syzbot

 sign-in | mailing list | source | docs
🐞 Open [980] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12473] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: stack guard page was hit in unwind_next_frame

Status: closed as dup on 2020/05/04 19:04
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+e73ceacfd8560cc8a3ca@syzkaller.appspotmail.com
Fix commit: dd912306ff00 net: fix a potential recursive NETDEV_FEAT_CHANGE
First crash: 1451d, last: 1385d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
BUG: stack guard page was hit in deref_stack_reg kernel 2 1436d 1496d
Discussions (11)
Title Replies (including bot) Last reply
[PATCH 4.19 00/80] 4.19.124-rc1 review 103 (103) 2020/06/05 01:12
[PATCH 4.4 00/86] 4.4.224-rc1 review 95 (95) 2020/05/21 07:47
[PATCH 5.4 000/147] 5.4.42-rc1 review 152 (152) 2020/05/19 16:29
[PATCH 4.14 000/114] 4.14.181-rc1 review 119 (119) 2020/05/19 16:28
[PATCH 4.9 00/90] 4.9.224-rc1 review 95 (95) 2020/05/19 16:27
[PATCH 5.6 000/194] 5.6.14-rc1 review 203 (203) 2020/05/19 14:44
[Patch net v3] net: fix a potential recursive NETDEV_FEAT_CHANGE 3 (3) 2020/05/08 01:19
[Patch net v2] net: fix a potential recursive NETDEV_FEAT_CHANGE 5 (5) 2020/05/07 18:50
Re: BUG: stack guard page was hit in unwind_next_frame 1 (1) 2020/05/07 09:59
[Patch net] net: fix a potential recursive NETDEV_FEAT_CHANGE 9 (9) 2020/05/06 20:15
BUG: stack guard page was hit in unwind_next_frame 3 (4) 2020/05/05 07:02
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: stack guard page was hit in unwind_next_frame (2) net 4 1319d 1364d 0/26 auto-closed as invalid on 2021/01/06 00:38

Sample crash report:
BUG: stack guard page was hit at 00000000141e74d5 (stack is 00000000473b0e22..000000000bb77d8b)
kernel stack overflow (double-fault): 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 25878 Comm: syz-executor.4 Not tainted 5.8.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:unwind_next_frame+0x1e/0x1f90 arch/x86/kernel/unwind_orc.c:424
Code: 48 8b 0c 24 e9 72 ff ff ff 0f 1f 00 48 b8 00 00 00 00 00 fc ff df 41 57 49 89 ff 41 56 41 55 41 54 55 53 48 81 ec a0 00 00 00 <48> c7 44 24 40 b3 8a b5 41 48 8d 5c 24 40 48 c7 44 24 48 a0 f1 66
RSP: 0018:ffffc90007cd7f80 EFLAGS: 00010282
RAX: dffffc0000000000 RBX: ffffc90007cd8130 RCX: ffffc90007cd8138
RDX: ffffc90007ce0000 RSI: 1ffff92000f9b017 RDI: ffffc90007cd80a8
RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffc90007cd80a8
R10: fffff52000f9b020 R11: 0000000000000000 R12: fffff52000f9b017
R13: fffff52000f9b016 R14: ffffc90007cd80e0 R15: ffffc90007cd80a8
FS:  00007f15585a9700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90007cd7fc0 CR3: 00000000a1399000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __unwind_start+0x4dd/0x7c0 arch/x86/kernel/unwind_orc.c:698
 unwind_start arch/x86/include/asm/unwind.h:60 [inline]
 arch_stack_walk+0x5e/0xf0 arch/x86/kernel/stacktrace.c:24
 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:123
 save_stack+0x1b/0x40 mm/kasan/common.c:48
 set_track mm/kasan/common.c:56 [inline]
 __kasan_kmalloc.constprop.0+0xc2/0xd0 mm/kasan/common.c:494
 slab_post_alloc_hook mm/slab.h:586 [inline]
 slab_alloc_node mm/slab.c:3263 [inline]
 kmem_cache_alloc_node+0x130/0x3c0 mm/slab.c:3575
 __alloc_skb+0x71/0x550 net/core/skbuff.c:198
 alloc_skb include/linux/skbuff.h:1083 [inline]
 nlmsg_new include/net/netlink.h:940 [inline]
 rtmsg_ifinfo_build_skb+0x72/0x1a0 net/core/rtnetlink.c:3701
 rtmsg_ifinfo_event net/core/rtnetlink.c:3737 [inline]
