Re: [PATCH v3 3/3] powerpc/32: Add KASAN support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Le 15/01/2019 à 18:23, Andrey Ryabinin a écrit :


On 1/12/19 2:16 PM, Christophe Leroy wrote:

+KASAN_SANITIZE_early_32.o := n
+KASAN_SANITIZE_cputable.o := n
+KASAN_SANITIZE_prom_init.o := n
+

Usually it's also good idea to disable branch profiling - define DISABLE_BRANCH_PROFILING
either in top of these files or via Makefile. Branch profiling redefines if() statement and calls
instrumented ftrace_likely_update in every if().



diff --git a/arch/powerpc/mm/kasan_init.c b/arch/powerpc/mm/kasan_init.c
new file mode 100644
index 000000000000..3edc9c2d2f3e

+void __init kasan_init(void)
+{
+	struct memblock_region *reg;
+
+	for_each_memblock(memory, reg)
+		kasan_init_region(reg);
+
+	pr_info("KASAN init done\n");

Without "init_task.kasan_depth = 0;" kasan will not repot bugs.

There is test_kasan module. Make sure that it produce reports.


I get the following report with test_kasan module.

Could you have a look at it and tell if everything is as expected ?

Thanks
Christophe

[  667.298897] kasan test: kmalloc_oob_right out-of-bounds to right
[ 667.299036] ================================================================== [ 667.306263] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x74/0x94 [test_kasan]
[  667.313929] Write of size 1 at addr c53996fb by task exe/340
[  667.319451]
[ 667.321021] CPU: 0 PID: 340 Comm: exe Not tainted 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  667.321072] Call Trace:
[ 667.321248] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  667.321452] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[ 667.321741] [c5649ce0] [c95d41d4] kmalloc_oob_right+0x74/0x94 [test_kasan] [ 667.322022] [c5649d00] [c95d5510] kmalloc_tests_init+0x18/0x2d0 [test_kasan]
[  667.322214] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  667.322428] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  667.322630] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  667.322834] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  667.323027] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  667.323193] --- interrupt: c01 at 0xfd6b914
[  667.323193]     LR = 0x1001364c
[  667.323239]
[  667.324561] Allocated by task 340:
[  667.327993]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  667.328241]  kmalloc_oob_right+0x44/0x94 [test_kasan]
[  667.328477]  kmalloc_tests_init+0x18/0x2d0 [test_kasan]
[  667.328622]  do_one_initcall+0x40/0x278
[  667.328792]  do_init_module+0xcc/0x59c
[  667.328948]  load_module+0x2bc4/0x320c
[  667.329107]  sys_init_module+0x114/0x138
[  667.329250]  ret_from_syscall+0x0/0x38
[  667.329298]
[  667.330580] Freed by task 335:
[  667.333667]  __kasan_slab_free+0x120/0x22c
[  667.333788]  kfree+0x74/0x270
[  667.333950]  load_elf_binary+0xb0/0x162c
[  667.334129]  search_binary_handler+0x120/0x374
[  667.334297]  __do_execve_file+0x834/0xb20
[  667.334460]  sys_execve+0x40/0x54
[  667.334605]  ret_from_syscall+0x0/0x38
[  667.334652]
[  667.335954] The buggy address belongs to the object at c5399680
[  667.335954]  which belongs to the cache kmalloc-128 of size 128
[  667.347675] The buggy address is located 123 bytes inside of
[  667.347675]  128-byte region [c5399680, c5399700)
[  667.357847] The buggy address belongs to the page:
[  667.362634] page:c7fd9cc0 count:1 mapcount:0 mapping:c5007a80 index:0x0
[  667.362745] flags: 0x200(slab)
[ 667.362973] raw: 00000200 00000100 00000200 c5007a80 00000000 005500ab ffffffff 00000001
[  667.363043] page dumped because: kasan: bad access detected
[  667.363083]
[  667.364384] Memory state around the buggy address:
[  667.369190]  c5399580: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  667.375645]  c5399600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  667.382099] >c5399680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03
[  667.388496]                                                         ^
[  667.394921]  c5399700: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  667.401377]  c5399780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 667.407767] ==================================================================
[  667.414904] Disabling lock debugging due to kernel taint
[  667.421182] kasan test: kmalloc_oob_left out-of-bounds to left
[ 667.421314] ================================================================== [ 667.428466] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x74/0x9c [test_kasan]
[  667.436045] Read of size 1 at addr c58e9ddf by task exe/340
[  667.441483]
[ 667.443064] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  667.443115] Call Trace:
[ 667.443290] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  667.443492] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  667.443779] [c5649ce0] [c95d4268] kmalloc_oob_left+0x74/0x9c [test_kasan]
[ 667.444057] [c5649d00] [c95d5514] kmalloc_tests_init+0x1c/0x2d0 [test_kasan]
[  667.444246] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  667.444458] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  667.444658] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  667.444859] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  667.445051] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  667.445215] --- interrupt: c01 at 0xfd6b914
[  667.445215]     LR = 0x1001364c
[  667.445260]
[  667.446593] Allocated by task 340:
[  667.450025]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  667.450191]  do_init_module+0x2c/0x59c
[  667.450346]  load_module+0x2bc4/0x320c
[  667.450503]  sys_init_module+0x114/0x138
[  667.450645]  ret_from_syscall+0x0/0x38
[  667.450691]
[  667.452009] Freed by task 276:
[  667.455096]  __kasan_slab_free+0x120/0x22c
[  667.455214]  kfree+0x74/0x270
[  667.455344]  single_release+0x54/0x6c
[  667.455516]  close_pdeo+0x128/0x224
[  667.455680]  proc_reg_release+0x110/0x128
[  667.455811]  __fput+0xec/0x2d4
[  667.455934]  task_work_run+0x13c/0x15c
[  667.456101]  do_notify_resume+0x3d8/0x438
[  667.456248]  do_user_signal+0x2c/0x34
[  667.456294]
[  667.457641] The buggy address belongs to the object at c58e9dc0
[  667.457641]  which belongs to the cache kmalloc-16 of size 16
[  667.469191] The buggy address is located 15 bytes to the right of
[  667.469191]  16-byte region [c58e9dc0, c58e9dd0)
[  667.479708] The buggy address belongs to the page:
[  667.484495] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  667.484606] flags: 0x200(slab)
[ 667.484833] raw: 00000200 00000100 00000200 c5007dc0 00000000 02000401 ffffffff 00000001
[  667.484900] page dumped because: kasan: bad access detected
[  667.484940]
[  667.486244] Memory state around the buggy address:
[  667.491051]  c58e9c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[  667.497505]  c58e9d00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[  667.503959] >c58e9d80: 00 00 fc fc 00 00 fc fc 00 04 fc fc 00 07 fc fc
[  667.510354]                                             ^
[  667.515748]  c58e9e00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  667.522204]  c58e9e80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 667.528595] ================================================================== [ 667.803662] kasan test: kmalloc_node_oob_right kmalloc_node(): out-of-bounds to right [ 667.803806] ================================================================== [ 667.811008] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x74/0x94 [test_kasan]
[  667.819105] Write of size 1 at addr c59a4300 by task exe/340
[  667.824627]
[ 667.826209] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  667.826260] Call Trace:
[ 667.826436] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  667.826640] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[ 667.826931] [c5649ce0] [c95d4304] kmalloc_node_oob_right+0x74/0x94 [test_kasan] [ 667.827211] [c5649d00] [c95d5518] kmalloc_tests_init+0x20/0x2d0 [test_kasan]
[  667.827402] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  667.827616] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  667.827818] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  667.828022] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  667.828216] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  667.828382] --- interrupt: c01 at 0xfd6b914
[  667.828382]     LR = 0x1001364c
[  667.828428]
[  667.829737] Allocated by task 340:
[  667.833169]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  667.833420]  kmalloc_node_oob_right+0x44/0x94 [test_kasan]
[  667.833656]  kmalloc_tests_init+0x20/0x2d0 [test_kasan]
[  667.833801]  do_one_initcall+0x40/0x278
[  667.833970]  do_init_module+0xcc/0x59c
[  667.834125]  load_module+0x2bc4/0x320c
[  667.834284]  sys_init_module+0x114/0x138
[  667.834427]  ret_from_syscall+0x0/0x38
[  667.834475]
[  667.835756] Freed by task 319:
[  667.838843]  __kasan_slab_free+0x120/0x22c
[  667.838963]  kfree+0x74/0x270
[  667.839137]  kobject_uevent_env+0x15c/0x65c
[  667.839299]  led_trigger_set+0x3f0/0x4fc
[  667.839451]  led_trigger_store+0xd8/0x164
[  667.839593]  kernfs_fop_write+0x18c/0x218
[  667.839721]  __vfs_write+0x5c/0x258
[  667.839843]  vfs_write+0xe4/0x248
[  667.839966]  ksys_write+0x58/0xd8
[  667.840111]  ret_from_syscall+0x0/0x38
[  667.840158]
[  667.841475] The buggy address belongs to the object at c59a3300
[  667.841475]  which belongs to the cache kmalloc-4k of size 4096
[  667.853196] The buggy address is located 0 bytes to the right of
[  667.853196]  4096-byte region [c59a3300, c59a4300)
[  667.863798] The buggy address belongs to the page:
[ 667.868586] page:c7fdcd00 count:1 mapcount:0 mapping:c50075a0 index:0x0 compound_mapcount: 0
[  667.868727] flags: 0x10200(slab|head)
[ 667.868956] raw: 00010200 00000100 00000200 c50075a0 00000000 000f001f ffffffff 00000001
[  667.869025] page dumped because: kasan: bad access detected
[  667.869065]
[  667.870334] Memory state around the buggy address:
[  667.875141]  c59a4200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  667.881595]  c59a4280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  667.888049] >c59a4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  667.894436]            ^
[  667.896998]  c59a4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  667.903454]  c59a4400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 667.909845] ================================================================== [ 667.923434] kasan test: kmalloc_pagealloc_oob_right kmalloc pagealloc allocation: out-of-bounds to right [ 667.923647] ================================================================== [ 667.930896] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0x78/0x98 [test_kasan]
[  667.939503] Write of size 1 at addr c5bd800a by task exe/340
[  667.945024]
[ 667.946607] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  667.946657] Call Trace:
[ 667.946833] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  667.947035] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[ 667.947325] [c5649ce0] [c95d4674] kmalloc_pagealloc_oob_right+0x78/0x98 [test_kasan] [ 667.947603] [c5649d00] [c95d551c] kmalloc_tests_init+0x24/0x2d0 [test_kasan]
[  667.947792] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  667.948004] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  667.948204] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  667.948406] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  667.948597] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  667.948760] --- interrupt: c01 at 0xfd6b914
[  667.948760]     LR = 0x1001364c
[  667.948806]
[  667.950115] The buggy address belongs to the page:
[ 667.954903] page:c7fdde80 count:1 mapcount:0 mapping:00000000 index:0x0 compound_mapcount: 0
[  667.955038] flags: 0x10000(head)
[ 667.955260] raw: 00010000 00000100 00000200 00000000 00000000 00000000 ffffffff 00000001
[  667.955327] page dumped because: kasan: bad access detected
[  667.955367]
[  667.956652] Memory state around the buggy address:
[  667.961458]  c5bd7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  667.967912]  c5bd7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  667.974367] >c5bd8000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  667.980755]               ^
[  667.983574]  c5bd8080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  667.990030]  c5bd8100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 667.996420] ================================================================== [ 668.222064] kasan test: kmalloc_pagealloc_uaf kmalloc pagealloc allocation: use-after-free [ 668.222349] ================================================================== [ 668.229525] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x78/0x94 [test_kasan]
[  668.237274] Write of size 1 at addr c5bd0000 by task exe/340
[  668.242796]
[ 668.244378] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  668.244429] Call Trace:
