# insmod test_kasan.ko [ 90.732418] kasan test: kmalloc_oob_right out-of-bounds to right [ 90.739598] ================================================================== [ 90.747735] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x54/0x6c [test_kasan] [ 90.756194] Write of size 1 at addr cb32df7b by task insmod/1456 [ 90.762532] [ 90.764350] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 90.774742] Hardware name: Broadcom STB (Flattened Device Tree) [ 90.781235] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 90.789608] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 90.797493] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 90.806809] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 90.816763] [] (kasan_report) from [] (kmalloc_oob_right+0x54/0x6c [test_kasan]) [ 90.827327] [] (kmalloc_oob_right [test_kasan]) from [] (kmalloc_tests_init+0x10/0x270 [test_kasan]) [ 90.839327] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 90.849645] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 90.858458] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 90.867177] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 90.875827] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 90.884407] [ 90.886124] Allocated by task 1456: [ 90.890022] kmem_cache_alloc_trace+0xb4/0x170 [ 90.895194] kmalloc_oob_right+0x30/0x6c [test_kasan] [ 90.901002] kmalloc_tests_init+0x10/0x270 [test_kasan] [ 90.906625] do_one_initcall+0x60/0x1b0 [ 90.910831] do_init_module+0xd4/0x2cc [ 90.914949] load_module+0x3110/0x3af0 [ 90.919071] SyS_init_module+0x19c/0x1d4 [ 90.923385] ret_fast_syscall+0x0/0x50 [ 90.927396] [ 90.929103] Freed by task 0: [ 90.932240] (stack is not available) [ 90.936080] [ 90.937846] The buggy address belongs to the object at cb32df00 [ 90.937846] which belongs to the cache kmalloc-128 of size 128 [ 90.950387] The buggy address is located 123 bytes inside of [ 90.950387] 128-byte region [cb32df00, cb32df80) [ 90.961330] The buggy address belongs to the page: [ 90.966480] page:ee95e5a0 count:1 mapcount:0 mapping:cb32d000 index:0x0 [ 90.973499] flags: 0x100(slab) [ 90.977019] raw: 00000100 cb32d000 00000000 00000015 00000001 ee837f34 ee965014 d00000c0 [ 90.985610] page dumped because: kasan: bad access detected [ 90.991497] [ 90.993201] Memory state around the buggy address: [ 90.998387] cb32de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.005363] cb32de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.012342] >cb32df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 [ 91.019248] ^ [ 91.026142] cb32df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.033126] cb32e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 91.040032] ================================================================== [ 91.048462] kasan test: kmalloc_oob_left out-of-bounds to left [ 91.055542] ================================================================== [ 91.063691] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x54/0x74 [test_kasan] [ 91.072056] Read of size 1 at addr cb32c3ff by task insmod/1456 [ 91.078302] [ 91.080116] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 91.090505] Hardware name: Broadcom STB (Flattened Device Tree) [ 91.097004] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 91.105390] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 91.113278] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 91.122595] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 91.132521] [] (kasan_report) from [] (kmalloc_oob_left+0x54/0x74 [test_kasan]) [ 91.143025] [] (kmalloc_oob_left [test_kasan]) from [] (kmalloc_tests_init+0x14/0x270 [test_kasan]) [ 91.154958] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 91.165284] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 91.174106] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 91.182824] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 91.191495] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 91.200072] [ 91.201782] Allocated by task 0: [ 91.205273] (stack is not available) [ 91.209111] [ 91.210818] Freed by task 0: [ 91.213965] (stack is not available) [ 91.217804] [ 91.219577] The buggy address belongs to the object at cb32c380 [ 91.219577] which belongs to the cache kmalloc-64 of size 64 [ 91.231940] The buggy address is located 63 bytes to the right of [ 91.231940] 64-byte region [cb32c380, cb32c3c0) [ 91.243258] The buggy address belongs to the page: [ 91.248411] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0 [ 91.255439] flags: 0x100(slab) [ 91.258968] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000 [ 91.267561] page dumped because: kasan: bad access detected [ 91.273450] [ 