syzbot

 sign-in | mailing list | source | docs
🐞 Open [712]
🐞 Fixed [297]
🐞 Invalid [838]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

KASAN: stack-out-of-bounds Read in unwind_next_frame

Status: upstream: reported C repro on 2020/02/26 18:51
Reported-by: syzbot+92fff123ebf973c856ab@syzkaller.appspotmail.com
First crash: 1732d, last: 647d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (14)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 KASAN: stack-out-of-bounds Read in unwind_next_frame C 1039 635d 1894d 0/1 upstream: reported C repro on 2019/09/18 00:47
android-54 KASAN: stack-out-of-bounds Read in unwind_next_frame C 49 1242d 1745d 0/2 auto-obsoleted due to no activity on 2023/04/20 07:24
android-49 KASAN: stack-out-of-bounds Read in unwind_next_frame 5 2301d 2536d 0/3 auto-closed as invalid on 2019/02/22 14:33
upstream KASAN: stack-out-of-bounds Read in unwind_next_frame kernel C 929 612d 2349d 0/28 closed as dup on 2018/06/20 07:51
upstream KASAN: stack-out-of-bounds Read in unwind_next_frame (2) kernel 1 154d 150d 0/28 auto-obsoleted due to no activity on 2024/08/21 14:38
android-414 KASAN: stack-out-of-bounds Read in unwind_next_frame C 2192 1817d 2054d 0/1 public: reported C repro on 2019/04/11 00:00
android-54 KASAN: out-of-bounds Read in unwind_next_frame 16 1166d 1672d 0/2 auto-closed as invalid on 2022/01/13 05:16
linux-4.14 KASAN: out-of-bounds Read in unwind_next_frame C error 14 1551d 1885d 0/1 upstream: reported C repro on 2019/09/26 21:20
upstream KASAN: out-of-bounds Read in unwind_next_frame fs syz error error 12 1883d 2148d 0/28 auto-obsoleted due to no activity on 2022/09/07 09:08
linux-4.19 KASAN: out-of-bounds Read in unwind_next_frame 1 1830d 1830d 0/1 auto-closed as invalid on 2020/03/19 23:00
android-49 KASAN: out-of-bounds Read in unwind_next_frame C 14 2236d 2052d 0/3 public: reported C repro on 2019/04/13 00:00
linux-4.19 KASAN: out-of-bounds Read in unwind_next_frame (2) 1 1419d 1419d 0/1 auto-closed as invalid on 2021/05/04 22:57
android-414 KASAN: out-of-bounds Read in unwind_next_frame (2) C 5 1825d 1931d 0/1 public: reported C repro on 2019/08/11 14:38
android-414 KASAN: out-of-bounds Read in unwind_next_frame 1 2228d 2051d 0/1 auto-closed as invalid on 2019/04/28 00:03

Sample crash report:
==================================================================
BUG: KASAN: stack-out-of-bounds in deref_stack_regs arch/x86/kernel/unwind_orc.c:349 [inline]
BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x195c/0x1c60 arch/x86/kernel/unwind_orc.c:515
Read of size 8 at addr ffff88809eb5fec8 by task syz-executor705/11388

CPU: 1 PID: 11388 Comm: syz-executor705 Not tainted 4.19.180-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_address_description.cold+0x54/0x219 mm/kasan/report.c:256
 kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354
 kasan_report mm/kasan/report.c:412 [inline]
 __asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433
 deref_stack_regs arch/x86/kernel/unwind_orc.c:349 [inline]
 unwind_next_frame+0x195c/0x1c60 arch/x86/kernel/unwind_orc.c:515
 perf_callchain_kernel+0x3fa/0x5c0 arch/x86/events/core.c:2346
 get_perf_callchain+0x392/0x860 kernel/events/callchain.c:202
 perf_callchain+0x165/0x1c0 kernel/events/core.c:6450
 perf_prepare_sample+0x81e/0x1620 kernel/events/core.c:6477
 __perf_event_output kernel/events/core.c:6592 [inline]
 perf_event_output_forward+0xf3/0x270 kernel/events/core.c:6610
 __perf_event_overflow+0x13c/0x370 kernel/events/core.c:7883
 perf_swevent_overflow kernel/events/core.c:7959 [inline]
 perf_swevent_event+0x347/0x550 kernel/events/core.c:7987
 perf_tp_event+0x29f/0xaa0 kernel/events/core.c:8415
 perf_trace_run_bpf_submit+0x144/0x220 kernel/events/core.c:8389
 perf_trace_sys_exit+0x2dc/0x460 include/trace/events/syscalls.h:44
 trace_sys_exit include/trace/events/syscalls.h:44 [inline]
 syscall_slow_exit_work+0x36c/0x630 arch/x86/entry/common.c:231
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x523/0x620 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x446419
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f38c7ce8218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000000 RBX: 00000000004cb408 RCX: 0000000000446419
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000004cb408
RBP: 00000000004cb400 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004cb40c
R13: 00007ffef5863e2f R14: 00007f38c7ce8300 R15: 0000000000022000

