syzbot


KASAN: stack-out-of-bounds Read in profile_pc

Status: upstream: reported C repro on 2021/05/27 02:31
Reported-by: syzbot+0ca27feeb396418459ae@syzkaller.appspotmail.com
First crash: 916d, last: 7d23h
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 KASAN: stack-out-of-bounds Read in profile_pc origin:upstream C 26 7d23h 252d 0/3 upstream: reported C repro on 2023/03/21 15:14
linux-6.1 KASAN: stack-out-of-bounds Read in profile_pc origin:upstream C 14 7d09h 198d 0/3 upstream: reported C repro on 2023/05/15 01:52
upstream KASAN: stack-out-of-bounds Read in profile_pc kernel C error 1027 13m 911d 0/25 upstream: reported C repro on 2021/05/31 07:15
Last patch testing requests (10)
Created Duration User Patch Repo Result
2023/10/30 11:50 25m retest repro android12-5.4 report log
2023/10/30 11:50 25m retest repro android12-5.4 report log
2023/10/30 11:50 26m retest repro android12-5.4 report log
2023/10/30 11:50 5m retest repro android12-5.4 report log
2023/10/30 11:50 33m retest repro android12-5.4 report log
2023/10/05 20:31 30m retest repro android12-5.4 report log
2023/10/05 20:31 34m retest repro android12-5.4 report log
2023/10/05 20:31 22m retest repro android12-5.4 report log
2023/10/05 20:31 12m retest repro android12-5.4 report log
2023/10/05 20:31 5m retest repro android12-5.4 report log

Sample crash report:
==================================================================
BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 arch/x86/kernel/time.c:42
Read of size 8 at addr ffff8881e2e4f7a0 by task syz-executor429/417

CPU: 1 PID: 417 Comm: syz-executor429 Not tainted 5.4.249-syzkaller-00006-gc83e2462239e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d8/0x241 lib/dump_stack.c:118
 print_address_description+0x8c/0x600 mm/kasan/report.c:384
 __kasan_report+0xf3/0x120 mm/kasan/report.c:516
 kasan_report+0x30/0x60 mm/kasan/common.c:653
 profile_pc+0xa4/0xe0 arch/x86/kernel/time.c:42
 profile_tick+0xb9/0x100 kernel/profile.c:416
 tick_sched_handle kernel/time/tick-sched.c:206 [inline]
 tick_sched_timer+0x237/0x3c0 kernel/time/tick-sched.c:1342
 __run_hrtimer kernel/time/hrtimer.c:1581 [inline]
 __hrtimer_run_queues+0x3e9/0xb90 kernel/time/hrtimer.c:1643
 hrtimer_interrupt+0x38a/0x890 kernel/time/hrtimer.c:1705
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1122 [inline]
 smp_apic_timer_interrupt+0x110/0x460 arch/x86/kernel/apic/apic.c:1147
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:834
 </IRQ>

The buggy address belongs to the page:
page:ffffea00078b93c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0x8000000000000000()
raw: 8000000000000000 0000000000000000 ffffea00078b93c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:2165 [inline]
 prep_new_page+0x18f/0x370 mm/page_alloc.c:2171
 get_page_from_freelist+0x2d13/0x2d90 mm/page_alloc.c:3794
 __alloc_pages_nodemask+0x393/0x840 mm/page_alloc.c:4891
 __alloc_pages include/linux/gfp.h:503 [inline]
 __alloc_pages_node include/linux/gfp.h:516 [inline]
 alloc_pages_node include/linux/gfp.h:530 [inline]
 alloc_thread_stack_node kernel/fork.c:259 [inline]
 dup_task_struct+0x85/0x600 kernel/fork.c:878
 copy_process+0x56d/0x3230 kernel/fork.c:1881
 _do_fork+0x197/0x900 kernel/fork.c:2396
 __do_sys_clone kernel/fork.c:2554 [inline]
 __se_sys_clone kernel/fork.c:2535 [inline]
 __x64_sys_clone+0x26b/0x2c0 kernel/fork.c:2535
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1176 [inline]
 __free_pages_ok+0x847/0x950 mm/page_alloc.c:1438
 free_the_page mm/page_alloc.c:4953 [inline]
 __free_pages+0x91/0x140 mm/page_alloc.c:4959
 free_thread_stack kernel/fork.c:299 [inline]
 release_task_stack kernel/fork.c:439 [inline]
 put_task_stack+0x212/0x260 kernel/fork.c:450
 finish_task_switch+0x24a/0x590 kernel/sched/core.c:3479
 context_switch kernel/sched/core.c:3611 [inline]
 __schedule+0xb0d/0x1320 kernel/sched/core.c:4307
 schedule_idle+0x50/0x80 kernel/sched/core.c:4403
 do_idle+0x609/0x660 kernel/sched/idle.c:288
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:356
 start_secondary+0x3a0/0x460 arch/x86/kernel/smpboot.c:265
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241

addr ffff8881e2e4f7a0 is located in stack of task syz-executor429/417 at offset 0 in frame:
 _raw_spin_lock+0x0/0x1b0 arch/x86/include/asm/atomic.h:200

this frame has 1 object:
 [32, 36) 'val.i.i.i'

