syzbot


BUG: stack guard page was hit in update_stack_state

Status: fixed on 2020/07/17 17:58
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+c2fb6f9ddcea95ba49b5@syzkaller.appspotmail.com
Fix commit: dd912306ff00 net: fix a potential recursive NETDEV_FEAT_CHANGE
First crash: 1596d, last: 1577d
Discussions (10)
Title Replies (including bot) Last reply
[PATCH 4.19 00/80] 4.19.124-rc1 review 103 (103) 2020/06/05 01:12
[PATCH 4.4 00/86] 4.4.224-rc1 review 95 (95) 2020/05/21 07:47
[PATCH 5.4 000/147] 5.4.42-rc1 review 152 (152) 2020/05/19 16:29
[PATCH 4.14 000/114] 4.14.181-rc1 review 119 (119) 2020/05/19 16:28
[PATCH 4.9 00/90] 4.9.224-rc1 review 95 (95) 2020/05/19 16:27
[PATCH 5.6 000/194] 5.6.14-rc1 review 203 (203) 2020/05/19 14:44
[Patch net v3] net: fix a potential recursive NETDEV_FEAT_CHANGE 3 (3) 2020/05/08 01:19
[Patch net v2] net: fix a potential recursive NETDEV_FEAT_CHANGE 5 (5) 2020/05/07 18:50
[Patch net] net: fix a potential recursive NETDEV_FEAT_CHANGE 9 (9) 2020/05/06 20:15
BUG: stack guard page was hit in update_stack_state 1 (2) 2020/02/04 13:02

Sample crash report:
8021q: adding VLAN 0 to HW filter on device bond147
device bond147 entered promiscuous mode
BUG: stack guard page was hit at 00000000de277277 (stack is 00000000a2afc8a7..000000002c6eefb7)
kernel stack overflow (double-fault): 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 366 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:update_stack_state+0x94/0x5f0 arch/x86/kernel/unwind_frame.c:196
Code: 00 48 89 5d d0 31 db 48 c1 e9 03 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 29 04 00 00 41 8b 45 00 49 8d 7d 58 48 89 f9 48 c1 e9 03 <89> 85 5c ff ff ff 48 b8 00 00 00 00 00 fc ff df 80 3c 01 00 0f 85
RSP: 0018:ffffc90001827fd8 EFLAGS: 00010a02
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 1ffff92000305043
RDX: 1ffff92000305036 RSI: ffffc90001828248 RDI: ffffc90001828218
RBP: ffffc900018280a0 R08: ffffc900018281e8 R09: ffffc90001828218
R10: ffffc900018281e8 R11: ffffc900018281f8 R12: 1ffff9200030501b
R13: ffffc900018281c0 R14: 1ffff92000305003 R15: ffffc90001828248
FS:  00007facd09fe700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001827fc8 CR3: 0000000047495000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Modules linked in:
---[ end trace da115706e79d3750 ]---
RIP: 0010:update_stack_state+0x94/0x5f0 arch/x86/kernel/unwind_frame.c:196
Code: 00 48 89 5d d0 31 db 48 c1 e9 03 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 29 04 00 00 41 8b 45 00 49 8d 7d 58 48 89 f9 48 c1 e9 03 <89> 85 5c ff ff ff 48 b8 00 00 00 00 00 fc ff df 80 3c 01 00 0f 85
RSP: 0018:ffffc90001827fd8 EFLAGS: 00010a02
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 1ffff92000305043
RDX: 1ffff92000305036 RSI: ffffc90001828248 RDI: ffffc90001828218
RBP: ffffc900018280a0 R08: ffffc900018281e8 R09: ffffc90001828218
R10: ffffc900018281e8 R11: ffffc900018281f8 R12: 1ffff9200030501b
R13: ffffc900018281c0 R14: 1ffff92000305003 R15: ffffc90001828248
FS:  00007facd09fe700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001827fc8 CR3: 0000000047495000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/02/18 06:55 net-next-old 725d23b59cd1 1ce142dc .config console log report ci-upstream-net-kasan-gce
2020/02/10 21:40 net-next-old fdfa3a6778b1 18847f55 .config console log report ci-upstream-net-kasan-gce
2020/02/09 16:01 net-next-old fdfa3a6778b1 6ece2ea5 .config console log report ci-upstream-net-kasan-gce
2020/02/07 04:57 net-next-old 33b40134e5cf 06150bf1 .config console log report ci-upstream-net-kasan-gce
2020/01/29 18:25 net-next-old b3a608222336 5ed23f9a .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.