UBSAN: array-index-out-of-bounds in truncate_inode_pages

Date	Name	Commit	Repro	Result
2024/01/12	linux-6.1.y (ToT)	7c58bfa711cb	C	[report] INFO: rcu detected stall in corrupted
2023/07/15	upstream (ToT)	831fe284d827	C	[report] UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2024/01/12	upstream (ToT)	cf65598d5909	C	Didn't crash

Date

Name

Commit

Repro

Result

2024/01/12

linux-6.1.y (ToT)

7c58bfa711cb

[report] INFO: rcu detected stall in corrupted

2023/07/15

upstream (ToT)

831fe284d827

[report] UBSAN: array-index-out-of-bounds in truncate_inode_pages_final

2024/01/12

upstream (ToT)

cf65598d5909

Didn't crash

Kernel	Title	Repro	Count	Last	Reported	Patched	Status
upstream	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final ntfs3	C	12	134d	531d	0/28	auto-obsoleted due to no activity on 2024/11/17 01:41
upstream	BUG: unable to handle kernel NULL pointer dereference in truncate_inode_pages_final ntfs3		1	816d	812d	0/28	auto-obsoleted due to no activity on 2023/01/25 10:14
linux-5.15	general protection fault in truncate_inode_pages_final		1	81d	81d	0/3	upstream: reported on 2024/10/01 13:28

upstream

UBSAN: array-index-out-of-bounds in truncate_inode_pages_final ntfs3

134d

531d

0/28

auto-obsoleted due to no activity on 2024/11/17 01:41

upstream

BUG: unable to handle kernel NULL pointer dereference in truncate_inode_pages_final ntfs3

816d

812d

0/28

auto-obsoleted due to no activity on 2023/01/25 10:14

linux-5.15

general protection fault in truncate_inode_pages_final

81d

0/3

upstream: reported on 2024/10/01 13:28


Created	Duration	User	Repo	Result
2024/01/16 08:46	3h01m	fix candidate	upstream	OK (0) job log
2023/12/28 19:53	2h46m	bisect fix	linux-6.1.y	OK (0) job log log
2023/10/30 21:48	2h39m	bisect fix	linux-6.1.y	OK (0) job log log
2023/09/29 22:15	2h18m	bisect fix	linux-6.1.y	OK (0) job log log

================================================================================ UBSAN: array-index-out-of-bounds in ./include/linux/pagevec.h:129:2 index 255 is out of range for type 'struct folio *[15]' CPU: 0 PID: 4771 Comm: syz-executor373 Not tainted 6.1.81-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_out_of_bounds+0xfc/0x148 lib/ubsan.c:282 folio_batch_add include/linux/pagevec.h:129 [inline] find_lock_entries+0x7ac/0xa08 mm/filemap.c:2110 truncate_inode_pages_range+0x178/0xf10 mm/truncate.c:363 truncate_inode_pages mm/truncate.c:451 [inline] truncate_inode_pages_final+0x90/0xc0 mm/truncate.c:486 ntfs_evict_inode+0x24/0xc8 fs/ntfs3/inode.c:1762 evict+0x260/0x68c fs/inode.c:666 iput_final fs/inode.c:1791 [inline] iput+0x7c0/0x8a4 fs/inode.c:1817 ntfs_fill_super+0x2d88/0x3458 fs/ntfs3/super.c:1190 get_tree_bdev+0x360/0x54c fs/super.c:1355 ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1359 vfs_get_tree+0x90/0x274 fs/super.c:1562 do_new_mount+0x278/0x8fc fs/namespace.c:3051 path_mount+0x590/0xe5c fs/namespace.c:3381 do_mount fs/namespace.c:3394 [inline] __do_sys_mount fs/namespace.c:3602 [inline] __se_sys_mount fs/namespace.c:3579 [inline] __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3579 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 ================================================================================

Crashes (12):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/03/08 22:46	linux-6.1.y	61adba85cc40	8e75c913	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2024/02/07 21:37	linux-6.1.y	f1bb70486c9c	6404acf9	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2023/11/20 23:41	linux-6.1.y	69e434a1cb21	cb976f63	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2023/07/15 18:52	linux-6.1.y	61fd484b2cf6	35d9ecc5	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2023/07/30 02:16	linux-6.1.y	d2a6dc4eaf6d	92476829	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2024/04/22 06:53	linux-6.1.y	6741e066ec76	af24b050	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	KASAN: stack-out-of-bounds Write in truncate_inode_pages_final
2024/08/10 15:40	linux-6.1.y	48d525b0e463	6f4edef4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2024/05/28 04:07	linux-6.1.y	88690811da69	f550015e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2024/05/24 05:20	linux-6.1.y	4078fa637fcd	8f98448e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2024/04/08 14:14	linux-6.1.y	347385861c50	53df08b6	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2023/11/27 16:14	linux-6.1.y	69e434a1cb21	7ec6c044	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2023/07/25 18:28	linux-6.1.y	5302e81aa209	6756545c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	KASAN: stack-out-of-bounds Write in truncate_inode_pages_final

Crashes (12):

Assets (help?)