Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933795AbcK2STz (ORCPT ); Tue, 29 Nov 2016 13:19:55 -0500 Received: from mga05.intel.com ([192.55.52.43]:43961 "EHLO mga05.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932739AbcK2STl (ORCPT ); Tue, 29 Nov 2016 13:19:41 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,717,1473145200"; d="scan'208";a="37003822" Date: Tue, 29 Nov 2016 11:13:01 -0700 From: Scott Bauer To: linux-kernel@vger.kernel.org Cc: jpoimboe@redhat.com, peterz@infradead.org, mingo@kernel.org, luto@amacapital.net Subject: BUG: KASAN: stack-out-of-bounds in unwind_get_return_address Message-ID: <20161129181300.GA29095@sbauer-Z170X-UD5> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 5894 Lines: 89 This is super easy to repro ontop of 4.9-rc7: run pm-suspend and it hits every time [ 968.667086] ================================================================== [ 968.667091] BUG: KASAN: stack-out-of-bounds in unwind_get_return_address+0x11d/0x130 at addr ffff8803867d7878 [ 968.667092] Read of size 8 by task pm-suspend/7774 [ 968.667095] page:ffffea000e19f5c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 968.667096] flags: 0x2ffff0000000000() [ 968.667097] page dumped because: kasan: bad access detected [ 968.667099] CPU: 0 PID: 7774 Comm: pm-suspend Tainted: G B 4.9.0-rc7+ #8 [ 968.667100] Hardware name: Gigabyte Technology Co., Ltd. Z170X-UD5/Z170X-UD5-CF, BIOS F5 03/07/2016 [ 968.667102] ffff8803867d7468 ffffffffb4c0d051 ffff8803867d7500 ffff8803867d7878 [ 968.667103] ffff8803867d74f0 ffffffffb45cbe34 ffffffffb4e64136 ffffffffb4510d42 [ 968.667105] ffff8803828c3f4c 0000000000000097 0000000041b58ab3 ffffffffb6192731 [ 968.667105] Call Trace: [ 968.667108] [] dump_stack+0x63/0x82 [ 968.667110] [] kasan_report_error+0x4b4/0x4e0 [ 968.667112] [] ? acpi_hw_read_port+0xd0/0x1ea [ 968.667113] [] ? kfree_const+0x22/0x30 [ 968.667114] [] ? acpi_hw_validate_io_request+0x1a6/0x1a6 [ 968.667116] [] __asan_report_load8_noabort+0x61/0x70 [ 968.667117] [] ? unwind_get_return_address+0x11d/0x130 [ 968.667118] [] unwind_get_return_address+0x11d/0x130 [ 968.667119] [] ? unwind_next_frame+0x97/0xf0 [ 968.667120] [] __save_stack_trace+0x92/0x100 [ 968.667122] [] save_stack_trace+0x1b/0x20 [ 968.667123] [] save_stack+0x46/0xd0 [ 968.667124] [] ? save_stack_trace+0x1b/0x20 [ 968.667125] [] ? save_stack+0x46/0xd0 [ 968.667126] [] ? kasan_kmalloc+0xad/0xe0 [ 968.667127] [] ? kasan_slab_alloc+0x12/0x20 [ 968.667128] [] ? acpi_hw_read+0x2b6/0x3aa [ 968.667129] [] ? acpi_hw_validate_register+0x20b/0x20b [ 968.667131] [] ? acpi_hw_write_port+0x72/0xc7 [ 968.667132] [] ? acpi_hw_write+0x11f/0x15f [ 968.667133] [] ? acpi_hw_read_multiple+0x19f/0x19f [ 968.667134] [] ? memcpy+0x45/0x50 [ 968.667135] [] ? acpi_hw_write_port+0x72/0xc7 [ 968.667136] [] ? acpi_hw_write+0x11f/0x15f [ 968.667137] [] ? acpi_hw_read_multiple+0x19f/0x19f [ 968.667138] [] ? kasan_unpoison_shadow+0x36/0x50 [ 968.667140] [] kasan_kmalloc+0xad/0xe0 [ 968.667141] [] kasan_slab_alloc+0x12/0x20 [ 968.667142] [] kmem_cache_alloc_trace+0xbc/0x1e0 [ 968.667143] [] ? acpi_get_sleep_type_data+0x9a/0x578 [ 968.667144] [] acpi_get_sleep_type_data+0x9a/0x578 [ 968.667146] [] acpi_hw_legacy_wake_prep+0x88/0x22c [ 968.667147] [] ? acpi_hw_legacy_sleep+0x3c7/0x3c7 [ 968.667148] [] ? acpi_write_bit_register+0x28d/0x2d3 [ 968.667149] [] ? acpi_read_bit_register+0x19b/0x19b [ 968.667150] [] acpi_hw_sleep_dispatch+0xb5/0xba [ 968.667151] [] acpi_leave_sleep_state_prep+0x17/0x19 [ 968.667153] [] acpi_suspend_enter+0x154/0x1e0 [ 968.667154] [] ? trace_suspend_resume+0xe8/0xe8 [ 968.667156] [] suspend_devices_and_enter+0xb09/0xdb0 [ 968.667157] [] ? printk+0xa8/0xd8 [ 968.667158] [] ? arch_suspend_enable_irqs+0x20/0x20 [ 968.667159] [] ? try_to_freeze_tasks+0x295/0x600 [ 968.667160] [] pm_suspend+0x6c9/0x780 [ 968.667162] [] ? finish_wait+0x1f0/0x1f0 [ 968.667163] [] ? suspend_devices_and_enter+0xdb0/0xdb0 [ 968.667164] [] state_store+0xa2/0x120 [ 968.667165] [] ? kobj_attr_show+0x60/0x60 [ 968.667166] [] kobj_attr_store+0x36/0x70 [ 968.667168] [] sysfs_kf_write+0x131/0x200 [ 968.667169] [] kernfs_fop_write+0x295/0x3f0 [ 968.667170] [] __vfs_write+0xef/0x760 [ 968.667172] [] ? handle_mm_fault+0x1346/0x35e0 [ 968.667173] [] ? do_iter_readv_writev+0x660/0x660 [ 968.667174] [] ? __pmd_alloc+0x310/0x310 [ 968.667176] [] ? do_lock_file_wait+0x1e0/0x1e0 [ 968.667178] [] ? apparmor_file_permission+0x18/0x20 [ 968.667179] [] ? security_file_permission+0x73/0x1c0 [ 968.667181] [] ? rw_verify_area+0xbd/0x2b0 [ 968.667182] [] vfs_write+0x149/0x4a0 [ 968.667184] [] SyS_write+0xd9/0x1c0 [ 968.667185] [] ? SyS_read+0x1c0/0x1c0 [ 968.667187] [] entry_SYSCALL_64_fastpath+0x1e/0xad [ 968.667188] Memory state around the buggy address: [ 968.667189] ffff8803867d7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 968.667190] ffff8803867d7780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 968.667191] >ffff8803867d7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 [ 968.667192] ^ [ 968.667192] ffff8803867d7880: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 968.667193] ffff8803867d7900: 00 00 00 f1 f1 f1 f1 04 f4 f4 f4 f3 f3 f3 f3 00 [ 968.667193] ==================================================================