BUG: KASAN: stack-out-of-bounds in unwind_get_return_address

From: Scott Bauer
Date: Tue Nov 29 2016 - 13:19:57 EST


This is super easy to repro ontop of 4.9-rc7:
run pm-suspend and it hits every time


[ 968.667086] ==================================================================
[ 968.667091] BUG: KASAN: stack-out-of-bounds in unwind_get_return_address+0x11d/0x130 at addr ffff8803867d7878
[ 968.667092] Read of size 8 by task pm-suspend/7774
[ 968.667095] page:ffffea000e19f5c0 count:0 mapcount:0 mapping: (null) index:0x0
[ 968.667096] flags: 0x2ffff0000000000()
[ 968.667097] page dumped because: kasan: bad access detected
[ 968.667099] CPU: 0 PID: 7774 Comm: pm-suspend Tainted: G B 4.9.0-rc7+ #8
[ 968.667100] Hardware name: Gigabyte Technology Co., Ltd. Z170X-UD5/Z170X-UD5-CF, BIOS F5 03/07/2016
[ 968.667102] ffff8803867d7468 ffffffffb4c0d051 ffff8803867d7500 ffff8803867d7878
[ 968.667103] ffff8803867d74f0 ffffffffb45cbe34 ffffffffb4e64136 ffffffffb4510d42
[ 968.667105] ffff8803828c3f4c 0000000000000097 0000000041b58ab3 ffffffffb6192731
[ 968.667105] Call Trace:
[ 968.667108] [<ffffffffb4c0d051>] dump_stack+0x63/0x82
[ 968.667110] [<ffffffffb45cbe34>] kasan_report_error+0x4b4/0x4e0
[ 968.667112] [<ffffffffb4e64136>] ? acpi_hw_read_port+0xd0/0x1ea
[ 968.667113] [<ffffffffb4510d42>] ? kfree_const+0x22/0x30
[ 968.667114] [<ffffffffb4e64066>] ? acpi_hw_validate_io_request+0x1a6/0x1a6
[ 968.667116] [<ffffffffb45cc011>] __asan_report_load8_noabort+0x61/0x70
[ 968.667117] [<ffffffffb411a29d>] ? unwind_get_return_address+0x11d/0x130
[ 968.667118] [<ffffffffb411a29d>] unwind_get_return_address+0x11d/0x130
[ 968.667119] [<ffffffffb411a497>] ? unwind_next_frame+0x97/0xf0
[ 968.667120] [<ffffffffb40b01e2>] __save_stack_trace+0x92/0x100
[ 968.667122] [<ffffffffb40b026b>] save_stack_trace+0x1b/0x20
[ 968.667123] [<ffffffffb45cac76>] save_stack+0x46/0xd0
[ 968.667124] [<ffffffffb40b026b>] ? save_stack_trace+0x1b/0x20
[ 968.667125] [<ffffffffb45cac76>] ? save_stack+0x46/0xd0
[ 968.667126] [<ffffffffb45caeed>] ? kasan_kmalloc+0xad/0xe0
[ 968.667127] [<ffffffffb45cb432>] ? kasan_slab_alloc+0x12/0x20
[ 968.667128] [<ffffffffb4e62d56>] ? acpi_hw_read+0x2b6/0x3aa
[ 968.667129] [<ffffffffb4e62aa0>] ? acpi_hw_validate_register+0x20b/0x20b
[ 968.667131] [<ffffffffb4e642c2>] ? acpi_hw_write_port+0x72/0xc7
[ 968.667132] [<ffffffffb4e63108>] ? acpi_hw_write+0x11f/0x15f
[ 968.667133] [<ffffffffb4e62fe9>] ? acpi_hw_read_multiple+0x19f/0x19f
[ 968.667134] [<ffffffffb45cb065>] ? memcpy+0x45/0x50
[ 968.667135] [<ffffffffb4e642c2>] ? acpi_hw_write_port+0x72/0xc7
[ 968.667136] [<ffffffffb4e63108>] ? acpi_hw_write+0x11f/0x15f
[ 968.667137] [<ffffffffb4e62fe9>] ? acpi_hw_read_multiple+0x19f/0x19f
[ 968.667138] [<ffffffffb45cad86>] ? kasan_unpoison_shadow+0x36/0x50
[ 968.667140] [<ffffffffb45caeed>] kasan_kmalloc+0xad/0xe0
[ 968.667141] [<ffffffffb45cb432>] kasan_slab_alloc+0x12/0x20