[ 668.244606] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  668.244810] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[ 668.245100] [c5649ce0] [c95d470c] kmalloc_pagealloc_uaf+0x78/0x94 [test_kasan] [ 668.245381] [c5649d00] [c95d5520] kmalloc_tests_init+0x28/0x2d0 [test_kasan]
[  668.245573] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  668.245787] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  668.245989] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  668.246192] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  668.246386] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  668.246552] --- interrupt: c01 at 0xfd6b914
[  668.246552]     LR = 0x1001364c
[  668.246598]
[  668.247886] The buggy address belongs to the page:
[ 668.252671] page:c7fdde80 count:0 mapcount:-128 mapping:00000000 index:0x0
[  668.252769] flags: 0x0()
[ 668.252994] raw: 00000000 c7fdcf84 c0982ae8 00000000 00000000 00000002 ffffff7f 00000000
[  668.253062] page dumped because: kasan: bad access detected
[  668.253102]
[  668.254337] Memory state around the buggy address:
[  668.259143]  c5bcff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  668.265597]  c5bcff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  668.272052] >c5bd0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  668.278439]            ^
[  668.281001]  c5bd0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  668.287458]  c5bd0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 668.293847] ================================================================== [ 668.310744] kasan test: kmalloc_pagealloc_invalid_free kmalloc pagealloc allocation: invalid-free [ 668.310957] ================================================================== [ 668.318156] BUG: KASAN: double-free or invalid-free in kmalloc_tests_init+0x2c/0x2d0 [test_kasan]
[  668.326705]
[ 668.328286] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  668.328337] Call Trace:
[ 668.328512] [c5649c80] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  668.328724] [c5649cb0] [c0176c24] kasan_report_invalid_free+0x48/0x74
[  668.328888] [c5649ce0] [c0173c14] kfree+0x1f8/0x270
[ 668.329176] [c5649d00] [c95d5524] kmalloc_tests_init+0x2c/0x2d0 [test_kasan]
[  668.329365] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  668.329577] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  668.329777] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  668.329978] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  668.330170] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  668.330334] --- interrupt: c01 at 0xfd6b914
[  668.330334]     LR = 0x1001364c
[  668.330379]
[  668.331622] The buggy address belongs to the page:
[ 668.336410] page:c7fdde80 count:1 mapcount:0 mapping:00000000 index:0x0 compound_mapcount: 0
[  668.336545] flags: 0x10000(head)
[ 668.336767] raw: 00010000 00000100 00000200 00000000 00000000 00000000 ffffffff 00000001
[  668.336834] page dumped because: kasan: bad access detected
[  668.336873]
[  668.338158] Memory state around the buggy address:
[  668.342965]  c5bcff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  668.349419]  c5bcff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  668.355874] >c5bd0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  668.362260]            ^
[  668.364822]  c5bd0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  668.371279]  c5bd0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 668.377668] ================================================================== [ 668.528086] kasan test: kmalloc_large_oob_right kmalloc large allocation: out-of-bounds to right [ 668.528279] ================================================================== [ 668.535471] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x74/0x94 [test_kasan]
[  668.543735] Write of size 1 at addr c5498700 by task exe/340
[  668.549257]
[ 668.550840] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  668.550891] Call Trace:
[ 668.551068] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  668.551272] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[ 668.551561] [c5649ce0] [c95d4398] kmalloc_large_oob_right+0x74/0x94 [test_kasan] [ 668.551842] [c5649d00] [c95d5528] kmalloc_tests_init+0x30/0x2d0 [test_kasan]
[  668.552034] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  668.552248] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  668.552450] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  668.552655] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  668.552848] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  668.553013] --- interrupt: c01 at 0xfd6b914
[  668.553013]     LR = 0x1001364c
[  668.553059]
[  668.554367] Allocated by task 340:
[  668.557799]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  668.558049]  kmalloc_large_oob_right+0x44/0x94 [test_kasan]
[  668.558285]  kmalloc_tests_init+0x30/0x2d0 [test_kasan]
[  668.558430]  do_one_initcall+0x40/0x278
[  668.558599]  do_init_module+0xcc/0x59c
[  668.558756]  load_module+0x2bc4/0x320c
[  668.558915]  sys_init_module+0x114/0x138
[  668.559058]  ret_from_syscall+0x0/0x38
[  668.559106]
[  668.560386] Freed by task 173:
[  668.563473]  __kasan_slab_free+0x120/0x22c
[  668.563595]  kfree+0x74/0x270
[  668.563763]  consume_skb+0x38/0x138
[  668.563935]  skb_free_datagram+0x1c/0x80
[  668.564104]  netlink_recvmsg+0x1d0/0x4d4
[  668.564270]  ___sys_recvmsg+0xd8/0x194
[  668.564436]  __sys_recvmsg+0x40/0x8c
[  668.564563]  sys_socketcall+0xf8/0x210
[  668.564709]  ret_from_syscall+0x0/0x38
[  668.564756]
[  668.566106] The buggy address belongs to the object at c5490800
[  668.566106]  which belongs to the cache kmalloc-32k of size 32768
[  668.578000] The buggy address is located 32512 bytes inside of
[  668.578000]  32768-byte region [c5490800, c5498800)
[  668.588514] The buggy address belongs to the page:
[ 668.593302] page:c7fda400 count:1 mapcount:0 mapping:c5007330 index:0x0 compound_mapcount: 0
[  668.593443] flags: 0x10200(slab|head)
[ 668.593672] raw: 00010200 00000100 00000200 c5007330 00000000 00030007 ffffffff 00000001
[  668.593741] page dumped because: kasan: bad access detected
[  668.593781]
[  668.595051] Memory state around the buggy address:
[  668.599857]  c5498600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  668.606311]  c5498680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  668.612765] >c5498700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  668.619152]            ^
[  668.621714]  c5498780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  668.628171]  c5498800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 668.634561] ================================================================== [ 668.645940] kasan test: kmalloc_oob_krealloc_more out-of-bounds after krealloc more [ 668.646103] ================================================================== [ 668.653286] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_krealloc_more+0x8c/0xac [test_kasan]
[  668.661723] Write of size 1 at addr c53e8ca3 by task exe/340
[  668.667245]
[ 668.668827] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  668.668877] Call Trace:
[ 668.669052] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  668.669254] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[ 668.669543] [c5649ce0] [c95d4838] kmalloc_oob_krealloc_more+0x8c/0xac [test_kasan] [ 668.669823] [c5649d00] [c95d552c] kmalloc_tests_init+0x34/0x2d0 [test_kasan]
[  668.670012] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  668.670225] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  668.670426] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  668.670627] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  668.670819] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  668.670982] --- interrupt: c01 at 0xfd6b914
[  668.670982]     LR = 0x1001364c
[  668.671027]
[  668.672354] Allocated by task 340:
[  668.675786]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  668.675935]  krealloc+0xb0/0xe8
[  668.676185]  kmalloc_oob_krealloc_more+0x58/0xac [test_kasan]
[  668.676419]  kmalloc_tests_init+0x34/0x2d0 [test_kasan]
[  668.676563]  do_one_initcall+0x40/0x278
[  668.676730]  do_init_module+0xcc/0x59c
[  668.676885]  load_module+0x2bc4/0x320c
[  668.677042]  sys_init_module+0x114/0x138
[  668.677185]  ret_from_syscall+0x0/0x38
[  668.677231]
[  668.678543] Freed by task 0:
[  668.681460]  __kasan_slab_free+0x120/0x22c
[  668.681579]  kfree+0x74/0x270
[  668.681726]  rcu_process_callbacks+0x384/0x620
[  668.681858]  __do_softirq+0x134/0x48c
[  668.681904]
[  668.683231] The buggy address belongs to the object at c53e8c90
[  668.683231]  which belongs to the cache kmalloc-32 of size 32
[  668.694778] The buggy address is located 19 bytes inside of
[  668.694778]  32-byte region [c53e8c90, c53e8cb0)
[  668.704780] The buggy address belongs to the page:
[  668.709568] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
[  668.709676] flags: 0x200(slab)
[ 668.709903] raw: 00000200 00000100 00000200 c5007cf0 00000000 015502ab ffffffff 00000001
[  668.709970] page dumped because: kasan: bad access detected
[  668.710010]
[  668.711317] Memory state around the buggy address:
[  668.716124]  c53e8b80: 00 fc fc fc 00 00 00 fc fc fc fb fb fb fb fc fc
[  668.722579]  c53e8c00: 00 00 00 04 fc fc 00 00 00 04 fc fc 00 00 00 00
[  668.729033] >c53e8c80: fc fc 00 00 03 fc fc fc 00 00 00 00 fc fc 00 00
[  668.735421]                        ^
[  668.739014]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
[  668.745470]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
[ 668.751860] ================================================================== [ 669.016775] kasan test: kmalloc_oob_krealloc_less out-of-bounds after krealloc less [ 669.016942] ================================================================== [ 669.024120] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_krealloc_less+0x8c/0xac [test_kasan]
[  669.032474] Write of size 1 at addr c53e8bdf by task exe/340
[  669.037995]
[ 669.039577] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  669.039628] Call Trace:
[ 669.039803] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  669.040007] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[ 669.040299] [c5649ce0] [c95d48e4] kmalloc_oob_krealloc_less+0x8c/0xac [test_kasan] [ 669.040580] [c5649d00] [c95d5530] kmalloc_tests_init+0x38/0x2d0 [test_kasan]
[  669.040771] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  669.040984] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  669.041187] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  669.041390] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  669.041584] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  669.041750] --- interrupt: c01 at 0xfd6b914
[  669.041750]     LR = 0x1001364c
[  669.041796]
[  669.043105] Allocated by task 340:
[  669.046537]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  669.046687]  krealloc+0xb0/0xe8
[  669.046940]  kmalloc_oob_krealloc_less+0x58/0xac [test_kasan]
[  669.047176]  kmalloc_tests_init+0x38/0x2d0 [test_kasan]
[  669.047321]  do_one_initcall+0x40/0x278
[  669.047491]  do_init_module+0xcc/0x59c
[  669.047648]  load_module+0x2bc4/0x320c
[  669.047806]  sys_init_module+0x114/0x138
[  669.047951]  ret_from_syscall+0x0/0x38
[  669.047998]
[  669.049294] Freed by task 0:
[  669.052211]  __kasan_slab_free+0x120/0x22c
[  669.052332]  kfree+0x74/0x270
[  669.052479]  rcu_process_callbacks+0x384/0x620
[  669.052612]  __do_softirq+0x134/0x48c
[  669.052659]
[  669.053981] The buggy address belongs to the object at c53e8bd0
[  669.053981]  which belongs to the cache kmalloc-32 of size 32
[  669.065529] The buggy address is located 15 bytes inside of
[  669.065529]  32-byte region [c53e8bd0, c53e8bf0)
[  669.075531] The buggy address belongs to the page:
[  669.080318] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
[  669.080428] flags: 0x200(slab)
[ 669.080655] raw: 00000200 00000100 00000200 c5007cf0 00000000 015502ab ffffffff 00000001
[  669.080724] page dumped because: kasan: bad access detected
[  669.080764]
[  669.082068] Memory state around the buggy address:
[  669.086874]  c53e8a80: 00 00 00 fc fc fc 00 00 00 fc fc fc 00 00 00 00
[  669.093328]  c53e8b00: fc fc 00 00 00 fc fc fc 00 00 00 fc fc fc 00 00
[  669.099783] >c53e8b80: 00 fc fc fc 00 00 00 fc fc fc 00 07 fc fc fc fc
[  669.106177]                                             ^
[  669.111572]  c53e8c00: 00 00 00 04 fc fc 00 00 00 04 fc fc 00 00 00 00
[  669.118028]  c53e8c80: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc 00 00
[ 669.124418] ================================================================== [ 669.137359] kasan test: kmalloc_oob_16 kmalloc out-of-bounds for 16-bytes access [ 669.137538] ================================================================== [ 669.144772] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x94/0xdc [test_kasan]
