From: Qian Cai <cai@gmx.us>
To: linux kernel <linux-kernel@vger.kernel.org>
Cc: linux-mm@kvack.org
Subject: BUG: KASAN: slab-out-of-bounds in try_to_unmap_one+0x1c4/0x1af0
Date: Tue, 13 Nov 2018 21:49:52 -0500 [thread overview]
Message-ID: <4519B305-F61A-4C10-B55A-910A3EFB94AA@gmx.us> (raw)
Compiling kernel on an aarch64 server with the latest mainline (rc2) triggered this,
[ 1463.931841] BUG: KASAN: slab-out-of-bounds in try_to_unmap_one+0x1c4/0x1af0
[ 1463.938969] Write of size 32 at addr ffff80897ce87b58 by task kworker/u513:0/5209
[ 1463.946678]
[ 1463.948656] CPU: 38 PID: 5209 Comm: kworker/u513:0 Kdump: loaded Tainted: G W L 4.20.0-rc2+ #4
[ 1463.958485] Hardware name: HPE Apollo 70 /C01_APACHE_MB , BIOS L50_5.13_1.0.6 07/10/2018
[ 1463.968450] Workqueue: writeback wb_workfn (flush-253:0)
[ 1463.973848] Call trace:
[ 1463.976622] dump_backtrace+0x0/0x2c8
[ 1463.980642]
[ 1463.982239] Allocated by task 2:
[ 1463.985528] kasan_kmalloc.part.1+0x40/0x108
[ 1463.989842] kasan_kmalloc+0xb4/0xc8
[ 1463.993500] kasan_slab_alloc+0x14/0x20
[ 1463.997630] kmem_cache_alloc_node+0x140/0x430
[ 1464.002241] copy_process.isra.2+0x39c/0x2e20
[ 1464.007009] _do_fork+0x120/0xa28
[ 1464.010595] kernel_thread+0x48/0x58
[ 1464.014206] kthreadd+0x3dc/0x478
[ 1464.017698] ret_from_fork+0x10/0x1c
[ 1464.021466]
[ 1464.022981] Freed by task 1391:
[ 1464.026214] __kasan_slab_free+0x114/0x228
[ 1464.030447] kasan_slab_free+0x10/0x18
[ 1464.034305] kmem_cache_free+0x9c/0x3a8
[ 1464.038284] put_task_stack+0x94/0x110
[ 1464.042169] finish_task_switch+0x3b0/0x488
[ 1464.046850] __schedule+0x5e4/0xda0
[ 1464.050665] schedule+0xdc/0x240
[ 1464.054012] worker_thread+0x278/0xa70
[ 1464.058021] kthread+0x1c4/0x1d0
[ 1464.061393] ret_from_fork+0x10/0x1c
[ 1464.065051]
[ 1464.067005] The buggy address belongs to the object at ffff80897ce88000
[ 1464.067005] which belongs to the cache thread_stack of size 32768
[ 1464.080107] The buggy address is located 1192 bytes to the left of
[ 1464.080107] 32768-byte region [ffff80897ce88000, ffff80897ce90000)
[ 1464.092578] The buggy address belongs to the page:
[ 1464.097529] page:ffff7fe0225f3a00 count:1 mapcount:0 mapping:ffff8089c0014d80 index:0x0 compound_mapcount: 0
[ 1464.107724] flags: 0x1fffff0000010200(slab|head)
[ 1464.112648] raw: 1fffff0000010200 ffff7fe02266a408 ffff7fe022459408 ffff8089c0014d80
[ 1464.120496] raw: 0000000000000000 0000000000050005 00000001ffffffff 0000000000000000
[ 1464.128284] page dumped because: kasan: bad access detected
[ 1464.134011]
[ 1464.135619] Memory state around the buggy address:
[ 1464.140576] ffff80897ce87a00: fc fc fc fc fc fc fc fc fc fc fc fc f1 f1 f1 f1
[ 1464.148063] 00 f2 f2 f2 f2 f2^
[ 1464.168846]7c00: f2 f2 f2 f2
reply other threads:[~2018-11-14 2:49 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4519B305-F61A-4C10-B55A-910A3EFB94AA@gmx.us \
--to=cai@gmx.us \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox