syzbot

 sign-in | mailing list | source | docs
🐞 Open [1659]
Subsystems
🐞 Fixed [5984]
🐞 Invalid [14726]
Missing Backports [131]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: stack guard page was hit in loop_process_work

Status: upstream: reported on 2025/01/20 16:49
Subsystems: v9fs
[Documentation on labels]
Reported-by: syzbot+1fc139801105ed807f06@syzkaller.appspotmail.com
First crash: 13d, last: 4d18h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [v9fs?] BUG: stack guard page was hit in loop_process_work 0 (1) 2025/01/20 16:49

Sample crash report:
BUG: TASK stack guard page was hit at ffffc900001dffc8 (stack is ffffc900001e0000..ffffc900001e8000)
Oops: stack guard page: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 2 UID: 0 PID: 12 Comm: kworker/u32:1 Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: loop8 loop_workfn
RIP: 0010:mark_lock+0xb0/0xc60 kernel/locking/lockdep.c:4727
Code: fe 09 0f 87 e3 00 00 00 41 83 fe 08 49 89 fc 48 89 f3 0f 84 97 00 00 00 41 bd 01 00 00 00 44 89 f1 41 d3 e5 4d 63 ed 48 89 df <e8> 1b 6b ff ff 48 ba 00 00 00 00 00 fc ff df 48 8d 78 60 48 89 f9
RSP: 0018:ffffc900001dffd0 EFLAGS: 00010002
RAX: 0000000000000000 RBX: ffff88801ca953d8 RCX: 0000000000000004
RDX: 0000000000000002 RSI: ffff88801ca953d8 RDI: ffff88801ca953d8
RBP: ffffc900001e0108 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff969b9e27 R11: 00000000000254be R12: ffff88801ca94880
R13: 0000000000000200 R14: 0000000000000009 R15: 1ffff9200003c000
FS:  0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc900001dffc8 CR3: 0000000058ec0000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <#DF>
 </#DF>
 <TASK>
 mark_usage kernel/locking/lockdep.c:4670 [inline]
 __lock_acquire+0x9f1/0x3c40 kernel/locking/lockdep.c:5180
 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849
 rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 rcu_read_lock include/linux/rcupdate.h:849 [inline]
 page_ext_get+0x3a/0x310 mm/page_ext.c:525
 __set_page_owner+0x9a/0x790 mm/page_owner.c:322
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1558
 prep_new_page mm/page_alloc.c:1566 [inline]
 get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3476
 __alloc_pages_noprof+0x223/0x25b0 mm/page_alloc.c:4753
 alloc_pages_mpol_noprof+0x2c8/0x620 mm/mempolicy.c:2269
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab mm/slub.c:2589 [inline]
 new_slab+0x2c9/0x410 mm/slub.c:2642
 ___slab_alloc+0xce2/0x1650 mm/slub.c:3830
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3920
 __slab_alloc_node mm/slub.c:3995 [inline]
 slab_alloc_node mm/slub.c:4156 [inline]
 __do_kmalloc_node mm/slub.c:4297 [inline]
 __kmalloc_noprof+0x2de/0x4f0 mm/slub.c:4310
 kmalloc_noprof include/linux/slab.h:905 [inline]
 p9_fcall_init+0x97/0x260 net/9p/client.c:233
 p9_tag_alloc+0x17a/0x870 net/9p/client.c:298
 p9_client_prepare_req+0x19f/0x4d0 net/9p/client.c:644
 p9_client_zc_rpc.constprop.0+0x105/0x880 net/9p/client.c:793
 p9_client_read_once+0x443/0x820 net/9p/client.c:1570
 p9_client_read+0x13f/0x1b0 net/9p/client.c:1534
 v9fs_issue_read+0x115/0x340 fs/9p/vfs_addr.c:76
 netfs_retry_read_subrequests fs/netfs/read_retry.c:62 [inline]
 netfs_retry_reads+0x1512/0x1d40 fs/netfs/read_retry.c:235
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_retry_reads+0x15a4/0x1d40 fs/netfs/read_retry.c:238
 netfs_rreq_assess+0x5d3/0x870 fs/netfs/read_collect.c:374
 netfs_rreq_terminated+0xe5/0x110 fs/netfs/read_collect.c:409
 netfs_dispatch_unbuffered_reads fs/netfs/direct_read.c:103 [inline]
 netfs_unbuffered_read fs/netfs/direct_read.c:127 [inline]
 netfs_unbuffered_read_iter_locked+0x12e1/0x19a0 fs/netfs/direct_read.c:221
 netfs_unbuffered_read_iter+0xc5/0x100 fs/netfs/direct_read.c:256
 v9fs_file_read_iter+0xbf/0x100 fs/9p/vfs_file.c:361
 lo_rw_aio.isra.0+0x90a/0xcc0 drivers/block/loop.c:470
 do_req_filebacked drivers/block/loop.c:514 [inline]
 loop_handle_cmd drivers/block/loop.c:1909 [inline]
 loop_process_work+0xa65/0x2000 drivers/block/loop.c:1944
 process_one_work+0x958/0x1b30 kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3317 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:mark_lock+0xb0/0xc60 kernel/locking/lockdep.c:4727
Code: fe 09 0f 87 e3 00 00 00 41 83 fe 08 49 89 fc 48 89 f3 0f 84 97 00 00 00 41 bd 01 00 00 00 44 89 f1 41 d3 e5 4d 63 ed 48 89 df <e8> 1b 6b ff ff 48 ba 00 00 00 00 00 fc ff df 48 8d 78 60 48 89 f9
RSP: 0018:ffffc900001dffd0 EFLAGS: 00010002
RAX: 0000000000000000 RBX: ffff88801ca953d8 RCX: 0000000000000004
RDX: 0000000000000002 RSI: ffff88801ca953d8 RDI: ffff88801ca953d8
RBP: ffffc900001e0108 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff969b9e27 R11: 00000000000254be R12: ffff88801ca94880
R13: 0000000000000200 R14: 0000000000000009 R15: 1ffff9200003c000
FS:  0000000000000000(0000) GS:ffff88802b600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc900001dffc8 CR3: 0000000058ec0000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	fe 09                	decb   (%rcx)
   2:	0f 87 e3 00 00 00    	ja     0xeb
   8:	41 83 fe 08          	cmp    $0x8,%r14d
   c:	49 89 fc             	mov    %rdi,%r12
   f:	48 89 f3             	mov    %rsi,%rbx
  12:	0f 84 97 00 00 00    	je     0xaf
  18:	41 bd 01 00 00 00    	mov    $0x1,%r13d
  1e:	44 89 f1             	mov    %r14d,%ecx
  21:	41 d3 e5             	shl    %cl,%r13d
  24:	4d 63 ed             	movslq %r13d,%r13
  27:	48 89 df             	mov    %rbx,%rdi
* 2a:	e8 1b 6b ff ff       	call   0xffff6b4a <-- trapping instruction
  2f:	48 ba 00 00 00 00 00 	movabs $0xdffffc0000000000,%rdx
  36:	fc ff df
  39:	48 8d 78 60          	lea    0x60(%rax),%rdi
  3d:	48 89 f9             	mov    %rdi,%rcx

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/01/16 04:36 upstream 619f0b6fad52 968edaf4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 BUG: stack guard page was hit in loop_process_work
2025/01/07 13:20 upstream fbfd64d25c7a f3558dbf .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 BUG: stack guard page was hit in loop_process_work
* Struck through repros no longer work on HEAD.