syzbot

 sign-in | mailing list | source | docs
🐞 Open [1514]
Subsystems
🐞 Fixed [6483]
🐞 Invalid [16467]
Missing Backports [199]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: slab-use-after-free Read in dtSearch

Status: upstream: reported C repro on 2024/04/29 00:37
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+bd3506d55fa4e2fd9030@syzkaller.appspotmail.com
First crash: 466d, last: 11h20m
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: KASAN: slab-out-of-bounds Read in dtSearch (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [jfs?] KASAN: slab-use-after-free Read in dtSearch 0 (1) 2024/04/29 00:37
Similar bugs (6)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: slab-out-of-bounds Read in dtSearch jfs 19 C error done 33 580d 1044d 25/29 fixed on 2024/02/13 12:02
linux-4.14 KASAN: slab-out-of-bounds Read in dtSearch jfs 17 C 2 886d 1044d 0/1 upstream: reported C repro on 2022/09/24 21:35
linux-6.1 KASAN: slab-out-of-bounds Read in dtSearch (2) origin:upstream 17 C error 50 64d 238d 0/3 upstream: reported C repro on 2024/12/09 07:03
linux-5.15 KASAN: slab-out-of-bounds Read in dtSearch origin:upstream 19 C error 176 9h26m 463d 0/3 upstream: reported C repro on 2024/04/28 11:04
linux-6.1 KASAN: slab-out-of-bounds Read in dtSearch 17 5 343d 406d 0/3 auto-obsoleted due to no activity on 2024/12/03 23:18
linux-4.19 KASAN: slab-out-of-bounds Read in dtSearch 17 C error 1 1044d 1044d 0/1 upstream: reported C repro on 2022/09/24 21:36

Sample crash report:
blkno = 8ed2c, nblocks = 1
ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
ERROR: (device loop0): dbAlloc: the hint is outside the map
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:628:10
index 237 is out of range for type 'struct dtslot[128]'
CPU: 1 UID: 0 PID: 5822 Comm: syz-executor179 Not tainted 6.14.0-rc3-syzkaller-00166-g334426094588 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429
 dtSearch+0x1bde/0x2520 fs/jfs/jfs_dtree.c:628
 jfs_lookup+0x17f/0x410 fs/jfs/namei.c:1461
 lookup_one_qstr_excl+0x126/0x2b0 fs/namei.c:1693
 filename_create+0x297/0x540 fs/namei.c:4083
 do_mkdirat+0xbd/0x3a0 fs/namei.c:4328
 __do_sys_mkdir fs/namei.c:4356 [inline]
 __se_sys_mkdir fs/namei.c:4354 [inline]
 __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4354
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3549acd117
Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff68fe9d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3549acd117
RDX: 0000000000004800 RSI: 00000000000001ff RDI: 0000400000000180
RBP: 0000400000000180 R08: 0000000000000000 R09: 0000000000000000
R10: 00007fff68fe9e10 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff68fe9e10 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
---[ end trace ]---

