[jfs?] KASAN: slab-out-of-bounds Read in dbAllocDmapLev
10 views
Skip to first unread message
syzbot
Dec 30, 2022, 4:33:42 AM12/30/22
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c4215ee4771b Linux 4.14.302
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1171e2b8480000
kernel config: https://syzkaller.appspot.com/x/.config?x=4a9988fe055c9527
dashboard link: https://syzkaller.appspot.com/bug?extid=b46ab054f59083b0c64a
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17f7af74480000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1658cb40480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c93ba055d204/disk-c4215ee4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/bfbc929a33c1/vmlinux-c4215ee4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/444658051770/bzImage-c4215ee4.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/89f2cf273a86/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b46ab0...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-out-of-bounds in dbAllocDmapLev+0x233/0x280 fs/jfs/jfs_dmap.c:2030
Read of size 1 at addr ffff888098a98fcd by task syz-executor331/7971
CPU: 1 PID: 7971 Comm: syz-executor331 Not tainted 4.14.302-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_address_description.cold+0x54/0x1d3 mm/kasan/report.c:252
kasan_report_error.cold+0x8a/0x191 mm/kasan/report.c:351
kasan_report mm/kasan/report.c:409 [inline]
__asan_report_load1_noabort+0x68/0x70 mm/kasan/report.c:427
dbAllocDmapLev+0x233/0x280 fs/jfs/jfs_dmap.c:2030
dbAllocCtl+0x426/0x680 fs/jfs/jfs_dmap.c:1874
dbAllocAG+0x684/0x9f0 fs/jfs/jfs_dmap.c:1415
dbAlloc+0x415/0x980 fs/jfs/jfs_dmap.c:871
dtSplitUp+0x316/0x47d0 fs/jfs/jfs_dtree.c:986
dtInsert+0x77c/0x9e0 fs/jfs/jfs_dtree.c:875
jfs_create.part.0+0x364/0x800 fs/jfs/namei.c:150
jfs_create+0x35/0x50 fs/jfs/namei.c:90
lookup_open+0x77a/0x1750 fs/namei.c:3241
do_last fs/namei.c:3334 [inline]
path_openat+0xe08/0x2970 fs/namei.c:3571
do_filp_open+0x179/0x3c0 fs/namei.c:3605
do_sys_open+0x296/0x410 fs/open.c:1081
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f17f07db7e9
RSP: 002b:00007ffd49983bc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f17f07db7e9
RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c
RBP: 00007f17f079b080 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f17f079b110
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Allocated by task 1:
save_stack mm/kasan/kasan.c:447 [inline]
set_track mm/kasan/kasan.c:459 [inline]
kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551
kmem_cache_alloc+0x124/0x3c0 mm/slab.c:3552
kmem_cache_zalloc include/linux/slab.h:651 [inline]
get_empty_filp+0x86/0x3f0 fs/file_table.c:123
path_openat+0x84/0x2970 fs/namei.c:3547
do_filp_open+0x179/0x3c0 fs/namei.c:3605
do_sys_open+0x296/0x410 fs/open.c:1081
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
Freed by task 7:
save_stack mm/kasan/kasan.c:447 [inline]
set_track mm/kasan/kasan.c:459 [inline]
kasan_slab_free+0xc3/0x1a0 mm/kasan/kasan.c:524
__cache_free mm/slab.c:3496 [inline]
kmem_cache_free+0x7c/0x2b0 mm/slab.c:3758
__rcu_reclaim kernel/rcu/rcu.h:195 [inline]
rcu_do_batch kernel/rcu/tree.c:2699 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:2929 [inline]
rcu_process_callbacks+0x780/0x1180 kernel/rcu/tree.c:2946
__do_softirq+0x24d/0x9ff kernel/softirq.c:288
The buggy address belongs to the object at ffff888098a98d00
which belongs to the cache filp of size 456
The buggy address is located 261 bytes to the right of
456-byte region [ffff888098a98d00, ffff888098a98ec8)
The buggy address belongs to the page:
page:ffffea000262a600 count:1 mapcount:0 mapping:ffff888098a98080 index:0x0
flags: 0xfff00000000100(slab)
raw: 00fff00000000100 ffff888098a98080 0000000000000000 0000000100000006
