[Kernel Bug] KASAN: slab-out-of-bounds Read in dbJoin
From: 李龙兴
Date: Mon Feb 02 2026 - 01:46:07 EST
Dear Linux kernel developers and maintainers,
We would like to report a new kernel bug found by our tool. KASAN:
slab-out-of-bounds Read in dbJoin. Details are as follows.
Kernel commit: v6.12.11
Kernel config: see attachment
report: see attachment
C repro and Syz repro: see attachment
We are currently analyzing the root cause and working on a
reproducible PoC. We will provide further updates in this thread as
soon as we have more information.
Best regards,
Longxing Li
==================================================================
BUG: KASAN: slab-out-of-bounds in dbJoin+0x295/0x2b0 fs/jfs/jfs_dmap.c:2810
Read of size 1 at addr ffff88802d43f187 by task jfsCommit/132
CPU: 1 UID: 0 PID: 132 Comm: jfsCommit Not tainted 6.12.11 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:377 [inline]
print_report+0xc3/0x620 mm/kasan/report.c:488
kasan_report+0xd9/0x110 mm/kasan/report.c:601
dbJoin+0x295/0x2b0 fs/jfs/jfs_dmap.c:2810
dbFreeBits+0x15b/0x8e0 fs/jfs/jfs_dmap.c:2343
dbFreeDmap+0x62/0x1b0 fs/jfs/jfs_dmap.c:2092
dbFree+0x266/0x550 fs/jfs/jfs_dmap.c:409
txFreeMap+0x9a9/0xe60 fs/jfs/jfs_txnmgr.c:2534
txUpdateMap+0x3f1/0xb80 fs/jfs/jfs_txnmgr.c:2330
txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]
jfs_lazycommit+0x5e6/0xb20 fs/jfs/jfs_txnmgr.c:2733
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
https://drive.google.com/file/d/17HbDTI_iPjA72SkV5MnO-_w7IQZ9HIHW/view?usp=drive_link
https://drive.google.com/file/d/1uSd2GKdO7qQvJBlurlSIU2LPgGbew8pv/view?usp=drive_link
https://drive.google.com/file/d/1jTmxZHHF0fq0irjpaAaDuDUgOfJldW_e/view?usp=drive_link
https://drive.google.com/file/d/191SyhINtp3fgBsktI_Iif6u1BgyomJ6s/view?usp=drive_link
https://drive.google.com/file/d/1sAokeDZTDP24L9sl2d9XW6DOEY7IYjNI/view?usp=drive_link