KASAN: stack-out-of-bounds Read in corrupted (2)

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: stack-out-of-bounds Read in corrupted kernel	C			1	2119d	2119d	0/26	closed as invalid on 2018/07/05 16:25
upstream	KASAN: stack-out-of-bounds Read in corrupted (3) acpica	C			5	1926d	1938d	0/26	closed as dup on 2019/01/04 11:23

random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) IPVS: ftp: loaded support on port[0] = 21 ================================================================== ------------[ cut here ]------------ BUG: KASAN: stack-out-of-bounds in lookup_object lib/debugobjects.c:157 [inline] BUG: KASAN: stack-out-of-bounds in debug_object_deactivate+0x425/0x450 lib/debugobjects.c:540 ODEBUG: deactivate not available (active state 0) object type: hrtimer hint: tick_sched_timer+0x0/0x130 kernel/time/tick-sched.c:66 Read of size 8 at addr ffff8801d77c00f8 by task swapper/0/0 WARNING: CPU: 1 PID: 4784 at lib/debugobjects.c:329 debug_print_object+0x16a/0x210 lib/debugobjects.c:326 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.18.0-rc3-next-20180706+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x30d mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 lookup_object lib/debugobjects.c:157 [inline] debug_object_deactivate+0x425/0x450 lib/debugobjects.c:540 debug_hrtimer_deactivate kernel/time/hrtimer.c:421 [inline] debug_deactivate kernel/time/hrtimer.c:471 [inline] __run_hrtimer kernel/time/hrtimer.c:1368 [inline] __hrtimer_run_queues+0x2bf/0x10c0 kernel/time/hrtimer.c:1460 hrtimer_interrupt+0x2f3/0x750 kernel/time/hrtimer.c:1518 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline] smp_apic_timer_interrupt+0x165/0x730 arch/x86/kernel/apic/apic.c:1050 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:867 </IRQ> RIP: 0010:native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:54 Code: c7 48 89 45 d8 e8 8a d7 1d fa 48 8b 45 d8 e9 d2 fe ff ff 48 89 df e8 79 d7 1d fa eb 8a 90 90 90 90 90 90 90 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 90 90 90 90 90 RSP: 0018:ffffffff88e07bc0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: 1ffffffff11c0f7b RCX: ffffffff8166aec2 RDX: 1ffffffff11e3650 RSI: 0000000000000004 RDI: ffffffff88f1b280 RBP: ffffffff88e07bc0 R08: ffffed003b5c46d7 R09: ffffed003b5c46d6 R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: 0000000000000000 R13: ffffffff88e07c78 R14: ffffffff899f3360 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0xc7/0x450 arch/x86/kernel/process.c:500 arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:491 default_idle_call+0x6d/0x90 kernel/sched/idle.c:93 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x3aa/0x570 kernel/sched/idle.c:262 cpu_startup_entry+0x10c/0x120 kernel/sched/idle.c:368 rest_init+0xe1/0xe4 init/main.c:442 start_kernel+0x90e/0x949 init/main.c:738 x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:452 x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:433 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242 CPU: 1 PID: 4784 Comm: syz-executor775 Not tainted 4.18.0-rc3-next-20180706+ #1 Allocated by task 0: Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 (stack is not available) Call Trace: <IRQ> Freed by task 3615228464: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 BUG: unable to handle kernel paging request at ffffffff8c3fadc8 PGD 8e6d067 panic+0x238/0x4e7 kernel/panic.c:184 P4D 8e6d067 PUD 8e6e063 PMD 0 Oops: 0000 [#1] SMP KASAN CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.18.0-rc3-next-20180706+ #1 __warn.cold.8+0x163/0x1ba kernel/panic.c:536 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:depot_fetch_stack+0x10/0x30 lib/stackdepot.c:201 report_bug+0x252/0x2d0 lib/bug.c:186 Code: fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296 e8 95 39 45 fe e9 b3 fd ff do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316 ff invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:996 e8 8b RIP: 0010:debug_print_object+0x16a/0x210 lib/debugobjects.c:326 39 Code: 1a 45 88 48 fe 89 fa e9 48 c1 55 fd ea 03 ff ff 80 90 90 3c 02 90 90 00 0f 90 90 85 92 89 f8 00 00 c1 00 48 ef 11 8b 14 25 dd e0 ff 8d 1a ff 1f 88 4c 00 89 f6 81 48 c7 e7 c7 80 f0 83 1a 3f 88 00 00 e8 76 <48> c9 e3 03 3c fd <0f> c5 0b 83 c0 05 f9 6d 43 e9 3b 8b 06 8b 47 01 48 0c 83 c4 48 18 83 c7 5b 41 18 c7 5c 41 46 5d 41 10 5e 41 00 5f 00 RSP: 0018:ffff8801daf07a40 EFLAGS: 00010082 00 00 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000 