KASAN: use-after-free Read in do_garbage_collect
13 views
Skip to first unread message
syzbot
Oct 20, 2022, 1:09:36 PM10/20/22
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: ff63a5f5cdf6 ANDROID: Fix kenelci build-break for !CONFIG_..
git tree: android12-5.4
console+strace: https://syzkaller.appspot.com/x/log.txt?x=17dfa54e880000
kernel config: https://syzkaller.appspot.com/x/.config?x=99700db563136bf4
dashboard link: https://syzkaller.appspot.com/bug?extid=4eedd68d161eacf7f7c9
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1675dbd6880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12b8fd3c880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/abfcaf3d008a/disk-ff63a5f5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/607de550eaec/vmlinux-ff63a5f5.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/9c6a714f405d/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4eedd6...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: use-after-free in data_blkaddr fs/f2fs/f2fs.h:2699 [inline]
BUG: KASAN: use-after-free in is_alive fs/f2fs/gc.c:1030 [inline]
BUG: KASAN: use-after-free in gc_data_segment fs/f2fs/gc.c:1448 [inline]
BUG: KASAN: use-after-free in do_garbage_collect+0x5b28/0x7160 fs/f2fs/gc.c:1653
Read of size 4 at addr ffff8881dbdc5150 by task kworker/u4:1/93
CPU: 1 PID: 93 Comm: kworker/u4:1 Not tainted 5.4.210-syzkaller-00004-gff63a5f5cdf6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Workqueue: writeback wb_workfn (flush-7:0)
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x18e/0x1d5 lib/dump_stack.c:118
print_address_description+0x8c/0x630 mm/kasan/report.c:384
__kasan_report+0xf6/0x130 mm/kasan/report.c:516
kasan_report+0x30/0x60 mm/kasan/common.c:653
data_blkaddr fs/f2fs/f2fs.h:2699 [inline]
is_alive fs/f2fs/gc.c:1030 [inline]
gc_data_segment fs/f2fs/gc.c:1448 [inline]
do_garbage_collect+0x5b28/0x7160 fs/f2fs/gc.c:1653
f2fs_gc+0x872/0x17f0 fs/f2fs/gc.c:1745
f2fs_balance_fs+0x2c2/0x340 fs/f2fs/segment.c:528
f2fs_write_inode+0x694/0x730 fs/f2fs/inode.c:722
write_inode+0xf1/0x360 fs/fs-writeback.c:1326
__writeback_single_inode+0x3bf/0x840 fs/fs-writeback.c:1524
writeback_sb_inodes+0x9a9/0x19d0 fs/fs-writeback.c:1730
wb_writeback+0x3c2/0xc20 fs/fs-writeback.c:1905
wb_do_writeback+0x181/0xaf0 fs/fs-writeback.c:2050
wb_workfn+0xf8/0x450 fs/fs-writeback.c:2091
process_one_work+0x6ca/0xc40 kernel/workqueue.c:2287
worker_thread+0xae0/0x1440 kernel/workqueue.c:2433
kthread+0x2d8/0x360 kernel/kthread.c:288
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352
Allocated by task 155:
save_stack mm/kasan/common.c:70 [inline]
set_track mm/kasan/common.c:78 [inline]
__kasan_kmalloc+0x131/0x1e0 mm/kasan/common.c:529
slab_post_alloc_hook mm/slab.h:584 [inline]
slab_alloc_node mm/slub.c:2829 [inline]
slab_alloc mm/slub.c:2837 [inline]
kmem_cache_alloc+0xd0/0x210 mm/slub.c:2842
getname_flags+0xb8/0x4e0 fs/namei.c:141
getname fs/namei.c:212 [inline]
__do_sys_unlink fs/namei.c:4189 [inline]
__se_sys_unlink fs/namei.c:4187 [inline]
__x64_sys_unlink+0x38/0x50 fs/namei.c:4187
do_syscall_64+0xcb/0x1c0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Freed by task 155:
save_stack mm/kasan/common.c:70 [inline]
set_track mm/kasan/common.c:78 [inline]
kasan_set_free_info mm/kasan/common.c:345 [inline]
__kasan_slab_free+0x178/0x240 mm/kasan/common.c:487
slab_free_hook mm/slub.c:1455 [inline]
slab_free_freelist_hook+0x80/0x150 mm/slub.c:1494
slab_free mm/slub.c:3080 [inline]
kmem_cache_free+0xa9/0x1d0 mm/slub.c:3096
putname fs/namei.c:262 [inline]
do_unlinkat+0x788/0x820 fs/namei.c:4163
do_syscall_64+0xcb/0x1c0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
The buggy address belongs to the object at ffff8881dbdc4400
which belongs to the cache names_cache of size 4096
The buggy address is located 3408 bytes inside of
4096-byte region [ffff8881dbdc4400, ffff8881dbdc5400)
The buggy address belongs to the page:
