kernel panic: stack is corrupted in get_kernel_gp_address

kernel panic: stack is corrupted in get_kernel_gp_address

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    f4d51dff Linux 5.9-rc4
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14aa2d3e900000
kernel config:  https://syzkaller.appspot.com/x/.config?x=a9075b36a6ae26c9
dashboard link: https://syzkaller.appspot.com/bug?extid=d6459d8f8984c0929e54
compiler:       gcc (GCC) 10.1.0-syz 20200507
userspace arch: i386
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=164270dd900000

Bisection is inconclusive: the issue happens on the oldest tested release.

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=13c7d9f9900000
final oops:     https://syzkaller.appspot.com/x/report.txt?x=1027d9f9900000
console output: https://syzkaller.appspot.com/x/log.txt?x=17c7d9f9900000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d6459d8f8984c0929e54@syzkaller.appspotmail.com

���ACode: Bad RIP value.
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: get_kernel_gp_address+0x1a0/0x1c0 arch/x86/kernel/traps.c:520
Kernel Offset: disabled


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

Re: kernel panic: stack is corrupted in get_kernel_gp_address

[syzbot]

syzbot suspects this issue was fixed by commit:

commit a49145acfb975d921464b84fe00279f99827d816
Author: George Kennedy <george.kennedy@oracle.com>
Date:   Tue Jul 7 19:26:03 2020 +0000

    fbmem: add margin check to fb_check_caps()

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=10ff7572500000
start commit:   f4d51dff Linux 5.9-rc4
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=a9075b36a6ae26c9
dashboard link: https://syzkaller.appspot.com/bug?extid=d6459d8f8984c0929e54
userspace arch: i386
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=164270dd900000

If the result looks correct, please mark the issue as fixed by replying with:

#syz fix: fbmem: add margin check to fb_check_caps()

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

Re: kernel panic: stack is corrupted in get_kernel_gp_address

[Dmitry Vyukov]

On Fri, Nov 13, 2020 at 9:27 AM syzbot
<syzbot+d6459d8f8984c0929e54@syzkaller.appspotmail.com> wrote:
>
> syzbot suspects this issue was fixed by commit:
>
> commit a49145acfb975d921464b84fe00279f99827d816
> Author: George Kennedy <george.kennedy@oracle.com>
> Date:   Tue Jul 7 19:26:03 2020 +0000
>
>     fbmem: add margin check to fb_check_caps()
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=10ff7572500000
> start commit:   f4d51dff Linux 5.9-rc4
> git tree:       upstream
> kernel config:  https://syzkaller.appspot.com/x/.config?x=a9075b36a6ae26c9
> dashboard link: https://syzkaller.appspot.com/bug?extid=d6459d8f8984c0929e54
> userspace arch: i386
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=164270dd900000
>
> If the result looks correct, please mark the issue as fixed by replying with:
>
> #syz fix: fbmem: add margin check to fb_check_caps()
>
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection

#syz fix: fbmem: add margin check to fb_check_caps()