Re: [PATCH v3] riscv: stacktrace: fix stack-out-of-bounds in walk_stackframe()
From: Jiakai Xu
Date: Tue Jun 30 2026 - 04:52:52 EST
> Hi Jiakai,
>
> I came across the Sashiko AI review of this patch and was able to
> reproduce the overflow_stack OOB issue it flagged — a KASAN
> stack-out-of-bounds in walk_stackframe() on riscv64 QEMU.
Hi Xiao,
Thanks for the testing and the PoC.
> When the stack pointer falls outside the task stack — for example when
> unwinding from the overflow_stack during a stack overflow panic, or
> when reading /proc/<pid>/stack for a remote task whose saved SP
> happens to be on the overflow_stack — this code falls through to the
> `IS_ENABLED(CONFIG_IRQ_STACKS)` branch and uses the IRQ stack boundary
> as the upper limit.
>
> The IRQ stack is 32KB (IRQ_STACK_SIZE) while the overflow_stack is
> only 4KB (OVERFLOW_STACK_SIZE). Using the IRQ stack boundary when the
> SP is actually on the overflow_stack lets the unwinder read well past
> the end of the valid overflow_stack allocation, triggering a KASAN
> stack-out-of-bounds.
Good point. I'll add a dedicated overflow_stack check with the
correct 4 KiB boundary.
Jiakai