[ 968.667142] [<ffffffffb45c757c>] kmem_cache_alloc_trace+0xbc/0x1e0
[ 968.667143] [<ffffffffb4e64de2>] ? acpi_get_sleep_type_data+0x9a/0x578
[ 968.667144] [<ffffffffb4e64de2>] acpi_get_sleep_type_data+0x9a/0x578
[ 968.667146] [<ffffffffb4e63bc9>] acpi_hw_legacy_wake_prep+0x88/0x22c
[ 968.667147] [<ffffffffb4e63b41>] ? acpi_hw_legacy_sleep+0x3c7/0x3c7
[ 968.667148] [<ffffffffb4e64904>] ? acpi_write_bit_register+0x28d/0x2d3
[ 968.667149] [<ffffffffb4e64677>] ? acpi_read_bit_register+0x19b/0x19b
[ 968.667150] [<ffffffffb4e6555d>] acpi_hw_sleep_dispatch+0xb5/0xba
[ 968.667151] [<ffffffffb4e65579>] acpi_leave_sleep_state_prep+0x17/0x19
[ 968.667153] [<ffffffffb4e0e1d4>] acpi_suspend_enter+0x154/0x1e0
[ 968.667154] [<ffffffffb4e0e080>] ? trace_suspend_resume+0xe8/0xe8
[ 968.667156] [<ffffffffb4262539>] suspend_devices_and_enter+0xb09/0xdb0
[ 968.667157] [<ffffffffb44a6069>] ? printk+0xa8/0xd8
[ 968.667158] [<ffffffffb4261a30>] ? arch_suspend_enable_irqs+0x20/0x20
[ 968.667159] [<ffffffffb4260815>] ? try_to_freeze_tasks+0x295/0x600
[ 968.667160] [<ffffffffb4262ea9>] pm_suspend+0x6c9/0x780
[ 968.667162] [<ffffffffb4244010>] ? finish_wait+0x1f0/0x1f0
[ 968.667163] [<ffffffffb42627e0>] ? suspend_devices_and_enter+0xdb0/0xdb0
[ 968.667164] [<ffffffffb425fe02>] state_store+0xa2/0x120
[ 968.667165] [<ffffffffb4c12ca0>] ? kobj_attr_show+0x60/0x60
[ 968.667166] [<ffffffffb4c12cd6>] kobj_attr_store+0x36/0x70
[ 968.667168] [<ffffffffb47b0701>] sysfs_kf_write+0x131/0x200
[ 968.667169] [<ffffffffb47ae0e5>] kernfs_fop_write+0x295/0x3f0
[ 968.667170] [<ffffffffb462aadf>] __vfs_write+0xef/0x760
[ 968.667172] [<ffffffffb454d136>] ? handle_mm_fault+0x1346/0x35e0
[ 968.667173] [<ffffffffb462a9f0>] ? do_iter_readv_writev+0x660/0x660
[ 968.667174] [<ffffffffb454bdf0>] ? __pmd_alloc+0x310/0x310
[ 968.667176] [<ffffffffb47345d0>] ? do_lock_file_wait+0x1e0/0x1e0
[ 968.667178] [<ffffffffb4ad66e8>] ? apparmor_file_permission+0x18/0x20
[ 968.667179] [<ffffffffb4a14773>] ? security_file_permission+0x73/0x1c0
[ 968.667181] [<ffffffffb462ba3d>] ? rw_verify_area+0xbd/0x2b0
[ 968.667182] [<ffffffffb462c069>] vfs_write+0x149/0x4a0
[ 968.667184] [<ffffffffb462f9a9>] SyS_write+0xd9/0x1c0
[ 968.667185] [<ffffffffb462f8d0>] ? SyS_read+0x1c0/0x1c0
[ 968.667187] [<ffffffffb5a708fb>] entry_SYSCALL_64_fastpath+0x1e/0xad
[ 968.667188] Memory state around the buggy address:
[ 968.667189] ffff8803867d7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 968.667190] ffff8803867d7780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 968.667191] >ffff8803867d7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4
[ 968.667192] ^
[ 968.667192] ffff8803867d7880: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[ 968.667193] ffff8803867d7900: 00 00 00 f1 f1 f1 f1 04 f4 f4 f4 f3 f3 f3 f3 00
[ 968.667193] ==================================================================