page:ffffea00076f7000 refcount:1 mapcount:0 mapping:ffff8881f5cf9680 index:0x0 compound_mapcount: 0
flags: 0x8000000000010200(slab|head)
raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf9680
raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC)
set_page_owner include/linux/page_owner.h:31 [inline]
post_alloc_hook mm/page_alloc.c:2165 [inline]
prep_new_page+0x194/0x380 mm/page_alloc.c:2171
get_page_from_freelist+0x524/0x560 mm/page_alloc.c:3794
__alloc_pages_nodemask+0x2ab/0x6f0 mm/page_alloc.c:4857
alloc_slab_page+0x39/0x3e0 mm/slub.c:343
allocate_slab mm/slub.c:1683 [inline]
new_slab+0x97/0x450 mm/slub.c:1749
new_slab_objects mm/slub.c:2505 [inline]
___slab_alloc+0x320/0x4a0 mm/slub.c:2667
__slab_alloc+0x5a/0x90 mm/slub.c:2707
slab_alloc_node mm/slub.c:2792 [inline]
slab_alloc mm/slub.c:2837 [inline]
kmem_cache_alloc+0x100/0x210 mm/slub.c:2842
getname_flags+0xb8/0x4e0 fs/namei.c:141
getname fs/namei.c:212 [inline]
do_renameat2+0x28d/0x1120 fs/namei.c:4631
__do_sys_rename fs/namei.c:4752 [inline]
__se_sys_rename fs/namei.c:4750 [inline]
__x64_sys_rename+0x64/0x70 fs/namei.c:4750
do_syscall_64+0xcb/0x1c0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
page_owner free stack trace missing
Memory state around the buggy address:
ffff8881dbdc5000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8881dbdc5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8881dbdc5100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8881dbdc5180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8881dbdc5200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: ff63a5f5cdf6 ANDROID: Fix kenelci build-break for !CONFIG_..
git tree: android12-5.4
console+strace: https://syzkaller.appspot.com/x/log.txt?x=17dfa54e880000
kernel config: https://syzkaller.appspot.com/x/.config?x=99700db563136bf4
dashboard link: https://syzkaller.appspot.com/bug?extid=4eedd68d161eacf7f7c9
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1675dbd6880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12b8fd3c880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/abfcaf3d008a/disk-ff63a5f5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/607de550eaec/vmlinux-ff63a5f5.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/9c6a714f405d/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4eedd6...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: use-after-free in data_blkaddr fs/f2fs/f2fs.h:2699 [inline]
BUG: KASAN: use-after-free in is_alive fs/f2fs/gc.c:1030 [inline]
BUG: KASAN: use-after-free in gc_data_segment fs/f2fs/gc.c:1448 [inline]
BUG: KASAN: use-after-free in do_garbage_collect+0x5b28/0x7160 fs/f2fs/gc.c:1653
Read of size 4 at addr ffff8881dbdc5150 by task kworker/u4:1/93
CPU: 1 PID: 93 Comm: kworker/u4:1 Not tainted 5.4.210-syzkaller-00004-gff63a5f5cdf6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Workqueue: writeback wb_workfn (flush-7:0)
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x18e/0x1d5 lib/dump_stack.c:118
print_address_description+0x8c/0x630 mm/kasan/report.c:384
__kasan_report+0xf6/0x130 mm/kasan/report.c:516
kasan_report+0x30/0x60 mm/kasan/common.c:653
data_blkaddr fs/f2fs/f2fs.h:2699 [inline]
is_alive fs/f2fs/gc.c:1030 [inline]
gc_data_segment fs/f2fs/gc.c:1448 [inline]
do_garbage_collect+0x5b28/0x7160 fs/f2fs/gc.c:1653
f2fs_gc+0x872/0x17f0 fs/f2fs/gc.c:1745
f2fs_balance_fs+0x2c2/0x340 fs/f2fs/segment.c:528
f2fs_write_inode+0x694/0x730 fs/f2fs/inode.c:722
write_inode+0xf1/0x360 fs/fs-writeback.c:1326
__writeback_single_inode+0x3bf/0x840 fs/fs-writeback.c:1524
writeback_sb_inodes+0x9a9/0x19d0 fs/fs-writeback.c:1730
wb_writeback+0x3c2/0xc20 fs/fs-writeback.c:1905
wb_do_writeback+0x181/0xaf0 fs/fs-writeback.c:2050
wb_workfn+0xf8/0x450 fs/fs-writeback.c:2091
process_one_work+0x6ca/0xc40 kernel/workqueue.c:2287
worker_thread+0xae0/0x1440 kernel/workqueue.c:2433
kthread+0x2d8/0x360 kernel/kthread.c:288
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352
Allocated by task 155:
