syzbot


UBSAN: array-index-out-of-bounds in diAllocBit

Status: upstream: reported syz repro on 2025/11/19 05:43
Subsystems: jfs
Labels: prio:high
[Documentation on labels]
Reported-by: syzbot+015483fc71d1413f40ee@syzkaller.appspotmail.com
First crash: 228d, last: 9d20h
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
173ba62f-6375-4af9-a837-21adaf8fd70d assessment-security DenialOfService: ✅ Exploitable: ✅ FilesystemTrigger: ✅ NetworkTrigger: ❌ PeripheralTrigger: ✅ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ❌ VMGuestTrigger: ❌ VMHostTrigger: ❌ UBSAN: array-index-out-of-bounds in diAllocBit 2026/05/19 00:10 2026/05/19 00:10 2026/05/19 01:05 9f74d39908454b73546eaf1b8211b48b66e5c0fe

			
		
f056ecda-3f37-456f-adf9-cfde20afaaf1 repro UBSAN: array-index-out-of-bounds in diAllocBit 2026/03/08 14:16 2026/03/08 14:16 2026/03/08 14:25 31e9c887f7dc24e04b3ca70d0d54fc34141844b0

			
		
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] [jfs?] UBSAN: array-index-out-of-bounds in diAllocBit 0 (2) 2026/06/21 14:20
[PATCH] jfs: fix array-index-out-of-bounds in diAllocBit() 1 (1) 2025/12/31 03:31

Sample crash report:
loop0: detected capacity change from 0 to 32768
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2105:2
index 8592359 is out of range for type 'struct iagctl[128]'
CPU: 0 UID: 0 PID: 6143 Comm: syz.0.211 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 ubsan_epilogue+0xa/0x30 lib/ubsan.c:233
 __ubsan_handle_out_of_bounds+0xe8/0xf0 lib/ubsan.c:455
 diAllocBit+0xb88/0xd30 fs/jfs/jfs_imap.c:2105
 diAllocIno fs/jfs/jfs_imap.c:1844 [inline]
 diAllocAG+0x13f7/0x1de0 fs/jfs/jfs_imap.c:1676
 diAlloc+0x1e2/0x16b0 fs/jfs/jfs_imap.c:1590
 ialloc+0x8c/0x8e0 fs/jfs/jfs_inode.c:56
 jfs_create+0x1d8/0xae0 fs/jfs/namei.c:93
 lookup_open fs/namei.c:4508 [inline]
 open_last_lookups fs/namei.c:4608 [inline]
 path_openat+0x133a/0x3830 fs/namei.c:4856
 do_file_open+0x23e/0x4a0 fs/namei.c:4888
 do_sys_openat2+0x115/0x200 fs/open.c:1395
 do_sys_open fs/open.c:1401 [inline]
 __do_sys_open fs/open.c:1409 [inline]
 __se_sys_open fs/open.c:1405 [inline]
 __x64_sys_open+0x11e/0x150 fs/open.c:1405
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc75779ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc758713028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007fc757a15fa0 RCX: 00007fc75779ce59
RDX: 0000000000000292 RSI: 0000000000064842 RDI: 0000200000000080
RBP: 00007fc757832e6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc757a16038 R14: 00007fc757a15fa0 R15: 00007ffc5cf2ad48
 </TASK>
---[ end trace ]---

Crashes (51):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/06/21 14:19 upstream 390d73adf896 43bfcdb0 .config console log report syz / log [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro #1 (corrupt fs)] [mounted in repro #2 (corrupt fs)] [mounted in repro #3 (clean fs)] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/06/22 02:24 upstream 8cd8cf7a07e5 43bfcdb0 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/06/21 10:31 upstream 390d73adf896 43bfcdb0 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/06/18 00:57 upstream 5b33fc6492a7 b62b3ded .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/06/17 17:21 upstream 5b33fc6492a7 b62b3ded .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/05/27 20:27 upstream eb3f4b7426cf cb4e87ff .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/05/26 04:28 upstream e8c2f9fdadee c69befb3 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/05/13 13:12 upstream 1d5dcaa3bd65 fec2a7ee .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/05/07 07:48 upstream adc1e5c6203c f250db59 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/05/02 02:16 upstream 6fe0be6dc7fa 753c55b9 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/04/26 18:01 upstream 897d54018cc9 9c2d0995 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/04/23 13:11 upstream 2a4c0c11c019 b10da5ec .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/04/21 12:52 upstream c1f49dea2b8f 3f2e655b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/04/15 21:13 upstream 1f5ffc672165 294e3145 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/04/14 20:51 upstream d60bc1401583 362d1323 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/04/14 09:16 upstream 26ff969926a0 1a086e7c .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/04/14 09:10 upstream 26ff969926a0 1a086e7c .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/04/01 07:26 upstream dbf00d8d23b4 fb8b2c26 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/03/29 12:23 upstream cbfffcca2bf0 b5ceaad2 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/03/22 12:02 upstream 113ae7b4decc 5b92003d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/03/22 01:05 upstream a0c83177734a 5b92003d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/03/21 19:19 upstream a0c83177734a 5b92003d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/03/19 06:51 upstream 8a30aeb0d1b4 0199f9a1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/03/15 17:17 upstream 267594792a71 ee8d34d6 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/03/15 11:18 upstream 267594792a71 ee8d34d6 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/03/13 21:45 upstream 0257f64bdac7 351cb5cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/03/09 18:09 upstream 1f318b96cc84 176bead5 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/03/01 02:08 upstream 2f9339c052bd 43249bac .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/02/27 05:26 upstream 3f4a08e64442 a2f13f71 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/02/22 19:32 upstream 32a92f8c8932 6e7b5511 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/02/18 13:13 upstream 2961f841b025 39751c21 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/02/15 21:45 upstream ca4ee40bf13d 1e62d198 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/02/12 21:50 upstream 37a93dd5c49b 504cb1bf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/02/04 03:30 upstream de0674d9bc69 42b01fab .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/01/28 09:25 upstream 1f97d9dcf536 3029c699 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/01/25 15:11 upstream d91a46d6805a 40acda8a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/01/16 13:27 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/01/10 18:20 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/01/09 20:42 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2026/01/08 09:34 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2025/12/30 10:09 upstream 8640b74557fc d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2025/12/28 10:30 upstream d26143bb38e2 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2025/12/20 01:12 upstream dd9b004b7ff3 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2025/12/12 09:17 upstream d358e5254674 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2025/12/10 07:12 upstream c9b47175e913 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2025/12/09 16:00 upstream cb015814f8b6 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2025/11/30 14:35 upstream 6bda50f4333f d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2025/11/25 15:49 upstream ac3fd01e4c1e bf6fe8fe .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2025/11/21 02:44 upstream 8e621c9a3375 280ea308 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2025/11/15 11:43 upstream 7a0892d2836e f7988ea4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
2025/11/15 05:35 upstream 7a0892d2836e f7988ea4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in diAllocBit
* Struck through repros no longer work on HEAD.