syzbot

 sign-in | mailing list | source | docs
🐞 Open [655]
🐞 Fixed [66]
🐞 Invalid [756]
Missing Backports [79]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

UBSAN: array-index-out-of-bounds in dtSplitRoot

Status: upstream: reported C repro on 2025/01/18 16:29
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+bd7784506b11a06dd129@syzkaller.appspotmail.com
First crash: 18d, last: 3d23h
Bug presence (1)
Date Name Commit Repro Result
2025/01/18 upstream (ToT) 595523945be0 C [report] UBSAN: array-index-out-of-bounds in dtSplitRoot
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: array-index-out-of-bounds in dtSplitRoot jfs C error inconclusive 2 516d 844d 25/28 fixed on 2024/01/30 15:47
upstream UBSAN: array-index-out-of-bounds in dtSplitRoot (2) jfs C error 13 9d22h 68d 0/28 upstream: reported C repro on 2024/11/28 23:22
linux-4.19 KASAN: slab-out-of-bounds Read in dtSplitRoot C error 1 845d 845d 0/1 upstream: reported C repro on 2022/10/14 11:28
linux-4.14 KASAN: slab-out-of-bounds Read in dtSplitRoot C 1 709d 843d 0/1 upstream: reported C repro on 2022/10/15 22:33
Last patch testing requests (4)
Created Duration User Patch Repo Result
2025/02/01 21:35 11m retest repro linux-5.15.y report log
2025/02/01 21:35 14m retest repro linux-5.15.y report log
2025/02/01 21:35 14m retest repro linux-5.15.y report log
2025/02/01 21:35 16m retest repro linux-5.15.y report log

Sample crash report:
 ... Log Wrap ... Log Wrap ... Log Wrap ...
find_entry called with index >= next_index
================================================================================
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1995:37
index -128 is out of range for type 'struct dtslot[128]'
CPU: 0 PID: 4085 Comm: syz-executor374 Not tainted 5.15.176-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_out_of_bounds+0x108/0x15c lib/ubsan.c:282
 dtSplitRoot+0x998/0x1440 fs/jfs/jfs_dtree.c:1995
 dtSplitUp fs/jfs/jfs_dtree.c:990 [inline]
 dtInsert+0xee0/0x5534 fs/jfs/jfs_dtree.c:868
 jfs_symlink+0x910/0xf1c fs/jfs/namei.c:1019
 vfs_symlink+0x244/0x3a8 fs/namei.c:4429
 do_symlinkat+0x364/0x6b0 fs/namei.c:4458
 __do_sys_symlinkat fs/namei.c:4475 [inline]
 __se_sys_symlinkat fs/namei.c:4472 [inline]
 __arm64_sys_symlinkat+0xa4/0xbc fs/namei.c:4472
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
================================================================================
find_entry called with index = 0

 ... Log Wrap ... Log Wrap ... Log Wrap ...


 ... Log Wrap ... Log Wrap ... Log Wrap ...


 ... Log Wrap ... Log Wrap ... Log Wrap ...


 ... Log Wrap ... Log Wrap ... Log Wrap ...


 ... Log Wrap ... Log Wrap ... Log Wrap ...

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/01/18 20:12 linux-5.15.y 4735586da88e f2cb035c .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/01/18 19:10 linux-5.15.y 4735586da88e f2cb035c .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/01/18 18:20 linux-5.15.y 4735586da88e f2cb035c .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] [mounted in repro #3] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/01/18 17:25 linux-5.15.y 4735586da88e f2cb035c .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/01/18 16:29 linux-5.15.y 4735586da88e f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
* Struck through repros no longer work on HEAD.