91.275152] Memory state around the buggy address: [ 91.280338] cb32c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.287320] cb32c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.294302] >cb32c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.301207] ^ [ 91.308101] cb32c400: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.315083] cb32c480: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.321995] ================================================================== [ 91.330451] kasan test: kmalloc_node_oob_right kmalloc_node(): out-of-bounds to right [ 91.339664] ================================================================== [ 91.347813] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x58/0x70 [test_kasan] [ 91.356716] Write of size 1 at addr cb38d200 by task insmod/1456 [ 91.363060] [ 91.364877] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 91.375280] Hardware name: Broadcom STB (Flattened Device Tree) [ 91.381764] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 91.390148] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 91.398040] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 91.407367] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 91.417314] [] (kasan_report) from [] (kmalloc_node_oob_right+0x58/0x70 [test_kasan]) [ 91.428358] [] (kmalloc_node_oob_right [test_kasan]) from [] (kmalloc_tests_init+0x18/0x270 [test_kasan]) [ 91.440820] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 91.451152] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 91.459969] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 91.468684] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 91.477343] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 91.485918] [ 91.487638] Allocated by task 1456: [ 91.491537] kmem_cache_alloc_trace+0xb4/0x170 [ 91.496720] kmalloc_node_oob_right+0x30/0x70 [test_kasan] [ 91.502987] kmalloc_tests_init+0x18/0x270 [test_kasan] [ 91.508614] do_one_initcall+0x60/0x1b0 [ 91.512828] do_init_module+0xd4/0x2cc [ 91.516964] load_module+0x3110/0x3af0 [ 91.521097] SyS_init_module+0x19c/0x1d4 [ 91.525425] ret_fast_syscall+0x0/0x50 [ 91.529435] [ 91.531141] Freed by task 0: [ 91.534268] (stack is not available) [ 91.538103] [ 91.539868] The buggy address belongs to the object at cb38c200 [ 91.539868] which belongs to the cache kmalloc-4096 of size 4096 [ 91.552587] The buggy address is located 0 bytes to the right of [ 91.552587] 4096-byte region [cb38c200, cb38d200) [ 91.563981] The buggy address belongs to the page: [ 91.569141] page:ee95f180 count:1 mapcount:0 mapping:cb38c200 index:0x0 compound_mapcount: 0 [ 91.578155] flags: 0x8100(slab|head) [ 91.582207] raw: 00008100 cb38c200 00000000 00000001 00000001 ee95f094 d000140c d0000540 [ 91.590792] page dumped because: kasan: bad access detected [ 91.596678] [ 91.598373] Memory state around the buggy address: [ 91.603551] cb38d100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 91.610518] cb38d180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 91.617485] >cb38d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.624360] ^ [ 91.627217] cb38d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.634196] cb38d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.641103] ================================================================== [ 91.649357] kasan test: kmalloc_large_oob_right kmalloc large allocation: out-of-bounds to right [ 91.686569] ================================================================== [ 91.694713] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x60/0x78 [test_kasan] [ 91.703685] Write of size 1 at addr cabfff00 by task insmod/1456 [ 91.710024] [ 91.711823] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 91.722227] Hardware name: Broadcom STB (Flattened Device Tree) [ 91.728695] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 91.737073] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 91.744957] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 91.754277] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 91.764205] [] (kasan_report) from [] (kmalloc_large_oob_right+0x60/0x78 [test_kasan]) [ 91.775315] [] (kmalloc_large_oob_right [test_kasan]) from [] (kmalloc_tests_init+0x1c/0x270 [test_kasan]) [ 91.787851] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 91.798174] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 91.806980] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 91.815681] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 91.824328] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 91.832894] [ 91.834662] The buggy address belongs to the object at ca800000 [ 91.834662] which belongs to the cache