Memory state around the buggy address:
 ffff8881e2e4f680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881e2e4f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8881e2e4f780: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00
                               ^
 ffff8881e2e4f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881e2e4f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Crashes (207):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/08/29 02:28 android12-5.4 c83e2462239e 7ba13a15 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/08/28 22:38 android12-5.4 c83e2462239e 7ba13a15 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/08/26 21:57 android12-5.4 c83e2462239e 7ba13a15 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/07/07 09:32 android12-5.4 6d5c2c1877e5 22ae5830 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/03/21 16:08 android12-5.4 07edbcca3d39 7939252e .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/02/23 12:57 android12-5.4 66c3e3ab77a2 9e2ebb3c .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2022/11/26 18:58 android12-5.4 c80a5b2e7f63 f4470a7b .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2022/11/15 01:16 android12-5.4 5a34019eb955 97de9cfc .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2021/05/27 04:00 android12-5.4 1d3dcc209600 858ea628 .config console log report syz C ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/10/16 10:27 android12-5.4 5f1cbd78af59 f757a323 .config console log report syz [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/11/21 07:45 android12-5.4 2ac128c04e33 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/11/19 20:44 android12-5.4 2ac128c04e33 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/11/18 03:12 android12-5.4 2ac128c04e33 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/11/15 04:57 android12-5.4 2ac128c04e33 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/11/13 13:50 android12-5.4 2ac128c04e33 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/09/21 20:19 android12-5.4 19cff29fe49c 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/09/14 21:36 android12-5.4 a349c7903997 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/09/06 22:46 android12-5.4 50533a8b511b 72324844 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/09/05 04:19 android12-5.4 50533a8b511b 0b6286dc .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/08/19 00:55 android12-5.4 effd75159534 d216d8a0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/08/15 20:59 android12-5.4 effd75159534 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/08/11 17:17 android12-5.4 fed9191809bc 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/08/09 08:45 android12-5.4 fed9191809bc 8ad1a287 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/08/09 04:17 android12-5.4 fed9191809bc 8ad1a287 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/08/02 03:40 android12-5.4 ba2c000ce64e df07ffe8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/08/01 19:21 android12-5.4 ba2c000ce64e df07ffe8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/07/23 15:16 android12-5.4 14e059a4e07a 27cbe77f .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/06/29 05:24 android12-5.4 487daef44f9f ca69c785 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/06/18 12:05 android12-5.4 39a9b92e9828 f3921d4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/06/13 11:49 android12-5.4 39a9b92e9828 749afb64 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/05/30 03:26 android12-5.4 10e0626a3202 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/05/23 08:32 android12-5.4 dd94985a9b62 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/05/09 18:58 android12-5.4 0fcb7cff9462 30aa2a7e .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/05/03 20:40 android12-5.4 cf4e000017b8 b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/05/03 18:30 android12-5.4 cf4e000017b8 b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/05/03 03:33 android12-5.4 cf4e000017b8 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/04/28 19:39 android12-5.4 d5ed2ca98e48 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/04/21 01:10 android12-5.4 0108362f3305 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/04/19 09:55 android12-5.4 af542fcdb47a 94b4184e .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/04/19 07:59 android12-5.4 21086923c1e6 94b4184e .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/04/18 21:36 android12-5.4 21086923c1e6 d931e9f0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/03/13 01:51 android12-5.4 250ac66f1853 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/03/06 22:27 android12-5.4 250ac66f1853 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/03/06 11:36 android12-5.4 250ac66f1853 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/03/05 15:40 android12-5.4 250ac66f1853 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/03/05 07:18 android12-5.4 250ac66f1853 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/02/28 08:41 android12-5.4 250ac66f1853 95aee97a .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/02/28 06:49 android12-5.4 250ac66f1853 95aee97a .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/02/22 04:58 android12-5.4 66c3e3ab77a2 42a4d508 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/02/16 06:48 android12-5.4 6a5ec6cea0cd 6be0f1f5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/02/14 05:56 android12-5.4 6a5ec6cea0cd 93ae7e0a .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/02/01 23:13 android12-5.4 6a5ec6cea0cd 9a6f477c .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/02/01 06:51 android12-5.4 1641d36fd98f b68fb8d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/01/31 02:15 android12-5.4 ac6c87b5296b b68fb8d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/01/30 06:44 android12-5.4 ac6c87b5296b 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/01/29 21:14 android12-5.4 ac6c87b5296b 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2023/01/24 13:13 android12-5.4 99372dbabe88 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
2021/05/27 02:30 android12-5.4 1d3dcc209600 858ea628 .config console log report info ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in profile_pc
* Struck through repros no longer work on HEAD.