Re: [dmaengine] fe364a7d95: UBSAN:array-index-out-of-bounds_in_drivers/acpi/acpica/dswexec.c

From: Oliver Urbann
Date: Sat Oct 09 2021 - 18:00:16 EST

Next message: pr-tracker-bot: "Re: [PULL REQUEST] i2c for v5.15"
Previous message: James Bottomley: "[GIT PULL] SCSI fixes for 5.15-rc3"
Next in thread: Andy Shevchenko: "Re: [dmaengine] fe364a7d95: UBSAN:array-index-out-of-bounds_in_drivers/acpi/acpica/dswexec.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

this actually crashes s2idle e.g. on Surface Book 1 and Surface Pro 4:

================================================================================
[ 294.673738] UBSAN: array-index-out-of-bounds in drivers/acpi/acpica/dswexec.c:401:12
[ 294.673748] index -1 is out of range for type 'acpi_operand_object *[9]'
[ 294.673755] CPU: 3 PID: 6477 Comm: systemd-sleep Tainted: G C 5.14.9-surface-ubsan-test #1
[ 294.673762] Hardware name: Microsoft Corporation Surface Book/Surface Book, BIOS 92.3748.768 05.04.2021
[ 294.673765] Call Trace:
[ 294.673771] dump_stack_lvl+0x4a/0x5f
[ 294.673784] dump_stack+0x10/0x12
[ 294.673792] ubsan_epilogue+0x9/0x50
[ 294.673798] __ubsan_handle_out_of_bounds+0x6f/0x80
[ 294.673805] acpi_ds_exec_end_op+0x1a0/0x79a
[ 294.673812] acpi_ps_parse_loop+0x7f5/0x8cc
[ 294.673820] acpi_ps_parse_aml+0x1bb/0x55d
[ 294.673828] acpi_ps_execute_method+0x20f/0x2d1
[ 294.673836] acpi_ns_evaluate+0x34d/0x4ef
[ 294.673841] acpi_evaluate_object+0x210/0x3da
[ 294.673848] acpi_evaluate_dsm+0xaa/0x120
[ 294.673857] ? flush_workqueue+0x19b/0x3e0
[ 294.673864] acpi_sleep_run_lps0_dsm+0x5a/0xc0
[ 294.673873] acpi_s2idle_restore_early+0x62/0x110
[ 294.673881] ? acpi_s2idle_restore_early+0x62/0x110
[ 294.673887] suspend_devices_and_enter+0x2a1/0x800
[ 294.673895] pm_suspend+0x2e5/0x420
[ 294.673900] state_store+0x85/0xf0
[ 294.673905] kobj_attr_store+0x12/0x20
[ 294.673913] sysfs_kf_write+0x3c/0x50
[ 294.673921] kernfs_fop_write_iter+0x13c/0x1b0
[ 294.673927] new_sync_write+0x117/0x1b0
[ 294.673937] vfs_write+0x1ea/0x250
[ 294.673945] ksys_write+0xa7/0xe0
[ 294.673953] __x64_sys_write+0x1a/0x20
[ 294.673961] do_syscall_64+0x5b/0xb0
[ 294.673967] ? syscall_exit_to_user_mode+0x2a/0x40
[ 294.673974] ? do_syscall_64+0x67/0xb0
[ 294.673979] ? do_syscall_64+0x67/0xb0
[ 294.673983] ? asm_exc_page_fault+0x8/0x30
[ 294.673992] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 294.674000] RIP: 0033:0x7fdd5072c1e7
[ 294.674007] Code: 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
[ 294.674012] RSP: 002b:00007fffdcfda2b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 294.674019] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fdd5072c1e7
[ 294.674023] RDX: 0000000000000004 RSI: 00007fffdcfda370 RDI: 0000000000000004
[ 294.674026] RBP: 00007fffdcfda370 R08: 0000000000000004 R09: 000000000000000d
[ 294.674029] R10: 0000560dbe6e1128 R11: 0000000000000246 R12: 0000000000000004
[ 294.674032] R13: 0000560dc03a72d0 R14: 0000000000000004 R15: 00007fdd508078a0
[ 294.674038] ================================================================================

Best regards,

Oliver

Next message: pr-tracker-bot: "Re: [PULL REQUEST] i2c for v5.15"
Previous message: James Bottomley: "[GIT PULL] SCSI fixes for 5.15-rc3"
Next in thread: Andy Shevchenko: "Re: [dmaengine] fe364a7d95: UBSAN:array-index-out-of-bounds_in_drivers/acpi/acpica/dswexec.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]