kmalloc-4194304 of size 4194304 [ 91.847908] The buggy address is located 4194048 bytes inside of [ 91.847908] 4194304-byte region [ca800000, cac00000) [ 91.859557] The buggy address belongs to the page: [ 91.864697] page:ee948000 count:1 mapcount:0 mapping:ca800000 index:0x0 compound_mapcount: 0 [ 91.873697] flags: 0x8100(slab|head) [ 91.877735] raw: 00008100 ca800000 00000000 00000001 00000001 d000190c d000190c d0000cc0 [ 91.886325] page dumped because: kasan: bad access detected [ 91.892207] [ 91.893912] Memory state around the buggy address: [ 91.899108] cabffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 91.906084] cabffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 91.913063] >cabfff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.919949] ^ [ 91.922804] cabfff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.929778] cac00000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 91.936676] ================================================================== [ 91.950255] kasan test: kmalloc_oob_krealloc_more out-of-bounds after krealloc more [ 91.959414] ================================================================== [ 91.967560] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_krealloc_more+0x78/0x90 [test_kasan] [ 91.976714] Write of size 1 at addr cb32c393 by task insmod/1456 [ 91.983052] [ 91.984852] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 91.995253] Hardware name: Broadcom STB (Flattened Device Tree) [ 92.001723] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 92.010095] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 92.017977] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 92.027295] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 92.037226] [] (kasan_report) from [] (kmalloc_oob_krealloc_more+0x78/0x90 [test_kasan]) [ 92.048509] [] (kmalloc_oob_krealloc_more [test_kasan]) from [] (kmalloc_tests_init+0x20/0x270 [test_kasan]) [ 92.061216] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 92.071531] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 92.080337] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 92.089050] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 92.097685] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 92.106254] [ 92.107973] Allocated by task 1456: [ 92.111809] krealloc+0x44/0xc8 [ 92.115649] kmalloc_oob_krealloc_more+0x44/0x90 [test_kasan] [ 92.122170] kmalloc_tests_init+0x20/0x270 [test_kasan] [ 92.127788] do_one_initcall+0x60/0x1b0 [ 92.132007] do_init_module+0xd4/0x2cc [ 92.136129] load_module+0x3110/0x3af0 [ 92.140246] SyS_init_module+0x19c/0x1d4 [ 92.144551] ret_fast_syscall+0x0/0x50 [ 92.148554] [ 92.150253] Freed by task 0: [ 92.153373] (stack is not available) [ 92.157198] [ 92.158965] The buggy address belongs to the object at cb32c380 [ 92.158965] which belongs to the cache kmalloc-64 of size 64 [ 92.171311] The buggy address is located 19 bytes inside of [ 92.171311] 64-byte region [cb32c380, cb32c3c0) [ 92.182073] The buggy address belongs to the page: [ 92.187218] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0 [ 92.194233] flags: 0x100(slab) [ 92.197736] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000 [ 92.206328] page dumped because: kasan: bad access detected [ 92.212210] [ 92.213917] Memory state around the buggy address: [ 92.219113] cb32c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.226092] cb32c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.233071] >cb32c380: 00 00 03 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.239961] ^ [ 92.243351] cb32c400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 92.250319] cb32c480: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.257218] ================================================================== [ 92.265303] kasan test: kmalloc_oob_krealloc_less out-of-bounds after krealloc less [ 92.274463] ================================================================== [ 92.282607] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_krealloc_less+0x78/0x90 [test_kasan] [ 92.291759] Write of size 1 at addr cb32c30f by task insmod/1456 [ 92.298099] [ 92.299905] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 92.310306] Hardware name: Broadcom STB (Flattened Device Tree) [ 92.316774] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 92.325148] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 92.333030] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 92.342351] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 92.352280] [] (kasan_report) from [] (kmalloc_oob_krealloc_less+0x78/0x90 [test_kasan]) [ 92.363564] [] (kmalloc_oob_krealloc_less [test_kasan]) from [] (kmalloc_tests_init+0x24/0x270 [test_kasan]) [ 92.376275] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 92.386583] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 92.395387] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 92.404104] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 92.412742] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 92.421308] [ 92.423024] Allocated by task 1456: [ 92.426863] krealloc+0x44/0xc8 [ 92.430706] kmalloc_oob_krealloc_less+0x44/0x90 [test_kasan] [ 92.437229] kmalloc_tests_init+0x24/0x270 [test_kasan] [ 92.442848] do_one_initcall+0x60/0x1b0 [ 92.447072] do_init_module+0xd4/0x2cc [ 92.451189] load_module+0x3110/0x3af0 [ 92.455303] SyS_init_module+0x19c/0x1d4 [ 92.459609] ret_fast_syscall+0x0/0x50 [ 92.463612] [ 92.465311] Freed by task 0: [ 92.468431] (stack is not available) [ 92.472256] [ 92.474025] The buggy address belongs to the object at cb32c300 [ 92.474025] which belongs to the cache kmalloc-64 of size 64 [ 92.486371] The buggy address is located 15 bytes inside of [ 92.486371] 64-byte region [cb32c300, cb32c340) [ 92.497131] The buggy address belongs to the page: [ 92.502272] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0 [ 92.509280] flags: 0x100(slab) [ 92.512782] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000 [ 92.521376] page dumped because: kasan: bad access detected [ 92.527257] [ 92.528968] Memory state around the buggy address: [ 92.534159] cb32c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.541139] cb32c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.548118] >cb32c300: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.555005] ^ [ 92.558136] cb32c380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 92.565114] cb32c400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 92.572017] ================================================================== [ 92.580279] kasan test: kmalloc_oob_16 kmalloc out-of-bounds for 16-bytes access [ 92.589445] ================================================================== [ 92.597580] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x78/0xa4 [test_kasan] [ 92.605751] Write of size 16 at addr cb32c280 by task insmod/1456 [ 92.612175] [ 92.613992] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 92.624380] Hardware name: Broadcom STB (Flattened Device Tree) [ 92.630852] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 92.639233] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 92.647117] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 92.656435] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 92.666355] [] (kasan_report) from [] (kmalloc_oob_16+0x78/0xa4 [test_kasan]) [ 92.676644] [] (kmalloc_oob_16 [test_kasan]) from [] (kmalloc_tests_init+0x28/0x270 [test_kasan]) [ 92.688369] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 92.698671] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 92.707478] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 92.716194] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 92.724832] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 92.733398] [ 92.735106] Allocated by task 1456: [ 92.739006] kmem_cache_alloc_trace+0xb4/0x170 [ 92.744178] kmalloc_oob_16+0x30/0xa4 [test_kasan] [ 92.749706] kmalloc_tests_init+0x28/0x270 [test_kasan] [ 92.755323] do_one_initcall+0x60/0x1b0 [ 92.759523] do_init_module+0xd4/0x2cc [ 92.763632] load_module+0x3110/0x3af0 [ 92.767746] SyS_init_module+0x19c/0x1d4 [ 92.772066] ret_fast_syscall+0x0/0x50 [ 92.776078] [ 92.777778] Freed by task 0: [ 92.780912] (stack is not available) [ 92.784744] [ 92.786496] The buggy address belongs to the object at cb32c280 [ 92.786496] which belongs to the cache kmalloc-64 of size 64 [ 92.798829] The buggy address is located 0 bytes inside of [ 92.798829] 64-byte region [cb32c280, cb32c2c0) [ 92.809505] The buggy address belongs to the page: [ 92.814646] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0 [ 92.821657] flags: 0x100(slab) [ 92.825173] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000 [ 92.833758] page dumped because: kasan: bad access detected [ 92.839637] [ 92.841334] Memory state around the buggy address: [ 92.846511] cb32c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.853479] cb32c200: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.860447] >cb32c280: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.867322] ^ [ 92.870447] cb32c300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 92.877413] cb32c380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 92.884307] ================================================================== [ 92.892598] kasan test: kmalloc_oob_in_memset out-of-bounds in memset [ 