KASAN: slab-out-of-bounds Read in perf_output_read
8 views
Skip to first unread message
syzbot
Apr 12, 2019, 8:01:29 PM4/12/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 48091d94 Merge 4.14.76 into android-4.14
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=16c58629400000
kernel config: https://syzkaller.appspot.com/x/.config?x=6d42c81ed97e27e5
dashboard link: https://syzkaller.appspot.com/bug?extid=6a24ddff1e286a1211f0
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6a24dd...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-out-of-bounds in perf_output_read_group
kernel/events/core.c:5874 [inline]
BUG: KASAN: slab-out-of-bounds in perf_output_read+0xe43/0xfb0
kernel/events/core.c:5909
Read of size 8 at addr ffff8801d2d9fe60 by task syz-executor4/13008
CPU: 0 PID: 13008 Comm: syz-executor4 Not tainted 4.14.76+ #19
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x11b lib/dump_stack.c:53
print_address_description+0x60/0x22b mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report.cold.6+0x11b/0x2dd mm/kasan/report.c:409
perf_output_read_group kernel/events/core.c:5874 [inline]
perf_output_read+0xe43/0xfb0 kernel/events/core.c:5909
perf_output_sample+0x10dd/0x1780 kernel/events/core.c:5951
__perf_event_output kernel/events/core.c:6261 [inline]
perf_event_output_forward+0x121/0x230 kernel/events/core.c:6274
__perf_event_overflow+0x116/0x320 kernel/events/core.c:7510
perf_swevent_overflow+0x166/0x1f0 kernel/events/core.c:7586
perf_swevent_event+0x19c/0x270 kernel/events/core.c:7619
do_perf_sw_event kernel/events/core.c:7727 [inline]
___perf_sw_event+0x296/0x480 kernel/events/core.c:7758
__perf_sw_event+0x3f/0x70 kernel/events/core.c:7770
perf_sw_event include/linux/perf_event.h:1041 [inline]
__do_page_fault+0x77f/0xb60 arch/x86/mm/fault.c:1466
page_fault+0x22/0x50 arch/x86/entry/entry_64.S:1104
RIP: 0010:copy_user_enhanced_fast_string+0x7/0x10
arch/x86/lib/copy_user_64.S:180
RSP: 0018:ffff8801b557fb48 EFLAGS: 00010206
RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000000500
RDX: 0000000000001000 RSI: ffff8801c70deb00 RDI: 0000000020d19000
RBP: 0000000020d18500 R08: 0000000000000000 R09: 0000000000000040
R10: ffffed0038e1bdff R11: ffff8801c70defff R12: ffff8801c70de000
R13: 00007ffffffff000 R14: 0000000020d19500 R15: 0000000000001000
copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
raw_copy_to_user arch/x86/include/asm/uaccess_64.h:112 [inline]
copyout+0x99/0xc0 lib/iov_iter.c:137
copy_page_to_iter_iovec lib/iov_iter.c:206 [inline]
copy_page_to_iter+0x31d/0xd40 lib/iov_iter.c:710
pipe_to_user+0xa6/0x160 fs/splice.c:1237
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x324/0x740 fs/splice.c:626
vmsplice_to_user+0x1bd/0x1e0 fs/splice.c:1272
SYSC_vmsplice fs/splice.c:1353 [inline]
SyS_vmsplice+0x12f/0x150 fs/splice.c:1334
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457569
RSP: 002b:00007f025e5c3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569
RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f025e5c46d4
R13: 00000000004c4f4d R14: 00000000004d8520 R15: 00000000ffffffff
Allocated by task 13006:
save_stack mm/kasan/kasan.c:447 [inline]
set_track mm/kasan/kasan.c:459 [inline]
kasan_kmalloc.part.1+0x4f/0xd0 mm/kasan/kasan.c:551
kmem_cache_alloc_trace+0x138/0x300 mm/slub.c:2750
kmalloc include/linux/slab.h:488 [inline]
kzalloc include/linux/slab.h:661 [inline]
alloc_pipe_info+0xad/0x370 fs/pipe.c:633
get_pipe_inode fs/pipe.c:712 [inline]
create_pipe_files+0xdc/0x880 fs/pipe.c:745
__do_pipe_flags+0x32/0x210 fs/pipe.c:802
SYSC_pipe2 fs/pipe.c:850 [inline]
SyS_pipe2+0x83/0x160 fs/pipe.c:844
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
Freed by task 10569:
save_stack mm/kasan/kasan.c:447 [inline]
set_track mm/kasan/kasan.c:459 [inline]
kasan_slab_free+0xac/0x190 mm/kasan/kasan.c:524
slab_free_hook mm/slub.c:1389 [inline]
slab_free_freelist_hook mm/slub.c:1410 [inline]
slab_free mm/slub.c:2966 [inline]
kfree+0xf5/0x310 mm/slub.c:3897
skb_free_head+0x83/0xa0 net/core/skbuff.c:550
skb_release_data+0x495/0x610 net/core/skbuff.c:570
skb_release_all+0x46/0x60 net/core/skbuff.c:627
__kfree_skb net/core/skbuff.c:641 [inline]
consume_skb+0xc1/0x330 net/core/skbuff.c:701
