syzbot

 sign-in | mailing list | source | docs
🐞 Open [80] 🐞 Fixed [21] 🐞 Invalid [282] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: stack-out-of-bounds Read in profile_pc

Status: upstream: reported C repro on 2021/05/27 02:31
Reported-by: syzbot+0ca27feeb396418459ae@syzkaller.appspotmail.com
First crash: 1065d, last: 1h36m
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 KASAN: stack-out-of-bounds Read in profile_pc origin:upstream C error 133 1h37m 401d 0/3 upstream: reported C repro on 2023/03/21 15:14
linux-6.1 KASAN: stack-out-of-bounds Read in profile_pc origin:upstream C 131 1h37m 347d 0/3 upstream: reported C repro on 2023/05/15 01:52
upstream KASAN: stack-out-of-bounds Read in profile_pc kernel C error 2552 1h32m 1060d 0/26 upstream: reported C repro on 2021/05/31 07:15
Last patch testing requests (10)
Created Duration User Patch Repo Result
2024/02/14 07:37 14m retest repro android12-5.4 report log
2024/02/14 07:37 14m retest repro android12-5.4 report log
2024/02/14 07:37 15m retest repro android12-5.4 report log
2024/02/14 07:37 17m retest repro android12-5.4 report log
2024/02/14 07:37 13m retest repro android12-5.4 report log
2024/01/30 19:11 8m retest repro android12-5.4 report log
2024/01/30 19:11 7m retest repro android12-5.4 report log
2024/01/30 19:11 9m retest repro android12-5.4 report log
2024/01/30 19:11 12m retest repro android12-5.4 report log
2024/01/30 19:11 27m retest repro android12-5.4 report log

Sample crash report:
==================================================================
BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 arch/x86/kernel/time.c:42
Read of size 8 at addr ffff8881dc6a7980 by task sshd/350

CPU: 0 PID: 350 Comm: sshd Not tainted 5.4.268-syzkaller-00012-gd0d34dcb02cc #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d8/0x241 lib/dump_stack.c:118
 print_address_description+0x8c/0x600 mm/kasan/report.c:384
 __kasan_report+0xf3/0x120 mm/kasan/report.c:516
 kasan_report+0x30/0x60 mm/kasan/common.c:653
 profile_pc+0xa4/0xe0 arch/x86/kernel/time.c:42
 profile_tick+0xb9/0x100 kernel/profile.c:416
 tick_sched_handle kernel/time/tick-sched.c:206 [inline]
 tick_sched_timer+0x237/0x3c0 kernel/time/tick-sched.c:1342
 __run_hrtimer kernel/time/hrtimer.c:1581 [inline]
 __hrtimer_run_queues+0x3e9/0xb90 kernel/time/hrtimer.c:1643
 hrtimer_interrupt+0x38a/0x890 kernel/time/hrtimer.c:1705
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1122 [inline]
 smp_apic_timer_interrupt+0x110/0x460 arch/x86/kernel/apic/apic.c:1147
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:834
 </IRQ>

The buggy address belongs to the page:
page:ffffea000771a9c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0x8000000000000000()
raw: 8000000000000000 ffffea000771a9c8 ffffea000771a9c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:2165 [inline]
 prep_new_page+0x18f/0x370 mm/page_alloc.c:2171
 get_page_from_freelist+0x2d13/0x2d90 mm/page_alloc.c:3794
 __alloc_pages_nodemask+0x393/0x840 mm/page_alloc.c:4891
 __alloc_pages include/linux/gfp.h:503 [inline]
 __alloc_pages_node include/linux/gfp.h:516 [inline]
 alloc_pages_node include/linux/gfp.h:530 [inline]
 alloc_thread_stack_node kernel/fork.c:259 [inline]
 dup_task_struct+0x85/0x600 kernel/fork.c:886
 copy_process+0x56d/0x3230 kernel/fork.c:1889
 _do_fork+0x197/0x900 kernel/fork.c:2399
 __do_sys_clone kernel/fork.c:2557 [inline]
 __se_sys_clone kernel/fork.c:2538 [inline]
 __x64_sys_clone+0x26b/0x2c0 kernel/fork.c:2538
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
page_owner free stack trace missing

addr ffff8881dc6a7980 is located in stack of task sshd/350 at offset 0 in frame:
 _raw_spin_lock_bh+0x0/0x1b0 arch/x86/include/asm/paravirt.h:642

this frame has 1 object:
 [32, 36) 'val.i.i.i'

