syzbot


BUG: stack guard page was hit in corrupted (19)

Status: closed as dup on 2022/04/08 17:06
Reported-by: syzbot+67a4553d622787cb9f53@syzkaller.appspotmail.com
First crash: 958d, last: 958d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
BUG: stack guard page was hit in file_open C error 25 992d 1070d
Similar bugs (23)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 BUG: stack guard page was hit in corrupted (14) C error 2 974d 974d 0/2 closed as dup on 2022/03/24 14:58
android-5-10 BUG: stack guard page was hit in corrupted (16) C error 2 968d 970d 0/2 closed as dup on 2022/03/30 17:23
android-5-10 BUG: stack guard page was hit in corrupted (9) C error 1 982d 982d 0/2 closed as dup on 2022/03/16 16:28
android-5-10 BUG: stack guard page was hit in corrupted (13) C error 1 975d 975d 0/2 closed as dup on 2022/03/22 16:23
android-5-10 BUG: stack guard page was hit in corrupted (17) C error 3 964d 965d 0/2 closed as dup on 2022/04/04 16:48
android-6-1 BUG: stack guard page was hit in corrupted origin:lts C 2 21d 106d 0/2 upstream: reported C repro on 2024/08/07 17:59
android-5-10 BUG: stack guard page was hit in corrupted (5) C error 3 986d 986d 0/2 closed as dup on 2022/03/11 15:58
android-5-10 BUG: stack guard page was hit in corrupted (6) C error 1 985d 985d 0/2 closed as dup on 2022/03/11 22:51
android-5-10 BUG: stack guard page was hit in corrupted (20) C error 1 955d 955d 0/2 closed as dup on 2022/04/11 14:20
android-5-10 BUG: stack guard page was hit in corrupted (21) C error 3 941d 942d 0/2 closed as dup on 2022/05/04 16:12
android-5-10 BUG: stack guard page was hit in corrupted (8) C 1 983d 983d 0/2 closed as dup on 2022/03/14 15:44
android-5-10 BUG: stack guard page was hit in corrupted (4) C error 1 988d 988d 0/2 closed as dup on 2022/03/09 18:22
android-5-10 BUG: stack guard page was hit in corrupted (7) C error 1 985d 985d 0/2 closed as dup on 2022/03/13 15:49
android-5-10 BUG: stack guard page was hit in corrupted (18) C error 1 961d 961d 0/2 closed as dup on 2022/04/05 20:24
android-5-10 BUG: stack guard page was hit in corrupted C error 3 1017d 1052d 0/2 closed as invalid on 2022/02/28 16:10
android-5-10 BUG: stack guard page was hit in corrupted (10) C error 1 980d 980d 0/2 closed as dup on 2022/03/17 16:45
android-5-10 BUG: stack guard page was hit in corrupted (15) C error 1 972d 972d 0/2 closed as dup on 2022/03/25 16:30
android-5-10 BUG: stack guard page was hit in corrupted (12) C done 2 976d 978d 0/2 closed as dup on 2022/03/21 14:57
android-5-10 BUG: stack guard page was hit in corrupted (2) C error 2 994d 995d 0/2 closed as dup on 2022/03/02 15:48
android-5-10 BUG: stack guard page was hit in corrupted (3) C error 1 988d 988d 0/2 closed as dup on 2022/03/09 15:36
android-5-10 BUG: stack guard page was hit in corrupted (11) C error 2 979d 979d 0/2 closed as dup on 2022/03/18 21:48
android-5-10 BUG: stack guard page was hit in corrupted (22) syz done done 1 927d 927d 0/2 auto-closed as invalid on 2022/08/31 02:51
android-5-10 BUG: stack guard page was hit in corrupted (23) syz error error 1 527d 527d 0/2 auto-obsoleted due to no activity on 2023/09/30 03:13

Sample crash report:
BUG: stack guard page was hit at ffffc90003187f98 (stack is ffffc90003188000..ffffc9000318ffff)
kernel stack overflow (double-fault): 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 796 Comm: syz-executor304 Not tainted 5.10.109-syzkaller-00693-g414e6c8e941c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__update_load_avg_se+0x40/0xb90 kernel/sched/pelt.c:372
Code: f7 49 89 fe 48 be 00 00 00 00 00 fc ff df 48 8d 7a 38 48 89 f8 48 c1 e8 03 8a 04 30 84 c0 0f 85 38 08 00 00 8b 43 38 45 31 ed <89> 45 a8 85 c0 41 0f 95 c4 48 89 5d b0 48 81 c3 58 01 00 00 48 89
RSP: 0018:ffffc90003187fa0 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff88810c856340 RCX: dffffc0000000000
RDX: ffff88810c856340 RSI: dffffc0000000000 RDI: ffff88810c856378
RBP: ffffc90003188030 R08: 00000000000001c3 R09: fffffbfff0c5ebeb
R10: fffffbfff0c5ebeb R11: 1ffffffff0c5ebea R12: dffffc0000000000
R13: 0000000000000000 R14: 0000001122634f2b R15: ffff8881f7156000
FS:  0000555555cee3c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90003187f98 CR3: 000000010eae9000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Modules linked in:
---[ end trace 7f3e83c1acb3b509 ]---
RIP: 0010:__update_load_avg_se+0x40/0xb90 kernel/sched/pelt.c:372
Code: f7 49 89 fe 48 be 00 00 00 00 00 fc ff df 48 8d 7a 38 48 89 f8 48 c1 e8 03 8a 04 30 84 c0 0f 85 38 08 00 00 8b 43 38 45 31 ed <89> 45 a8 85 c0 41 0f 95 c4 48 89 5d b0 48 81 c3 58 01 00 00 48 89
RSP: 0018:ffffc90003187fa0 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff88810c856340 RCX: dffffc0000000000
RDX: ffff88810c856340 RSI: dffffc0000000000 RDI: ffff88810c856378
RBP: ffffc90003188030 R08: 00000000000001c3 R09: fffffbfff0c5ebeb
R10: fffffbfff0c5ebeb R11: 1ffffffff0c5ebea R12: dffffc0000000000
R13: 0000000000000000 R14: 0000001122634f2b R15: ffff8881f7156000
FS:  0000555555cee3c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90003187f98 CR3: 000000010eae9000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	49 89 fe             	mov    %rdi,%r14
   3:	48 be 00 00 00 00 00 	movabs $0xdffffc0000000000,%rsi
   a:	fc ff df
   d:	48 8d 7a 38          	lea    0x38(%rdx),%rdi
  11:	48 89 f8             	mov    %rdi,%rax
  14:	48 c1 e8 03          	shr    $0x3,%rax
  18:	8a 04 30             	mov    (%rax,%rsi,1),%al
  1b:	84 c0                	test   %al,%al
  1d:	0f 85 38 08 00 00    	jne    0x85b
  23:	8b 43 38             	mov    0x38(%rbx),%eax
  26:	45 31 ed             	xor    %r13d,%r13d
* 29:	89 45 a8             	mov    %eax,-0x58(%rbp) <-- trapping instruction
  2c:	85 c0                	test   %eax,%eax
  2e:	41 0f 95 c4          	setne  %r12b
  32:	48 89 5d b0          	mov    %rbx,-0x50(%rbp)
  36:	48 81 c3 58 01 00 00 	add    $0x158,%rbx
  3d:	48                   	rex.W
  3e:	89                   	.byte 0x89

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/04/08 16:37 android12-5.10-lts 414e6c8e941c c6ff3e05 .config console log report syz C ci2-android-5-10 BUG: stack guard page was hit in corrupted
* Struck through repros no longer work on HEAD.