[  669.152181] Write of size 16 at addr c58eada0 by task exe/340
[  669.157790]
[ 669.159371] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  669.159421] Call Trace:
[ 669.159597] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  669.159799] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  669.160086] [c5649ce0] [c95d444c] kmalloc_oob_16+0x94/0xdc [test_kasan]
[ 669.160365] [c5649d00] [c95d5534] kmalloc_tests_init+0x3c/0x2d0 [test_kasan]
[  669.160554] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  669.160765] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  669.160966] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  669.161167] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  669.161360] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  669.161523] --- interrupt: c01 at 0xfd6b914
[  669.161523]     LR = 0x1001364c
[  669.161569]
[  669.162900] Allocated by task 340:
[  669.166332]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  669.166578]  kmalloc_oob_16+0x48/0xdc [test_kasan]
[  669.166812]  kmalloc_tests_init+0x3c/0x2d0 [test_kasan]
[  669.166955]  do_one_initcall+0x40/0x278
[  669.167121]  do_init_module+0xcc/0x59c
[  669.167275]  load_module+0x2bc4/0x320c
[  669.167432]  sys_init_module+0x114/0x138
[  669.167575]  ret_from_syscall+0x0/0x38
[  669.167620]
[  669.168919] Freed by task 338:
[  669.172004]  __kasan_slab_free+0x120/0x22c
[  669.172122]  kfree+0x74/0x270
[  669.172264]  walk_component+0x150/0x478
[  669.172399]  link_path_walk+0x374/0x63c
[  669.172535]  path_openat+0xe4/0x15f8
[  669.172674]  do_filp_open+0xd0/0x120
[  669.172843]  do_open_execat+0x64/0x264
[  669.173010]  __do_execve_file+0xa0c/0xb20
[  669.173172]  sys_execve+0x40/0x54
[  669.173318]  ret_from_syscall+0x0/0x38
[  669.173364]
[  669.174722] The buggy address belongs to the object at c58eada0
[  669.174722]  which belongs to the cache kmalloc-16 of size 16
[  669.186269] The buggy address is located 0 bytes inside of
[  669.186269]  16-byte region [c58eada0, c58eadb0)
[  669.196187] The buggy address belongs to the page:
[  669.200974] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  669.201083] flags: 0x200(slab)
[ 669.201310] raw: 00000200 00000100 00000200 c5007dc0 00000000 02000401 ffffffff 00000001
[  669.201378] page dumped because: kasan: bad access detected
[  669.201417]
[  669.202723] Memory state around the buggy address:
[  669.207530]  c58eac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  669.213984]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  669.220438] >c58ead80: fb fb fc fc 00 05 fc fc 00 00 fc fc fb fb fc fc
[  669.226828]                           ^
[  669.230678]  c58eae00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  669.237134]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
[ 669.243524] ==================================================================
[  669.521937] kasan test: kmalloc_oob_in_memset out-of-bounds in memset
[ 669.522086] ================================================================== [ 669.529294] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x78/0x90 [test_kasan]
[  669.537306] Write of size 671 at addr c5881b00 by task exe/340
[  669.543000]
[ 669.544581] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  669.544632] Call Trace:
[ 669.544808] [c5649c50] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  669.545012] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  669.545186] [c5649cc0] [c0175700] memset+0x2c/0x4c
[ 669.545477] [c5649ce0] [c95d497c] kmalloc_oob_in_memset+0x78/0x90 [test_kasan] [ 669.545759] [c5649d00] [c95d5538] kmalloc_tests_init+0x40/0x2d0 [test_kasan]
[  669.545949] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  669.546163] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  669.546366] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  669.546570] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  669.546764] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  669.546929] --- interrupt: c01 at 0xfd6b914
[  669.546929]     LR = 0x1001364c
[  669.546976]
[  669.548281] Allocated by task 340:
[  669.551713]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  669.551963]  kmalloc_oob_in_memset+0x44/0x90 [test_kasan]
[  669.552199]  kmalloc_tests_init+0x40/0x2d0 [test_kasan]
[  669.552346]  do_one_initcall+0x40/0x278
[  669.552515]  do_init_module+0xcc/0x59c
[  669.552672]  load_module+0x2bc4/0x320c
[  669.552831]  sys_init_module+0x114/0x138
[  669.552976]  ret_from_syscall+0x0/0x38
[  669.553023]
[  669.554300] Freed by task 131:
[  669.557387]  __kasan_slab_free+0x120/0x22c
[  669.557508]  kfree+0x74/0x270
[  669.557682]  pskb_expand_head+0x2b0/0x434
[  669.557843]  netlink_trim+0xfc/0x114
[  669.558009]  netlink_broadcast_filtered+0x48/0x530
[  669.558169]  nlmsg_notify+0x7c/0x128
[  669.558330]  fib6_add+0xd44/0x11d4
[  669.558461]  __ip6_ins_rt+0x5c/0x88
[  669.558598]  ip6_ins_rt+0x34/0x44
[  669.558777]  __ipv6_ifa_notify+0x388/0x38c
[  669.558945]  ipv6_ifa_notify+0x68/0x88
[  669.559076]  addrconf_dad_completed+0x54/0x49c
[  669.559201]  addrconf_dad_work+0x558/0x84c
[  669.559369]  process_one_work+0x408/0x78c
[  669.559524]  worker_thread+0xb4/0x83c
[  669.559657]  kthread+0x144/0x184
[  669.559811]  ret_from_kernel_thread+0x14/0x1c
[  669.559858]
[  669.561223] The buggy address belongs to the object at c5881b00
[  669.561223]  which belongs to the cache kmalloc-1k of size 1024
[  669.572943] The buggy address is located 0 bytes inside of
[  669.572943]  1024-byte region [c5881b00, c5881f00)
[  669.583031] The buggy address belongs to the page:
[  669.587818] page:c7fdc400 count:1 mapcount:0 mapping:c5007740 index:0x0
[  669.587929] flags: 0x200(slab)
[ 669.588156] raw: 00000200 00000100 00000200 c5007740 00000000 000e001d ffffffff 00000001
[  669.588225] page dumped because: kasan: bad access detected
[  669.588265]
[  669.589567] Memory state around the buggy address:
[  669.594374]  c5881c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  669.600828]  c5881d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  669.607282] >c5881d80: 00 00 00 02 fc fc fc fc fc fc fc fc fc fc fc fc
[  669.613671]                     ^
[  669.617005]  c5881e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  669.623462]  c5881e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 669.629852] ==================================================================
[  669.643287] kasan test: kmalloc_oob_memset_2 out-of-bounds in memset2
[ 669.643423] ================================================================== [ 669.650641] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x7c/0x94 [test_kasan]
[  669.658563] Write of size 2 at addr c58eae07 by task exe/340
[  669.664085]
[ 669.665668] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  669.665718] Call Trace:
[ 669.665891] [c5649c50] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  669.666095] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  669.666267] [c5649cc0] [c0175700] memset+0x2c/0x4c
[ 669.666556] [c5649ce0] [c95d4a10] kmalloc_oob_memset_2+0x7c/0x94 [test_kasan] [ 669.666836] [c5649d00] [c95d553c] kmalloc_tests_init+0x44/0x2d0 [test_kasan]
[  669.667026] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  669.667239] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  669.667440] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  669.667643] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  669.667836] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  669.668002] --- interrupt: c01 at 0xfd6b914
[  669.668002]     LR = 0x1001364c
[  669.668046]
[  669.669366] Allocated by task 340:
[  669.672799]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  669.673048]  kmalloc_oob_memset_2+0x44/0x94 [test_kasan]
[  669.673283]  kmalloc_tests_init+0x44/0x2d0 [test_kasan]
[  669.673426]  do_one_initcall+0x40/0x278
[  669.673594]  do_init_module+0xcc/0x59c
[  669.673750]  load_module+0x2bc4/0x320c
[  669.673909]  sys_init_module+0x114/0x138
[  669.674051]  ret_from_syscall+0x0/0x38
[  669.674098]
[  669.675387] Freed by task 276:
[  669.678473]  __kasan_slab_free+0x120/0x22c
[  669.678594]  kfree+0x74/0x270
[  669.678724]  single_release+0x54/0x6c
[  669.678897]  close_pdeo+0x128/0x224
[  669.679064]  proc_reg_release+0x110/0x128
[  669.679197]  __fput+0xec/0x2d4
[  669.679320]  task_work_run+0x13c/0x15c
[  669.679487]  do_notify_resume+0x3d8/0x438
[  669.679636]  do_user_signal+0x2c/0x34
[  669.679682]
[  669.681018] The buggy address belongs to the object at c58eae00
[  669.681018]  which belongs to the cache kmalloc-16 of size 16
[  669.692565] The buggy address is located 7 bytes inside of
[  669.692565]  16-byte region [c58eae00, c58eae10)
[  669.702482] The buggy address belongs to the page:
[  669.707268] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  669.707380] flags: 0x200(slab)
[ 669.707607] raw: 00000200 00000100 00000200 c5007dc0 00000000 02000401 ffffffff 00000001
[  669.707674] page dumped because: kasan: bad access detected
[  669.707713]
[  669.709018] Memory state around the buggy address:
[  669.713825]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  669.720279]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  669.726734] >c58eae00: 00 fc fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  669.733120]               ^
[  669.735941]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
[  669.742397]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 669.748787] ==================================================================
[  670.056503] kasan test: kmalloc_oob_memset_4 out-of-bounds in memset4
[ 670.056640] ================================================================== [ 670.063818] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x7c/0x94 [test_kasan]
[  670.071743] Write of size 4 at addr c58eae25 by task exe/340
[  670.077263]
[ 670.078847] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  670.078898] Call Trace:
[ 670.079074] [c5649c50] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  670.079279] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  670.079452] [c5649cc0] [c0175700] memset+0x2c/0x4c
[ 670.079743] [c5649ce0] [c95d4aa4] kmalloc_oob_memset_4+0x7c/0x94 [test_kasan] [ 670.080025] [c5649d00] [c95d5540] kmalloc_tests_init+0x48/0x2d0 [test_kasan]
[  670.080216] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  670.080431] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  670.080635] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  670.080839] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  670.081034] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  670.081201] --- interrupt: c01 at 0xfd6b914
[  670.081201]     LR = 0x1001364c
[  670.081247]
[  670.082546] Allocated by task 340:
[  670.085978]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  670.086229]  kmalloc_oob_memset_4+0x44/0x94 [test_kasan]
[  670.086465]  kmalloc_tests_init+0x48/0x2d0 [test_kasan]
[  670.086611]  do_one_initcall+0x40/0x278
[  670.086782]  do_init_module+0xcc/0x59c
[  670.086941]  load_module+0x2bc4/0x320c
[  670.087101]  sys_init_module+0x114/0x138
[  670.087246]  ret_from_syscall+0x0/0x38
[  670.087293]
[  670.088563] Freed by task 276:
[  670.091652]  __kasan_slab_free+0x120/0x22c
[  670.091774]  kfree+0x74/0x270
[  670.091906]  single_release+0x54/0x6c
[  670.092080]  close_pdeo+0x128/0x224
[  670.092249]  proc_reg_release+0x110/0x128
[  670.092383]  __fput+0xec/0x2d4
[  670.092509]  task_work_run+0x13c/0x15c
[  670.092678]  do_notify_resume+0x3d8/0x438
[  670.092828]  do_user_signal+0x2c/0x34
[  670.092874]
[  670.094198] The buggy address belongs to the object at c58eae20
[  670.094198]  which belongs to the cache kmalloc-16 of size 16
[  670.105743] The buggy address is located 5 bytes inside of
[  670.105743]  16-byte region [c58eae20, c58eae30)
[  670.115660] The buggy address belongs to the page:
[  670.120447] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  670.120560] flags: 0x200(slab)
[ 670.120789] raw: 00000200 00000100 00000200 c5007dc0 00000000 02000401 ffffffff 00000001
[  670.120858] page dumped because: kasan: bad access detected
[  670.120899]
[  670.122198] Memory state around the buggy address:
[  670.127004]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.133458]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.139912] >c58eae00: fb fb fc fc 00 fc fc fc fb fb fc fc fb fb fc fc
[  670.146302]                           ^
[  670.150152]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
[  670.156608]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 670.162998] ==================================================================
[  670.176210] kasan test: kmalloc_oob_memset_8 out-of-bounds in memset8
