstream 08215f5486ec 5f4b362d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/06/14 23:29 upstream 4774cfe3543a 5f4b362d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/06/09 18:04 upstream 19272b37aa4f 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/06/05 12:12 upstream 1af80d00e1e0 6b6b5f21 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/06/03 22:02 upstream 546b1c9e93c2 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/05/31 21:36 upstream 0f70f5b08a47 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2025/05/31 15:58 upstream 0f70f5b08a47 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2025/05/31 00:48 upstream 8477ab143069 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/05/30 13:33 upstream f66bc387efbe 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2025/05/30 01:21 upstream e0797d3b91de 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2025/05/17 19:31 upstream 172a9d94339c f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/05/16 15:09 upstream fee3e843b309 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/05/15 18:26 upstream 088d13246a46 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/05/13 06:43 upstream 627277ba7c23 f6671af7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/05/11 17:07 upstream 3ce9925823c7 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/03/27 13:12 upstream 1e1ba8d23dae 20510e88 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: array-index-out-of-bounds in dtSearch
2025/02/26 22:51 upstream ac9c34d1e45a 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in dtSearch
2025/02/05 01:02 upstream d009de7d5428 4baca3d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in dtSearch
2024/08/09 13:57 upstream ee9a43b7cfe2 a83d9288 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KFENCE: out-of-bounds in dtSearch
2024/06/22 05:40 upstream 66cc544fd75c edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/14 16:56 upstream 8ffd015db85f 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in dtSearch
2025/06/29 07:21 upstream dfba48a70cb6 fc9d8ee5 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/29 03:10 upstream dfba48a70cb6 fc9d8ee5 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/26 04:15 upstream 92ca6c498a5e 26d77996 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/25 13:02 upstream 7595b66ae9de 26d77996 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/24 04:18 upstream 78f4e737a53e 1a7fb460 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/23 12:45 upstream 86731a2a651e d6cdfb8a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/23 06:17 upstream b67ec639010f d6cdfb8a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/22 14:51 upstream 739a6c93cc75 d6cdfb8a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/20 05:22 upstream 24770983ccfe ed3e87f7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/19 01:25 upstream 52da431bf03b ed3e87f7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/17 19:14 upstream 9afe652958c3 a5686133 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/17 00:42 upstream e04c78d86a96 d1716036 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/12 12:48 upstream 2c4a1f3fe03e 98683f8f .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSearch
2025/06/09 14:19 upstream 19272b37aa4f 4826c28e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/06 16:00 upstream e271ed52b344 3d899f2c .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/02 18:59 upstream cd2e103d57e5 aaaaf5ea .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/01 02:56 upstream 4cb6c8af8591 3d2f584d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/05/31 22:54 upstream 0f70f5b08a47 3d2f584d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/05/31 13:55 upstream 0f70f5b08a47 3d2f584d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/05/31 06:59 upstream 8477ab143069 3d2f584d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/05/30 20:35 upstream f66bc387efbe 3d2f584d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/05/27 03:46 upstream ddddf9d64f73 874a1386 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/05/20 14:24 upstream a5806cd506af b47f9e02 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2024/06/25 22:26 upstream 55027e689933 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-out-of-bounds Read in dtSearch
2025/06/07 22:07 linux-next 475c850a7fdd 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSearch
2025/05/31 08:16 linux-next 3a83b350b5be 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSearch
2025/06/09 03:12 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci d7fa1af5b33e 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2025/05/27 20:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci d7fa1af5b33e 874a1386 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2025/05/25 02:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci d7fa1af5b33e ed351ea7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2024/07/19 17:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c912bf709078 ee4e11c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: use-after-free Read in dtSearch
* Struck through repros no longer work on HEAD.