lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Wed, 18 Nov 2015 13:55:36 +0100
From:	Andrea Gelmini <andrea.gelmini@...ux.it>
To:	linux-acpi@...r.kernel.org
Cc:	"Rafael J. Wysocki" <rjw@...ysocki.net>, devel@...ica.org,
	linux-kernel@...r.kernel.org
Subject: BUG: KASAN: stack-out-of-bounds in acpi_ns_lookup+0x16f/0x86b

Hi everybody,
   and thanks a lot for your work.

   I'm using my main laptop (no virtualized environment) with Kasan
   enabled. Kernel it's the Linus latest commit,¹ plus a few pulls
   from different git trees (BTRFS, drm-intel, ecc.). You can find
   a detailed list in the attached file: added_commit.txt.gz

   Anyway, after a suspend/resume I've got this:

[ 4576.788539] ACPI: Low-level resume complete
[ 4576.788571] ==================================================================
[ 4576.788582] BUG: KASAN: stack-out-of-bounds in acpi_ns_lookup+0x16f/0x86b at addr ffff8802279ff820
[ 4576.788585] Read of size 8 by task systemd-sleep/7762
[ 4576.788588] page:ffffea00089e7fc0 count:0 mapcount:0 mapping:          (null) index:0x0
[ 4576.788590] flags: 0x8000000000000000()
[ 4576.788590] page dumped because: kasan: bad access detected
[ 4576.788594] CPU: 0 PID: 7762 Comm: systemd-sleep Tainted: G           OE   4.4.0-rc1Kasan-00497-g8f91a43 #23
[ 4576.788595] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA3WW (2.63 ) 04/16/2015
[ 4576.788599]  ffff8802279ff820 ffff8802279ff5b0 ffffffff819ba777 ffffffff82ef87e0
[ 4576.788601]  ffff8802279ff638 ffffffff813ea321 ffff8802279ff6a0 0000000000000082
[ 4576.788603]  0000000000000046 0000000000000082 ffffffff02088020 0000000000000082
[ 4576.788603] Call Trace:
[ 4576.788607]  [<ffffffff819ba777>] dump_stack+0x4b/0x74
[ 4576.788611]  [<ffffffff813ea321>] kasan_report_error+0x511/0x540
[ 4576.788614]  [<ffffffff813e2e3f>] ? set_track+0x6f/0x120
[ 4576.788617]  [<ffffffff813ea44e>] __asan_report_load8_noabort+0x3e/0x40
[ 4576.788619]  [<ffffffff81bb6cda>] ? acpi_ns_lookup+0x16f/0x86b
[ 4576.788621]  [<ffffffff81bb6cda>] acpi_ns_lookup+0x16f/0x86b
[ 4576.788623]  [<ffffffff813e97ae>] ? kasan_kmalloc+0x5e/0x70
[ 4576.788626]  [<ffffffff81bb6b6b>] ? acpi_enter_sleep_state+0xed/0xed
[ 4576.788629]  [<ffffffff81bc02af>] ? acpi_ns_internalize_name+0xf6/0x15b
[ 4576.788631]  [<ffffffff81bc01b9>] ? acpi_ns_build_internal_name+0x42d/0x42d
[ 4576.788635]  [<ffffffff81029c36>] ? dump_trace+0x116/0x310
[ 4576.788638]  [<ffffffff81b60024>] ? acpi_os_wait_semaphore+0x47/0x62
[ 4576.788641]  [<ffffffff81bc0a72>] acpi_ns_get_node+0x1e3/0x239
[ 4576.788643]  [<ffffffff81bc088f>] ? acpi_ns_opens_scope+0x64/0x64
[ 4576.788646]  [<ffffffff813e62ef>] ? alloc_debug_processing+0x14f/0x180
[ 4576.788648]  [<ffffffff81bb4461>] ? acpi_hw_write+0x10b/0x137
[ 4576.788650]  [<ffffffff81bb4356>] ? acpi_hw_read_multiple+0x177/0x177
[ 4576.788653]  [<ffffffff81bb9523>] acpi_ns_evaluate+0xb3/0x853
[ 4576.788655]  [<ffffffff81bb9523>] ? acpi_ns_evaluate+0xb3/0x853
[ 4576.788657]  [<ffffffff813e97ae>] ? kasan_kmalloc+0x5e/0x70
[ 4576.788660]  [<ffffffff813e9a8d>] ? kasan_slab_alloc+0xd/0x10
[ 4576.788662]  [<ffffffff813e9736>] ? kasan_unpoison_shadow+0x36/0x50
[ 4576.788664]  [<ffffffff81bb6018>] acpi_get_sleep_type_data+0x11a/0x58a
[ 4576.788667]  [<ffffffff81bb4e6e>] acpi_hw_legacy_wake_prep+0x74/0x204