[ 670.176342] ================================================================== [ 670.183528] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x7c/0x94 [test_kasan]
[  670.191450] Write of size 8 at addr c58eae41 by task exe/340
[  670.196972]
[ 670.198555] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  670.198605] Call Trace:
[ 670.198779] [c5649c50] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  670.198982] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  670.199153] [c5649cc0] [c0175700] memset+0x2c/0x4c
[ 670.199443] [c5649ce0] [c95d4b38] kmalloc_oob_memset_8+0x7c/0x94 [test_kasan] [ 670.199722] [c5649d00] [c95d5544] kmalloc_tests_init+0x4c/0x2d0 [test_kasan]
[  670.199912] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  670.200125] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  670.200327] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  670.200530] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  670.200723] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  670.200887] --- interrupt: c01 at 0xfd6b914
[  670.200887]     LR = 0x1001364c
[  670.200931]
[  670.202255] Allocated by task 340:
[  670.205686]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  670.205934]  kmalloc_oob_memset_8+0x44/0x94 [test_kasan]
[  670.206168]  kmalloc_tests_init+0x4c/0x2d0 [test_kasan]
[  670.206312]  do_one_initcall+0x40/0x278
[  670.206480]  do_init_module+0xcc/0x59c
[  670.206637]  load_module+0x2bc4/0x320c
[  670.206794]  sys_init_module+0x114/0x138
[  670.206937]  ret_from_syscall+0x0/0x38
[  670.206983]
[  670.208274] Freed by task 276:
[  670.211360]  __kasan_slab_free+0x120/0x22c
[  670.211479]  kfree+0x74/0x270
[  670.211611]  single_release+0x54/0x6c
[  670.211782]  close_pdeo+0x128/0x224
[  670.211947]  proc_reg_release+0x110/0x128
[  670.212079]  __fput+0xec/0x2d4
[  670.212202]  task_work_run+0x13c/0x15c
[  670.212368]  do_notify_resume+0x3d8/0x438
[  670.212515]  do_user_signal+0x2c/0x34
[  670.212561]
[  670.213904] The buggy address belongs to the object at c58eae40
[  670.213904]  which belongs to the cache kmalloc-16 of size 16
[  670.225452] The buggy address is located 1 bytes inside of
[  670.225452]  16-byte region [c58eae40, c58eae50)
[  670.235368] The buggy address belongs to the page:
[  670.240155] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  670.240265] flags: 0x200(slab)
[ 670.240493] raw: 00000200 00000100 00000200 c5007dc0 00000000 02000401 ffffffff 00000001
[  670.240560] page dumped because: kasan: bad access detected
[  670.240599]
[  670.241906] Memory state around the buggy address:
[  670.246712]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.253167]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.259621] >c58eae00: fb fb fc fc fb fb fc fc 00 fc fc fc fb fb fc fc
[  670.266014]                                       ^
[  670.270894]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
[  670.277349]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 670.283740] ==================================================================
[  670.574861] kasan test: kmalloc_oob_memset_16 out-of-bounds in memset16
[ 670.574999] ================================================================== [ 670.582162] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x7c/0x94 [test_kasan]
[  670.590260] Write of size 16 at addr c58eae81 by task exe/340
[  670.595865]
[ 670.597448] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  670.597499] Call Trace:
[ 670.597674] [c5649c50] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  670.597880] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  670.598053] [c5649cc0] [c0175700] memset+0x2c/0x4c
[ 670.598344] [c5649ce0] [c95d4bcc] kmalloc_oob_memset_16+0x7c/0x94 [test_kasan] [ 670.598626] [c5649d00] [c95d5548] kmalloc_tests_init+0x50/0x2d0 [test_kasan]
[  670.598816] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  670.599031] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  670.599234] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  670.599439] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  670.599634] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  670.599801] --- interrupt: c01 at 0xfd6b914
[  670.599801]     LR = 0x1001364c
[  670.599847]
[  670.601148] Allocated by task 340:
[  670.604580]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  670.604834]  kmalloc_oob_memset_16+0x44/0x94 [test_kasan]
[  670.605070]  kmalloc_tests_init+0x50/0x2d0 [test_kasan]
[  670.605215]  do_one_initcall+0x40/0x278
[  670.605385]  do_init_module+0xcc/0x59c
[  670.605543]  load_module+0x2bc4/0x320c
[  670.605704]  sys_init_module+0x114/0x138
[  670.605851]  ret_from_syscall+0x0/0x38
[  670.605897]
[  670.607166] Freed by task 276:
[  670.610253]  __kasan_slab_free+0x120/0x22c
[  670.610374]  kfree+0x74/0x270
[  670.610506]  single_release+0x54/0x6c
[  670.610681]  close_pdeo+0x128/0x224
[  670.610849]  proc_reg_release+0x110/0x128
[  670.610983]  __fput+0xec/0x2d4
[  670.611107]  task_work_run+0x13c/0x15c
[  670.611275]  do_notify_resume+0x3d8/0x438
[  670.611424]  do_user_signal+0x2c/0x34
[  670.611471]
[  670.612798] The buggy address belongs to the object at c58eae80
[  670.612798]  which belongs to the cache kmalloc-16 of size 16
[  670.624345] The buggy address is located 1 bytes inside of
[  670.624345]  16-byte region [c58eae80, c58eae90)
[  670.634260] The buggy address belongs to the page:
[  670.639048] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  670.639158] flags: 0x200(slab)
[ 670.639387] raw: 00000200 00000100 00000200 c5007dc0 00000000 02000401 ffffffff 00000001
[  670.639457] page dumped because: kasan: bad access detected
[  670.639497]
[  670.640799] Memory state around the buggy address:
[  670.645604]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.652058]  c58eae00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.658513] >c58eae80: 00 00 fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
[  670.664901]                  ^
[  670.667978]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.674434]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 670.680825] ==================================================================
[  670.693766] kasan test: kmalloc_uaf use-after-free
[ 670.693923] ================================================================== [ 670.701091] BUG: KASAN: use-after-free in kmalloc_uaf+0x78/0x94 [test_kasan]
[  670.707899] Write of size 1 at addr c58eaea8 by task exe/340
[  670.713422]
[ 670.715004] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  670.715055] Call Trace:
[ 670.715229] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  670.715433] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  670.715719] [c5649ce0] [c95d450c] kmalloc_uaf+0x78/0x94 [test_kasan]
[ 670.715997] [c5649d00] [c95d554c] kmalloc_tests_init+0x54/0x2d0 [test_kasan]
[  670.716187] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  670.716400] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  670.716601] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  670.716804] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  670.716998] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  670.717164] --- interrupt: c01 at 0xfd6b914
[  670.717164]     LR = 0x1001364c
[  670.717209]
[  670.718531] Allocated by task 340:
[  670.721965]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  670.722210]  kmalloc_uaf+0x44/0x94 [test_kasan]
[  670.722446]  kmalloc_tests_init+0x54/0x2d0 [test_kasan]
[  670.722588]  do_one_initcall+0x40/0x278
[  670.722756]  do_init_module+0xcc/0x59c
[  670.722912]  load_module+0x2bc4/0x320c
[  670.723069]  sys_init_module+0x114/0x138
[  670.723213]  ret_from_syscall+0x0/0x38
[  670.723260]
[  670.724550] Freed by task 340:
[  670.727635]  __kasan_slab_free+0x120/0x22c
[  670.727754]  kfree+0x74/0x270
[  670.727998]  kmalloc_uaf+0x70/0x94 [test_kasan]
[  670.728233]  kmalloc_tests_init+0x54/0x2d0 [test_kasan]
[  670.728375]  do_one_initcall+0x40/0x278
[  670.728543]  do_init_module+0xcc/0x59c
[  670.728698]  load_module+0x2bc4/0x320c
[  670.728855]  sys_init_module+0x114/0x138
[  670.728998]  ret_from_syscall+0x0/0x38
[  670.729044]
[  670.730356] The buggy address belongs to the object at c58eaea0
[  670.730356]  which belongs to the cache kmalloc-16 of size 16
[  670.741901] The buggy address is located 8 bytes inside of
[  670.741901]  16-byte region [c58eaea0, c58eaeb0)
[  670.751818] The buggy address belongs to the page:
[  670.756605] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  670.756716] flags: 0x200(slab)
[ 670.756944] raw: 00000200 00000100 00000200 c5007dc0 00000000 02000401 ffffffff 00000001
[  670.757012] page dumped because: kasan: bad access detected
[  670.757052]
[  670.758354] Memory state around the buggy address:
[  670.763163]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.769616]  c58eae00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.776070] >c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
[  670.782461]                           ^
[  670.786311]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.792765]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 670.799157] ==================================================================
[  671.084949] kasan test: kmalloc_uaf_memset use-after-free in memset
[ 671.085122] ================================================================== [ 671.092328] BUG: KASAN: use-after-free in kmalloc_tests_init+0x58/0x2d0 [test_kasan]
[  671.099824] Write of size 33 at addr c534b0c0 by task exe/340
[  671.105430]
[ 671.107012] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  671.107063] Call Trace:
[ 671.107238] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  671.107443] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  671.107616] [c5649ce0] [c0175700] memset+0x2c/0x4c
[ 671.107907] [c5649d00] [c95d5550] kmalloc_tests_init+0x58/0x2d0 [test_kasan]
[  671.108098] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  671.108314] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  671.108518] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  671.108724] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  671.108918] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  671.109085] --- interrupt: c01 at 0xfd6b914
[  671.109085]     LR = 0x1001364c
[  671.109132]
[  671.110452] Allocated by task 340:
[  671.113886]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  671.114137]  kmalloc_uaf_memset+0x44/0x90 [test_kasan]
[  671.114374]  kmalloc_tests_init+0x58/0x2d0 [test_kasan]
[  671.114520]  do_one_initcall+0x40/0x278
[  671.114689]  do_init_module+0xcc/0x59c
[  671.114846]  load_module+0x2bc4/0x320c
[  671.115005]  sys_init_module+0x114/0x138
[  671.115151]  ret_from_syscall+0x0/0x38
[  671.115198]
[  671.116472] Freed by task 340:
[  671.119559]  __kasan_slab_free+0x120/0x22c
[  671.119681]  kfree+0x74/0x270
[  671.119927]  kmalloc_uaf_memset+0x70/0x90 [test_kasan]
[  671.120167]  kmalloc_tests_init+0x58/0x2d0 [test_kasan]
[  671.120312]  do_one_initcall+0x40/0x278
[  671.120481]  do_init_module+0xcc/0x59c
[  671.120640]  load_module+0x2bc4/0x320c
[  671.120801]  sys_init_module+0x114/0x138
[  671.120945]  ret_from_syscall+0x0/0x38
[  671.120992]
[  671.122276] The buggy address belongs to the object at c534b0c0
[  671.122276]  which belongs to the cache kmalloc-64 of size 64
[  671.133824] The buggy address is located 0 bytes inside of
[  671.133824]  64-byte region [c534b0c0, c534b100)
[  671.143741] The buggy address belongs to the page:
[  671.148527] page:c7fd9a40 count:1 mapcount:0 mapping:c5007c20 index:0x0
[  671.148637] flags: 0x200(slab)
[ 671.148866] raw: 00000200 00000100 00000200 c5007c20 00000000 00aa0155 ffffffff 00000001
[  671.148935] page dumped because: kasan: bad access detected
[  671.148975]
[  671.150277] Memory state around the buggy address:
[  671.155084]  c534af80: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
[  671.161538]  c534b000: 00 00 00 00 00 00 fc fc fc fc fc fc fb fb fb fb
[  671.167993] >c534b080: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
[  671.174383]                                    ^
[  671.179007]  c534b100: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
[  671.185461]  c534b180: 00 00 00 00 04 fc fc fc fc fc fc fc fb fb fb fb
[ 671.191853] ==================================================================
[  671.204460] kasan test: kmalloc_uaf2 use-after-free after another kmalloc
[ 671.204676] ================================================================== [ 671.211859] BUG: KASAN: use-after-free in kmalloc_uaf2+0x9c/0xd4 [test_kasan]
[  671.218755] Write of size 1 at addr c534b088 by task exe/340
[  671.224277]
[ 671.225860] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  671.225910] Call Trace:
[ 671.226085] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  671.226288] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  671.226574] [c5649ce0] [c95d45c4] kmalloc_uaf2+0x9c/0xd4 [test_kasan]