92.900248] ================================================================== [ 92.908420] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x58/0x68 [test_kasan] [ 92.917228] Write of size 671 at addr cad89b40 by task insmod/1456 [ 92.923733] [ 92.925532] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 92.935922] Hardware name: Broadcom STB (Flattened Device Tree) [ 92.942404] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 92.950765] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 92.958639] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 92.967958] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 92.977571] [] (kasan_report) from [] (memset+0x20/0x34) [ 92.985592] [] (memset) from [] (kmalloc_oob_in_memset+0x58/0x68 [test_kasan]) [ 92.995990] [] (kmalloc_oob_in_memset [test_kasan]) from [] (kmalloc_tests_init+0x2c/0x270 [test_kasan]) [ 93.008345] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 93.018648] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 93.027455] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 93.036169] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 93.044805] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 93.053371] [ 93.055081] Allocated by task 1456: [ 93.058980] kmem_cache_alloc_trace+0xb4/0x170 [ 93.064158] kmalloc_oob_in_memset+0x30/0x68 [test_kasan] [ 93.070325] kmalloc_tests_init+0x2c/0x270 [test_kasan] [ 93.075957] do_one_initcall+0x60/0x1b0 [ 93.080169] do_init_module+0xd4/0x2cc [ 93.084277] load_module+0x3110/0x3af0 [ 93.088391] SyS_init_module+0x19c/0x1d4 [ 93.092697] ret_fast_syscall+0x0/0x50 [ 93.096701] [ 93.098398] Freed by task 0: [ 93.101517] (stack is not available) [ 93.105339] [ 93.107104] The buggy address belongs to the object at cad89b40 [ 93.107104] which belongs to the cache kmalloc-1024 of size 1024 [ 93.119796] The buggy address is located 0 bytes inside of [ 93.119796] 1024-byte region [cad89b40, cad89f40) [ 93.130644] The buggy address belongs to the page: [ 93.135786] page:ee953100 count:1 mapcount:0 mapping:cad88040 index:0x0 compound_mapcount: 0 [ 93.144802] flags: 0x8100(slab|head) [ 93.148850] raw: 00008100 cad88040 00000000 00000007 00000001 ee9596d4 d000130c d00003c0 [ 93.157444] page dumped because: kasan: bad access detected [ 93.163324] [ 93.165029] Memory state around the buggy address: [ 93.170218] cad89c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 93.177197] cad89d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 93.184180] >cad89d80: 00 00 00 00 00 00 00 00 00 00 00 02 fc fc fc fc [ 93.191080] ^ [ 93.196890] cad89e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.203868] cad89e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.210773] ================================================================== [ 93.218837] kasan test: kmalloc_oob_memset_2 out-of-bounds in memset2 [ 93.226573] ================================================================== [ 93.234711] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x5c/0x6c [test_kasan] [ 93.243416] Write of size 2 at addr cb32c187 by task insmod/1456 [ 93.249743] [ 93.251541] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 93.261933] Hardware name: Broadcom STB (Flattened Device Tree) [ 93.268413] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 93.276773] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 93.284645] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 93.293964] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 93.303573] [] (kasan_report) from [] (memset+0x20/0x34) [ 93.311591] [] (memset) from [] (kmalloc_oob_memset_2+0x5c/0x6c [test_kasan]) [ 93.321894] [] (kmalloc_oob_memset_2 [test_kasan]) from [] (kmalloc_tests_init+0x30/0x270 [test_kasan]) [ 93.334164] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 93.344478] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 93.353283] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 93.361998] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 93.370635] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 93.379203] [ 93.380918] Allocated by task 1456: [ 93.384808] kmem_cache_alloc_trace+0xb4/0x170 [ 93.389993] kmalloc_oob_memset_2+0x30/0x6c [test_kasan] [ 93.396068] kmalloc_tests_init+0x30/0x270 [test_kasan] [ 93.401684] do_one_initcall+0x60/0x1b0 [ 93.405891] do_init_module+0xd4/0x2cc [ 93.410019] load_module+0x3110/0x3af0 [ 93.414145] SyS_init_module+0x19c/0x1d4 [ 93.418452] ret_fast_syscall+0x0/0x50 [ 93.422456] [ 93.424153] Freed by task 0: [ 93.427271] (stack is not available) [ 93.431102] [ 93.432855] The buggy address belongs to the object at cb32c180 [ 93.432855] which belongs to the cache kmalloc-64 of size 64 [ 93.445210] The buggy address