syzbot

 sign-in | mailing list | source | docs
🐞 Open [78]
🐞 Fixed [22]
🐞 Invalid [394]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

KASAN: stack-out-of-bounds Read in unwind_next_frame

Status: auto-obsoleted due to no activity on 2023/04/20 07:24
Reported-by: syzbot+d82b1993705e29bb2edf@syzkaller.appspotmail.com
First crash: 2086d, last: 1583d
Similar bugs (10)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: stack-out-of-bounds Read in unwind_next_frame (4) ntfs3 17 syz error 5 80d 91d 0/29 upstream: reported syz repro on 2025/08/01 04:30
linux-4.14 KASAN: stack-out-of-bounds Read in unwind_next_frame 17 C 1039 976d 2235d 0/1 upstream: reported C repro on 2019/09/18 00:47
android-49 KASAN: stack-out-of-bounds Read in unwind_next_frame 17 5 2642d 2877d 0/3 auto-closed as invalid on 2019/02/22 14:33
android-54 KASAN: out-of-bounds Read in unwind_next_frame (2) 17 C 8 179d 264d 0/2 upstream: reported C repro on 2025/02/08 17:02
linux-4.19 KASAN: stack-out-of-bounds Read in unwind_next_frame 17 C error 525 988d 2073d 0/1 upstream: reported C repro on 2020/02/26 18:51
upstream KASAN: stack-out-of-bounds Read in unwind_next_frame (3) fs 17 1 299d 295d 0/29 auto-obsoleted due to no activity on 2025/04/04 17:08
upstream KASAN: stack-out-of-bounds Read in unwind_next_frame kernel 17 C 929 953d 2690d 0/29 closed as dup on 2018/06/20 07:51
upstream KASAN: stack-out-of-bounds Read in unwind_next_frame (2) kernel 17 1 496d 492d 0/29 auto-obsoleted due to no activity on 2024/08/21 14:38
android-414 KASAN: stack-out-of-bounds Read in unwind_next_frame 17 C 2192 2158d 2395d 0/1 public: reported C repro on 2019/04/11 00:00
android-54 KASAN: out-of-bounds Read in unwind_next_frame 17 16 1507d 2013d 0/2 auto-closed as invalid on 2022/01/13 05:16
Last patch testing requests (2)
Created Duration User Patch Repo Result
2023/04/20 06:43 25m retest repro android12-5.4 OK log
2023/04/20 06:43 22m retest repro android12-5.4 OK log

Sample crash report:
BUG: KASAN: stack-out-of-bounds in deref_stack_regs arch/x86/kernel/unwind_orc.c:360 [inline]
BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x133f/0x1f30 arch/x86/kernel/unwind_orc.c:534
Read of size 8 at addr ffff8881d08c79b8 by task syz-executor158/916

CPU: 0 PID: 916 Comm: syz-executor158 Not tainted 5.4.92-syzkaller-00492-g3bd26bb0aaee #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1dd/0x24e lib/dump_stack.c:118
 print_address_description+0x96/0x640 mm/kasan/report.c:374
 __kasan_report+0x177/0x1f0 mm/kasan/report.c:506
 kasan_report+0x30/0x60 mm/kasan/common.c:634
 deref_stack_regs arch/x86/kernel/unwind_orc.c:360 [inline]
 unwind_next_frame+0x133f/0x1f30 arch/x86/kernel/unwind_orc.c:534
 arch_stack_walk+0x114/0x140 arch/x86/kernel/stacktrace.c:25
 stack_trace_save_tsk+0x17c/0x270 kernel/stacktrace.c:151
 proc_pid_stack+0x12f/0x1f0 fs/proc/base.c:455
 proc_single_show+0xd3/0x120 fs/proc/base.c:757
 seq_read+0x4aa/0xd30 fs/seq_file.c:229
 do_loop_readv_writev fs/read_write.c:714 [inline]
 do_iter_read+0x43b/0x550 fs/read_write.c:935
 vfs_readv fs/read_write.c:997 [inline]
 do_preadv+0x20d/0x350 fs/read_write.c:1089
 do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x447e49
Code: e8 ac e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 05 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fede7733d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
RAX: ffffffffffffffda RBX: 00000000006e3a18 RCX: 0000000000447e49
RDX: 00000000000001c1 RSI: 00000000200017c0 RDI: 0000000000000003
RBP: 00000000006e3a10 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e3a1c
R13: 00007fede7733d10 R14: 00007fede7733d10 R15: 00000000004b0240

