* [syzbot] [kernel?] WARNING in request_threaded_irq @ 2026-02-20 13:13 syzbot 2026-02-24 18:24 ` Thomas Gleixner 0 siblings, 1 reply; 3+ messages in thread From: syzbot @ 2026-02-20 13:13 UTC (permalink / raw) To: linux-kernel, syzkaller-bugs, tglx Hello, syzbot found the following issue on: HEAD commit: 18be4ca5cb4e riscv: lib: optimize strlen loop efficiency git tree: git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git for-next console output: https://syzkaller.appspot.com/x/log.txt?x=1166f6e6580000 kernel config: https://syzkaller.appspot.com/x/.config?x=781a4eb07921464d dashboard link: https://syzkaller.appspot.com/bug?extid=1f1c9d0fa117b165b233 compiler: riscv64-linux-gnu-gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44 userspace arch: riscv64 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/a741b348759c/non_bootable_disk-18be4ca5.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/c6b87a8d77c4/vmlinux-18be4ca5.xz kernel image: https://storage.googleapis.com/syzbot-assets/d5126373321c/Image-18be4ca5.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+1f1c9d0fa117b165b233@syzkaller.appspotmail.com ------------[ cut here ]------------ WARNING: [irq_settings_is_per_cpu_devid(desc)] kernel/irq/manage.c:2125 at request_threaded_irq+0x320/0x38c kernel/irq/manage.c:2125, CPU#1: syz.0.10/3870 Modules linked in: CPU: 1 UID: 0 PID: 3870 Comm: syz.0.10 Not tainted syzkaller #0 PREEMPT Hardware name: riscv-virtio,qemu (DT) epc : request_threaded_irq+0x320/0x38c kernel/irq/manage.c:2125 ra : request_threaded_irq+0x320/0x38c kernel/irq/manage.c:2125 epc : ffffffff8032d750 ra : ffffffff8032d750 sp : ffff8f800ac67810 gp : ffffffff89f9df20 tp : ffffaf801c74cf80 t0 : ffffffff86391c0a t1 : ffffffff9136c6e0 t2 : ffffffff8016a132 s0 : ffff8f800ac67870 s1 : 0000000000000000 a0 : 0000000000000005 a1 : 0000000000000000 a2 : 0000000000080000 a3 : ffffffff8032d750 a4 : ffff8f8004d6e1e8 a5 : 00000000002041e8 a6 : 0000000000000003 a7 : ffffffff86660460 s2 : 0000000000200000 s3 : ffffaf8011e8d000 s4 : 0000000000000005 s5 : ffffffff84b56ef4 s6 : ffffaf801cd37000 s7 : 0000000000000000 s8 : ffffffff87597e60 s9 : 0000000000020000 s10: ffffaf801cd37000 s11: 0000000000000001 t3 : 0000000000000001 t4 : 0000000000001fff t5 : 00000000000000c8 t6 : 0000000000000002 ssp : 0000000000000000 status: 0000000200000120 badaddr: ffffffff8032d750 cause: 0000000000000003 [<ffffffff8032d750>] request_threaded_irq+0x320/0x38c kernel/irq/manage.c:2125 [<ffffffff84b58918>] request_irq include/linux/interrupt.h:176 [inline] [<ffffffff84b58918>] parport_attach drivers/comedi/drivers/comedi_parport.c:235 [inline] [<ffffffff84b58918>] parport_attach+0x780/0xb14 drivers/comedi/drivers/comedi_parport.c:224 [<ffffffff84b492bc>] comedi_device_attach+0x350/0x7ec drivers/comedi/drivers.c:1069 [<ffffffff84b35136>] do_devconfig_ioctl+0x1a2/0x654 drivers/comedi/comedi_fops.c:928 [<ffffffff84b3dfd8>] comedi_unlocked_ioctl+0x338/0x2c10 drivers/comedi/comedi_fops.c:2240 [<ffffffff80ca9130>] vfs_ioctl fs/ioctl.c:51 [inline] [<ffffffff80ca9130>] __do_sys_ioctl fs/ioctl.c:597 [inline] [<ffffffff80ca9130>] __se_sys_ioctl fs/ioctl.c:583 [inline] [<ffffffff80ca9130>] __riscv_sys_ioctl+0x17c/0x1e4 fs/ioctl.c:583 [<ffffffff80078192>] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112 [<ffffffff86391c0a>] do_trap_ecall_u+0x3d2/0x58c arch/riscv/kernel/traps.c:344 [<ffffffff863bb61e>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [syzbot] [kernel?] WARNING in request_threaded_irq 2026-02-20 13:13 [syzbot] [kernel?] WARNING in request_threaded_irq syzbot @ 2026-02-24 18:24 ` Thomas Gleixner 2026-02-25 10:29 ` Ian Abbott 0 siblings, 1 reply; 3+ messages in thread From: Thomas Gleixner @ 2026-02-24 18:24 UTC (permalink / raw) To: syzbot, linux-kernel, syzkaller-bugs; +Cc: Ian Abbott, Greg Kroah-Hartman On Fri, Feb 20 2026 at 05:13, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 18be4ca5cb4e riscv: lib: optimize strlen loop efficiency > git tree: git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git for-next > console output: https://syzkaller.appspot.com/x/log.txt?x=1166f6e6580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=781a4eb07921464d > dashboard link: https://syzkaller.appspot.com/bug?extid=1f1c9d0fa117b165b233 > compiler: riscv64-linux-gnu-gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44 > userspace arch: riscv64 > > Unfortunately, I don't have any reproducer for this issue yet. > > Downloadable assets: > disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/a741b348759c/non_bootable_disk-18be4ca5.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/c6b87a8d77c4/vmlinux-18be4ca5.xz > kernel image: https://storage.googleapis.com/syzbot-assets/d5126373321c/Image-18be4ca5.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+1f1c9d0fa117b165b233@syzkaller.appspotmail.com > > ------------[ cut here ]------------ > WARNING: [irq_settings_is_per_cpu_devid(desc)] kernel/irq/manage.c:2125 at request_threaded_irq+0x320/0x38c kernel/irq/manage.c:2125, CPU#1: syz.0.10/3870 > Modules linked in: > CPU: 1 UID: 0 PID: 3870 Comm: syz.0.10 Not tainted syzkaller #0 PREEMPT > Hardware name: riscv-virtio,qemu (DT) > epc : request_threaded_irq+0x320/0x38c kernel/irq/manage.c:2125 > ra : request_threaded_irq+0x320/0x38c kernel/irq/manage.c:2125 > epc : ffffffff8032d750 ra : ffffffff8032d750 sp : ffff8f800ac67810 > gp : ffffffff89f9df20 tp : ffffaf801c74cf80 t0 : ffffffff86391c0a > t1 : ffffffff9136c6e0 t2 : ffffffff8016a132 s0 : ffff8f800ac67870 > s1 : 0000000000000000 a0 : 0000000000000005 a1 : 0000000000000000 > a2 : 0000000000080000 a3 : ffffffff8032d750 a4 : ffff8f8004d6e1e8 > a5 : 00000000002041e8 a6 : 0000000000000003 a7 : ffffffff86660460 > s2 : 0000000000200000 s3 : ffffaf8011e8d000 s4 : 0000000000000005 > s5 : ffffffff84b56ef4 s6 : ffffaf801cd37000 s7 : 0000000000000000 > s8 : ffffffff87597e60 s9 : 0000000000020000 s10: ffffaf801cd37000 > s11: 0000000000000001 t3 : 0000000000000001 t4 : 0000000000001fff > t5 : 00000000000000c8 t6 : 0000000000000002 ssp : 0000000000000000 > status: 0000000200000120 badaddr: ffffffff8032d750 cause: 0000000000000003 > [<ffffffff8032d750>] request_threaded_irq+0x320/0x38c kernel/irq/manage.c:2125 > [<ffffffff84b58918>] request_irq include/linux/interrupt.h:176 [inline] > [<ffffffff84b58918>] parport_attach drivers/comedi/drivers/comedi_parport.c:235 [inline] > [<ffffffff84b58918>] parport_attach+0x780/0xb14 drivers/comedi/drivers/comedi_parport.c:224 > [<ffffffff84b492bc>] comedi_device_attach+0x350/0x7ec drivers/comedi/drivers.c:1069 > [<ffffffff84b35136>] do_devconfig_ioctl+0x1a2/0x654 drivers/comedi/comedi_fops.c:928 So do_devconfig_ioctl() copies the device configuration from user space and hands it to the comedi parport driver, which takes the random provided interrupt