is located 7 bytes inside of [ 93.445210] 64-byte region [cb32c180, cb32c1c0) [ 93.455875] The buggy address belongs to the page: [ 93.461038] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0 [ 93.468058] flags: 0x100(slab) [ 93.471561] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000 [ 93.480154] page dumped because: kasan: bad access detected [ 93.486049] [ 93.487745] Memory state around the buggy address: [ 93.492938] cb32c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.499919] cb32c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.506902] >cb32c180: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.513786] ^ [ 93.516926] cb32c200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 93.523907] cb32c280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 93.530807] ================================================================== [ 93.539046] kasan test: kmalloc_oob_memset_4 out-of-bounds in memset4 [ 93.546514] ================================================================== [ 93.554656] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x5c/0x6c [test_kasan] [ 93.563367] Write of size 4 at addr cb32c105 by task insmod/1456 [ 93.569692] [ 93.571492] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 93.581880] Hardware name: Broadcom STB (Flattened Device Tree) [ 93.588371] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 93.596730] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 93.604601] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 93.613918] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 93.623533] [] (kasan_report) from [] (memset+0x20/0x34) [ 93.631557] [] (memset) from [] (kmalloc_oob_memset_4+0x5c/0x6c [test_kasan]) [ 93.641857] [] (kmalloc_oob_memset_4 [test_kasan]) from [] (kmalloc_tests_init+0x34/0x270 [test_kasan]) [ 93.654131] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 93.664446] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 93.673247] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 93.681962] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 93.690601] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 93.699172] [ 93.700887] Allocated by task 1456: [ 93.704782] kmem_cache_alloc_trace+0xb4/0x170 [ 93.709967] kmalloc_oob_memset_4+0x30/0x6c [test_kasan] [ 93.716042] kmalloc_tests_init+0x34/0x270 [test_kasan] [ 93.721657] do_one_initcall+0x60/0x1b0 [ 93.725862] do_init_module+0xd4/0x2cc [ 93.729995] load_module+0x3110/0x3af0 [ 93.734121] SyS_init_module+0x19c/0x1d4 [ 93.738427] ret_fast_syscall+0x0/0x50 [ 93.742431] [ 93.744130] Freed by task 0: [ 93.747249] (stack is not available) [ 93.751084] [ 93.752837] The buggy address belongs to the object at cb32c100 [ 93.752837] which belongs to the cache kmalloc-64 of size 64 [ 93.765193] The buggy address is located 5 bytes inside of [ 93.765193] 64-byte region [cb32c100, cb32c140) [ 93.775856] The buggy address belongs to the page: [ 93.781022] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0 [ 93.788043] flags: 0x100(slab) [ 93.791546] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000 [ 93.800140] page dumped because: kasan: bad access detected [ 93.806031] [ 93.807727] Memory state around the buggy address: [ 93.812915] cb32c000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.819896] cb32c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.826880] >cb32c100: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.833768] ^ [ 93.836900] cb32c180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 93.843883] cb32c200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 93.850787] ================================================================== [ 93.858849] kasan test: kmalloc_oob_memset_8 out-of-bounds in memset8 [ 93.866585] ================================================================== [ 93.874723] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x5c/0x6c [test_kasan] [ 93.883428] Write of size 8 at addr cb32c081 by task insmod/1456 [ 93.889754] [ 93.891554] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 93.901950] Hardware name: Broadcom STB (Flattened Device Tree) [ 93.908424] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 93.916784] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 93.924657] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 93.933976] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 93.943582] [] (kasan_report) from [] (memset+0x20/0x34) [ 93.951602] [] (memset) from [] (kmalloc_oob_memset_8+0x5c/0x6c [test_kasan]) [ 93.961907] [] (kmalloc_oob_memset_8 [test_kasan]) from [] (kmalloc_tests_init+0x38/0x270 [test_kasan]) [ 93.974177] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 