kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit: 195303136f19 Merge tag 'kconfig-v4.21-2' of git://git.kern..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14ebfb53400000
kernel config: https://syzkaller.appspot.com/x/.config?x=76d28549be7c27cf
dashboard link: https://syzkaller.appspot.com/bug?extid=d14090007dc9ba5fa9b7
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
CC: []

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d14090...@syzkaller.appspotmail.com

EFER = 0x0000000000000001 PAT = 0x0007040600070406
DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in:
rcu_dynticks_curr_cpu_in_eqs+0x169/0x170 kernel/rcu/tree.c:306
CPU: 1 PID: 1978 Comm: syz-executor4 Not tainted 4.20.0+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
Kernel Offset: disabled
Rebooting in 86400 seconds..


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.

[syzbot]

syzbot has found a reproducer for the following crash on:

HEAD commit: 8e143b90e4d4 Merge tag 'iommu-updates-v4.21' of git://git...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1148f377400000
kernel config: https://syzkaller.appspot.com/x/.config?x=891850b40e7c01a2

dashboard link: https://syzkaller.appspot.com/bug?extid=d14090007dc9ba5fa9b7
compiler: gcc (GCC) 9.0.0 20181231 (experimental)

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=171af4d7400000
CC: []

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d14090...@syzkaller.appspotmail.com

device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state

Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in:
rcu_dynticks_curr_cpu_in_eqs+0x169/0x170 kernel/rcu/tree.c:306

CPU: 0 PID: 13505 Comm: syz-executor0 Not tainted 4.20.0+ #5

[Dmitry Vyukov]

On Wed, Jan 2, 2019 at 7:17 PM syzbot
<syzbot+d14090...@syzkaller.appspotmail.com> wrote:
>
> syzbot has found a reproducer for the following crash on:
>
> HEAD commit: 8e143b90e4d4 Merge tag 'iommu-updates-v4.21' of git://git...
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1148f377400000
> kernel config: https://syzkaller.appspot.com/x/.config?x=891850b40e7c01a2
> dashboard link: https://syzkaller.appspot.com/bug?extid=d14090007dc9ba5fa9b7
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=171af4d7400000
> CC: []
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+d14090...@syzkaller.appspotmail.com

Random manifestation of the stack overflow/corruption:

#syz dup: kernel panic: stack is corrupted in udp4_lib_lookup2

See https://groups.google.com/forum/#!msg/syzkaller-bugs/vr87kmG5qRI/31nOcuVsFgAJ

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger
crash:

Reported-and-tested-by:
syzbot+d14090...@syzkaller.appspotmail.com

Tested on:

commit: 8e143b90e4d4 Merge tag 'iommu-updates-v4.21' of git://git...
git tree:

git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel config: https://syzkaller.appspot.com/x/.config?x=891850b40e7c01a2

compiler: gcc (GCC) 9.0.0 20181231 (experimental)

patch: https://syzkaller.appspot.com/x/patch.diff?x=1042da9f400000

Note: testing is done by a robot and is best-effort only.