The buggy address belongs to the page:
page:ffffea00074231c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0x8000000000000000()
raw: 8000000000000000 ffffea0007322408 ffffea0007423188 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8881d08c7880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881d08c7900: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
>ffff8881d08c7980: 00 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
                                        ^
 ffff8881d08c7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881d08c7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Crashes (49):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/01/27 10:58 android12-5.4 3bd26bb0aaee a0ebf917 .config console log report syz C ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in unwind_next_frame
2020/07/14 22:45 https://android.googlesource.com/kernel/common android-5.4 22b73c7316d2 6f458026 .config console log report syz ci2-android-5-4-kasan
2021/07/01 00:37 android12-5.4 877ad62bde6f 38a885d1 .config console log report info ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/06/26 06:56 android12-5.4 47fe7966921f 9d2ab5df .config console log report info ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/05/21 21:28 android12-5.4 c0156e41e3af 3c7fef33 .config console log report info ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/05/04 01:49 android12-5.4 546a6e8726bc 09efdd63 .config console log report info ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/04/22 12:17 android12-5.4 a5631d493c29 33c28d03 .config console log report info ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/04/01 18:49 android12-5.4 a09fa8da7919 6a81331a .config console log report info ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/02/26 02:53 android12-5.4 741b0f4bedd5 76f7fc95 .config console log report info ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in unwind_next_frame
2021/02/10 09:26 android12-5.4 72d1876a39cf 9c8b8541 .config console log report info ci2-android-5-4-kasan KASAN: stack-out-of-bounds Read in unwind_next_frame
2020/12/27 13:44 android12-5.4 8657d5d6282f 2242f77f .config console log report info ci2-android-5-4-kasan
2020/09/17 13:55 https://android.googlesource.com/kernel/common android-5.4 63d1c2f0b547 8247808b .config console log report info ci2-android-5-4-kasan
2020/09/15 17:08 https://android.googlesource.com/kernel/common android-5.4 48ad97696bbb 9e681632 .config console log report info ci2-android-5-4-kasan
2020/09/12 04:43 https://android.googlesource.com/kernel/common android-5.4 e1c9ea5fd907 79fb24e2 .config console log report ci2-android-5-4-kasan
2020/08/29 12:42 https://android.googlesource.com/kernel/common android-5.4 e15cc541b749 d5a3ae1f .config console log report ci2-android-5-4-kasan
2020/08/29 07:23 https://android.googlesource.com/kernel/common android-5.4 34364883b1f7 d5a3ae1f .config console log report ci2-android-5-4-kasan
2020/08/19 10:39 https://android.googlesource.com/kernel/common android-5.4 178e614ccc10 e1c29030 .config console log report ci2-android-5-4-kasan
2020/08/17 03:51 https://android.googlesource.com/kernel/common android-5.4 0881b55787d3 5ce13532 .config console log report ci2-android-5-4-kasan
2020/08/15 10:05 https://android.googlesource.com/kernel/common android-5.4 c3221b7ac740 5ce13532 .config console log report ci2-android-5-4-kasan
2020/08/15 02:04 https://android.googlesource.com/kernel/common android-5.4 c3221b7ac740 5ce13532 .config console log report ci2-android-5-4-kasan
2020/08/14 12:59 https://android.googlesource.com/kernel/common android-5.4 fc9e35d72c06 5ce13532 .config console log report ci2-android-5-4-kasan
2020/08/10 11:32 https://android.googlesource.com/kernel/common android-5.4 99256a8c206b 7adc7b65 .config console log report ci2-android-5-4-kasan
2020/08/06 21:34 https://android.googlesource.com/kernel/common android-5.4 8555f0d9d303 4ca1c0ea .config console log report ci2-android-5-4-kasan