Crashes (1450):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/21 12:44 upstream 334426094588 0808a665 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSearch
2024/11/13 11:06 upstream f1b785f4c787 62026c85 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2024/07/22 05:21 upstream 7846b618e0a4 b88348e9 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2024/04/25 03:07 upstream e88c4cfcb7b8 8bdc0f22 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2024/04/25 02:43 upstream e88c4cfcb7b8 8bdc0f22 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/10 15:38 upstream f09079bd04a9 5d7e17ca .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2024/10/31 06:51 upstream 4236f913808c fb888278 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2024/05/04 16:48 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 78186bd77b47 610f2a54 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2025/08/03 20:39 upstream 186f3edfdd41 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/07/24 05:16 upstream 01a412d06bc5 0c1d6ded .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/07/14 13:59 upstream 347e9f5043c8 d8fc7335 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/07/08 11:36 upstream d7b8f8e20813 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/07/04 21:10 upstream 4c06e63b9203 d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/06/28 14:05 upstream aaf724ed6926 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/06/20 16:30 upstream 41687a5c6f8b 804b3919 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-use-after-free Read in dtSearch
2025/06/09 20:43 upstream 19272b37aa4f 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in dtSearch
2024/05/12 22:08 upstream ba16c1cf11c9 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in dtSearch
2025/07/03 10:13 upstream b4911fb0b060 115ceea7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in dtSearch
2025/06/30 06:15 linux-next 2aeda9592360 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in dtSearch
2025/07/06 12:04 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7482bb149b9f 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in dtSearch
2025/08/04 06:28 upstream 352af6a011d5 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/08/01 04:27 upstream 260f6f4fda93 0c075d67 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/23 11:41 upstream 89be9a83ccf1 e1dd4f22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/21 10:07 upstream 89be9a83ccf1 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/18 21:57 upstream d786aba32000 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/14 17:18 upstream 347e9f5043c8 d8fc7335 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/14 03:15 upstream 5d5d62298b8b 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/10 22:26 upstream bc9ff192a6c9 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/10 11:16 upstream 8c2e52ebbe88 956bd956 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/07 13:08 upstream d7b8f8e20813 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/06 10:33 upstream 05df91921da6 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/04 18:36 upstream 4c06e63b9203 d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/07/02 03:25 upstream 66701750d556 091a06cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/06/25 10:54 upstream 7595b66ae9de 26d77996 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/06/23 09:09 upstream b67ec639010f d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/06/23 01:00 upstream b67ec639010f d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/06/21 06:23 upstream 11313e2f7812 d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: slab-out-of-bounds Read in dtSearch
2025/03/27 13:12 upstream 1e1ba8d23dae 20510e88 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root UBSAN: array-index-out-of-bounds in dtSearch
2025/02/26 22:51 upstream ac9c34d1e45a 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in dtSearch
2025/02/05 01:02 upstream d009de7d5428 4baca3d6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-root KMSAN: uninit-value in dtSearch
2024/08/09 13:57 upstream ee9a43b7cfe2 a83d9288 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KFENCE: out-of-bounds in dtSearch
2024/06/22 05:40 upstream 66cc544fd75c edc5149a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-out-of-bounds Read in dtSearch
2025/04/14 16:56 upstream 8ffd015db85f 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kmsan-gce-386-root KMSAN: uninit-value in dtSearch
2025/08/04 04:49 upstream 352af6a011d5 7368264b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/04 03:37 upstream 352af6a011d5 7368264b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/08/01 12:36 upstream d6084bb815c4 0c075d67 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/31 03:31 upstream 4b290aae788e f8f2b4da .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/24 16:18 upstream 25fae0b93d1d 65d60d73 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/17 19:00 upstream e2291551827f 0ea0ca3f .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/17 06:57 upstream e2291551827f 44f8051e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/13 04:25 upstream 3f31a806a62e 3cda49cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/13 02:47 upstream 3f31a806a62e 3cda49cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/09 22:30 upstream 8c2e52ebbe88 956bd956 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/09 09:34 upstream 733923397fd9 f4e5e155 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/08 09:15 upstream d7b8f8e20813 4f67c4ae .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/07 14:33 upstream d7b8f8e20813 4f67c4ae .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/07 05:55 upstream 772b78c2abd8 4f67c4ae .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/02 21:45 upstream b4911fb0b060 0cd59a8f .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/07/01 18:40 upstream 66701750d556 a073c096 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/29 07:21 upstream dfba48a70cb6 fc9d8ee5 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/29 03:10 upstream dfba48a70cb6 fc9d8ee5 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/26 04:15 upstream 92ca6c498a5e 26d77996 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/25 13:02 upstream 7595b66ae9de 26d77996 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/24 04:18 upstream 78f4e737a53e 1a7fb460 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/23 12:45 upstream 86731a2a651e d6cdfb8a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/23 06:17 upstream b67ec639010f d6cdfb8a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/22 14:51 upstream 739a6c93cc75 d6cdfb8a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/20 05:22 upstream 24770983ccfe ed3e87f7 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-out-of-bounds Read in dtSearch
2025/06/12 12:48 upstream 2c4a1f3fe03e 98683f8f .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSearch
2024/06/25 22:26 upstream 55027e689933 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-out-of-bounds Read in dtSearch
2025/07/13 13:58 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci ec4801305969 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2025/07/07 15:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7482bb149b9f 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in dtSearch
2024/07/19 17:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c912bf709078 ee4e11c8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: use-after-free Read in dtSearch
* Struck through repros no longer work on HEAD.