tun_do_read+0x507/0x12f0 drivers/net/tun.c:1765
tun_chr_read_iter+0xd8/0x1c0 drivers/net/tun.c:1779
call_read_iter include/linux/fs.h:1776 [inline]
new_sync_read fs/read_write.c:401 [inline]
__vfs_read+0x414/0x5b0 fs/read_write.c:413
vfs_read+0x11e/0x330 fs/read_write.c:447
SYSC_read fs/read_write.c:577 [inline]
SyS_read+0xc2/0x1a0 fs/read_write.c:570
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
The buggy address belongs to the object at ffff8801d2d9fb80
which belongs to the cache kmalloc-512 of size 512
The buggy address is located 224 bytes to the right of
512-byte region [ffff8801d2d9fb80, ffff8801d2d9fd80)
The buggy address belongs to the page:
page:ffffea00074b6780 count:1 mapcount:0 mapping: (null) index:0x0
compound_mapcount: 0
flags: 0x4000000000008100(slab|head)
raw: 4000000000008100 0000000000000000 0000000000000000 00000001800c000c
raw: dead000000000100 dead000000000200 ffff8801da802c00 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8801d2d9fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8801d2d9fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> ffff8801d2d9fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff8801d2d9fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8801d2d9ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 48091d94 Merge 4.14.76 into android-4.14
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=16c58629400000
kernel config: https://syzkaller.appspot.com/x/.config?x=6d42c81ed97e27e5
dashboard link: https://syzkaller.appspot.com/bug?extid=6a24ddff1e286a1211f0
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6a24dd...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-out-of-bounds in perf_output_read_group
kernel/events/core.c:5874 [inline]
BUG: KASAN: slab-out-of-bounds in perf_output_read+0xe43/0xfb0
kernel/events/core.c:5909
Read of size 8 at addr ffff8801d2d9fe60 by task syz-executor4/13008
CPU: 0 PID: 13008 Comm: syz-executor4 Not tainted 4.14.76+ #19
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x11b lib/dump_stack.c:53
print_address_description+0x60/0x22b mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report.cold.6+0x11b/0x2dd mm/kasan/report.c:409
perf_output_read_group kernel/events/core.c:5874 [inline]
perf_output_read+0xe43/0xfb0 kernel/events/core.c:5909
perf_output_sample+0x10dd/0x1780 kernel/events/core.c:5951
__perf_event_output kernel/events/core.c:6261 [inline]
perf_event_output_forward+0x121/0x230 kernel/events/core.c:6274
__perf_event_overflow+0x116/0x320 kernel/events/core.c:7510
perf_swevent_overflow+0x166/0x1f0 kernel/events/core.c:7586
perf_swevent_event+0x19c/0x270 kernel/events/core.c:7619
do_perf_sw_event kernel/events/core.c:7727 [inline]
___perf_sw_event+0x296/0x480 kernel/events/core.c:7758
__perf_sw_event+0x3f/0x70 kernel/events/core.c:7770
perf_sw_event include/linux/perf_event.h:1041 [inline]
__do_page_fault+0x77f/0xb60 arch/x86/mm/fault.c:1466
page_fault+0x22/0x50 arch/x86/entry/entry_64.S:1104
RIP: 0010:copy_user_enhanced_fast_string+0x7/0x10
arch/x86/lib/copy_user_64.S:180
RSP: 0018:ffff8801b557fb48 EFLAGS: 00010206
RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000000500
RDX: 0000000000001000 RSI: ffff8801c70deb00 RDI: 0000000020d19000
RBP: 0000000020d18500 R08: 0000000000000000 R09: 0000000000000040
R10: ffffed0038e1bdff R11: ffff8801c70defff R12: ffff8801c70de000
R13: 00007ffffffff000 R14: 0000000020d19500 R15: 0000000000001000
copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
raw_copy_to_user arch/x86/include/asm/uaccess_64.h:112 [inline]
copyout+0x99/0xc0 lib/iov_iter.c:137
copy_page_to_iter_iovec lib/iov_iter.c:206 [inline]
copy_page_to_iter+0x31d/0xd40 lib/iov_iter.c:710
pipe_to_user+0xa6/0x160 fs/splice.c:1237
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x324/0x740 fs/splice.c:626
vmsplice_to_user+0x1bd/0x1e0 fs/splice.c:1272
SYSC_vmsplice fs/splice.c:1353 [inline]
SyS_vmsplice+0x12f/0x150 fs/splice.c:1334
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457569
RSP: 002b:00007f025e5c3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569
RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f025e5c46d4
R13: 00000000004c4f4d R14: 00000000004d8520 R15: 00000000ffffffff
Allocated by task 13006:
save_stack mm/kasan/kasan.c:447 [inline]
set_track mm/kasan/kasan.c:459 [inline]
kasan_kmalloc.part.1+0x4f/0xd0 mm/kasan/kasan.c:551
kmem_cache_alloc_trace+0x138/0x300 mm/slub.c:2750
kmalloc include/linux/slab.h:488 [inline]
kzalloc include/linux/slab.h:661 [inline]
alloc_pipe_info+0xad/0x370 fs/pipe.c:633
get_pipe_inode fs/pipe.c:712 [inline]
create_pipe_files+0xdc/0x880 fs/pipe.c:745
__do_pipe_flags+0x32/0x210 fs/pipe.c:802
SYSC_pipe2 fs/pipe.c:850 [inline]
SyS_pipe2+0x83/0x160 fs/pipe.c:844
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
Freed by task 10569:
save_stack mm/kasan/kasan.c:447 [inline]
set_track mm/kasan/kasan.c:459 [inline]
kasan_slab_free+0xac/0x190 mm/kasan/kasan.c:524
slab_free_hook mm/slub.c:1389 [inline]
slab_free_freelist_hook mm/slub.c:1410 [inline]
slab_free mm/slub.c:2966 [inline]
kfree+0xf5/0x310 mm/slub.c:3897
skb_free_head+0x83/0xa0 net/core/skbuff.c:550
skb_release_data+0x495/0x610 net/core/skbuff.c:570
skb_release_all+0x46/0x60 net/core/skbuff.c:627
__kfree_skb net/core/skbuff.c:641 [inline]
consume_skb+0xc1/0x330 net/core/skbuff.c:701
tun_do_read+0x507/0x12f0 drivers/net/tun.c:1765
tun_chr_read_iter+0xd8/0x1c0 drivers/net/tun.c:1779
call_read_iter include/linux/fs.h:1776 [inline]
new_sync_read fs/read_write.c:401 [inline]
__vfs_read+0x414/0x5b0 fs/read_write.c:413
vfs_read+0x11e/0x330 fs/read_write.c:447
SYSC_read fs/read_write.c:577 [inline]
SyS_read+0xc2/0x1a0 fs/read_write.c:570
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
The buggy address belongs to the object at ffff8801d2d9fb80
which belongs to the cache kmalloc-512 of size 512
The buggy address is located 224 bytes to the right of
512-byte region [ffff8801d2d9fb80, ffff8801d2d9fd80)
The buggy address belongs to the page:
page:ffffea00074b6780 count:1 mapcount:0 mapping: (null) index:0x0
compound_mapcount: 0
flags: 0x4000000000008100(slab|head)
raw: 4000000000008100 0000000000000000 0000000000000000 00000001800c000c
raw: dead000000000100 dead000000000200 ffff8801da802c00 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8801d2d9fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8801d2d9fd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> ffff8801d2d9fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff8801d2d9fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8801d2d9ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jun 27, 2019, 6:22:07 AM6/27/19
to syzkaller-a...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 93c338c2 Merge 4.14.129 into android-4.14
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=178fb265a00000
kernel config: https://syzkaller.appspot.com/x/.config?x=654d6d7c478db79
dashboard link: https://syzkaller.appspot.com/bug?extid=6a24ddff1e286a1211f0
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1357cfb5a00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10de238da00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6a24dd...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-out-of-bounds in perf_output_read_group
kernel/events/core.c:5882 [inline]
BUG: KASAN: slab-out-of-bounds in perf_output_read+0xe58/0xfc0
kernel/events/core.c:5917
Read of size 8 at addr ffff8881c93e7f08 by task syz-executor358/2206
CPU: 0 PID: 2206 Comm: syz-executor358 Not tainted 4.14.129+ #11
print_address_description+0x60/0x226 mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report mm/kasan/report.c:409 [inline]
kasan_report.cold+0xae/0x2d5 mm/kasan/report.c:393
Allocated by task 2206:
kmem_cache_alloc_trace+0x126/0x310 mm/slub.c:2750
find_get_context.isra.0+0x119/0x550 kernel/events/core.c:3953
SYSC_perf_event_open kernel/events/core.c:10160 [inline]
SyS_perf_event_open+0x9d3/0x2530 kernel/events/core.c:9988
do_syscall_64+0x19b/0x510 arch/x86/entry/common.c:292
Freed by task 668:
search_binary_handler fs/exec.c:1638 [inline]
search_binary_handler+0x13f/0x6d0 fs/exec.c:1616
exec_binprm fs/exec.c:1680 [inline]
do_execveat_common.isra.0+0xf5f/0x1c30 fs/exec.c:1802
do_execve fs/exec.c:1847 [inline]
SYSC_execve fs/exec.c:1928 [inline]
SyS_execve+0x34/0x40 fs/exec.c:1923