number unvalidated and requests the interrupt which trips the warning in the core code as the interrupt is marked as per CPU. > [<ffffffff84b3dfd8>] comedi_unlocked_ioctl+0x338/0x2c10 drivers/comedi/comedi_fops.c:2240 > [<ffffffff80ca9130>] vfs_ioctl fs/ioctl.c:51 [inline] > [<ffffffff80ca9130>] __do_sys_ioctl fs/ioctl.c:597 [inline] > [<ffffffff80ca9130>] __se_sys_ioctl fs/ioctl.c:583 [inline] > [<ffffffff80ca9130>] __riscv_sys_ioctl+0x17c/0x1e4 fs/ioctl.c:583 > [<ffffffff80078192>] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112 > [<ffffffff86391c0a>] do_trap_ecall_u+0x3d2/0x58c arch/riscv/kernel/traps.c:344 > [<ffffffff863bb61e>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232 > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > If the report is already addressed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want to overwrite report's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the report is a duplicate of another one, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [syzbot] [kernel?] WARNING in request_threaded_irq 2026-02-24 18:24 ` Thomas Gleixner @ 2026-02-25 10:29 ` Ian Abbott 0 siblings, 0 replies; 3+ messages in thread From: Ian Abbott @ 2026-02-25 10:29 UTC (permalink / raw) To: Thomas Gleixner, syzbot, linux-kernel, syzkaller-bugs; +Cc: Greg Kroah-Hartman On 24/02/2026 18:24, Thomas Gleixner wrote: > On Fri, Feb 20 2026 at 05:13, syzbot wrote: > >> Hello, >> >> syzbot found the following issue on: >> >> HEAD commit: 18be4ca5cb4e riscv: lib: optimize strlen loop efficiency >> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git for-next >> console output: https://syzkaller.appspot.com/x/log.txt?x=1166f6e6580000 >> kernel config: https://syzkaller.appspot.com/x/.config?x=781a4eb07921464d >> dashboard link: https://syzkaller.appspot.com/bug?extid=1f1c9d0fa117b165b233 >> compiler: riscv64-linux-gnu-gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44 >> userspace arch: riscv64 >> >> Unfortunately, I don't have any reproducer for this issue yet. >> >> Downloadable assets: >> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/a741b348759c/non_bootable_disk-18be4ca5.raw.xz >> vmlinux: https://storage.googleapis.com/syzbot-assets/c6b87a8d77c4/vmlinux-18be4ca5.xz >> kernel image: https://storage.googleapis.com/syzbot-assets/d5126373321c/Image-18be4ca5.xz >> >> IMPORTANT: if you fix the issue, please add the following tag to the commit: >> Reported-by: syzbot+1f1c9d0fa117b165b233@syzkaller.appspotmail.com >> >> ------------[ cut here ]------------ >> WARNING: [irq_settings_is_per_cpu_devid(desc)] kernel/irq/manage.c:2125 at request_threaded_irq+0x320/0x38c kernel/irq/manage.c:2125, CPU#1: syz.0.10/3870 >> Modules linked in: >> CPU: 1 UID: 0 PID: 3870 Comm: syz.0.10 Not tainted syzkaller #0 PREEMPT >> Hardware name: riscv-virtio,qemu (DT) >> epc : request_threaded_irq+0x320/0x38c kernel/irq/manage.c:2125 >> ra : request_threaded_irq+0x320/0x38c kernel/irq/manage.c:2125 >> epc : ffffffff8032d750 ra : ffffffff8032d750 sp : ffff8f800ac67810 >> gp : ffffffff89f9df20 tp : ffffaf801c74cf80 t0 : ffffffff86391c0a >> t1 : ffffffff9136c6e0 t2 : ffffffff8016a132 s0 : ffff8f800ac67870 >> s1 : 0000000000000000 a0 : 0000000000000005 a1 : 0000000000000000 >> a2 : 0000000000080000 a3 : ffffffff8032d750 a4 : ffff8f8004d6e1e8 >> a5 : 00000000002041e8 a6 : 0000000000000003 a7 : ffffffff86660460 >> s2 : 0000000000200000 