save_stack mm/kasan/common.c:70 [inline]
set_track mm/kasan/common.c:78 [inline]
__kasan_kmalloc+0x131/0x1e0 mm/kasan/common.c:529
slab_post_alloc_hook mm/slab.h:584 [inline]
slab_alloc_node mm/slub.c:2829 [inline]
slab_alloc mm/slub.c:2837 [inline]
kmem_cache_alloc+0xd0/0x210 mm/slub.c:2842
getname_flags+0xb8/0x4e0 fs/namei.c:141
getname fs/namei.c:212 [inline]
__do_sys_unlink fs/namei.c:4189 [inline]
__se_sys_unlink fs/namei.c:4187 [inline]
__x64_sys_unlink+0x38/0x50 fs/namei.c:4187
do_syscall_64+0xcb/0x1c0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Freed by task 155:
save_stack mm/kasan/common.c:70 [inline]
set_track mm/kasan/common.c:78 [inline]
kasan_set_free_info mm/kasan/common.c:345 [inline]
__kasan_slab_free+0x178/0x240 mm/kasan/common.c:487
slab_free_hook mm/slub.c:1455 [inline]
slab_free_freelist_hook+0x80/0x150 mm/slub.c:1494
slab_free mm/slub.c:3080 [inline]
kmem_cache_free+0xa9/0x1d0 mm/slub.c:3096
putname fs/namei.c:262 [inline]
do_unlinkat+0x788/0x820 fs/namei.c:4163
do_syscall_64+0xcb/0x1c0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
The buggy address belongs to the object at ffff8881dbdc4400
which belongs to the cache names_cache of size 4096
The buggy address is located 3408 bytes inside of
4096-byte region [ffff8881dbdc4400, ffff8881dbdc5400)
The buggy address belongs to the page:
page:ffffea00076f7000 refcount:1 mapcount:0 mapping:ffff8881f5cf9680 index:0x0 compound_mapcount: 0
flags: 0x8000000000010200(slab|head)
raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf9680
raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC)
set_page_owner include/linux/page_owner.h:31 [inline]
post_alloc_hook mm/page_alloc.c:2165 [inline]
prep_new_page+0x194/0x380 mm/page_alloc.c:2171
get_page_from_freelist+0x524/0x560 mm/page_alloc.c:3794
__alloc_pages_nodemask+0x2ab/0x6f0 mm/page_alloc.c:4857
alloc_slab_page+0x39/0x3e0 mm/slub.c:343
allocate_slab mm/slub.c:1683 [inline]
new_slab+0x97/0x450 mm/slub.c:1749
new_slab_objects mm/slub.c:2505 [inline]
___slab_alloc+0x320/0x4a0 mm/slub.c:2667
__slab_alloc+0x5a/0x90 mm/slub.c:2707
slab_alloc_node mm/slub.c:2792 [inline]
slab_alloc mm/slub.c:2837 [inline]
kmem_cache_alloc+0x100/0x210 mm/slub.c:2842
getname_flags+0xb8/0x4e0 fs/namei.c:141
getname fs/namei.c:212 [inline]
do_renameat2+0x28d/0x1120 fs/namei.c:4631
__do_sys_rename fs/namei.c:4752 [inline]
__se_sys_rename fs/namei.c:4750 [inline]
__x64_sys_rename+0x64/0x70 fs/namei.c:4750
do_syscall_64+0xcb/0x1c0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
page_owner free stack trace missing
Memory state around the buggy address:
ffff8881dbdc5000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8881dbdc5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8881dbdc5100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8881dbdc5180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8881dbdc5200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Oct 20, 2022, 1:59:42 PM10/20/22
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7f2e600bf63a Merge 5.15.74 into android13-5.15-lts
syzbot found the following issue on:
git tree: android13-5.15-lts
console+strace: https://syzkaller.appspot.com/x/log.txt?x=10e5373a880000
kernel config: https://syzkaller.appspot.com/x/.config?x=793f6fcecb4c5b08
dashboard link: https://syzkaller.appspot.com/bug?extid=dc39c9c8520061d40d17
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1466ab9a880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=109de88c880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/79a248fb2d4a/disk-7f2e600b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8e350ccd91cf/vmlinux-7f2e600b.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/9a208d5644de/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
==================================================================
BUG: KASAN: use-after-free in data_blkaddr fs/f2fs/f2fs.h:2849 [inline]