[ 671.226854] [c5649d00] [c95d5554] kmalloc_tests_init+0x5c/0x2d0 [test_kasan]
[  671.227044] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  671.227257] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  671.227458] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  671.227659] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  671.227853] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  671.228018] --- interrupt: c01 at 0xfd6b914
[  671.228018]     LR = 0x1001364c
[  671.228063]
[  671.229387] Allocated by task 340:
[  671.232819]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  671.233065]  kmalloc_uaf2+0x48/0xd4 [test_kasan]
[  671.233299]  kmalloc_tests_init+0x5c/0x2d0 [test_kasan]
[  671.233442]  do_one_initcall+0x40/0x278
[  671.233609]  do_init_module+0xcc/0x59c
[  671.233765]  load_module+0x2bc4/0x320c
[  671.233922]  sys_init_module+0x114/0x138
[  671.234066]  ret_from_syscall+0x0/0x38
[  671.234111]
[  671.235407] Freed by task 340:
[  671.238491]  __kasan_slab_free+0x120/0x22c
[  671.238609]  kfree+0x74/0x270
[  671.238851]  kmalloc_uaf2+0x78/0xd4 [test_kasan]
[  671.239085]  kmalloc_tests_init+0x5c/0x2d0 [test_kasan]
[  671.239228]  do_one_initcall+0x40/0x278
[  671.239395]  do_init_module+0xcc/0x59c
[  671.239550]  load_module+0x2bc4/0x320c
[  671.239707]  sys_init_module+0x114/0x138
[  671.239850]  ret_from_syscall+0x0/0x38
[  671.239897]
[  671.241211] The buggy address belongs to the object at c534b060
[  671.241211]  which belongs to the cache kmalloc-64 of size 64
[  671.252758] The buggy address is located 40 bytes inside of
[  671.252758]  64-byte region [c534b060, c534b0a0)
[  671.262761] The buggy address belongs to the page:
[  671.267547] page:c7fd9a40 count:1 mapcount:0 mapping:c5007c20 index:0x0
[  671.267657] flags: 0x200(slab)
[ 671.267885] raw: 00000200 00000100 00000200 c5007c20 00000000 00aa0155 ffffffff 00000001
[  671.267953] page dumped because: kasan: bad access detected
[  671.267993]
[  671.269296] Memory state around the buggy address:
[  671.274104]  c534af80: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
[  671.280561]  c534b000: 00 00 00 00 00 00 fc fc fc fc fc fc fb fb fb fb
[  671.287012] >c534b080: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
[  671.293399]               ^
[  671.296220]  c534b100: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
[  671.302676]  c534b180: 00 00 00 00 04 fc fc fc fc fc fc fc fb fb fb fb
[ 671.309066] ==================================================================
[  671.597554] kasan test: kmem_cache_oob out-of-bounds in kmem_cache_alloc
[ 671.597819] ================================================================== [ 671.604991] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x9c/0xd0 [test_kasan]
[  671.612398] Read of size 1 at addr c5e180c8 by task exe/340
[  671.617834]
[ 671.619417] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  671.619469] Call Trace:
[ 671.619645] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  671.619848] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  671.620138] [c5649ce0] [c95d4d10] kmem_cache_oob+0x9c/0xd0 [test_kasan]
[ 671.620420] [c5649d00] [c95d5558] kmalloc_tests_init+0x60/0x2d0 [test_kasan]
[  671.620611] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  671.620826] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  671.621030] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  671.621234] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  671.621428] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  671.621596] --- interrupt: c01 at 0xfd6b914
[  671.621596]     LR = 0x1001364c
[  671.621642]
[  671.622944] Allocated by task 340:
[  671.626376]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  671.626504]  kmem_cache_alloc+0xf4/0x210
[  671.626752]  kmem_cache_oob+0x78/0xd0 [test_kasan]
[  671.626989]  kmalloc_tests_init+0x60/0x2d0 [test_kasan]
[  671.627135]  do_one_initcall+0x40/0x278
[  671.627305]  do_init_module+0xcc/0x59c
[  671.627463]  load_module+0x2bc4/0x320c
[  671.627623]  sys_init_module+0x114/0x138
[  671.627769]  ret_from_syscall+0x0/0x38
[  671.627816]
[  671.629132] Freed by task 0:
[  671.631954] (stack is not available)
[  671.635476]
[  671.637007] The buggy address belongs to the object at c5e18000
[  671.637007]  which belongs to the cache test_cache of size 200
[  671.648642] The buggy address is located 0 bytes to the right of
[  671.648642]  200-byte region [c5e18000, c5e180c8)
[  671.659156] The buggy address belongs to the page:
[  671.663942] page:c7fdf0c0 count:1 mapcount:0 mapping:c540a560 index:0x0
[  671.664054] flags: 0x200(slab)
[ 671.664283] raw: 00000200 00000100 00000200 c540a560 00000000 003e007d ffffffff 00000001
[  671.664353] page dumped because: kasan: bad access detected
[  671.664393]
[  671.665694] Memory state around the buggy address:
[  671.670501]  c5e17f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  671.676954]  c5e18000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  671.683409] >c5e18080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[  671.689802]                                       ^
[  671.694680]  c5e18100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  671.701137]  c5e18180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 671.707528] ================================================================== [ 671.758410] ============================================================================= [ 671.766368] BUG test_cache (Tainted: G B ): Objects remaining in test_cache on __kmem_cache_shutdown() [ 671.776719] -----------------------------------------------------------------------------
[  671.776719]
[ 671.786325] INFO: Slab 0x(ptrval) objects=62 used=1 fp=0x(ptrval) flags=0x0200 [ 671.793514] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  671.793563] Call Trace:
[  671.793752] [c5649bf0] [c016ebe0] slab_err+0x98/0xac (unreliable)
[  671.793956] [c5649c90] [c01748f4] __kmem_cache_shutdown+0x15c/0x338
[  671.794160] [c5649cf0] [c013c3b4] kmem_cache_destroy+0x68/0x114
[ 671.794463] [c5649d00] [c95d5558] kmalloc_tests_init+0x60/0x2d0 [test_kasan]
[  671.794656] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  671.794868] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  671.795071] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  671.795275] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  671.795468] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  671.795633] --- interrupt: c01 at 0xfd6b914
[  671.795633]     LR = 0x1001364c
[  671.795738] INFO: Object 0x(ptrval) @offset=0
[  671.909762] kmem_cache_destroy test_cache: Slab cache still has objects
[ 671.931546] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  671.931601] Call Trace:
[ 671.931790] [c5649cf0] [c013c45c] kmem_cache_destroy+0x110/0x114 (unreliable) [ 671.932116] [c5649d00] [c95d5558] kmalloc_tests_init+0x60/0x2d0 [test_kasan]
[  671.932310] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  671.932526] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  671.932730] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  671.932934] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  671.933130] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  671.933300] --- interrupt: c01 at 0xfd6b914
[  671.933300]     LR = 0x1001364c
[ 671.952750] kasan test: memcg_accounted_kmem_cache allocate memcg accounted object
[  672.556766] kasan test: kasan_stack_oob out-of-bounds on stack
[  672.556850] kasan test: kasan_global_oob out-of-bounds global variable
[ 672.556922] kasan test: kasan_alloca_oob_left out-of-bounds to left on alloca [ 672.556995] kasan test: kasan_alloca_oob_right out-of-bounds to right on alloca [ 672.557070] kasan test: ksize_unpoisons_memory ksize() unpoisons the whole allocated chunk [ 672.557200] ================================================================== [ 672.564395] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x8c/0xac [test_kasan]
[  672.572578] Write of size 1 at addr c539ab40 by task exe/340
[  672.578098]
[ 672.579682] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  672.579734] Call Trace:
[ 672.579909] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  672.580114] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[ 672.580406] [c5649ce0] [c95d5100] ksize_unpoisons_memory+0x8c/0xac [test_kasan] [ 672.580689] [c5649d00] [c95d5570] kmalloc_tests_init+0x78/0x2d0 [test_kasan]
[  672.580880] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  672.581096] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  672.581299] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  672.581503] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  672.581697] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  672.581864] --- interrupt: c01 at 0xfd6b914
[  672.581864]     LR = 0x1001364c
[  672.581910]
[  672.583208] Allocated by task 340:
[  672.586642]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  672.586892]  ksize_unpoisons_memory+0x44/0xac [test_kasan]
[  672.587129]  kmalloc_tests_init+0x78/0x2d0 [test_kasan]
[  672.587275]  do_one_initcall+0x40/0x278
[  672.587445]  do_init_module+0xcc/0x59c
[  672.587602]  load_module+0x2bc4/0x320c
[  672.587761]  sys_init_module+0x114/0x138
[  672.587906]  ret_from_syscall+0x0/0x38
[  672.587953]
[  672.589227] Freed by task 338:
[  672.592316]  __kasan_slab_free+0x120/0x22c
[  672.592437]  kfree+0x74/0x270
[  672.592602]  load_elf_binary+0xb0/0x162c
[  672.592782]  search_binary_handler+0x120/0x374
[  672.592950]  __do_execve_file+0x834/0xb20
[  672.593114]  sys_execve+0x40/0x54
[  672.593259]  ret_from_syscall+0x0/0x38
[  672.593307]
[  672.594603] The buggy address belongs to the object at c539aac0
[  672.594603]  which belongs to the cache kmalloc-128 of size 128
[  672.606324] The buggy address is located 0 bytes to the right of
[  672.606324]  128-byte region [c539aac0, c539ab40)
[  672.616840] The buggy address belongs to the page:
[  672.621625] page:c7fd9cc0 count:1 mapcount:0 mapping:c5007a80 index:0x0
[  672.621738] flags: 0x200(slab)
[ 672.621967] raw: 00000200 00000100 00000200 c5007a80 00000000 005500ab ffffffff 00000001
[  672.622038] page dumped because: kasan: bad access detected
[  672.622077]
[  672.623375] Memory state around the buggy address:
[  672.628183]  c539aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  672.634637]  c539aa80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  672.641090] >c539ab00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  672.647483]                                    ^
[  672.652106]  c539ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  672.658562]  c539ac00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 672.664951] ==================================================================
[  672.814421] kasan test: copy_user_test out-of-bounds in copy_from_user()
[ 672.814499] ==================================================================
[  672.821643] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x48/0xc4
[  672.828089] Write of size 11 at addr c58eb020 by task exe/340
[  672.833699]
[ 672.835280] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  672.835331] Call Trace:
[ 672.835504] [c5649c50] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  672.835708] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  672.835929] [c5649cc0] [c0307be0] _copy_from_user+0x48/0xc4
[  672.836230] [c5649ce0] [c95d51b4] copy_user_test+0x94/0x1bc [test_kasan]
[ 672.836512] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  672.836703] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  672.836917] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  672.837121] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  672.837326] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  672.837522] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  672.837687] --- interrupt: c01 at 0xfd6b914
[  672.837687]     LR = 0x1001364c
[  672.837733]
[  672.839067] Allocated by task 340:
[  672.842500]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  672.842749]  copy_user_test+0x28/0x1bc [test_kasan]
[  672.842985]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  672.843131]  do_one_initcall+0x40/0x278
[  672.843301]  do_init_module+0xcc/0x59c
[  672.843458]  load_module+0x2bc4/0x320c
[  672.843619]  sys_init_module+0x114/0x138
[  672.843764]  ret_from_syscall+0x0/0x38
[  672.843812]
[  672.845085] Freed by task 276:
[  672.848173]  __kasan_slab_free+0x120/0x22c
[  672.848295]  kfree+0x74/0x270
[  672.848427]  single_release+0x54/0x6c
[  672.848601]  close_pdeo+0x128/0x224
[  672.848768]  proc_reg_release+0x110/0x128
[  672.848903]  __fput+0xec/0x2d4
[  672.849028]  task_work_run+0x13c/0x15c
[  672.849197]  do_notify_resume+0x3d8/0x438
[  672.849346]  do_user_signal+0x2c/0x34
[  672.849393]
[  672.850719] The buggy address belongs to the object at c58eb020
[  672.850719]  which belongs to the cache kmalloc-16 of size 16
[  672.862264] The buggy address is located 0 bytes inside of
[  672.862264]  16-byte region [c58eb020, c58eb030)
[  672.872182] The buggy address belongs to the page:
[  672.876968] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  672.877079] flags: 0x200(slab)
[ 672.877309] raw: 00000200 00000100 00000200 c5007dc0 00000000 02000401 ffffffff 00000001
[  672.877377] page dumped because: kasan: bad access detected
[  672.877418]
[  672.878717] Memory state around the buggy address:
[  672.883527]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[  672.889979]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  672.896433] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
[  672.902824]                           ^
[  672.906673]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  672.913129]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 672.919520] ==================================================================
[  672.932289] kasan test: copy_user_test out-of-bounds in copy_to_user()
[ 672.932363] ==================================================================
[  672.939457] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x9c/0xbc
[  672.945733] Read of size 11 at addr c58eb020 by task exe/340
[  672.951255]
[ 672.952840] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  672.952890] Call Trace:
[ 672.953061] [c5649c50] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  672.953264] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  672.953480] [c5649cc0] [c0307cf8] _copy_to_user+0x9c/0xbc
[  672.953781] [c5649ce0] [c95d51d4] copy_user_test+0xb4/0x1bc [test_kasan]
[ 672.954060] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  672.954249] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  672.954461] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  672.954662] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  672.954866] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  672.955058] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  672.955224] --- interrupt: c01 at 0xfd6b914
[  672.955224]     LR = 0x1001364c
[  672.955269]
[  672.956538] Allocated by task 340:
[  672.959969]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  672.960219]  copy_user_test+0x28/0x1bc [test_kasan]
[  672.960454]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  672.960597]  do_one_initcall+0x40/0x278
[  672.960766]  do_init_module+0xcc/0x59c
[  672.960924]  load_module+0x2bc4/0x320c
[  672.961081]  sys_init_module+0x114/0x138
[  672.961226]  ret_from_syscall+0x0/0x38
[  672.961272]
[  672.962558] Freed by task 276:
[  672.965645]  __kasan_slab_free+0x120/0x22c
[  672.965764]  kfree+0x74/0x270
[  672.965896]  single_release+0x54/0x6c
[  672.966070]  close_pdeo+0x128/0x224
[  672.966236]  proc_reg_release+0x110/0x128
[  672.966369]  __fput+0xec/0x2d4
[  672.966493]  task_work_run+0x13c/0x15c
[  672.966660]  do_notify_resume+0x3d8/0x438
[  672.966809]  do_user_signal+0x2c/0x34
[  672.966855]
[  672.968190] The buggy address belongs to the object at c58eb020
[  672.968190]  which belongs to the cache kmalloc-16 of size 16
[  672.979735] The buggy address is located 0 bytes inside of
[  672.979735]  16-byte region [c58eb020, c58eb030)
[  672.989653] The buggy address belongs to the page:
[  672.994439] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  672.994550] flags: 0x200(slab)
[ 672.994778] raw: 00000200 00000100 00000200 c5007dc0 00000000 02000401 ffffffff 00000001
[  672.994845] page dumped because: kasan: bad access detected
[  672.994885]
[  672.996188] Memory state around the buggy address:
[  673.000996]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[  673.007450]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.013904] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
[  673.020295]                           ^
[  673.024144]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.030600]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 673.036990] ================================================================== [ 673.327457] kasan test: copy_user_test out-of-bounds in __copy_from_user() [ 673.327537] ================================================================== [ 673.334723] BUG: KASAN: slab-out-of-bounds in copy_user_test+0xd0/0x1bc [test_kasan]
[  673.342217] Write of size 11 at addr c58eb020 by task exe/340
[  673.347825]
[ 673.349408] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  673.349459] Call Trace:
[ 673.349637] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  673.349842] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  673.350130] [c5649ce0] [c95d51f0] copy_user_test+0xd0/0x1bc [test_kasan]
[ 673.350412] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  673.350605] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  673.350821] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  673.351025] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  673.351231] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  673.351426] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  673.351592] --- interrupt: c01 at 0xfd6b914
[  673.351592]     LR = 0x1001364c
[  673.351638]
[  673.352936] Allocated by task 340:
[  673.356367]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  673.356619]  copy_user_test+0x28/0x1bc [test_kasan]
[  673.356855]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  673.357000]  do_one_initcall+0x40/0x278
[  673.357168]  do_init_module+0xcc/0x59c
[  673.357324]  load_module+0x2bc4/0x320c
[  673.357483]  sys_init_module+0x114/0x138
[  673.357626]  ret_from_syscall+0x0/0x38
[  673.357673]
[  673.358954] Freed by task 276:
[  673.362040]  __kasan_slab_free+0x120/0x22c
[  673.362161]  kfree+0x74/0x270
[  673.362293]  single_release+0x54/0x6c
[  673.362465]  close_pdeo+0x128/0x224
[  673.362632]  proc_reg_release+0x110/0x128
[  673.362764]  __fput+0xec/0x2d4
[  673.362888]  task_work_run+0x13c/0x15c
[  673.363057]  do_notify_resume+0x3d8/0x438
[  673.363208]  do_user_signal+0x2c/0x34
[  673.363256]
[  673.364587] The buggy address belongs to the object at c58eb020
[  673.364587]  which belongs to the cache kmalloc-16 of size 16
[  673.376132] The buggy address is located 0 bytes inside of
[  673.376132]  16-byte region [c58eb020, c58eb030)
[  673.386050] The buggy address belongs to the page:
[  673.390836] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  673.390947] flags: 0x200(slab)
[ 673.391175] raw: 00000200 00000100 00000200 c5007dc0 00000000 02000401 ffffffff 00000001
[  673.391245] page dumped because: kasan: bad access detected
[  673.391285]
[  673.392585] Memory state around the buggy address:
[  673.397393]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[  673.403847]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.410301] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
[  673.416691]                           ^
[  673.420541]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.426997]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 673.433387] ==================================================================
[  673.446960] kasan test: copy_user_test out-of-bounds in __copy_to_user()
[ 673.447031] ================================================================== [ 673.454258] BUG: KASAN: slab-out-of-bounds in copy_user_test+0xfc/0x1bc [test_kasan]
[  673.461753] Read of size 11 at addr c58eb020 by task exe/340
[  673.467275]
[ 673.468858] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  673.468909] Call Trace:
[ 673.469084] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  673.469286] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  673.469573] [c5649ce0] [c95d521c] copy_user_test+0xfc/0x1bc [test_kasan]
[ 673.469851] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  673.470042] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  673.470256] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  673.470457] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  673.470660] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  673.470853] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  673.471019] --- interrupt: c01 at 0xfd6b914
[  673.471019]     LR = 0x1001364c
[  673.471064]
[  673.472385] Allocated by task 340:
[  673.475818]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  673.476065]  copy_user_test+0x28/0x1bc [test_kasan]
[  673.476301]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  673.476444]  do_one_initcall+0x40/0x278
[  673.476612]  do_init_module+0xcc/0x59c
[  673.476768]  load_module+0x2bc4/0x320c
[  673.476925]  sys_init_module+0x114/0x138
[  673.477067]  ret_from_syscall+0x0/0x38
[  673.477113]
[  673.478403] Freed by task 276:
[  673.481490]  __kasan_slab_free+0x120/0x22c
[  673.481610]  kfree+0x74/0x270
[  673.481740]  single_release+0x54/0x6c
[  673.481911]  close_pdeo+0x128/0x224
[  673.482077]  proc_reg_release+0x110/0x128
[  673.482209]  __fput+0xec/0x2d4
[  673.482331]  task_work_run+0x13c/0x15c
[  673.482500]  do_notify_resume+0x3d8/0x438
[  673.482648]  do_user_signal+0x2c/0x34
[  673.482694]
[  673.484036] The buggy address belongs to the object at c58eb020
[  673.484036]  which belongs to the cache kmalloc-16 of size 16
[  673.495583] The buggy address is located 0 bytes inside of
[  673.495583]  16-byte region [c58eb020, c58eb030)
[  673.505500] The buggy address belongs to the page:
[  673.510287] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  673.510396] flags: 0x200(slab)
[ 673.510622] raw: 00000200 00000100 00000200 c5007dc0 00000000 02000401 ffffffff 00000001
[  673.510690] page dumped because: kasan: bad access detected
[  673.510729]
[  673.512037] Memory state around the buggy address:
[  673.516842]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[  673.523297]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.529751] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
[  673.536142]                           ^
[  673.539991]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.546447]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 673.552838] ================================================================== [ 673.835827] kasan test: copy_user_test out-of-bounds in __copy_from_user_inatomic() [ 673.835905] ================================================================== [ 673.843082] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x128/0x1bc [test_kasan]
[  673.850662] Write of size 11 at addr c58eb020 by task exe/340
[  673.856272]
[ 673.857853] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  673.857905] Call Trace:
[ 673.858080] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  673.858285] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  673.858574] [c5649ce0] [c95d5248] copy_user_test+0x128/0x1bc [test_kasan]
[ 673.858855] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  673.859046] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  673.859261] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  673.859463] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  673.859668] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  673.859863] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  673.860029] --- interrupt: c01 at 0xfd6b914
[  673.860029]     LR = 0x1001364c
[  673.860075]
[  673.861380] Allocated by task 340:
[  673.864812]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  673.865062]  copy_user_test+0x28/0x1bc [test_kasan]
[  673.865299]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  673.865444]  do_one_initcall+0x40/0x278
[  673.865615]  do_init_module+0xcc/0x59c
[  673.865773]  load_module+0x2bc4/0x320c
[  673.865932]  sys_init_module+0x114/0x138
[  673.866077]  ret_from_syscall+0x0/0x38
[  673.866123]
[  673.867399] Freed by task 276:
[  673.870488]  __kasan_slab_free+0x120/0x22c
[  673.870609]  kfree+0x74/0x270
[  673.870741]  single_release+0x54/0x6c
[  673.870913]  close_pdeo+0x128/0x224
[  673.871080]  proc_reg_release+0x110/0x128
[  673.871213]  __fput+0xec/0x2d4
[  673.871337]  task_work_run+0x13c/0x15c
[  673.871506]  do_notify_resume+0x3d8/0x438
[  673.871655]  do_user_signal+0x2c/0x34
[  673.871702]
[  673.873032] The buggy address belongs to the object at c58eb020
[  673.873032]  which belongs to the cache kmalloc-16 of size 16
[  673.884578] The buggy address is located 0 bytes inside of
[  673.884578]  16-byte region [c58eb020, c58eb030)
[  673.894494] The buggy address belongs to the page:
[  673.899282] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  673.899395] flags: 0x200(slab)
[ 673.899625] raw: 00000200 00000100 00000200 c5007dc0 00000000 02000401 ffffffff 00000001
[  673.899694] page dumped because: kasan: bad access detected
[  673.899734]
[  673.901033] Memory state around the buggy address:
[  673.905838]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[  673.912293]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.918748] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
[  673.925136]                           ^
[  673.928987]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.935442]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 673.941833] ================================================================== [ 673.954463] kasan test: copy_user_test out-of-bounds in __copy_to_user_inatomic() [ 673.954535] ================================================================== [ 673.961759] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x154/0x1bc [test_kasan]
[  673.969339] Read of size 11 at addr c58eb020 by task exe/340
[  673.974860]
[ 673.976444] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  673.976494] Call Trace:
[ 673.976668] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  673.976870] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  673.977160] [c5649ce0] [c95d5274] copy_user_test+0x154/0x1bc [test_kasan]
[ 673.977439] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  673.977630] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  673.977843] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  673.978045] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  673.978249] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  673.978441] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  673.978607] --- interrupt: c01 at 0xfd6b914
[  673.978607]     LR = 0x1001364c
[  673.978651]
[  673.979971] Allocated by task 340:
[  673.983401]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  673.983650]  copy_user_test+0x28/0x1bc [test_kasan]
[  673.983885]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  673.984030]  do_one_initcall+0x40/0x278
[  673.984198]  do_init_module+0xcc/0x59c
[  673.984354]  load_module+0x2bc4/0x320c
[  673.984512]  sys_init_module+0x114/0x138
[  673.984655]  ret_from_syscall+0x0/0x38
[  673.984701]
[  673.985990] Freed by task 276:
[  673.989077]  __kasan_slab_free+0x120/0x22c
[  673.989197]  kfree+0x74/0x270
[  673.989327]  single_release+0x54/0x6c
[  673.989499]  close_pdeo+0x128/0x224
[  673.989664]  proc_reg_release+0x110/0x128
[  673.989796]  __fput+0xec/0x2d4
[  673.989918]  task_work_run+0x13c/0x15c
[  673.990086]  do_notify_resume+0x3d8/0x438
[  673.990235]  do_user_signal+0x2c/0x34
[  673.990281]
[  673.991622] The buggy address belongs to the object at c58eb020
[  673.991622]  which belongs to the cache kmalloc-16 of size 16
[  674.003168] The buggy address is located 0 bytes inside of
[  674.003168]  16-byte region [c58eb020, c58eb030)
[  674.013086] The buggy address belongs to the page:
[  674.017872] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  674.017982] flags: 0x200(slab)
[ 674.018210] raw: 00000200 00000100 00000200 c5007dc0 00000000 02000401 ffffffff 00000001
[  674.018277] page dumped because: kasan: bad access detected
[  674.018316]
[  674.019622] Memory state around the buggy address:
[  674.024429]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[  674.030883]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  674.037338] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
[  674.043727]                           ^
[  674.047578]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  674.054034]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 674.060424] ================================================================== [ 674.346609] kasan test: copy_user_test out-of-bounds in strncpy_from_user() [ 674.346689] ================================================================== [ 674.353778] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x48/0x240
[  674.360487] Write of size 11 at addr c58eb020 by task exe/340
[  674.366094]
[ 674.367678] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  674.367731] Call Trace:
[ 674.367904] [c5649c40] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  674.368108] [c5649c70] [c0176d34] kasan_report+0xe4/0x168
[  674.368323] [c5649cb0] [c03202f8] strncpy_from_user+0x48/0x240
[  674.368627] [c5649ce0] [c95d52a4] copy_user_test+0x184/0x1bc [test_kasan]
[ 674.368908] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  674.369100] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  674.369315] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  674.369518] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  674.369724] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  674.369919] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  674.370086] --- interrupt: c01 at 0xfd6b914
[  674.370086]     LR = 0x1001364c
[  674.370132]
[  674.371463] Allocated by task 340:
[  674.374894]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  674.375146]  copy_user_test+0x28/0x1bc [test_kasan]
[  674.375383]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  674.375527]  do_one_initcall+0x40/0x278
[  674.375697]  do_init_module+0xcc/0x59c
[  674.375854]  load_module+0x2bc4/0x320c
[  674.376015]  sys_init_module+0x114/0x138
[  674.376162]  ret_from_syscall+0x0/0x38
[  674.376209]
[  674.377481] Freed by task 276:
[  674.380568]  __kasan_slab_free+0x120/0x22c
[  674.380691]  kfree+0x74/0x270
[  674.380824]  single_release+0x54/0x6c
[  674.380998]  close_pdeo+0x128/0x224
[  674.381165]  proc_reg_release+0x110/0x128
[  674.381299]  __fput+0xec/0x2d4
[  674.381424]  task_work_run+0x13c/0x15c
[  674.381592]  do_notify_resume+0x3d8/0x438
[  674.381743]  do_user_signal+0x2c/0x34
[  674.381792]
[  674.383113] The buggy address belongs to the object at c58eb020
[  674.383113]  which belongs to the cache kmalloc-16 of size 16
[  674.394659] The buggy address is located 0 bytes inside of
[  674.394659]  16-byte region [c58eb020, c58eb030)
[  674.404577] The buggy address belongs to the page:
[  674.409363] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  674.409474] flags: 0x200(slab)
[ 674.409703] raw: 00000200 00000100 00000200 c5007dc0 00000000 02000401 ffffffff 00000001
[  674.409772] page dumped because: kasan: bad access detected
[  674.409812]
[  674.411112] Memory state around the buggy address:
[  674.415920]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[  674.422374]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  674.428827] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
[  674.435218]                           ^
[  674.439067]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  674.445524]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 674.451914] ==================================================================
[  674.466513] kasan test: use_after_scope_test use-after-scope on int
[  674.466592] kasan test: use_after_scope_test use-after-scope on array
[  674.470775] kasan test: kmem_cache_double_free double-free on heap object
[ 674.471059] ================================================================== [ 674.478286] BUG: KASAN: double-free or invalid-free in kmem_cache_double_free+0xac/0xc4 [test_kasan]
[  674.487095]
[ 674.488679] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  674.488730] Call Trace:
[ 674.488906] [c5649b30] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  674.489118] [c5649b60] [c0176c24] kasan_report_invalid_free+0x48/0x74
[  674.489296] [c5649b90] [c0175620] __kasan_slab_free+0x198/0x22c
[  674.489467] [c5649cc0] [c0173838] kmem_cache_free+0x64/0x228
[ 674.489754] [c5649ce0] [c95d4df0] kmem_cache_double_free+0xac/0xc4 [test_kasan] [ 674.490029] [c5649d00] [c95d557c] kmalloc_tests_init+0x84/0x2d0 [test_kasan]
[  674.490219] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  674.490432] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  674.490633] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  674.490837] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  674.491031] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  674.491194] --- interrupt: c01 at 0xfd6b914
[  674.491194]     LR = 0x1001364c
[  674.491239]
[  674.492547] Allocated by task 340:
[  674.495981]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  674.496108]  kmem_cache_alloc+0xf4/0x210
[  674.496355]  kmem_cache_double_free+0x78/0xc4 [test_kasan]
[  674.496584]  kmalloc_tests_init+0x84/0x2d0 [test_kasan]
[  674.496727]  do_one_initcall+0x40/0x278
[  674.496893]  do_init_module+0xcc/0x59c
[  674.497050]  load_module+0x2bc4/0x320c
[  674.497208]  sys_init_module+0x114/0x138
[  674.497354]  ret_from_syscall+0x0/0x38
[  674.497400]
[  674.498652] Freed by task 340:
[  674.501739]  __kasan_slab_free+0x120/0x22c
[  674.501866]  kmem_cache_free+0x64/0x228
[  674.502112]  kmem_cache_double_free+0xa0/0xc4 [test_kasan]
[  674.502340]  kmalloc_tests_init+0x84/0x2d0 [test_kasan]
[  674.502483]  do_one_initcall+0x40/0x278
[  674.502650]  do_init_module+0xcc/0x59c
[  674.502807]  load_module+0x2bc4/0x320c
[  674.502966]  sys_init_module+0x114/0x138
[  674.503112]  ret_from_syscall+0x0/0x38
[  674.503158]
[  674.504460] The buggy address belongs to the object at c5528000
[  674.504460]  which belongs to the cache test_cache of size 200
[  674.516091] The buggy address is located 0 bytes inside of
[  674.516091]  200-byte region [c5528000, c55280c8)
[  674.526092] The buggy address belongs to the page:
[  674.530877] page:c7fda940 count:1 mapcount:0 mapping:c540a700 index:0x0
[  674.530988] flags: 0x200(slab)
[ 674.531216] raw: 00000200 00000100 00000200 c540a700 00000000 003e007d ffffffff 00000001
[  674.531284] page dumped because: kasan: bad access detected
[  674.531323]
[  674.532630] Memory state around the buggy address:
[  674.537436]  c5527f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  674.543890]  c5527f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  674.550345] >c5528000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  674.556731]            ^
[  674.559293]  c5528080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[  674.565750]  c5528100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 674.572138] ================================================================== [ 674.880790] kasan test: kmem_cache_invalid_free invalid-free of heap object [ 674.881044] ================================================================== [ 674.888197] BUG: KASAN: double-free or invalid-free in kmem_cache_invalid_free+0xa0/0xc4 [test_kasan]
[  674.897089]
[ 674.898670] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  674.898722] Call Trace:
[ 674.898899] [c5649b30] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  674.899113] [c5649b60] [c0176c24] kasan_report_invalid_free+0x48/0x74
[  674.899293] [c5649b90] [c0175620] __kasan_slab_free+0x198/0x22c
[  674.899467] [c5649cc0] [c0173838] kmem_cache_free+0x64/0x228
[ 674.899756] [c5649ce0] [c95d4ea8] kmem_cache_invalid_free+0xa0/0xc4 [test_kasan] [ 674.900031] [c5649d00] [c95d5580] kmalloc_tests_init+0x88/0x2d0 [test_kasan]
[  674.900222] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  674.900437] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  674.900639] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  674.900845] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  674.901040] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  674.901206] --- interrupt: c01 at 0xfd6b914
[  674.901206]     LR = 0x1001364c
[  674.901251]
[  674.902542] Allocated by task 340:
[  674.905975]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  674.906103]  kmem_cache_alloc+0xf4/0x210
[  674.906351]  kmem_cache_invalid_free+0x78/0xc4 [test_kasan]
[  674.906584]  kmalloc_tests_init+0x88/0x2d0 [test_kasan]
[  674.906730]  do_one_initcall+0x40/0x278
[  674.906899]  do_init_module+0xcc/0x59c
[  674.907056]  load_module+0x2bc4/0x320c
[  674.907217]  sys_init_module+0x114/0x138
[  674.907364]  ret_from_syscall+0x0/0x38
[  674.907411]
[  674.908731] Freed by task 0:
[  674.911551] (stack is not available)
[  674.915074]
[  674.916605] The buggy address belongs to the object at c5528000
[  674.916605]  which belongs to the cache test_cache of size 200
[  674.928237] The buggy address is located 1 bytes inside of
[  674.928237]  200-byte region [c5528000, c55280c8)
[  674.938237] The buggy address belongs to the page:
[  674.943024] page:c7fda940 count:1 mapcount:0 mapping:c540a7d0 index:0x0
[  674.943136] flags: 0x200(slab)
[ 674.943365] raw: 00000200 00000100 00000200 c540a7d0 00000000 003e007d ffffffff 00000001
[  674.943434] page dumped because: kasan: bad access detected
[  674.943475]
[  674.944775] Memory state around the buggy address:
[  674.949581]  c5527f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  674.956036]  c5527f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  674.962491] >c5528000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  674.968876]            ^
[  674.971438]  c5528080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[  674.977895]  c5528100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 674.984285] ==================================================================
[  675.126818] kasan test: kasan_memchr out-of-bounds in memchr
[  675.126994] kasan test: kasan_memcmp out-of-bounds in memcmp
[  675.127158] kasan test: kasan_strings use-after-free in strchr
[ 675.127309] ==================================================================
[  675.134382] BUG: KASAN: use-after-free in strchr+0x1c/0x80
[  675.139762] Read of size 1 at addr c53e8e20 by task exe/340
[  675.145200]
[ 675.146784] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  675.146836] Call Trace:
[ 675.147010] [c5649c50] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  675.147215] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  675.147385] [c5649cc0] [c072ec4c] strchr+0x1c/0x80
[  675.147684] [c5649ce0] [c95d5440] kasan_strings+0x60/0x118 [test_kasan]
[ 675.147966] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.148157] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  675.148372] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  675.148577] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  675.148781] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  675.148976] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  675.149143] --- interrupt: c01 at 0xfd6b914
[  675.149143]     LR = 0x1001364c
[  675.149189]
[  675.150483] Allocated by task 340:
[  675.153915]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  675.154163]  kasan_strings+0x44/0x118 [test_kasan]
[  675.154400]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.154545]  do_one_initcall+0x40/0x278
[  675.154714]  do_init_module+0xcc/0x59c
[  675.154872]  load_module+0x2bc4/0x320c
[  675.155033]  sys_init_module+0x114/0x138
[  675.155179]  ret_from_syscall+0x0/0x38
[  675.155225]
[  675.156501] Freed by task 340:
[  675.159587]  __kasan_slab_free+0x120/0x22c
[  675.159709]  kfree+0x74/0x270
[  675.159954]  kasan_strings+0x54/0x118 [test_kasan]
[  675.160191]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.160337]  do_one_initcall+0x40/0x278
[  675.160508]  do_init_module+0xcc/0x59c
[  675.160667]  load_module+0x2bc4/0x320c
[  675.160828]  sys_init_module+0x114/0x138
[  675.160973]  ret_from_syscall+0x0/0x38
[  675.161019]
[  675.162306] The buggy address belongs to the object at c53e8e10
[  675.162306]  which belongs to the cache kmalloc-32 of size 32
[  675.173853] The buggy address is located 16 bytes inside of
[  675.173853]  32-byte region [c53e8e10, c53e8e30)
[  675.183856] The buggy address belongs to the page:
[  675.188642] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
[  675.188753] flags: 0x200(slab)
[ 675.188982] raw: 00000200 00000100 00000200 c5007cf0 00000000 015502ab ffffffff 00000001
[  675.189051] page dumped because: kasan: bad access detected
[  675.189091]
[  675.190392] Memory state around the buggy address:
[  675.195199]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
[  675.201653]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
[  675.208108] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
[  675.214497]                        ^
[  675.218089]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
[  675.224544]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
[ 675.230935] ==================================================================
[  675.383353] kasan test: kasan_strings use-after-free in strrchr
[ 675.383430] ==================================================================
[  675.390498] BUG: KASAN: use-after-free in strrchr+0x30/0x64
[  675.395964] Read of size 1 at addr c53e8e20 by task exe/340
[  675.401403]
[ 675.402986] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  675.403038] Call Trace:
[ 675.403212] [c5649c50] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  675.403415] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  675.403587] [c5649cc0] [c072ed48] strrchr+0x30/0x64
[  675.403888] [c5649ce0] [c95d545c] kasan_strings+0x7c/0x118 [test_kasan]
[ 675.404170] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.404362] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  675.404576] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  675.404779] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  675.404983] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  675.405177] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  675.405344] --- interrupt: c01 at 0xfd6b914
[  675.405344]     LR = 0x1001364c
[  675.405390]
[  675.406684] Allocated by task 340:
[  675.410118]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  675.410366]  kasan_strings+0x44/0x118 [test_kasan]
[  675.410603]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.410750]  do_one_initcall+0x40/0x278
[  675.410919]  do_init_module+0xcc/0x59c
[  675.411078]  load_module+0x2bc4/0x320c
[  675.411238]  sys_init_module+0x114/0x138
[  675.411384]  ret_from_syscall+0x0/0x38
[  675.411430]
[  675.412704] Freed by task 340:
[  675.415789]  __kasan_slab_free+0x120/0x22c
[  675.415910]  kfree+0x74/0x270
[  675.416155]  kasan_strings+0x54/0x118 [test_kasan]
[  675.416391]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.416537]  do_one_initcall+0x40/0x278
[  675.416706]  do_init_module+0xcc/0x59c
[  675.416865]  load_module+0x2bc4/0x320c
[  675.417024]  sys_init_module+0x114/0x138
[  675.417169]  ret_from_syscall+0x0/0x38
[  675.417215]
[  675.418509] The buggy address belongs to the object at c53e8e10
[  675.418509]  which belongs to the cache kmalloc-32 of size 32
[  675.430055] The buggy address is located 16 bytes inside of
[  675.430055]  32-byte region [c53e8e10, c53e8e30)
[  675.440057] The buggy address belongs to the page:
[  675.444844] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
[  675.444955] flags: 0x200(slab)
[ 675.445184] raw: 00000200 00000100 00000200 c5007cf0 00000000 015502ab ffffffff 00000001
[  675.445253] page dumped because: kasan: bad access detected
[  675.445293]
[  675.446595] Memory state around the buggy address:
[  675.451401]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
[  675.457856]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
[  675.464310] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
[  675.470698]                        ^
[  675.474291]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
[  675.480747]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
[ 675.487138] ==================================================================
[  675.500419] kasan test: kasan_strings use-after-free in strcmp
[ 675.500491] ==================================================================
[  675.507536] BUG: KASAN: use-after-free in strcmp+0x30/0x90
[  675.512918] Read of size 1 at addr c53e8e20 by task exe/340
[  675.518358]
[ 675.519942] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  675.519994] Call Trace:
[ 675.520167] [c5649c50] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  675.520369] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  675.520536] [c5649cc0] [c072ebd0] strcmp+0x30/0x90
[  675.520833] [c5649ce0] [c95d5480] kasan_strings+0xa0/0x118 [test_kasan]
[ 675.521113] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.521303] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  675.521514] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  675.521716] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  675.521919] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  675.522111] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  675.522275] --- interrupt: c01 at 0xfd6b914
[  675.522275]     LR = 0x1001364c
[  675.522320]
[  675.523640] Allocated by task 340:
[  675.527073]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  675.527321]  kasan_strings+0x44/0x118 [test_kasan]
[  675.527556]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.527699]  do_one_initcall+0x40/0x278
[  675.527867]  do_init_module+0xcc/0x59c
[  675.528024]  load_module+0x2bc4/0x320c
[  675.528182]  sys_init_module+0x114/0x138
[  675.528327]  ret_from_syscall+0x0/0x38
[  675.528373]
[  675.529658] Freed by task 340:
[  675.532745]  __kasan_slab_free+0x120/0x22c
[  675.532865]  kfree+0x74/0x270
[  675.533109]  kasan_strings+0x54/0x118 [test_kasan]
[  675.533343]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.533486]  do_one_initcall+0x40/0x278
[  675.533654]  do_init_module+0xcc/0x59c
[  675.533810]  load_module+0x2bc4/0x320c
[  675.533967]  sys_init_module+0x114/0x138
[  675.534112]  ret_from_syscall+0x0/0x38
[  675.534157]
[  675.535463] The buggy address belongs to the object at c53e8e10
[  675.535463]  which belongs to the cache kmalloc-32 of size 32
[  675.547010] The buggy address is located 16 bytes inside of
[  675.547010]  32-byte region [c53e8e10, c53e8e30)
[  675.557012] The buggy address belongs to the page:
[  675.561799] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
[  675.561909] flags: 0x200(slab)
[ 675.562137] raw: 00000200 00000100 00000200 c5007cf0 00000000 015502ab ffffffff 00000001
[  675.562204] page dumped because: kasan: bad access detected
[  675.562243]
[  675.563549] Memory state around the buggy address:
[  675.568356]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
[  675.574809]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
[  675.581265] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
[  675.587653]                        ^
[  675.591247]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
[  675.597702]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
[ 675.604091] ==================================================================
[  675.894391] kasan test: kasan_strings use-after-free in strncmp
[  675.894468] kasan test: kasan_strings use-after-free in strlen
[  675.894536] kasan test: kasan_strings use-after-free in strnlen
[ 675.894600] ==================================================================
[  675.901698] BUG: KASAN: use-after-free in strnlen+0x24/0x88
[  675.907165] Read of size 1 at addr c53e8e20 by task exe/340
[  675.912603]
[ 675.914186] CPU: 0 PID: 340 Comm: exe Tainted: G B 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  675.914237] Call Trace:
[ 675.914412] [c5649c70] [c0176998] print_address_description+0x6c/0x2b0 (unreliable)
[  675.914617] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  675.914788] [c5649ce0] [c072eeb4] strnlen+0x24/0x88
[ 675.915091] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.915283] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  675.915497] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  675.915700] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  675.915904] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  675.916099] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  675.916267] --- interrupt: c01 at 0xfd6b914
[  675.916267]     LR = 0x1001364c
[  675.916312]
[  675.917626] Allocated by task 340:
[  675.921059]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  675.921309]  kasan_strings+0x44/0x118 [test_kasan]
[  675.921546]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.921690]  do_one_initcall+0x40/0x278
[  675.921858]  do_init_module+0xcc/0x59c
[  675.922016]  load_module+0x2bc4/0x320c
[  675.922174]  sys_init_module+0x114/0x138
[  675.922318]  ret_from_syscall+0x0/0x38
[  675.922365]
[  675.923645] Freed by task 340:
[  675.926731]  __kasan_slab_free+0x120/0x22c
[  675.926851]  kfree+0x74/0x270
[  675.927097]  kasan_strings+0x54/0x118 [test_kasan]
[  675.927334]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.927479]  do_one_initcall+0x40/0x278
[  675.927647]  do_init_module+0xcc/0x59c
[  675.927804]  load_module+0x2bc4/0x320c
[  675.927962]  sys_init_module+0x114/0x138
[  675.928107]  ret_from_syscall+0x0/0x38
[  675.928154]
[  675.929450] The buggy address belongs to the object at c53e8e10
[  675.929450]  which belongs to the cache kmalloc-32 of size 32
[  675.940997] The buggy address is located 16 bytes inside of
[  675.940997]  32-byte region [c53e8e10, c53e8e30)
[  675.950999] The buggy address belongs to the page:
[  675.955786] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
[  675.955897] flags: 0x200(slab)
[ 675.956127] raw: 00000200 00000100 00000200 c5007cf0 00000000 015502ab ffffffff 00000001
[  675.956196] page dumped because: kasan: bad access detected
[  675.956236]
[  675.957536] Memory state around the buggy address:
[  675.962343]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
[  675.968796]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
[  675.975251] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
[  675.981640]                        ^
[  675.985233]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
[  675.991688]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
[ 675.998080] ==================================================================
[  721.624809] random: crng init done





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux