Re: BUG: stack guard page was hit in deref_stack_reg
From: Josh Poimboeuf
Date: Sun Mar 15 2020 - 10:52:32 EST
On Sat, Mar 14, 2020 at 03:28:11AM -0700, syzbot wrote:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: 34a568a2 net: sgi: ioc3-eth: Remove phy workaround
> git tree: net-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=103e69fde00000
> kernel config: https://syzkaller.appspot.com/x/.config?x=598678fc6e800071
> dashboard link: https://syzkaller.appspot.com/bug?extid=2a3c14db0e17fe4c7409
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
>
> Unfortunately, I don't have any reproducer for this crash yet.
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+2a3c14db0e17fe4c7409@xxxxxxxxxxxxxxxxxxxxxxxxx
This is a stack overflow caused by a recursive loop in the networking
code. This chain repeats until it runs out of stack:
> bond_compute_features.isra.0+0x521/0xa40 drivers/net/bonding/bond_main.c:1188
> bond_slave_netdev_event drivers/net/bonding/bond_main.c:3237 [inline]
> bond_netdev_event+0x6ee/0x930 drivers/net/bonding/bond_main.c:3277
> notifier_call_chain+0xc0/0x230 kernel/notifier.c:83
> call_netdevice_notifiers_info net/core/dev.c:1948 [inline]
> call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1933
> call_netdevice_notifiers_extack net/core/dev.c:1960 [inline]
> call_netdevice_notifiers net/core/dev.c:1974 [inline]
> netdev_features_change net/core/dev.c:1364 [inline]
> netdev_update_features net/core/dev.c:9082 [inline]
> netdev_update_features+0xc4/0xd0 net/core/dev.c:9079
> netdev_sync_lower_features net/core/dev.c:8891 [inline]
> __netdev_update_features+0x821/0x12f0 net/core/dev.c:9026
> netdev_change_features+0x61/0xb0 net/core/dev.c:9098
> bond_compute_features.isra.0+0x521/0xa40 drivers/net/bonding/bond_main.c:1188
--
Josh