93.984490] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 93.993293] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 94.002010] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 94.010643] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 94.019213] [ 94.020928] Allocated by task 1456: [ 94.024816] kmem_cache_alloc_trace+0xb4/0x170 [ 94.030005] kmalloc_oob_memset_8+0x30/0x6c [test_kasan] [ 94.036080] kmalloc_tests_init+0x38/0x270 [test_kasan] [ 94.041696] do_one_initcall+0x60/0x1b0 [ 94.045906] do_init_module+0xd4/0x2cc [ 94.050036] load_module+0x3110/0x3af0 [ 94.054161] SyS_init_module+0x19c/0x1d4 [ 94.058467] ret_fast_syscall+0x0/0x50 [ 94.062470] [ 94.064166] Freed by task 0: [ 94.067285] (stack is not available) [ 94.071114] [ 94.072869] The buggy address belongs to the object at cb32c080 [ 94.072869] which belongs to the cache kmalloc-64 of size 64 [ 94.085222] The buggy address is located 1 bytes inside of [ 94.085222] 64-byte region [cb32c080, cb32c0c0) [ 94.095889] The buggy address belongs to the page: [ 94.101050] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0 [ 94.108074] flags: 0x100(slab) [ 94.111577] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000 [ 94.120172] page dumped because: kasan: bad access detected [ 94.126067] [ 94.127761] Memory state around the buggy address: [ 94.132954] cb32bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 94.139935] cb32c000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.146916] >cb32c080: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.153798] ^ [ 94.156938] cb32c100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 94.163918] cb32c180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 94.170817] ================================================================== [ 94.179061] kasan test: kmalloc_oob_memset_16 out-of-bounds in memset16 [ 94.186673] ================================================================== [ 94.194807] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x5c/0x6c [test_kasan] [ 94.203608] Write of size 16 at addr cb32c001 by task insmod/1456 [ 94.210036] [ 94.211836] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 94.222240] Hardware name: Broadcom STB (Flattened Device Tree) [ 94.228707] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 94.237084] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 94.244968] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 94.254286] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 94.263895] [] (kasan_report) from [] (memset+0x20/0x34) [ 94.271928] [] (memset) from [] (kmalloc_oob_memset_16+0x5c/0x6c [test_kasan]) [ 94.282322] [] (kmalloc_oob_memset_16 [test_kasan]) from [] (kmalloc_tests_init+0x3c/0x270 [test_kasan]) [ 94.294672] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 94.304988] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 94.313780] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 94.322498] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 94.331148] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 94.339705] [ 94.341409] Allocated by task 1456: [ 94.345293] kmem_cache_alloc_trace+0xb4/0x170 [ 94.350477] kmalloc_oob_memset_16+0x30/0x6c [test_kasan] [ 94.356633] kmalloc_tests_init+0x3c/0x270 [test_kasan] [ 94.362255] do_one_initcall+0x60/0x1b0 [ 94.366456] do_init_module+0xd4/0x2cc [ 94.370563] load_module+0x3110/0x3af0 [ 94.374679] SyS_init_module+0x19c/0x1d4 [ 94.379000] ret_fast_syscall+0x0/0x50 [ 94.383015] [ 94.384715] Freed by task 0: [ 94.387837] (stack is not available) [ 94.391668] [ 94.393418] The buggy address belongs to the object at cb32c000 [ 94.393418] which belongs to the cache kmalloc-64 of size 64 [ 94.405751] The buggy address is located 1 bytes inside of [ 94.405751] 64-byte region [cb32c000, cb32c040) [ 94.416414] The buggy address belongs to the page: [ 94.421557] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0 [ 94.428567] flags: 0x100(slab) [ 94.432083] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000 [ 94.440668] page dumped because: kasan: bad access detected [ 94.446547] [ 94.448242] Memory state around the buggy address: [ 94.453420] cb32bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 94.460386] cb32bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 94.467353] >cb32c000: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.474234] ^ [ 94.477624] cb32c080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 94.484590] cb32c100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 94.491485] ================================================================== [ 94.499541] kasan test: kmalloc_uaf use-after-free [ 94.505668] ================================================================== [ 