raw: ffffea000262a5a0 ffffea00025fe460 ffff8880b60c9080 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff888098a98e80: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
ffff888098a98f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888098a98f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff888098a99000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff888098a99080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: c4215ee4771b Linux 4.14.302
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1171e2b8480000
kernel config: https://syzkaller.appspot.com/x/.config?x=4a9988fe055c9527
dashboard link: https://syzkaller.appspot.com/bug?extid=b46ab054f59083b0c64a
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17f7af74480000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1658cb40480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c93ba055d204/disk-c4215ee4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/bfbc929a33c1/vmlinux-c4215ee4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/444658051770/bzImage-c4215ee4.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/89f2cf273a86/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b46ab0...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-out-of-bounds in dbAllocDmapLev+0x233/0x280 fs/jfs/jfs_dmap.c:2030
Read of size 1 at addr ffff888098a98fcd by task syz-executor331/7971
CPU: 1 PID: 7971 Comm: syz-executor331 Not tainted 4.14.302-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_address_description.cold+0x54/0x1d3 mm/kasan/report.c:252
kasan_report_error.cold+0x8a/0x191 mm/kasan/report.c:351
kasan_report mm/kasan/report.c:409 [inline]
__asan_report_load1_noabort+0x68/0x70 mm/kasan/report.c:427
dbAllocDmapLev+0x233/0x280 fs/jfs/jfs_dmap.c:2030
dbAllocCtl+0x426/0x680 fs/jfs/jfs_dmap.c:1874
dbAllocAG+0x684/0x9f0 fs/jfs/jfs_dmap.c:1415
dbAlloc+0x415/0x980 fs/jfs/jfs_dmap.c:871
dtSplitUp+0x316/0x47d0 fs/jfs/jfs_dtree.c:986
dtInsert+0x77c/0x9e0 fs/jfs/jfs_dtree.c:875
jfs_create.part.0+0x364/0x800 fs/jfs/namei.c:150
jfs_create+0x35/0x50 fs/jfs/namei.c:90
lookup_open+0x77a/0x1750 fs/namei.c:3241
do_last fs/namei.c:3334 [inline]
path_openat+0xe08/0x2970 fs/namei.c:3571
do_filp_open+0x179/0x3c0 fs/namei.c:3605
do_sys_open+0x296/0x410 fs/open.c:1081
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f17f07db7e9
RSP: 002b:00007ffd49983bc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f17f07db7e9
RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c
RBP: 00007f17f079b080 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f17f079b110
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Allocated by task 1:
save_stack mm/kasan/kasan.c:447 [inline]
set_track mm/kasan/kasan.c:459 [inline]
kasan_kmalloc+0xeb/0x160 mm/kasan/kasan.c:551
kmem_cache_alloc+0x124/0x3c0 mm/slab.c:3552
kmem_cache_zalloc include/linux/slab.h:651 [inline]
get_empty_filp+0x86/0x3f0 fs/file_table.c:123
path_openat+0x84/0x2970 fs/namei.c:3547
do_filp_open+0x179/0x3c0 fs/namei.c:3605
do_sys_open+0x296/0x410 fs/open.c:1081
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
Freed by task 7:
save_stack mm/kasan/kasan.c:447 [inline]
set_track mm/kasan/kasan.c:459 [inline]
kasan_slab_free+0xc3/0x1a0 mm/kasan/kasan.c:524
__cache_free mm/slab.c:3496 [inline]
kmem_cache_free+0x7c/0x2b0 mm/slab.c:3758
__rcu_reclaim kernel/rcu/rcu.h:195 [inline]
rcu_do_batch kernel/rcu/tree.c:2699 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:2929 [inline]
rcu_process_callbacks+0x780/0x1180 kernel/rcu/tree.c:2946
__do_softirq+0x24d/0x9ff kernel/softirq.c:288
The buggy address belongs to the object at ffff888098a98d00
which belongs to the cache filp of size 456
The buggy address is located 261 bytes to the right of