The buggy address belongs to the page:
page:ffffea00027ad7c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0xfff00000000000()
raw: 00fff00000000000 0000000000000000 ffffffff027a0101 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff88809eb5fd80: 04 f2 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
 ffff88809eb5fe00: 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00
>ffff88809eb5fe80: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00
                                              ^
 ffff88809eb5ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88809eb5ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Crashes (525):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/03/15 01:23 linux-4.19.y 030194a5b292 cc1cff8f .config console log report syz C ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/08 21:52 linux-4.19.y 2cae3e25b706 09fbf400 .config console log report syz C ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/02/25 09:07 linux-4.19.y 2d19be4653f5 fcc6d71b .config console log report syz C ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/02/08 06:22 linux-4.19.y 811218eceeaa 2ce644fc .config console log report syz C ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/01/14 04:06 linux-4.19.y 675cc038067f 269d24e8 .config console log report syz C ci2-linux-4-19
2020/10/13 10:46 linux-4.19.y a1b977b49b66 bd69ee0d .config console log report syz C ci2-linux-4-19
2020/09/12 00:34 linux-4.19.y 67957f12548c 79fb24e2 .config console log report syz C ci2-linux-4-19
2020/08/08 17:25 linux-4.19.y 961f830af065 01975a06 .config console log report syz C ci2-linux-4-19
2020/02/26 19:16 linux-4.19.y f25804f38984 251aabb7 .config console log report syz C ci2-linux-4-19
2022/09/17 12:12 linux-4.19.y 3f8a27f9e27b dd9a85ff .config console log report syz [disk image] [vmlinux] ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/07/15 11:11 linux-4.19.y fcfbdfe9626e b9a2f64e .config console log report syz ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/07/05 04:57 linux-4.19.y 9f84340f012e 55aa55c2 .config console log report syz ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/01/24 14:29 linux-4.19.y 2263955bf7e7 52e37319 .config console log report syz ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/01/23 00:12 linux-4.19.y 43d555d83c3f 52e37319 .config console log report syz ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2023/02/16 07:48 linux-4.19.y 3f8a27f9e27b 6be0f1f5 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2023/01/24 21:40 linux-4.19.y 3f8a27f9e27b 9dfcf09c .config console log report info [disk image] [vmlinux] ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2022/10/19 18:21 linux-4.19.y 3f8a27f9e27b b31320fc .config console log report info [disk image] [vmlinux] ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2022/08/10 23:08 linux-4.19.y 3f8a27f9e27b a6201f11 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2022/06/20 05:26 linux-4.19.y 3f8a27f9e27b 8f633d84 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2022/06/10 04:38 linux-4.19.y 3f8a27f9e27b 0d5abf15 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2022/04/29 00:03 linux-4.19.y 3f8a27f9e27b e9076525 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2022/03/08 12:31 linux-4.19.y 3f8a27f9e27b 7bdd8b2c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2022/01/30 13:02 linux-4.19.y 3f8a27f9e27b 495e00c5 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/12/20 19:21 linux-4.19.y 3f8a27f9e27b 021b36cb .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/12/07 09:38 linux-4.19.y 3f8a27f9e27b 0230ba3e .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/12/06 09:44 linux-4.19.y 3f8a27f9e27b a617004c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/12/01 07:14 linux-4.19.y 3f8a27f9e27b 80270552 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/11/21 13:55 linux-4.19.y 3f8a27f9e27b 4eb20a4e .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/09/30 00:06 linux-4.19.y c2276d585654 be530f6c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/07/23 18:47 linux-4.19.y 4938296e03bd bc5f1d88 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/07/13 18:03 linux-4.19.y fcfbdfe9626e 70168d5c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/04/30 18:00 linux-4.19.y 97a8651cadce 77e2b668 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/17 14:19 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/17 11:01 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/17 05:30 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/16 16:42 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/16 14:58 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/16 08:46 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/16 00:12 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/15 20:18 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/15 18:51 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/15 16:37 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/15 15:32 linux-4.19.y 030194a5b292 fdb2bb2c .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/15 07:55 linux-4.19.y 030194a5b292 cc1cff8f .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/15 01:20 linux-4.19.y 030194a5b292 cc1cff8f .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/14 08:16 linux-4.19.y 030194a5b292 4a003785 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/13 22:14 linux-4.19.y 030194a5b292 4a003785 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/13 19:45 linux-4.19.y 030194a5b292 4a003785 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/13 17:42 linux-4.19.y 030194a5b292 4a003785 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/13 16:10 linux-4.19.y 030194a5b292 4a003785 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/13 15:55 linux-4.19.y 030194a5b292 4a003785 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/13 14:24 linux-4.19.y 030194a5b292 4a003785 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/13 09:07 linux-4.19.y 030194a5b292 4a003785 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/13 07:16 linux-4.19.y 030194a5b292 4a003785 .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/13 04:29 linux-4.19.y 030194a5b292 429d8a6b .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/13 00:01 linux-4.19.y 030194a5b292 429d8a6b .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/12 20:01 linux-4.19.y 030194a5b292 429d8a6b .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/12 18:30 linux-4.19.y 030194a5b292 429d8a6b .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/03/12 15:52 linux-4.19.y 030194a5b292 429d8a6b .config console log report info ci2-linux-4-19 KASAN: stack-out-of-bounds Read in unwind_next_frame
2022/06/04 07:19 linux-4.19.y 3f8a27f9e27b c8857892 .config console log report info ci2-linux-4-19 KASAN: out-of-bounds Read in unwind_next_frame
2021/01/17 12:31 linux-4.19.y 675cc038067f 813be542 .config console log report info ci2-linux-4-19
2020/02/26 18:50 linux-4.19.y f25804f38984 251aabb7 .config console log report ci2-linux-4-19
* Struck through repros no longer work on HEAD.