UBSAN: array-index-out-of-bounds in truncate_inode_pages

Date	Name	Commit	Repro	Result
2024/01/12	linux-6.1.y (ToT)	7c58bfa711cb	C	[report] INFO: rcu detected stall in corrupted
2023/07/15	upstream (ToT)	831fe284d827	C	[report] UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2024/01/12	upstream (ToT)	cf65598d5909	C	Didn't crash

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final ntfs3	C			11	33d	298d	0/26	upstream: reported C repro on 2023/07/09 12:32
upstream	BUG: unable to handle kernel NULL pointer dereference in truncate_inode_pages_final ntfs3				1	583d	579d	0/26	auto-obsoleted due to no activity on 2023/01/25 10:14

upstream

UBSAN: array-index-out-of-bounds in truncate_inode_pages_final ntfs3

33d

298d

0/26

upstream: reported C repro on 2023/07/09 12:32

upstream

BUG: unable to handle kernel NULL pointer dereference in truncate_inode_pages_final ntfs3

583d

579d

0/26

auto-obsoleted due to no activity on 2023/01/25 10:14

Created	Duration	User	Repo	Result
2024/01/16 08:46	3h01m	fix candidate	upstream	job log (0)
2023/12/28 19:53	2h46m	bisect fix	linux-6.1.y	job log (0) log
2023/10/30 21:48	2h39m	bisect fix	linux-6.1.y	job log (0) log
2023/09/29 22:15	2h18m	bisect fix	linux-6.1.y	job log (0) log

Created

Duration

User

Patch

Repo

Result

2024/01/16 08:46

3h01m

fix candidate

upstream

job log (0)

2023/12/28 19:53

2h46m

bisect fix

linux-6.1.y

job log (0) log

2023/10/30 21:48

2h39m

bisect fix

linux-6.1.y

job log (0) log

2023/09/29 22:15

2h18m

bisect fix

linux-6.1.y

job log (0) log

================================================================================ UBSAN: array-index-out-of-bounds in ./include/linux/pagevec.h:129:2 index 255 is out of range for type 'struct folio *[15]' CPU: 0 PID: 4771 Comm: syz-executor373 Not tainted 6.1.81-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_out_of_bounds+0xfc/0x148 lib/ubsan.c:282 folio_batch_add include/linux/pagevec.h:129 [inline] find_lock_entries+0x7ac/0xa08 mm/filemap.c:2110 truncate_inode_pages_range+0x178/0xf10 mm/truncate.c:363 truncate_inode_pages mm/truncate.c:451 [inline] truncate_inode_pages_final+0x90/0xc0 mm/truncate.c:486 ntfs_evict_inode+0x24/0xc8 fs/ntfs3/inode.c:1762 evict+0x260/0x68c fs/inode.c:666 iput_final fs/inode.c:1791 [inline] iput+0x7c0/0x8a4 fs/inode.c:1817 ntfs_fill_super+0x2d88/0x3458 fs/ntfs3/super.c:1190 get_tree_bdev+0x360/0x54c fs/super.c:1355 ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1359 vfs_get_tree+0x90/0x274 fs/super.c:1562 do_new_mount+0x278/0x8fc fs/namespace.c:3051 path_mount+0x590/0xe5c fs/namespace.c:3381 do_mount fs/namespace.c:3394 [inline] __do_sys_mount fs/namespace.c:3602 [inline] __se_sys_mount fs/namespace.c:3579 [inline] __arm64_sys_mount+0x45c/0x594 fs/namespace.c:3579 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585 ================================================================================

Crashes (9):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/03/08 22:46	linux-6.1.y	61adba85cc40	8e75c913	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2024/02/07 21:37	linux-6.1.y	f1bb70486c9c	6404acf9	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2023/11/20 23:41	linux-6.1.y	69e434a1cb21	cb976f63	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2023/07/15 18:52	linux-6.1.y	61fd484b2cf6	35d9ecc5	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2023/07/30 02:16	linux-6.1.y	d2a6dc4eaf6d	92476829	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2024/04/22 06:53	linux-6.1.y	6741e066ec76	af24b050	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-6-1-kasan-arm64	KASAN: stack-out-of-bounds Write in truncate_inode_pages_final
2024/04/08 14:14	linux-6.1.y	347385861c50	53df08b6	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2023/11/27 16:14	linux-6.1.y	69e434a1cb21	7ec6c044	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
2023/07/25 18:28	linux-6.1.y	5302e81aa209	6756545c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan-arm64	KASAN: stack-out-of-bounds Write in truncate_inode_pages_final

Crashes (9):

Assets (help?)