Memory state around the buggy address:
 ffff8881dc6a7880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881dc6a7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8881dc6a7980: f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00 00 00 00 00
                   ^
 ffff8881dc6a7a00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
 ffff8881dc6a7a80: 00 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
==================================================================

Crashes (415):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/04 21:48 android12-5.4 d0d34dcb02cc 0ee3535e .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/03 14:28 android12-5.4 d0d34dcb02cc 7925100d .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/02/22 22:42 android12-5.4 1b3143b9b166 8d446f15 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/01/16 18:40 android12-5.4 57a39998c138 2a7bcc7f .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/12/10 08:22 android12-5.4 1303f659c2b1 28b24332 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/08/29 02:28 android12-5.4 c83e2462239e 7ba13a15 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/08/28 22:38 android12-5.4 c83e2462239e 7ba13a15 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/08/26 21:57 android12-5.4 c83e2462239e 7ba13a15 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/07/07 09:32 android12-5.4 6d5c2c1877e5 22ae5830 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/03/21 16:08 android12-5.4 07edbcca3d39 7939252e .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/02/23 12:57 android12-5.4 66c3e3ab77a2 9e2ebb3c .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2022/11/26 18:58 android12-5.4 c80a5b2e7f63 f4470a7b .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2022/11/15 01:16 android12-5.4 5a34019eb955 97de9cfc .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2021/05/27 04:00 android12-5.4 1d3dcc209600 858ea628 .config console log report syz C ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/10/16 10:27 android12-5.4 5f1cbd78af59 f757a323 .config console log report syz [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/26 03:13 android12-5.4 2d5d8240a7cb 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/24 17:01 android12-5.4 2d5d8240a7cb 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/24 15:05 android12-5.4 2d5d8240a7cb 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/24 12:48 android12-5.4 2d5d8240a7cb 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/24 07:23 android12-5.4 2d5d8240a7cb 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/24 02:57 android12-5.4 2d5d8240a7cb 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/24 00:14 android12-5.4 2d5d8240a7cb 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/22 04:06 android12-5.4 2d5d8240a7cb af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/21 11:32 android12-5.4 2d5d8240a7cb af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/20 17:29 android12-5.4 2d5d8240a7cb af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/20 11:04 android12-5.4 2d5d8240a7cb af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/20 02:47 android12-5.4 2d5d8240a7cb af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/19 17:00 android12-5.4 2d5d8240a7cb af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/19 07:49 android12-5.4 2d5d8240a7cb af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/19 05:03 android12-5.4 2d5d8240a7cb af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/18 18:18 android12-5.4 2d5d8240a7cb af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/18 15:16 android12-5.4 2d5d8240a7cb af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/18 00:32 android12-5.4 2d5d8240a7cb acc528cb .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/17 22:46 android12-5.4 2d5d8240a7cb acc528cb .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/17 17:05 android12-5.4 2d5d8240a7cb acc528cb .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/17 07:02 android12-5.4 2d5d8240a7cb 18f6e127 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/15 16:46 android12-5.4 002e7f61a061 b9af7e61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/15 12:06 android12-5.4 d0d34dcb02cc c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/15 08:37 android12-5.4 d0d34dcb02cc c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/15 05:46 android12-5.4 d0d34dcb02cc c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/15 00:48 android12-5.4 d0d34dcb02cc c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/14 04:08 android12-5.4 d0d34dcb02cc c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/12 12:47 android12-5.4 d0d34dcb02cc 27de0a5c .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/12 08:15 android12-5.4 d0d34dcb02cc 27de0a5c .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/10 20:56 android12-5.4 d0d34dcb02cc 4320ec32 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/10 16:17 android12-5.4 d0d34dcb02cc 4320ec32 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/08 15:28 android12-5.4 d0d34dcb02cc 53df08b6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/08 12:45 android12-5.4 d0d34dcb02cc 53df08b6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/08 10:28 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/08 08:47 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/08 07:12 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/08 04:56 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/08 01:49 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/07 22:04 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/07 18:34 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/07 15:25 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/07 14:17 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/07 10:56 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/07 08:48 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/07 07:52 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/07 06:38 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/07 03:51 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/06 16:41 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/06 02:51 android12-5.4 d0d34dcb02cc ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2024/04/05 19:25 android12-5.4 d0d34dcb02cc 77230c29 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2021/05/27 02:30 android12-5.4 1d3dcc209600 858ea628 .config console log report info ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
* Struck through repros no longer work on HEAD.