KASAN: global-out-of-bounds Read in do_page

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-54	KASAN: use-after-free Read in do_page_fault	C			10	101d	278d	0/2	upstream: reported C repro on 2024/04/25 07:38
upstream	KASAN: stack-out-of-bounds Read in do_page_fault net				1	744d	740d	0/28	auto-obsoleted due to no activity on 2023/04/15 09:50

==================================================================
BUG: KASAN: global-out-of-bounds in do_page_fault+0x36/0xa3c arch/riscv/mm/fault.c:220
Read of size 8 at addr ffffffff858c4c90 by task ksoftirqd/1/19

CPU: 1 PID: 19 Comm: ksoftirqd/1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8000a228>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113
[<ffffffff831668cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119
[<ffffffff831756ba>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106
[<ffffffff8047479e>] print_address_description.constprop.0+0x2a/0x330 mm/kasan/report.c:255
[<ffffffff80474d4c>] __kasan_report mm/kasan/report.c:442 [inline]
[<ffffffff80474d4c>] kasan_report+0x184/0x1e0 mm/kasan/report.c:459
[<ffffffff80475b20>] check_region_inline mm/kasan/generic.c:183 [inline]
[<ffffffff80475b20>] __asan_load8+0x6e/0x96 mm/kasan/generic.c:256
[<ffffffff800115bc>] do_page_fault+0x36/0xa3c arch/riscv/mm/fault.c:220
[<ffffffff80005724>] ret_from_exception+0x0/0x10

The buggy address belongs to the variable:
 __lockdep_no_validate__+0x30/0x40

Memory state around the buggy address:
 ffffffff858c4b80: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9
 ffffffff858c4c00: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9
>ffffffff858c4c80: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
                         ^
 ffffffff858c4d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff858c4d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
Unable to handle kernel paging request at virtual address 0000000000001ffe
Oops [#1]
Modules linked in:
CPU: 1 PID: 19 Comm: ksoftirqd/1 Tainted: G    B             5.17.0-rc1-syzkaller-00002-g0966d385830d #0
Hardware name: riscv-virtio,qemu (DT)
epc : 0x1ffe
 ra : 0x1fff
epc : 0000000000001ffe ra : 0000000000001fff sp : ffffffff858c4ca0
 gp : ffffffff85863ac0 tp : ffffaf8007416100 t0 : 00000000000003e0
 t1 : fffff5ef01caf3ca t2 : 0000000000000000 s0 : 49eae69e17928400
 s1 : ffffaf800cf49000 a0 : ffffaf800be03080 a1 : ffffaf8007416100
 a2 : 1ffff5f000e877fc a3 : ffffaf800be04618 a4 : ffffaf8007417698
 a5 : 0000000000000000 a6 : 0000000000f00000 a7 : ffffaf800e579e53
 s2 : ffffaf800cf48000 s3 : ffffaf800cf48a20 s4 : ffffffff866c2920
 s5 : ffffaf800cf48c00 s6 : 0000000000001fff s7 : 0000000041b58ab3
 s8 : ffffffff8451f630 s9 : ffffffff80110fdc s10: 0000000000000002
 s11: 0000000000000014 t3 : fffffffff3f3f300 t4 : fffff5ef01caf3ca
 t5 : fffff5ef01caf3cb t6 : 0000000000082bbc
status: 0000000000000100 badaddr: 0000000000001ffe cause: 000000000000000c