BUG: stack guard page was hit in sys

Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported
BUG: stack guard page was hit in file_open	C	error		25	789d	868d

error

789d

868d

Kernel	Title	Repro	Cause bisect	Count	Last	Reported	Patched	Status
android-5-10	BUG: stack guard page was hit in sys_unlink (8)			1	762d	762d	2/2	fixed on 2022/05/12 07:47
android-5-10	BUG: stack guard page was hit in sys_unlink (6)	C	error	3	776d	777d	0/2	closed as dup on 2022/03/18 15:53
android-5-10	BUG: stack guard page was hit in sys_unlink (3)	C	error	2	787d	787d	0/2	closed as dup on 2022/03/07 22:53
android-5-10	BUG: stack guard page was hit in sys_unlink (5)	C	error	3	782d	782d	0/2	closed as dup on 2022/03/13 15:49
android-5-10	BUG: stack guard page was hit in sys_unlink			2	849d	849d	0/2	closed as invalid on 2022/02/28 16:10
android-5-10	BUG: stack guard page was hit in sys_unlink (2)	C		4	789d	793d	0/2	closed as dup on 2022/03/01 20:47
android-5-10	BUG: stack guard page was hit in sys_unlink (7)	C	error	2	771d	771d	0/2	closed as dup on 2022/03/24 14:58

BUG: stack guard page was hit at ffffc900002e7ff8 (stack is ffffc900002e8000..ffffc900002effff) kernel stack overflow (double-fault): 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 365 Comm: syz-executor424 Not tainted 5.10.102-syzkaller-00171-ge1b86e7f5cbb #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:29 [inline] RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:79 [inline] RIP: 0010:arch_local_irq_save arch/x86/include/asm/irqflags.h:120 [inline] RIP: 0010:rmqueue_pcplist mm/page_alloc.c:3551 [inline] RIP: 0010:rmqueue+0xc6/0x2480 mm/page_alloc.c:3576 Code: 4c 8d b4 24 50 01 00 00 4c 89 f3 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 f7 e8 76 cc 03 00 48 c7 84 24 50 01 00 00 00 00 00 00 <9c> 8f 84 24 50 01 00 00 42 80 3c 2b 00 74 08 4c 89 f7 e8 b3 cb 03 RSP: 0018:ffffc900002e8000 EFLAGS: 00010246 RAX: f300f204f1f1f1f1 RBX: 1ffff9200005d02a RCX: 0000000000012cd0 RDX: 1ffff9200005d024 RSI: ffffffff86bbfac0 RDI: ffffffff86bbfac0 RBP: ffffc900002e81c8 R08: 0000000000000901 R09: 0000000000000002 R10: fffffbfff0d7801c R11: 0000000000000000 R12: 0000000000000002 R13: dffffc0000000000 R14: ffffc900002e8150 R15: ffffffff86bbfac0 FS: 0000555555aef300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc900002e7ff8 CR3: 00000001077a4000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: get_page_from_freelist+0x471/0xa90 mm/page_alloc.c:4060 __alloc_pages_nodemask+0x3c8/0x820 mm/page_alloc.c:5107 alloc_slab_page mm/slub.c:1813 [inline] allocate_slab+0x6b/0x350 mm/slub.c:1815 new_slab mm/slub.c:1876 [inline] new_slab_objects mm/slub.c:2635 [inline] ___slab_alloc+0x143/0x2f0 mm/slub.c:2798 __slab_alloc mm/slub.c:2838 [inline] slab_alloc_node mm/slub.c:2920 [inline] slab_alloc mm/slub.c:2962 [inline] kmem_cache_alloc+0x26f/0x380 mm/slub.c:2967 __d_alloc+0x2d/0x6b0 fs/dcache.c:1709 d_alloc fs/dcache.c:1788 [inline] d_alloc_parallel+0xf3/0x1360 fs/dcache.c:2540 __lookup_slow+0x14e/0x400 fs/namei.c:1613 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_slow+0x2b3/0x400 fs/namei.c:1628 lookup_one_len+0x17f/0x2c0 fs/namei.c:2642 incfs_lookup_dentry+0x5f/0xb0 fs/incfs/data_mgmt.c:212 dir_lookup+0x3b8/0x6e0 fs/incfs/vfs.c:967 __lookup_hash+0x141/0x290 fs/namei.c:1529 do_unlinkat+0x298/0x960 fs/namei.c:3959 __do_sys_unlink fs/namei.c:4018 [inline] __se_sys_unlink fs/namei.c:4016 [inline] __x64_sys_unlink+0x49/0x50 fs/namei.c:4016 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f0238f68069 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffdea425ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0238f68069 RDX: 00007f0238f68069 RSI: 0000000020000200 RDI: 0000000020000c80 RBP: 00007f0238f2c050 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0238f2c0e0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: ---[ end trace f7159fdbe82d7a26 ]--- RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:29 [inline] RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:79 [inline] RIP: 0010:arch_local_irq_save arch/x86/include/asm/irqflags.h:120 [inline] RIP: 0010:rmqueue_pcplist mm/page_alloc.c:3551 [inline] RIP: 0010:rmqueue+0xc6/0x2480 mm/page_alloc.c:3576 Code: 4c 8d b4 24 50 01 00 00 4c 89 f3 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 f7 e8 76 cc 03 00 48 c7 84 24 50 01 00 00 00 00 00 00 <9c> 8f 84 24 50 01 00 00 42 80 3c 2b 00 74 08 4c 89 f7 e8 b3 cb 03 RSP: 0018:ffffc900002e8000 EFLAGS: 00010246 RAX: f300f204f1f1f1f1 RBX: 1ffff9200005d02a RCX: 0000000000012cd0 RDX: 1ffff9200005d024 RSI: ffffffff86bbfac0 RDI: ffffffff86bbfac0 RBP: ffffc900002e81c8 R08: 0000000000000901 R09: 0000000000000002 R10: fffffbfff0d7801c R11: 0000000000000000 R12: 0000000000000002 R13: dffffc0000000000 R14: ffffc900002e8150 R15: ffffffff86bbfac0 FS: 0000555555aef300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc900002e7ff8 CR3: 00000001077a4000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 4c 8d b4 24 50 01 00 lea 0x150(%rsp),%r14 7: 00 8: 4c 89 f3 mov %r14,%rbx b: 48 c1 eb 03 shr $0x3,%rbx f: 42 80 3c 2b 00 cmpb $0x0,(%rbx,%r13,1) 14: 74 08 je 0x1e 16: 4c 89 f7 mov %r14,%rdi 19: e8 76 cc 03 00 callq 0x3cc94 1e: 48 c7 84 24 50 01 00 movq $0x0,0x150(%rsp) 25: 00 00 00 00 00 * 2a: 9c pushfq <-- trapping instruction 2b: 8f 84 24 50 01 00 00 popq 0x150(%rsp) 32: 42 80 3c 2b 00 cmpb $0x0,(%rbx,%r13,1) 37: 74 08 je 0x41 39: 4c 89 f7 mov %r14,%rdi 3c: e8 .byte 0xe8 3d: b3 cb mov $0xcb,%bl 3f: 03 .byte 0x3

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2022/03/11 07:46	android12-5.10-lts	e1b86e7f5cbb	9e8eaa75	.config	console log	report	syz	C			ci2-android-5-10	BUG: stack guard page was hit in sys_unlink
2022/03/11 07:35	android12-5.10-lts	e1b86e7f5cbb	9e8eaa75	.config	console log	report			info		ci2-android-5-10	BUG: stack guard page was hit in sys_unlink

Crashes (2):

Assets (help?)