456-byte region [ffff888098a98d00, ffff888098a98ec8)
The buggy address belongs to the page:
page:ffffea000262a600 count:1 mapcount:0 mapping:ffff888098a98080 index:0x0
flags: 0xfff00000000100(slab)
raw: 00fff00000000100 ffff888098a98080 0000000000000000 0000000100000006
raw: ffffea000262a5a0 ffffea00025fe460 ffff8880b60c9080 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff888098a98e80: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
ffff888098a98f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888098a98f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff888098a99000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff888098a99080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Jan 2, 2023, 6:38:40 AM1/2/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
syzbot found the following issue on:
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17dcd10c480000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=92ae71b4e89291da528e
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16c230ec480000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16d24392480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/97b7f37edfbe/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
==================================================================
BUG: KASAN: slab-out-of-bounds in dbAllocDmapLev+0x2e0/0x330 fs/jfs/jfs_dmap.c:2022
Read of size 1 at addr ffff888098d36fcd by task syz-executor110/8115
CPU: 0 PID: 8115 Comm: syz-executor110 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
Call Trace:
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
print_address_description.cold+0x54/0x219 mm/kasan/report.c:256
kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354
kasan_report mm/kasan/report.c:412 [inline]
__asan_report_load1_noabort+0x88/0x90 mm/kasan/report.c:430
dbAllocDmapLev+0x2e0/0x330 fs/jfs/jfs_dmap.c:2022
dbAllocCtl+0x4a2/0x700 fs/jfs/jfs_dmap.c:1866
dbAllocAG+0x7d1/0xb90 fs/jfs/jfs_dmap.c:1407
dbAlloc+0x472/0xb00 fs/jfs/jfs_dmap.c:863
dtSplitUp+0x365/0x4e70 fs/jfs/jfs_dtree.c:987
dtInsert+0x7fd/0xa00 fs/jfs/jfs_dtree.c:876
jfs_create.part.0+0x3c6/0x880 fs/jfs/namei.c:150
jfs_create+0x3f/0x60 fs/jfs/namei.c:90
lookup_open+0x893/0x1a20 fs/namei.c:3235
do_last fs/namei.c:3327 [inline]
path_openat+0x1094/0x2df0 fs/namei.c:3537
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f2e9a3f87e9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcf416d9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2e9a3f87e9
RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c
RBP: 00007f2e9a3b8080 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2e9a3b8110
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Allocated by task 8091:
kmem_cache_alloc+0x122/0x370 mm/slab.c:3559
skb_clone+0x151/0x3d0 net/core/skbuff.c:1293
dev_queue_xmit_nit+0x326/0xa20 net/core/dev.c:2018
xmit_one net/core/dev.c:3252 [inline]
dev_hard_start_xmit+0xaa/0x920 net/core/dev.c:3272
sch_direct_xmit+0x2d6/0xf70 net/sched/sch_generic.c:332
qdisc_restart net/sched/sch_generic.c:395 [inline]
__qdisc_run+0x4d0/0x1640 net/sched/sch_generic.c:403
qdisc_run include/net/pkt_sched.h:120 [inline]
__dev_xmit_skb net/core/dev.c:3451 [inline]
__dev_queue_xmit+0x2102/0x2e00 net/core/dev.c:3807
neigh_hh_output include/net/neighbour.h:491 [inline]
neigh_output include/net/neighbour.h:499 [inline]
ip_finish_output2+0xb6d/0x15a0 net/ipv4/ip_output.c:230
ip_finish_output+0xae9/0x10b0 net/ipv4/ip_output.c:318
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip_output+0x203/0x5f0 net/ipv4/ip_output.c:406
dst_output include/net/dst.h:455 [inline]
ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
