Re: [syzbot] [kernel?] KASAN: slab-out-of-bounds Read in __futex_pivot_hash

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+0a5079ee014f4b907817@syzkaller.appspotmail.com>
To: eadavis@qq.com, linux-kernel@vger.kernel.org,
	 syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [kernel?] KASAN: slab-out-of-bounds Read in __futex_pivot_hash
Date: Sun, 01 Jun 2025 20:15:02 -0700	[thread overview]
Message-ID: <683d1736.a00a0220.d8eae.003e.GAE@google.com> (raw)
In-Reply-To: <tencent_BEF362E363C960C3BD0448D77DF76066D105@qq.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in futex_hash_prctl

INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 3 UID: 0 PID: 6500 Comm: syz.0.16 Not tainted 6.15.0-syzkaller-gcd2e103d57e5-dirty #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 assign_lock_key kernel/locking/lockdep.c:987 [inline]
 register_lock_class+0x4a3/0x4c0 kernel/locking/lockdep.c:1302
 __lock_acquire+0xa6/0x1c90 kernel/locking/lockdep.c:5115
 lock_acquire kernel/locking/lockdep.c:5871 [inline]
 lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828
 __mutex_lock_common kernel/locking/mutex.c:602 [inline]
 __mutex_lock+0x199/0xb90 kernel/locking/mutex.c:747
 futex_hash_prctl+0x2fc/0x770 kernel/futex/core.c:1758
 __do_sys_prctl+0x171f/0x24c0 kernel/sys.c:2825
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f516c98e969
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f516d8a5038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d
RAX: ffffffffffffffda RBX: 00007f516cbb5fa0 RCX: 00007f516c98e969
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000004e
RBP: 00007f516ca10ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f516cbb5fa0 R15: 00007ffc88069c38
 </TASK>


Tested on:

commit:         cd2e103d Merge tag 'hardening-v6.16-rc1-fix1-take2' of..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=104b700c580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=4df26174733e11f3
dashboard link: https://syzkaller.appspot.com/bug?extid=0a5079ee014f4b907817
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1574b970580000

next prev parent reply	other threads:[~2025-06-02  3:15 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-01 19:01 [syzbot] [kernel?] KASAN: slab-out-of-bounds Read in __futex_pivot_hash syzbot
2025-06-02  2:59 ` Edward Adam Davis
2025-06-02  3:15   ` syzbot [this message]
2025-06-02  3:19 ` Edward Adam Davis
2025-06-02  3:40   ` syzbot
2025-06-02  4:37 ` [PATCH] futex: sync set the hash table slot Edward Adam Davis
     [not found] <20250601231608.2638-1-hdanton@sina.com>
2025-06-01 23:31 ` [syzbot] [kernel?] KASAN: slab-out-of-bounds Read in __futex_pivot_hash syzbot
     [not found] <20250602043805.2660-1-hdanton@sina.com>
2025-06-02  4:58 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=683d1736.a00a0220.d8eae.003e.GAE@google.com \
    --to=syzbot+0a5079ee014f4b907817@syzkaller.appspotmail.com \
    --cc=eadavis@qq.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.