Re: [syzbot] KASAN: slab-out-of-bounds Read in riscv_intc_irq

From: Dmitry Vyukov
Date: Thu Mar 18 2021 - 11:01:16 EST

Next message: Matthew Wilcox: "Re: [PATCH] fs/dcache: fix typos and sentence disorder"
Previous message: Frederic Weisbecker: "Re: [PATCH tip/core/rcu 1/3] rcu: Provide polling interfaces for Tree RCU grace periods"
In reply to: Kefeng Wang: "Re: [syzbot] KASAN: slab-out-of-bounds Read in riscv_intc_irq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 18, 2021 at 3:50 PM Kefeng Wang <wangkefeng.wang@xxxxxxxxxx> wrote:
> >> On 2021/3/14 18:47, Dmitry Vyukov wrote:
> >>> On Sun, Mar 14, 2021 at 11:14 AM syzbot
> >>> <syzbot+005654dd9b8f26bd4c07@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> >>>> Hello,
> >>>>
> >>>> syzbot found the following issue on:
> >>>>
> >>>> HEAD commit: 0d7588ab riscv: process: Fix no prototype for arch_dup_tas..
> >>>> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes
> >>>> console output: https://syzkaller.appspot.com/x/log.txt?x=15a35756d00000
> >>>> kernel config: https://syzkaller.appspot.com/x/.config?x=81c0b708b31626cc
> >>>> dashboard link: https://syzkaller.appspot.com/bug?extid=005654dd9b8f26bd4c07
> >>>> userspace arch: riscv64
> >>>>
> >>>> Unfortunately, I don't have any reproducer for this issue yet.
> >>>>
> >>>> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> >>>> Reported-by: syzbot+005654dd9b8f26bd4c07@xxxxxxxxxxxxxxxxxxxxxxxxx
> >>>>
> >>>> ==================================================================
> >>>> BUG: KASAN: slab-out-of-bounds in riscv_intc_irq+0x24/0xcc drivers/irqchip/irq-riscv-intc.c:24
> >>>> Read of size 8 at addr ffffffe00c963bd0 by task kworker/1:1/4388
> >>>>
> >>>> CPU: 1 PID: 4388 Comm: kworker/1:1 Not tainted 5.12.0-rc2-syzkaller-00467-g0d7588ab9ef9 #0
> >>>> Hardware name: riscv-virtio,qemu (DT)
> >>>> Workqueue: events nsim_dev_trap_report_work
> >>>> Call Trace:
> >>>> [<ffffffe0000096c0>] walk_stackframe+0x0/0x23c arch/riscv/kernel/traps.c:201
> >>>>
> >>>> Allocated by task 76347056:
> >>>> (stack is not available)
> >>>>
> >>>> Last potentially related work creation:
> >>> There seems to be some issue with riscv stack unwinder.
> >>> This does not have stacks.
> >> Hi, could you test with the following patch about the no stack
> >> issue(from v5.11-rc4), I made a mistake when do some cleanup...
> >>
> >> https://lore.kernel.org/linux-riscv/ce5b3533-b75d-c31c-4319-9d29769bbbd5@xxxxxxxxxx/T/#t
> > Hi Kefeng,
> >
> > Please see:
> > http://bit.do/syzbot#no-custom-patches
> >
> > Is a unit-test for this possible? Fuzzing is not a replacement for unit testing.
>
> ok, I mean that the issue about stack unwinder which may cause by my
> previous patch,
>
> if some one want the stack back, it could try the bugfix.

Everybody wants the stack back!
Good, let's wait when it's merged and we will see stacks in all kernel
testing systems.

> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@xxxxxxxxxxxxxxxx.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/093ff4d1-3977-1085-404f-ec46a3b1d8f0%40huawei.com.

Next message: Matthew Wilcox: "Re: [PATCH] fs/dcache: fix typos and sentence disorder"
Previous message: Frederic Weisbecker: "Re: [PATCH tip/core/rcu 1/3] rcu: Provide polling interfaces for Tree RCU grace periods"
In reply to: Kefeng Wang: "Re: [syzbot] KASAN: slab-out-of-bounds Read in riscv_intc_irq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]