s3 : ffffaf8011e8d000 s4 : 0000000000000005 >> s5 : ffffffff84b56ef4 s6 : ffffaf801cd37000 s7 : 0000000000000000 >> s8 : ffffffff87597e60 s9 : 0000000000020000 s10: ffffaf801cd37000 >> s11: 0000000000000001 t3 : 0000000000000001 t4 : 0000000000001fff >> t5 : 00000000000000c8 t6 : 0000000000000002 ssp : 0000000000000000 >> status: 0000000200000120 badaddr: ffffffff8032d750 cause: 0000000000000003 >> [<ffffffff8032d750>] request_threaded_irq+0x320/0x38c kernel/irq/manage.c:2125 >> [<ffffffff84b58918>] request_irq include/linux/interrupt.h:176 [inline] >> [<ffffffff84b58918>] parport_attach drivers/comedi/drivers/comedi_parport.c:235 [inline] >> [<ffffffff84b58918>] parport_attach+0x780/0xb14 drivers/comedi/drivers/comedi_parport.c:224 >> [<ffffffff84b492bc>] comedi_device_attach+0x350/0x7ec drivers/comedi/drivers.c:1069 >> [<ffffffff84b35136>] do_devconfig_ioctl+0x1a2/0x654 drivers/comedi/comedi_fops.c:928 > > So do_devconfig_ioctl() copies the device configuration from user space > and hands it to the comedi parport driver, which takes the random > provided interrupt number unvalidated and requests the interrupt which > trips the warning in the core code as the interrupt is marked as per CPU. That is by design. It does require CAP_SYSADMIN privileges, though. There is similar functionality in the TTY serial drivers, for example (TIOCSSERIAL ioctl), although that does have a security lock-down reason associated with it, at least in the "serial_core" module. > >> [<ffffffff84b3dfd8>] comedi_unlocked_ioctl+0x338/0x2c10 drivers/comedi/comedi_fops.c:2240 >> [<ffffffff80ca9130>] vfs_ioctl fs/ioctl.c:51 [inline] >> [<ffffffff80ca9130>] __do_sys_ioctl fs/ioctl.c:597 [inline] >> [<ffffffff80ca9130>] __se_sys_ioctl fs/ioctl.c:583 [inline] >> [<ffffffff80ca9130>] __riscv_sys_ioctl+0x17c/0x1e4 fs/ioctl.c:583 >> [<ffffffff80078192>] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112 >> [<ffffffff86391c0a>] do_trap_ecall_u+0x3d2/0x58c arch/riscv/kernel/traps.c:344 >> [<ffffffff863bb61e>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232 >> >> >> --- >> This report is generated by a bot. It may contain errors. >> See https://goo.gl/tpsmEJ for more information about syzbot. >> syzbot engineers can be reached at syzkaller@googlegroups.com. >> >> syzbot will keep track of this issue. See: >> https://goo.gl/tpsmEJ#status for how to communicate with syzbot. >> >> If the report is already addressed, let syzbot know by replying with: >> #syz fix: exact-commit-title >> >> If you want to overwrite report's subsystems, reply with: >> #syz set subsystems: new-subsystem >> (See the list of subsystem names on the web dashboard) >> >> If the report is a duplicate of another one, reply with: >> #syz dup: exact-subject-of-another-report >> >> If you want to undo deduplication, reply with: >> #syz undup -- -=( Ian Abbott <abbotti@mev.co.uk> || MEV Ltd. is a company )=- -=( registered in England & Wales. Regd. number: 02862268. )=- -=( Regd. addr.: S11 & 12 Building 67, Europa Business Park, )=- -=( Bird Hall Lane, STOCKPORT, SK3 0XA, UK. || www.mev.co.uk )=- ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-02-25 11:44 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-02-20 13:13 [syzbot] [kernel?] WARNING in request_threaded_irq syzbot 2026-02-24 18:24 ` Thomas Gleixner 2026-02-25 10:29 ` Ian Abbott
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox