syzbot


BUG: stack guard page was hit in corrupted (22)

Status: auto-closed as invalid on 2022/08/31 02:51
Reported-by: syzbot+4468683102ee7d859712@syzkaller.appspotmail.com
First crash: 773d, last: 773d
Cause bisection: introduced by (bisect log) :
commit 6cef9b295255da56ba165322bdcda03de5b0d130
Author: Kever Yang <kever.yang@rock-chips.com>
Date: Mon Sep 27 01:59:48 2021 +0000

  ANDROID: GKI: rockchip: Enable symbols for common clk

Crash: BUG: stack guard page was hit in sys_creat (log)
Repro: syz .config
  
Fix bisection: fixed by (bisect log) :
commit 08ad7a770efacfecf903143f8de88d1e351a1f2d
Author: Kees Cook <keescook@chromium.org>
Date: Sat Feb 12 17:14:49 2022 +0000

  etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead

  
Similar bugs (22)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 BUG: stack guard page was hit in corrupted (14) C error 2 820d 820d 0/2 closed as dup on 2022/03/24 14:58
android-5-10 BUG: stack guard page was hit in corrupted (16) C error 2 814d 816d 0/2 closed as dup on 2022/03/30 17:23
android-5-10 BUG: stack guard page was hit in corrupted (9) C error 1 828d 828d 0/2 closed as dup on 2022/03/16 16:28
android-5-10 BUG: stack guard page was hit in corrupted (13) C error 1 821d 821d 0/2 closed as dup on 2022/03/22 16:23
android-5-10 BUG: stack guard page was hit in corrupted (17) C error 3 810d 811d 0/2 closed as dup on 2022/04/04 16:48
android-5-10 BUG: stack guard page was hit in corrupted (5) C error 3 832d 832d 0/2 closed as dup on 2022/03/11 15:58
android-5-10 BUG: stack guard page was hit in corrupted (19) C 1 804d 804d 0/2 closed as dup on 2022/04/08 17:06
android-5-10 BUG: stack guard page was hit in corrupted (6) C error 1 831d 831d 0/2 closed as dup on 2022/03/11 22:51
android-5-10 BUG: stack guard page was hit in corrupted (20) C error 1 801d 801d 0/2 closed as dup on 2022/04/11 14:20
android-5-10 BUG: stack guard page was hit in corrupted (21) C error 3 787d 788d 0/2 closed as dup on 2022/05/04 16:12
android-5-10 BUG: stack guard page was hit in corrupted (8) C 1 829d 829d 0/2 closed as dup on 2022/03/14 15:44
android-5-10 BUG: stack guard page was hit in corrupted (4) C error 1 834d 834d 0/2 closed as dup on 2022/03/09 18:22
android-5-10 BUG: stack guard page was hit in corrupted (7) C error 1 831d 831d 0/2 closed as dup on 2022/03/13 15:49
android-5-10 BUG: stack guard page was hit in corrupted (18) C error 1 807d 807d 0/2 closed as dup on 2022/04/05 20:24
android-5-10 BUG: stack guard page was hit in corrupted C error 3 863d 898d 0/2 closed as invalid on 2022/02/28 16:10
android-5-10 BUG: stack guard page was hit in corrupted (10) C error 1 826d 826d 0/2 closed as dup on 2022/03/17 16:45
android-5-10 BUG: stack guard page was hit in corrupted (15) C error 1 818d 818d 0/2 closed as dup on 2022/03/25 16:30
android-5-10 BUG: stack guard page was hit in corrupted (12) C done 2 822d 824d 0/2 closed as dup on 2022/03/21 14:57
android-5-10 BUG: stack guard page was hit in corrupted (2) C error 2 840d 841d 0/2 closed as dup on 2022/03/02 15:48
android-5-10 BUG: stack guard page was hit in corrupted (3) C error 1 834d 834d 0/2 closed as dup on 2022/03/09 15:36
android-5-10 BUG: stack guard page was hit in corrupted (11) C error 2 825d 825d 0/2 closed as dup on 2022/03/18 21:48
android-5-10 BUG: stack guard page was hit in corrupted (23) syz error error 1 373d 373d 0/2 auto-obsoleted due to no activity on 2023/09/30 03:13
Last patch testing requests (1)
Created Duration User Patch Repo Result
2022/08/31 02:27 14m retest repro android12-5.10-lts OK log