[ 4576.788669]  [<ffffffff81bb4dfa>] ? acpi_hw_legacy_sleep+0x39f/0x39f
[ 4576.788671]  [<ffffffff81bb5afa>] ? acpi_write_bit_register+0x279/0x2ab
[ 4576.788673]  [<ffffffff81bb5881>] ? acpi_read_bit_register+0x173/0x173
[ 4576.788676]  [<ffffffff81bb673a>] acpi_hw_sleep_dispatch+0xb0/0xb5
[ 4576.788678]  [<ffffffff81bb6751>] acpi_leave_sleep_state_prep+0x12/0x14
[ 4576.788680]  [<ffffffff81b62dc2>] acpi_suspend_enter+0x123/0x19c
[ 4576.788682]  [<ffffffff81b62c9f>] ? acpi_hibernation_enter+0x2f/0x2f
[ 4576.788686]  [<ffffffff811c5e58>] suspend_devices_and_enter+0x7d8/0x980
[ 4576.788689]  [<ffffffff81319808>] ? printk+0x94/0xb0
[ 4576.788692]  [<ffffffff811c5680>] ? arch_suspend_enable_irqs+0x10/0x10
[ 4576.788694]  [<ffffffff811b41df>] ? __wake_up+0x3f/0x50
[ 4576.788697]  [<ffffffff811c6480>] pm_suspend+0x480/0x600
[ 4576.788699]  [<ffffffff811c3e1d>] state_store+0x9d/0x110
[ 4576.788701]  [<ffffffff819bfa90>] ? kobj_attr_show+0x60/0x60
[ 4576.788704]  [<ffffffff815749b0>] ? sysfs_kf_bin_read+0x2c0/0x2c0
[ 4576.788706]  [<ffffffff819bfac6>] kobj_attr_store+0x36/0x70
[ 4576.788708]  [<ffffffff81574adc>] sysfs_kf_write+0x12c/0x1f0
[ 4576.788710]  [<ffffffff81572938>] kernfs_fop_write+0x1f8/0x3a0
[ 4576.788713]  [<ffffffff8142758b>] __vfs_write+0xdb/0x4a0
[ 4576.788716]  [<ffffffff813442c8>] ? lru_cache_add_active_or_unevictable+0x48/0x110
[ 4576.788718]  [<ffffffff814274b0>] ? __vfs_read+0x490/0x490
[ 4576.788721]  [<ffffffff8138b2e4>] ? handle_mm_fault+0x14e4/0x3430
[ 4576.788723]  [<ffffffff8139c77e>] ? do_mmap+0x61e/0x900
[ 4576.788727]  [<ffffffff818c56ad>] ? security_mmap_file+0x6d/0x180
[ 4576.788729]  [<ffffffff81389e00>] ? vm_insert_page+0x4e0/0x4e0
[ 4576.788731]  [<ffffffff81361ab4>] ? vm_mmap_pgoff+0x144/0x190
[ 4576.788733]  [<ffffffff81428977>] ? rw_verify_area+0xb7/0x290
[ 4576.788735]  [<ffffffff81434c11>] ? vfs_getattr+0x21/0x30
[ 4576.788737]  [<ffffffff81428f47>] vfs_write+0x137/0x4b0
[ 4576.788740]  [<ffffffff8142bbb3>] SyS_write+0x103/0x220
[ 4576.788742]  [<ffffffff8142bab0>] ? SyS_read+0x220/0x220
[ 4576.788745]  [<ffffffff8254abf6>] entry_SYSCALL_64_fastpath+0x16/0x75
[ 4576.788746] Memory state around the buggy address:
[ 4576.788749]  ffff8802279ff700: f4 f4 f2 f2 f2 f2 00 f4 f4 f4 f3 f3 f3 f3 00 00
[ 4576.788750]  ffff8802279ff780: 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4 f2 f2
[ 4576.788752] >ffff8802279ff800: f2 f2 00 00 f3 f3 00 00 00 00 00 00 f4 f4 f3 f3
[ 4576.788753]                                ^
[ 4576.788754]  ffff8802279ff880: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 f4
[ 4576.788755]  ffff8802279ff900: f4 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00
[ 4576.788756] ==================================================================
[ 4576.788757] Disabling lock debugging due to kernel taint


Thanks a lot,
Andrea

---
¹ 7f151f1d8abb7d5930b49d4796b463dca1673cb7

Download attachment "added_commit.txt.gz" of type "application/gzip" (18084 bytes)

Download attachment "dmesg.txt.gz" of type "application/gzip" (23556 bytes)

Download attachment "dmidecode.txt.gz" of type "application/gzip" (4068 bytes)

Download attachment "kernel-config.txt.gz" of type "application/gzip" (41577 bytes)

Download attachment "lspci.txt.gz" of type "application/gzip" (501 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