BUG: KASAN: use-after-free in is_alive fs/f2fs/gc.c:1050 [inline]
BUG: KASAN: use-after-free in gc_data_segment fs/f2fs/gc.c:1468 [inline]
BUG: KASAN: use-after-free in do_garbage_collect+0x4f59/0x6370 fs/f2fs/gc.c:1673
Read of size 4 at addr ffff88811b2de150 by task kworker/u4:0/8
CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 5.15.74-syzkaller-04383-g7f2e600bf63a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Workqueue: writeback wb_workfn (flush-7:0)
Call Trace:
<TASK>
Workqueue: writeback wb_workfn (flush-7:0)
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106
print_address_description+0x87/0x3d0 mm/kasan/report.c:256
__kasan_report mm/kasan/report.c:435 [inline]
kasan_report+0x1a6/0x1f0 mm/kasan/report.c:452
__asan_report_load4_noabort+0x14/0x20 mm/kasan/report_generic.c:308
data_blkaddr fs/f2fs/f2fs.h:2849 [inline]
is_alive fs/f2fs/gc.c:1050 [inline]
gc_data_segment fs/f2fs/gc.c:1468 [inline]
do_garbage_collect+0x4f59/0x6370 fs/f2fs/gc.c:1673
f2fs_gc+0x8aa/0x17c0 fs/f2fs/gc.c:1766
f2fs_balance_fs+0x339/0x3e0 fs/f2fs/segment.c:531
f2fs_write_inode+0x4fc/0x580 fs/f2fs/inode.c:734
write_inode+0xf5/0x2a0 fs/fs-writeback.c:1475
__writeback_single_inode+0x38b/0x6d0 fs/fs-writeback.c:1680
writeback_sb_inodes+0xb1d/0x1910 fs/fs-writeback.c:1892
wb_writeback+0x401/0x9e0 fs/fs-writeback.c:2066
wb_do_writeback+0x222/0xbd0 fs/fs-writeback.c:2209
wb_workfn+0xf8/0x3e0 fs/fs-writeback.c:2250
process_one_work+0x6db/0xc00 kernel/workqueue.c:2313
worker_thread+0xb3e/0x1340 kernel/workqueue.c:2460
kthread+0x41c/0x500 kernel/kthread.c:319
ret_from_fork+0x1f/0x30
</TASK>
The buggy address belongs to the page:
flags: 0x4000000000000000(zone=1)
raw: 4000000000000000 ffffea00046cb7c8 ffffea00046cb6c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as freed
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), pid 319, ts 12366895923, free_ts 12367377157
set_page_owner include/linux/page_owner.h:33 [inline]
post_alloc_hook+0x1ab/0x1b0 mm/page_alloc.c:2495
prep_new_page mm/page_alloc.c:2501 [inline]
get_page_from_freelist+0x38b/0x400 mm/page_alloc.c:4281
__alloc_pages+0x3a8/0x7c0 mm/page_alloc.c:5548
__alloc_pages_node include/linux/gfp.h:591 [inline]
alloc_pages_node include/linux/gfp.h:605 [inline]
alloc_pages include/linux/gfp.h:618 [inline]
pipe_write+0x560/0x18c0 fs/pipe.c:495
call_write_iter include/linux/fs.h:2129 [inline]
new_sync_write fs/read_write.c:507 [inline]
vfs_write+0xc8d/0x1050 fs/read_write.c:594
ksys_write+0x198/0x2c0 fs/read_write.c:647
__do_sys_write fs/read_write.c:659 [inline]
__se_sys_write fs/read_write.c:656 [inline]
__x64_sys_write+0x7b/0x90 fs/read_write.c:656
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
page last free stack trace:
reset_page_owner include/linux/page_owner.h:26 [inline]
free_pages_prepare mm/page_alloc.c:1364 [inline]
free_pcp_prepare+0x448/0x450 mm/page_alloc.c:1435
free_unref_page_prepare mm/page_alloc.c:3433 [inline]
free_unref_page+0x9c/0x370 mm/page_alloc.c:3513
__put_single_page mm/swap.c:98 [inline]
__put_page+0xb0/0xd0 mm/swap.c:129
put_page include/linux/mm.h:1288 [inline]
anon_pipe_buf_release+0x17b/0x1e0 fs/pipe.c:137
pipe_buf_release include/linux/pipe_fs_i.h:203 [inline]
pipe_read+0x5c1/0x1060 fs/pipe.c:323
call_read_iter include/linux/fs.h:2123 [inline]
new_sync_read fs/read_write.c:404 [inline]
vfs_read+0xabc/0xd80 fs/read_write.c:485
ksys_read+0x198/0x2c0 fs/read_write.c:623
__do_sys_read fs/read_write.c:633 [inline]
__se_sys_read fs/read_write.c:631 [inline]
__x64_sys_read+0x7b/0x90 fs/read_write.c:631
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
Memory state around the buggy address:
ffff88811b2de080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff88811b2de100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff88811b2de180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff88811b2de200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Reply all
Reply to author
Forward
0 new messages