Sample crash report:
BUG: stack guard page was hit at ffffc900012dffe8 (stack is ffffc900012e0000..ffffc900012e7fff)
kernel stack overflow (double-fault): 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 1881 Comm: syz-executor.0 Not tainted 5.10.112-syzkaller-00287-gde64d941a71a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:check_preemption_disabled+0x18/0x100 lib/smp_processor_id.c:13
Code: 40 d2 43 85 e8 09 00 00 00 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 65 48 8b 04 25 28 00 00 00 <48> 89 45 d8 65 8b 1d d5 7e 71 7b 65 8b 05 22 db 71 7b a9 ff ff ff
RSP: 0018:ffffc900012dfff0 EFLAGS: 00010086
RAX: e760de4d7b569700 RBX: ffff8881f7055e00 RCX: 1ffff9200025c044
RDX: 1ffff9200025c024 RSI: ffffffff8543d240 RDI: ffffffff8543d200
RBP: ffffc900012e0020 R08: ffffffff86c2c008 R09: ffffffff86c2c018
R10: ffffffff86c2c010 R11: ffffffff86c2c003 R12: 0000000000000001
R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88811d590000
FS:  00007f8698d41700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc900012dffe8 CR3: 0000000119e63000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Modules linked in:
---[ end trace 9761b35dad3656d6 ]---
RIP: 0010:check_preemption_disabled+0x18/0x100 lib/smp_processor_id.c:13
Code: 40 d2 43 85 e8 09 00 00 00 5d c3 0f 1f 80 00 00 00 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 65 48 8b 04 25 28 00 00 00 <48> 89 45 d8 65 8b 1d d5 7e 71 7b 65 8b 05 22 db 71 7b a9 ff ff ff
RSP: 0018:ffffc900012dfff0 EFLAGS: 00010086
RAX: e760de4d7b569700 RBX: ffff8881f7055e00 RCX: 1ffff9200025c044
RDX: 1ffff9200025c024 RSI: ffffffff8543d240 RDI: ffffffff8543d200
RBP: ffffc900012e0020 R08: ffffffff86c2c008 R09: ffffffff86c2c018
R10: ffffffff86c2c010 R11: ffffffff86c2c003 R12: 0000000000000001
R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88811d590000
FS:  00007f8698d41700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc900012dffe8 CR3: 0000000119e63000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	40 d2 43 85          	rolb   %cl,-0x7b(%rbx)
   4:	e8 09 00 00 00       	callq  0x12
   9:	5d                   	pop    %rbp
   a:	c3                   	retq
   b:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  12:	55                   	push   %rbp
  13:	48 89 e5             	mov    %rsp,%rbp
  16:	41 57                	push   %r15
  18:	41 56                	push   %r14
  1a:	41 54                	push   %r12
  1c:	53                   	push   %rbx
  1d:	48 83 ec 10          	sub    $0x10,%rsp
  21:	65 48 8b 04 25 28 00 	mov    %gs:0x28,%rax
  28:	00 00
* 2a:	48 89 45 d8          	mov    %rax,-0x28(%rbp) <-- trapping instruction
  2e:	65 8b 1d d5 7e 71 7b 	mov    %gs:0x7b717ed5(%rip),%ebx        # 0x7b717f0a
  35:	65 8b 05 22 db 71 7b 	mov    %gs:0x7b71db22(%rip),%eax        # 0x7b71db5e
  3c:	a9                   	.byte 0xa9
  3d:	ff                   	(bad)
  3e:	ff                   	(bad)
  3f:	ff                   	.byte 0xff

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/05/09 19:24 android12-5.10-lts de64d941a71a 8b277b8e .config console log report syz ci2-android-5-10 BUG: stack guard page was hit in corrupted
* Struck through repros no longer work on HEAD.