From: syzbot <syzbot+d56ec896af3637bdb7e4@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: [syzbot] KASAN: wild-memory-access Read in io_wq_worker_running
Date: Fri, 06 Jan 2023 21:20:39 -0800 [thread overview]
Message-ID: <000000000000da806205f1a5b139@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 0966d385830d riscv: Fix auipc+jalr relocation range checks
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes
console output: https://syzkaller.appspot.com/x/log.txt?x=119ff44b880000
kernel config: https://syzkaller.appspot.com/x/.config?x=6295d67591064921
dashboard link: https://syzkaller.appspot.com/bug?extid=d56ec896af3637bdb7e4
compiler: riscv64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: riscv64
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d56ec896af3637bdb7e4@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: wild-memory-access in io_wq_worker_running+0x3e/0xda fs/io-wq.c:684
Read of size 4 at addr 4d019002494080eb by task kworker/u4:4/2069
CPU: 0 PID: 2069 Comm: kworker/u4:4 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
Hardware name: riscv-virtio,qemu (DT)
Workqueue: 0x0 (events_unbound)
Call Trace:
[<ffffffff8000a228>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113
[<ffffffff831668cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119
[<ffffffff831756ba>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106
[<ffffffff80474da6>] __kasan_report mm/kasan/report.c:446 [inline]
[<ffffffff80474da6>] kasan_report+0x1de/0x1e0 mm/kasan/report.c:459
[<ffffffff804759f4>] check_region_inline mm/kasan/generic.c:183 [inline]
[<ffffffff804759f4>] __asan_load4+0x6e/0x96 mm/kasan/generic.c:255
[<ffffffff805d049e>] io_wq_worker_running+0x3e/0xda fs/io-wq.c:684
[<ffffffff831a698a>] sched_update_worker kernel/sched/core.c:6358 [inline]
[<ffffffff831a698a>] schedule+0x100/0x14c kernel/sched/core.c:6372
[<ffffffff80094966>] worker_thread+0x478/0x8fa kernel/workqueue.c:2475
[<ffffffff800a7f58>] kthread+0x19e/0x1fa kernel/kthread.c:377
==================================================================
Unable to handle kernel paging request at virtual address 4d019002494080eb
Oops [#1]
Modules linked in:
CPU: 1 PID: 2069 Comm: kworker/u4:4 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
Hardware name: riscv-virtio,qemu (DT)
Workqueue: 0x0 (events_unbound)
epc : io_wq_worker_running+0x3e/0xda fs/io-wq.c:684
ra : io_wq_worker_running+0x3e/0xda fs/io-wq.c:684
epc : ffffffff805d049e ra : ffffffff805d049e sp : ffffaf800bb37d80
gp : ffffffff85863ac0 tp : ffffaf800bf7e100 t0 : 00000000000001f8
t1 : fffff5ef0181524a t2 : 0000000000000008 s0 : ffffaf800bb37db0
s1 : 4d019002494080e7 a0 : 0000000000000001 a1 : 0000000000000007
a2 : 1ffff5f0017efc20 a3 : ffffffff831a6b2e a4 : 0000000000000000
a5 : ffffaf800bf7f100 a6 : 0000000000f00000 a7 : ffffaf800c0a9253
s2 : ffffaf800bf7e100 s3 : ffffaf800bf7e13c s4 : ffffaf800bf7f100
s5 : ffffaf8007229860 s6 : ffffffff84a0c540 s7 : ffffaf8007229858
s8 : ffffaf8007229850 s9 : ffffffff84c3efc0 s10: ffffaf8009eaaa40
s11: 0000000100012ed1 t3 : 00007fffb787228c t4 : fffff5ef0181524a
t5 : fffff5ef0181524b t6 : 762d766373000000
status: 0000000000000120 badaddr: 4d019002494080eb cause: 000000000000000d
[<ffffffff831a698a>] sched_update_worker kernel/sched/core.c:6358 [inline]
[<ffffffff831a698a>] schedule+0x100/0x14c kernel/sched/core.c:6372
[<ffffffff80094966>] worker_thread+0x478/0x8fa kernel/workqueue.c:2475
[<ffffffff800a7f58>] kthread+0x19e/0x1fa kernel/kthread.c:377
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
next reply other threads:[~2023-01-07 5:20 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-07 5:20 syzbot [this message]
2023-01-07 8:35 ` [syzbot] KASAN: wild-memory-access Read in io_wq_worker_running syzbot
2023-01-08 17:41 ` Jens Axboe
2023-01-09 2:34 ` syzbot
2023-01-09 3:21 ` Jens Axboe
2023-01-09 3:47 ` syzbot
[not found] <20230107132243.5042-1-hdanton@sina.com>
2023-01-07 21:50 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000da806205f1a5b139@google.com \
--to=syzbot+d56ec896af3637bdb7e4@syzkaller.appspotmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.