RDX: 0000000000010000 RSI: ffffffff81634381 RDI: 0000000000000001 RBP: ffff8801daf07a80 R08: ffff8801ab62c2c0 R09: ffffed003b5e3ec2 RSP: 0018:ffff8801dae079c0 EFLAGS: 00010006 R10: ffffed003b5e3ec2 R11: ffff8801daf1f617 R12: 0000000000000001 R13: ffffffff88fa0fe0 R14: ffffffff881a8760 R15: ffffffff816a9510 RAX: 00000000001f8801 RBX: ffff8801d77c0114 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff8801dae079c8 RDI: 0000000000003ff0 RBP: ffff8801dae079f0 R08: ffffffff88e75dc0 R09: ffffed003b5c3ec2 R10: ffffed003b5c3ec2 R11: ffff8801dae1f617 R12: ffff8801d77c00e0 debug_object_deactivate+0x2c7/0x450 lib/debugobjects.c:563 R13: ffff8801d77c00f8 R14: ffff8801da810dc0 R15: ffff8801d77c0108 FS: 0000000000000000(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffff8c3fadc8 CR3: 00000001ad3ab000 CR4: 00000000001406f0 debug_hrtimer_deactivate kernel/time/hrtimer.c:421 [inline] debug_deactivate kernel/time/hrtimer.c:471 [inline] __run_hrtimer kernel/time/hrtimer.c:1368 [inline] __hrtimer_run_queues+0x2bf/0x10c0 kernel/time/hrtimer.c:1460 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> describe_object mm/kasan/report.c:245 [inline] print_address_description+0x11b/0x20b mm/kasan/report.c:263 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x30d mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 lookup_object lib/debugobjects.c:157 [inline] debug_object_deactivate+0x425/0x450 lib/debugobjects.c:540 hrtimer_interrupt+0x2f3/0x750 kernel/time/hrtimer.c:1518 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline] smp_apic_timer_interrupt+0x165/0x730 arch/x86/kernel/apic/apic.c:1050 debug_hrtimer_deactivate kernel/time/hrtimer.c:421 [inline] debug_deactivate kernel/time/hrtimer.c:471 [inline] __run_hrtimer kernel/time/hrtimer.c:1368 [inline] __hrtimer_run_queues+0x2bf/0x10c0 kernel/time/hrtimer.c:1460 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:867 </IRQ> hrtimer_interrupt+0x2f3/0x750 kernel/time/hrtimer.c:1518 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline] smp_apic_timer_interrupt+0x165/0x730 arch/x86/kernel/apic/apic.c:1050 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:867 </IRQ> RIP: 0010:native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:54 Code: c7 48 89 45 d8 e8 8a d7 1d fa 48 8b 45 d8 e9 d2 fe ff ff 48 89 df e8 79 d7 1d fa eb 8a 90 90 90 90 90 90 90 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 90 90 90 90 90 RSP: 0018:ffffffff88e07bc0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: 1ffffffff11c0f7b RCX: ffffffff8166aec2 RDX: 1ffffffff11e3650 RSI: 0000000000000004 RDI: ffffffff88f1b280 RBP: ffffffff88e07bc0 R08: ffffed003b5c46d7 R09: ffffed003b5c46d6 R10: ffffed003b5c46d6 R11: ffff8801dae236b3 R12: 0000000000000000 R13: ffffffff88e07c78 R14: ffffffff899f3360 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0xc7/0x450 arch/x86/kernel/process.c:500 arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:491 default_idle_call+0x6d/0x90 kernel/sched/idle.c:93 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x3aa/0x570 kernel/sched/idle.c:262 cpu_startup_entry+0x10c/0x120 kernel/sched/idle.c:368 rest_init+0xe1/0xe4 init/main.c:442 start_kernel+0x90e/0x949 init/main.c:738 x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:452 x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:433 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242 Modules linked in: Dumping ftrace buffer: (ftrace buffer empty) CR2: ffffffff8c3fadc8 ---[ end trace 88e204b504fe4972 ]--- RIP: 0010:depot_fetch_stack+0x10/0x30 lib/stackdepot.c:201 Code: e8 95 39 45 fe e9 b3 fd ff ff e8 8b 39 45 fe e9 55 fd ff ff 90 90 90 90 90 90 89 f8 c1 ef 11 25 ff ff 1f 00 81 e7 f0 3f 00 00 <48> 03 3c c5 c0 6d 43 8b 8b 47 0c 48 83 c7 18 c7 46 10 00 00 00 00 RSP: 0018:ffff8801dae079c0 EFLAGS: 00010006 RAX: 00000000001f8801 RBX: ffff8801d77c0114 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff8801dae079c8 RDI: 0000000000003ff0 RBP: ffff8801dae079f0 R08: ffffffff88e75dc0 R09: ffffed003b5c3ec2 R10: ffffed003b5c3ec2 R11: ffff8801dae1f617 R12: ffff8801d77c00e0 R13: ffff8801d77c00f8 R14: ffff8801da810dc0 R15: ffff8801d77c0108 FS: 0000000000000000(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffff8c3fadc8 CR3: 00000001ad3ab000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Shutting down cpus with NMI Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled Rebooting in 86400 seconds..