[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20200315144919.y6r5sarg5m4s6wpw@treble>
Date: Sun, 15 Mar 2020 09:49:19 -0500
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: syzbot <syzbot+2a3c14db0e17fe4c7409@...kaller.appspotmail.com>
Cc: bp@...en8.de, hpa@...or.com, linux-kernel@...r.kernel.org,
mingo@...hat.com, netdev@...r.kernel.org, peterz@...radead.org,
shile.zhang@...ux.alibaba.com, syzkaller-bugs@...glegroups.com,
tglx@...utronix.de, x86@...nel.org
Subject: Re: BUG: stack guard page was hit in deref_stack_reg
On Sat, Mar 14, 2020 at 03:28:11AM -0700, syzbot wrote:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: 34a568a2 net: sgi: ioc3-eth: Remove phy workaround
> git tree: net-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=103e69fde00000
> kernel config: https://syzkaller.appspot.com/x/.config?x=598678fc6e800071
> dashboard link: https://syzkaller.appspot.com/bug?extid=2a3c14db0e17fe4c7409
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
>
> Unfortunately, I don't have any reproducer for this crash yet.
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+2a3c14db0e17fe4c7409@...kaller.appspotmail.com
This is a stack overflow caused by a recursive loop in the networking
code. This chain repeats until it runs out of stack:
> bond_compute_features.isra.0+0x521/0xa40 drivers/net/bonding/bond_main.c:1188
> bond_slave_netdev_event drivers/net/bonding/bond_main.c:3237 [inline]
> bond_netdev_event+0x6ee/0x930 drivers/net/bonding/bond_main.c:3277
> notifier_call_chain+0xc0/0x230 kernel/notifier.c:83
> call_netdevice_notifiers_info net/core/dev.c:1948 [inline]
> call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1933
> call_netdevice_notifiers_extack net/core/dev.c:1960 [inline]
> call_netdevice_notifiers net/core/dev.c:1974 [inline]
> netdev_features_change net/core/dev.c:1364 [inline]
> netdev_update_features net/core/dev.c:9082 [inline]
> netdev_update_features+0xc4/0xd0 net/core/dev.c:9079
> netdev_sync_lower_features net/core/dev.c:8891 [inline]
> __netdev_update_features+0x821/0x12f0 net/core/dev.c:9026
> netdev_change_features+0x61/0xb0 net/core/dev.c:9098
> bond_compute_features.isra.0+0x521/0xa40 drivers/net/bonding/bond_main.c:1188
--
Josh
Powered by blists - more mailing lists