 rtmsg_ifinfo_event net/core/rtnetlink.c:3728 [inline]
 rtnetlink_event+0x123/0x1d0 net/core/rtnetlink.c:5511
 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2027
 call_netdevice_notifiers_extack net/core/dev.c:2039 [inline]
 call_netdevice_notifiers net/core/dev.c:2053 [inline]
 netdev_features_change net/core/dev.c:1443 [inline]
 netdev_sync_lower_features net/core/dev.c:9056 [inline]
 __netdev_update_features+0x88d/0x1360 net/core/dev.c:9187
 netdev_change_features+0x61/0xb0 net/core/dev.c:9259
 bond_compute_features+0x502/0xa00 drivers/net/bonding/bond_main.c:1188
 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3237 [inline]
 bond_netdev_event+0x81f/0xb30 drivers/net/bonding/bond_main.c:3277
 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2027
 call_netdevice_notifiers_extack net/core/dev.c:2039 [inline]
 call_netdevice_notifiers net/core/dev.c:2053 [inline]
 netdev_features_change net/core/dev.c:1443 [inline]
 netdev_sync_lower_features net/core/dev.c:9056 [inline]
 __netdev_update_features+0x88d/0x1360 net/core/dev.c:9187
 netdev_change_features+0x61/0xb0 net/core/dev.c:9259
 bond_compute_features+0x502/0xa00 drivers/net/bonding/bond_main.c:1188
 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3237 [inline]
 bond_netdev_event+0x81f/0xb30 drivers/net/bonding/bond_main.c:3277
 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2027
 call_netdevice_notifiers_extack net/core/dev.c:2039 [inline]
 call_netdevice_notifiers net/core/dev.c:2053 [inline]
 netdev_features_change net/core/dev.c:1443 [inline]
 netdev_sync_lower_features net/core/dev.c:9056 [inline]
 __netdev_update_features+0x88d/0x1360 net/core/dev.c:9187
 netdev_change_features+0x61/0xb0 net/core/dev.c:9259
 bond_compute_features+0x502/0xa00 drivers/net/bonding/bond_main.c:1188
 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3237 [inline]
 bond_netdev_event+0x81f/0xb30 drivers/net/bonding/bond_main.c:3277
 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2027
 call_netdevice_notifiers_extack net/core/dev.c:2039 [inline]
 call_netdevice_notifiers net/core/dev.c:2053 [inline]
 netdev_features_change net/core/dev.c:1443 [inline]
 netdev_sync_lower_features net/core/dev.c:9056 [inline]
 __netdev_update_features+0x88d/0x1360 net/core/dev.c:9187
 netdev_change_features+0x61/0xb0 net/core/dev.c:9259
 bond_compute_features+0x502/0xa00 drivers/net/bonding/bond_main.c:1188
 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3237 [inline]
 bond_netdev_event+0x81f/0xb30 drivers/net/bonding/bond_main.c:3277
 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2027
 call_netdevice_notifiers_extack net/core/dev.c:2039 [inline]
 call_netdevice_notifiers net/core/dev.c:2053 [inline]
 netdev_features_change net/core/dev.c:1443 [inline]
 netdev_sync_lower_features net/core/dev.c:9056 [inline]
 __netdev_update_features+0x88d/0x1360 net/core/dev.c:9187
 netdev_change_features+0x61/0xb0 net/core/dev.c:9259
 bond_compute_features+0x502/0xa00 drivers/net/bonding/bond_main.c:1188
 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3237 [inline]
 bond_netdev_event+0x81f/0xb30 drivers/net/bonding/bond_main.c:3277
 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2027
 call_netdevice_notifiers_extack net/core/dev.c:2039 [inline]
 call_netdevice_notifiers net/core/dev.c:2053 [inline]
 netdev_features_change net/core/dev.c:1443 [inline]
 netdev_sync_lower_features net/core/dev.c:9056 [inline]
 __netdev_update_features+0x88d/0x1360 net/core/dev.c:9187
 netdev_change_features+0x61/0xb0 net/core/dev.c:9259
 bond_compute_features+0x502/0xa00 drivers/net/bonding/bond_main.c:1188
 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3237 [inline]
 bond_netdev_event+0x81f/0xb30 drivers/net/bonding/bond_main.c:3277
 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2027
 call_netdevice_notifiers_extack net/core/dev.c:2039 [inline]
 call_netdevice_notifiers net/core/dev.c:2053 [inline]
 netdev_features_change net/core/dev.c:1443 [inline]
 netdev_sync_lower_features net/core/dev.c:9056 [inline]
 __netdev_update_features+0x88d/0x1360 net/core/dev.c:9187
 netdev_change_features+0x61/0xb0 net/core/dev.c:9259
 bond_compute_features+0x502/0xa00 drivers/net/bonding/bond_main.c:1188
 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3237 [inline]
 bond_netdev_event+0x81f/0xb30 drivers/net/bonding/bond_main.c:3277
 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2027
 call_netdevice_notifiers_extack net/core/dev.c:2039 [inline]
 call_netdevice_notifiers net/core/dev.c:2053 [inline]
 netdev_features_change net/core/dev.c:1443 [inline]
 netdev_sync_lower_features net/core/dev.c:9056 [inline]
 __netdev_update_features+0x88d/0x1360 net/core/dev.c:9187
 netdev_change_features+0x61/0xb0 net/core/dev.c:9259
 bond_compute_features+0x502/0xa00 drivers/net/bonding/bond_main.c:1188
 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3237 [inline]
 bond_netdev_event+0x81f/0xb30 drivers/net/bonding/bond_main.c:3277
 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2027
 call_netdevice_notifiers_extack net/core/dev.c:2039 [inline]
 call_netdevice_notifiers net/core/dev.c:2053 [inline]
 netdev_features_change net/core/dev.c:1443 [inline]
 netdev_sync_lower_features net/core/dev.c:9056 [inline]
 __netdev_update_features+0x88d/0x1360 net/core/dev.c:9187
 netdev_change_features+0x61/0xb0 net/core/dev.c:9259
 bond_compute_features+0x502/0xa00 drivers/net/bonding/bond_main.c:1188
 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3237 [inline]
 bond_netdev_event+0x81f/0xb30 drivers/net/bonding/bond_main.c:3277
Lost 406 message(s)!
---[ end trace a7c0f7520b7a2f20 ]---
RIP: 0010:unwind_next_frame+0x1e/0x1f90 arch/x86/kernel/unwind_orc.c:424
Code: 48 8b 0c 24 e9 72 ff ff ff 0f 1f 00 48 b8 00 00 00 00 00 fc ff df 41 57 49 89 ff 41 56 41 55 41 54 55 53 48 81 ec a0 00 00 00 <48> c7 44 24 40 b3 8a b5 41 48 8d 5c 24 40 48 c7 44 24 48 a0 f1 66
RSP: 0018:ffffc90007cd7f80 EFLAGS: 00010282
RAX: dffffc0000000000 RBX: ffffc90007cd8130 RCX: ffffc90007cd8138
RDX: ffffc90007ce0000 RSI: 1ffff92000f9b017 RDI: ffffc90007cd80a8
RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffc90007cd80a8
R10: fffff52000f9b020 R11: 0000000000000000 R12: fffff52000f9b017
R13: fffff52000f9b016 R14: ffffc90007cd80e0 R15: ffffc90007cd80a8
FS:  00007f15585a9700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90007cd7fc0 CR3: 00000000a1399000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/07/04 03:04 net-old 1ca0fafd73c5 51095195 .config console log report ci-upstream-net-this-kasan-gce
2020/06/30 21:55 net-old 2ce578ca9444 917afeaa .config console log report ci-upstream-net-this-kasan-gce
2020/06/25 09:38 net-old b835a71ef64a 54566aff .config console log report ci-upstream-net-this-kasan-gce
2020/05/17 17:13 net-old f45a7bccdc19 37bccd4e .config console log report ci-upstream-net-this-kasan-gce
2020/04/29 04:38 net-old 8999dc89497a e3ecea2e .config console log report ci-upstream-net-this-kasan-gce
2020/06/08 03:08 net-next-old cb8e59cc8720 7751efd0 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.