From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751587AbcBYWAg (ORCPT <rfc822;w@1wt.eu>);
	Thu, 25 Feb 2016 17:00:36 -0500
Received: from twin.jikos.cz ([89.185.236.188]:40770 "EHLO twin.jikos.cz"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751101AbcBYWAf (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Thu, 25 Feb 2016 17:00:35 -0500
Date: Thu, 25 Feb 2016 23:00:19 +0100 (CET)
From: Jiri Kosina <jikos@kernel.org>
X-X-Sender: jikos@twin.jikos.cz
To: Linus Torvalds <torvalds@linux-foundation.org>
cc: Peter Hurley <peter@hurleysoftware.com>, Jiri Slaby <jslaby@suse.cz>,
        Greg KH <gregkh@linuxfoundation.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        stable <stable@vger.kernel.org>, lwn@lwn.net,
        Steven Rostedt <rostedt@goodmis.org>
Subject: Re: BUG: unable to handle kernel paging request from pty_write [was:
 Linux 4.4.2]
In-Reply-To: <CA+55aFx306jsTaUkm_c4nJtEo=A3vdDFYqqpLJj1zKUh=wLxog@mail.gmail.com>
Message-ID: <alpine.LRH.2.00.1602252257480.27246@gjva.wvxbf.pm>
References: <20160217203730.GA14820@kroah.com> <56CED373.9060603@suse.cz> <56CF4A83.3040408@hurleysoftware.com> <CA+55aFyeVmnNuk5pPoH05uPKZRSXt1hv_0PWuvndptqBSfPrbA@mail.gmail.com> <56CF64C9.8050705@hurleysoftware.com>
 <CA+55aFx306jsTaUkm_c4nJtEo=A3vdDFYqqpLJj1zKUh=wLxog@mail.gmail.com>
User-Agent: Alpine 2.00 (LRH 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 25 Feb 2016, Linus Torvalds wrote:

> >>   tty_flip_buffer_push ->
> >>     (queue_work is inline) ->
> >>     queue_work_on ->
> >>       __queue_work ->
> >>         insert_work ->
> >>           (wake_up_worker is inlined)
> >>           wake_up_process ->
> >
> >               try_to_wake_up ->
> >
> >>             *insane non-code address*
> 
> The thing is, we don't actually have that try_to_wake_up() on the
> stack in the oops report. There are other thigns on the stack, but the
> first stack entry that is dumped that is a text address is that
> "ffffffff810a5585" which is wake_up_process.
> 
> That's why I said it might be stack corruption: we might be returning
> from try_to_wake_up(), but with a corrupt stack entry, and returning
> to garbage.
>
> If it was one of the calls _in_ try_to_wake_up() that called to insane 
> code, I would have expected to see try_to_wake_up on the stack.

try_to_wake_up() is very likely to be inlined into wake_up_process(), and 
therefore in such cases will never be on the stack as a return address; 
it'll always be wake_up_process().

-- 
Jiri Kosina
SUSE Labs