2020/07/29 22:11 https://android.googlesource.com/kernel/common android-5.4 f311d00f3041 233283a1 .config console log report ci2-android-5-4-kasan
2020/07/26 05:55 https://android.googlesource.com/kernel/common android-5.4 5c3841e16e44 1f7cc1ca .config console log report ci2-android-5-4-kasan
2020/07/21 02:18 https://android.googlesource.com/kernel/common android-5.4 0c0d417747d8 d88894e6 .config console log report ci2-android-5-4-kasan
2020/07/20 01:36 https://android.googlesource.com/kernel/common android-5.4 0c0d417747d8 9c812472 .config console log report ci2-android-5-4-kasan
2020/07/18 20:31 https://android.googlesource.com/kernel/common android-5.4 0c0d417747d8 9c812472 .config console log report ci2-android-5-4-kasan
2020/07/14 15:14 https://android.googlesource.com/kernel/common android-5.4 22b73c7316d2 6f458026 .config console log report ci2-android-5-4-kasan
2020/06/19 10:54 https://android.googlesource.com/kernel/common android-5.4 5eb96e454e88 bc258b50 .config console log report ci2-android-5-4-kasan
2020/06/13 16:20 https://android.googlesource.com/kernel/common android-5.4 a191332e9e93 dbce178a .config console log report ci2-android-5-4-kasan
2020/05/17 02:20 https://android.googlesource.com/kernel/common android-5.4 b818fc58f06b 37bccd4e .config console log report ci2-android-5-4-kasan
2020/05/17 02:04 https://android.googlesource.com/kernel/common android-5.4 b818fc58f06b 37bccd4e .config console log report ci2-android-5-4-kasan
2020/05/14 08:07 https://android.googlesource.com/kernel/common android-5.4 79c00997a007 a885920d .config console log report ci2-android-5-4-kasan
2020/05/10 10:27 https://android.googlesource.com/kernel/common android-5.4 2c3b4cba8ab3 8742a2b9 .config console log report ci2-android-5-4-kasan
2020/05/09 14:43 https://android.googlesource.com/kernel/common android-5.4 2c3b4cba8ab3 88cb3e92 .config console log report ci2-android-5-4-kasan
2020/05/08 10:33 https://android.googlesource.com/kernel/common android-5.4 2c3b4cba8ab3 fe4122c3 .config console log report ci2-android-5-4-kasan
2020/05/08 10:09 https://android.googlesource.com/kernel/common android-5.4 2c3b4cba8ab3 fe4122c3 .config console log report ci2-android-5-4-kasan
2020/05/08 00:24 https://android.googlesource.com/kernel/common android-5.4 2c3b4cba8ab3 6c70a1c2 .config console log report ci2-android-5-4-kasan
2020/04/30 03:03 https://android.googlesource.com/kernel/common android-5.4 e32f5ec4d846 2dd552a5 .config console log report ci2-android-5-4-kasan
2020/04/29 01:20 https://android.googlesource.com/kernel/common android-5.4 7f84f8f18418 e3ecea2e .config console log report ci2-android-5-4-kasan
2020/04/25 13:11 https://android.googlesource.com/kernel/common android-5.4 2bf19397b3aa a113ba38 .config console log report ci2-android-5-4-kasan
2020/04/11 04:02 https://android.googlesource.com/kernel/common android-5.4 fa41ab5369c7 a8c6a3f8 .config console log report ci2-android-5-4-kasan
2020/04/08 21:05 https://android.googlesource.com/kernel/common android-5.4 db03b1de8b84 db9bcd4b .config console log report ci2-android-5-4-kasan
2020/04/03 03:11 https://android.googlesource.com/kernel/common android-5.4 10dd55a5cdda a34e2c33 .config console log report ci2-android-5-4-kasan
2020/03/21 02:39 https://android.googlesource.com/kernel/common android-5.4 7e72faf22da4 2c31c529 .config console log report ci2-android-5-4-kasan
2020/02/20 10:48 https://android.googlesource.com/kernel/common android-5.4 fc1e3e95540a b690a6e3 .config console log report ci2-android-5-4-kasan
2020/02/19 08:34 https://android.googlesource.com/kernel/common android-5.4 d730995e7bc5 135c18aa .config console log report ci2-android-5-4-kasan
2020/02/13 18:17 https://android.googlesource.com/kernel/common android-5.4 a6e4656398da e6247653 .config console log report ci2-android-5-4-kasan
* Struck through repros no longer work on HEAD.