do_syscall_64+0x19b/0x510 arch/x86/entry/common.c:292
The buggy address belongs to the object at ffff8881c93e7b80
512-byte region [ffff8881c93e7b80, ffff8881c93e7d80)
compound_mapcount: 0
flags: 0x4000000000010200(slab|head)
raw: 4000000000010200 0000000000000000 0000000000000000 00000001800c000c
raw: ffffea0007242200 0000000900000009 ffff8881da802c00 0000000000000000
ffff8881c93e7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> ffff8881c93e7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff8881c93e7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8881c93e8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
HEAD commit: 93c338c2 Merge 4.14.129 into android-4.14
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=178fb265a00000
kernel config: https://syzkaller.appspot.com/x/.config?x=654d6d7c478db79
dashboard link: https://syzkaller.appspot.com/bug?extid=6a24ddff1e286a1211f0
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1357cfb5a00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10de238da00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6a24dd...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-out-of-bounds in perf_output_read_group
BUG: KASAN: slab-out-of-bounds in perf_output_read+0xe58/0xfc0
kernel/events/core.c:5917
Read of size 8 at addr ffff8881c93e7f08 by task syz-executor358/2206
CPU: 0 PID: 2206 Comm: syz-executor358 Not tainted 4.14.129+ #11
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
__dump_stack lib/dump_stack.c:17 [inline]
print_address_description+0x60/0x226 mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report mm/kasan/report.c:409 [inline]
kasan_report.cold+0xae/0x2d5 mm/kasan/report.c:393
Allocated by task 2206:
save_stack mm/kasan/kasan.c:447 [inline]
set_track mm/kasan/kasan.c:459 [inline]
kasan_kmalloc.part.0+0x4f/0xd0 mm/kasan/kasan.c:551
set_track mm/kasan/kasan.c:459 [inline]
kmem_cache_alloc_trace+0x126/0x310 mm/slub.c:2750
kmalloc include/linux/slab.h:488 [inline]
kzalloc include/linux/slab.h:661 [inline]
alloc_perf_context+0x44/0xe0 kernel/events/core.c:3864
kzalloc include/linux/slab.h:661 [inline]
find_get_context.isra.0+0x119/0x550 kernel/events/core.c:3953
SYSC_perf_event_open kernel/events/core.c:10160 [inline]
SyS_perf_event_open+0x9d3/0x2530 kernel/events/core.c:9988
do_syscall_64+0x19b/0x510 arch/x86/entry/common.c:292
Freed by task 668:
save_stack mm/kasan/kasan.c:447 [inline]
set_track mm/kasan/kasan.c:459 [inline]
kasan_slab_free+0xb0/0x190 mm/kasan/kasan.c:524
set_track mm/kasan/kasan.c:459 [inline]
slab_free_hook mm/slub.c:1389 [inline]
slab_free_freelist_hook mm/slub.c:1410 [inline]
slab_free mm/slub.c:2966 [inline]
kfree+0xf5/0x310 mm/slub.c:3897
load_elf_binary+0x1bf2/0x4530 fs/binfmt_elf.c:1096
slab_free_freelist_hook mm/slub.c:1410 [inline]
slab_free mm/slub.c:2966 [inline]
kfree+0xf5/0x310 mm/slub.c:3897
search_binary_handler fs/exec.c:1638 [inline]
search_binary_handler+0x13f/0x6d0 fs/exec.c:1616
exec_binprm fs/exec.c:1680 [inline]
do_execveat_common.isra.0+0xf5f/0x1c30 fs/exec.c:1802
do_execve fs/exec.c:1847 [inline]
SYSC_execve fs/exec.c:1928 [inline]
SyS_execve+0x34/0x40 fs/exec.c:1923
do_syscall_64+0x19b/0x510 arch/x86/entry/common.c:292
The buggy address belongs to the object at ffff8881c93e7b80
which belongs to the cache kmalloc-512 of size 512
The buggy address is located 392 bytes to the right of
512-byte region [ffff8881c93e7b80, ffff8881c93e7d80)
The buggy address belongs to the page:
page:ffffea000724f980 count:1 mapcount:0 mapping: (null) index:0x0
compound_mapcount: 0
flags: 0x4000000000010200(slab|head)
raw: 4000000000010200 0000000000000000 0000000000000000 00000001800c000c
raw: ffffea0007242200 0000000900000009 ffff8881da802c00 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8881c93e7e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Memory state around the buggy address:
ffff8881c93e7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> ffff8881c93e7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff8881c93e7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8881c93e8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
Reply all
Reply to author
Forward
0 new messages