__ip_queue_xmit+0x91e/0x1c10 net/ipv4/ip_output.c:507
__tcp_transmit_skb+0x1b9c/0x3400 net/ipv4/tcp_output.c:1148
__tcp_send_ack.part.0+0x3d9/0x5c0 net/ipv4/tcp_output.c:3643
__tcp_send_ack net/ipv4/tcp_output.c:3649 [inline]
tcp_send_ack+0x7d/0xa0 net/ipv4/tcp_output.c:3649
tcp_cleanup_rbuf+0x30f/0x600 net/ipv4/tcp.c:1604
tcp_recvmsg+0xa8c/0x2a90 net/ipv4/tcp.c:2177
inet_recvmsg+0x124/0x5c0 net/ipv4/af_inet.c:830
sock_recvmsg_nosec net/socket.c:859 [inline]
sock_recvmsg net/socket.c:866 [inline]
sock_recvmsg net/socket.c:862 [inline]
sock_read_iter+0x339/0x470 net/socket.c:944
call_read_iter include/linux/fs.h:1815 [inline]
new_sync_read fs/read_write.c:406 [inline]
__vfs_read+0x518/0x750 fs/read_write.c:418
vfs_read+0x194/0x3c0 fs/read_write.c:452
ksys_read+0x12b/0x2a0 fs/read_write.c:579
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Freed by task 8091:
__cache_free mm/slab.c:3503 [inline]
kmem_cache_free+0x7f/0x260 mm/slab.c:3765
kfree_skbmem+0xc1/0x140 net/core/skbuff.c:595
__kfree_skb net/core/skbuff.c:655 [inline]
consume_skb+0x120/0x3d0 net/core/skbuff.c:714
packet_rcv+0xea/0x1490 net/packet/af_packet.c:2148
dev_queue_xmit_nit+0x756/0xa20 net/core/dev.c:2050
xmit_one net/core/dev.c:3252 [inline]
dev_hard_start_xmit+0xaa/0x920 net/core/dev.c:3272
sch_direct_xmit+0x2d6/0xf70 net/sched/sch_generic.c:332
qdisc_restart net/sched/sch_generic.c:395 [inline]
__qdisc_run+0x4d0/0x1640 net/sched/sch_generic.c:403
qdisc_run include/net/pkt_sched.h:120 [inline]
__dev_xmit_skb net/core/dev.c:3451 [inline]
__dev_queue_xmit+0x2102/0x2e00 net/core/dev.c:3807
neigh_hh_output include/net/neighbour.h:491 [inline]
neigh_output include/net/neighbour.h:499 [inline]
ip_finish_output2+0xb6d/0x15a0 net/ipv4/ip_output.c:230
ip_finish_output+0xae9/0x10b0 net/ipv4/ip_output.c:318
NF_HOOK_COND include/linux/netfilter.h:278 [inline]
ip_output+0x203/0x5f0 net/ipv4/ip_output.c:406
dst_output include/net/dst.h:455 [inline]
ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:125
__ip_queue_xmit+0x91e/0x1c10 net/ipv4/ip_output.c:507
__tcp_transmit_skb+0x1b9c/0x3400 net/ipv4/tcp_output.c:1148
__tcp_send_ack.part.0+0x3d9/0x5c0 net/ipv4/tcp_output.c:3643
__tcp_send_ack net/ipv4/tcp_output.c:3649 [inline]
tcp_send_ack+0x7d/0xa0 net/ipv4/tcp_output.c:3649
tcp_cleanup_rbuf+0x30f/0x600 net/ipv4/tcp.c:1604
tcp_recvmsg+0xa8c/0x2a90 net/ipv4/tcp.c:2177
inet_recvmsg+0x124/0x5c0 net/ipv4/af_inet.c:830
sock_recvmsg_nosec net/socket.c:859 [inline]
sock_recvmsg net/socket.c:866 [inline]
sock_recvmsg net/socket.c:862 [inline]
sock_read_iter+0x339/0x470 net/socket.c:944
call_read_iter include/linux/fs.h:1815 [inline]
new_sync_read fs/read_write.c:406 [inline]
__vfs_read+0x518/0x750 fs/read_write.c:418
vfs_read+0x194/0x3c0 fs/read_write.c:452
ksys_read+0x12b/0x2a0 fs/read_write.c:579
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
The buggy address belongs to the object at ffff888098d36e40
which belongs to the cache skbuff_head_cache of size 232
The buggy address is located 165 bytes to the right of
232-byte region [ffff888098d36e40, ffff888098d36f28)
The buggy address belongs to the page:
page:ffffea0002634d80 count:1 mapcount:0 mapping:ffff8880b5b96900 index:0x0
flags: 0xfff00000000100(slab)
raw: 00fff00000000100 ffffea0002ab7c08 ffffea0002821ec8 ffff8880b5b96900
raw: 0000000000000000 ffff888098d36080 000000010000000c 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff888098d36e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
Memory state around the buggy address:
ffff888098d36f00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
>ffff888098d36f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff888098d37000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff888098d37080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Reply all
Reply to author
Forward
0 new messages