bisecting fixing commit since 9b28b48fb343d8098f9f2ee84c8eeefc9e03cbcb
building syzkaller on 7f723fbe3e09e5d83cae8d55e27d941f0c9a657a
testing commit 9b28b48fb343d8098f9f2ee84c8eeefc9e03cbcb
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 670e59fee54007197f5060c5b621ca83eb19bb387aa4a55b806aa10f683cc60f
run #0: crashed: BUG: stack guard page was hit in corrupted
run #1: crashed: BUG: stack guard page was hit in corrupted
run #2: crashed: BUG: stack guard page was hit in corrupted
run #3: crashed: BUG: stack guard page was hit in corrupted
run #4: crashed: BUG: stack guard page was hit in corrupted
run #5: crashed: BUG: stack guard page was hit in corrupted
run #6: crashed: BUG: stack guard page was hit in corrupted
run #7: crashed: BUG: stack guard page was hit in corrupted
run #8: crashed: BUG: stack guard page was hit in corrupted
run #9: crashed: BUG: stack guard page was hit in sys_mount
run #10: crashed: BUG: stack guard page was hit in corrupted
run #11: crashed: BUG: stack guard page was hit in corrupted
run #12: crashed: BUG: stack guard page was hit in corrupted
run #13: crashed: BUG: stack guard page was hit in corrupted
run #14: crashed: BUG: stack guard page was hit in corrupted
run #15: crashed: BUG: stack guard page was hit in corrupted
run #16: crashed: BUG: stack guard page was hit in corrupted
run #17: crashed: BUG: stack guard page was hit in corrupted
run #18: crashed: BUG: stack guard page was hit in corrupted
run #19: crashed: BUG: stack guard page was hit in corrupted
testing current HEAD 34fd8cb7e75c2dca2cd2d850378b78cadcc21f4e
testing commit 34fd8cb7e75c2dca2cd2d850378b78cadcc21f4e
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: dd8de595cf3c305486eccb13ae3a9ec0bcd9b96875d6b861efe1b6013bb221bf
run #0: crashed: BUG: stack guard page was hit in corrupted
run #1: crashed: BUG: stack guard page was hit in corrupted
run #2: crashed: BUG: stack guard page was hit in corrupted
run #3: crashed: BUG: stack guard page was hit in corrupted
run #4: crashed: BUG: stack guard page was hit in corrupted
run #5: crashed: BUG: stack guard page was hit in corrupted
run #6: crashed: BUG: stack guard page was hit in corrupted
run #7: crashed: BUG: stack guard page was hit in sys_mount
run #8: crashed: BUG: stack guard page was hit in corrupted
run #9: crashed: BUG: stack guard page was hit in corrupted
revisions tested: 2, total time: 22m19.337753444s (build: 15m43.628988308s, test: 5m47.678071806s)
the crash still happens on HEAD
commit msg: ANDROID: Fix CRC issue up with xfrm headers in 5.10.94
crash: BUG: stack guard page was hit in corrupted
BUG: stack guard page was hit at ffffc9000075ffd8 (stack is ffffc90000760000..ffffc90000767fff)
kernel stack overflow (double-fault): 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 417 Comm: syz-executor970 Not tainted 5.10.94-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:stack_trace_save+0x1f/0xc0 kernel/stacktrace.c:113
Code: 66 66 2e 0f 1f 84 00 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 55 83 c2 01 31 c9 48 89 e5 53 48 8d 9d 78 ff ff ff 48 83 c4 80 <48> c7 85 78 ff ff ff b3 8a b5 41 48 c1 eb 03 48 c7 45 80 6e d6 29
RSP: 0018:ffffc9000075ffe0 EFLAGS: 00010283
RAX: dffffc0000000000 RBX: ffffc9000075ffe0 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000040 RDI: ffffc90000760078
RBP: ffffc90000760068 R08: ffff8881197c8cc0 R09: ffffed10232f9198
R10: fffff520000ec09a R11: 0000000000000079 R12: 0000000000000cc0
R13: ffff88810017be00 R14: 0000000000000cc0 R15: 0000000000000001
FS:  0000555556c60300(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000075ffd8 CR3: 000000010b4bb000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Modules linked in:
---[ end trace 8f6e0cdd362d8b80 ]---
RIP: 0010:stack_trace_save+0x1f/0xc0 kernel/stacktrace.c:113
Code: 66 66 2e 0f 1f 84 00 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 55 83 c2 01 31 c9 48 89 e5 53 48 8d 9d 78 ff ff ff 48 83 c4 80 <48> c7 85 78 ff ff ff b3 8a b5 41 48 c1 eb 03 48 c7 45 80 6e d6 29
RSP: 0018:ffffc9000075ffe0 EFLAGS: 00010283
RAX: dffffc0000000000 RBX: ffffc9000075ffe0 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000040 RDI: ffffc90000760078
RBP: ffffc90000760068 R08: ffff8881197c8cc0 R09: ffffed10232f9198
R10: fffff520000ec09a R11: 0000000000000079 R12: 0000000000000cc0
R13: ffff88810017be00 R14: 0000000000000cc0 R15: 0000000000000001
FS:  0000555556c60300(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000075ffd8 CR3: 000000010b4bb000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	66 66 2e 0f 1f 84 00 	data16 nopw %cs:0x0(%rax,%rax,1)
   7:	00 00 00 00
   b:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  12:	fc ff df
  15:	55                   	push   %rbp
  16:	83 c2 01             	add    $0x1,%edx
  19:	31 c9                	xor    %ecx,%ecx
  1b:	48 89 e5             	mov    %rsp,%rbp
  1e:	53                   	push   %rbx
  1f:	48 8d 9d 78 ff ff ff 	lea    -0x88(%rbp),%rbx
  26:	48 83 c4 80          	add    $0xffffffffffffff80,%rsp
* 2a:	48 c7 85 78 ff ff ff 	movq   $0x41b58ab3,-0x88(%rbp) <-- trapping instruction
  31:	b3 8a b5 41
  35:	48 c1 eb 03          	shr    $0x3,%rbx
  39:	48                   	rex.W
  3a:	c7                   	.byte 0xc7
  3b:	45 80 6e d6 29       	rex.RB subb $0x29,-0x2a(%r14)