94.513786] BUG: KASAN: use-after-free in kmalloc_uaf+0x58/0x68 [test_kasan] [ 94.521264] Write of size 1 at addr cb681f88 by task insmod/1456 [ 94.527589] [ 94.529387] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 94.539768] Hardware name: Broadcom STB (Flattened Device Tree) [ 94.546253] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 94.554614] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 94.562491] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 94.571796] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 94.581720] [] (kasan_report) from [] (kmalloc_uaf+0x58/0x68 [test_kasan]) [ 94.591738] [] (kmalloc_uaf [test_kasan]) from [] (kmalloc_tests_init+0x40/0x270 [test_kasan]) [ 94.603200] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 94.613514] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 94.622318] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 94.631031] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 94.639669] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 94.648238] [ 94.649957] Allocated by task 1456: [ 94.653847] kmem_cache_alloc_trace+0xb4/0x170 [ 94.659028] kmalloc_uaf+0x30/0x68 [test_kasan] [ 94.664303] kmalloc_tests_init+0x40/0x270 [test_kasan] [ 94.669928] do_one_initcall+0x60/0x1b0 [ 94.674144] do_init_module+0xd4/0x2cc [ 94.678255] load_module+0x3110/0x3af0 [ 94.682370] SyS_init_module+0x19c/0x1d4 [ 94.686677] ret_fast_syscall+0x0/0x50 [ 94.690679] [ 94.692383] Freed by task 1456: [ 94.695888] kfree+0x64/0x100 [ 94.699541] kmalloc_uaf+0x50/0x68 [test_kasan] [ 94.704802] kmalloc_tests_init+0x40/0x270 [test_kasan] [ 94.710425] do_one_initcall+0x60/0x1b0 [ 94.714626] do_init_module+0xd4/0x2cc [ 94.718734] load_module+0x3110/0x3af0 [ 94.722850] SyS_init_module+0x19c/0x1d4 [ 94.727177] ret_fast_syscall+0x0/0x50 [ 94.731181] [ 94.732949] The buggy address belongs to the object at cb681f80 [ 94.732949] which belongs to the cache kmalloc-64 of size 64 [ 94.745294] The buggy address is located 8 bytes inside of [ 94.745294] 64-byte region [cb681f80, cb681fc0) [ 94.755966] The buggy address belongs to the page: [ 94.761122] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0 [ 94.768145] flags: 0x100(slab) [ 94.771647] raw: 00000100 cb681000 00000000 00000020 00000001 ee962934 d000108c d0000000 [ 94.780245] page dumped because: kasan: bad access detected [ 94.786135] [ 94.787832] Memory state around the buggy address: [ 94.793035] cb681e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.800014] cb681f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 94.806997] >cb681f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 94.813881] ^ [ 94.817028] cb682000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 94.824009] cb682080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 94.830913] ================================================================== [ 94.838770] kasan test: kmalloc_uaf_memset use-after-free in memset [ 94.846416] ================================================================== [ 94.854558] BUG: KASAN: use-after-free in kmalloc_tests_init+0x44/0x270 [test_kasan] [ 94.862819] Write of size 33 at addr cb681f00 by task insmod/1456 [ 94.869245] [ 94.871058] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 94.881438] Hardware name: Broadcom STB (Flattened Device Tree) [ 94.887914] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 94.896292] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 94.904173] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 94.913492] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 94.923111] [] (kasan_report) from [] (memset+0x20/0x34) [ 94.931134] [] (memset) from [] (kmalloc_tests_init+0x44/0x270 [test_kasan]) [ 94.940986] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 94.951300] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 94.960109] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 94.968810] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 94.977464] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 94.986029] [ 94.987733] Allocated by task 1456: [ 94.991619] kmem_cache_alloc_trace+0xb4/0x170 [ 94.996786] kmalloc_uaf_memset+0x30/0x68 [test_kasan] [ 95.002677] kmalloc_tests_init+0x44/0x270 [test_kasan] [ 95.008292] do_one_initcall+0x60/0x1b0 [ 95.012491] do_init_module+0xd4/0x2cc [ 95.016599] load_module+0x3110/0x3af0 [ 95.020712] SyS_init_module+0x19c/0x1d4 [ 95.025029] ret_fast_syscall+0x0/0x50 [ 95.029043] [ 95.030746] Freed by task 1456: [ 95.034246] kfree+0x64/0x100 [ 95.037900] kmalloc_uaf_memset+0x50/0x68 [test_kasan] [ 95.043794] kmalloc_tests_init+0x44/0x270 [test_kasan] [ 95.049416] do_one_initcall+0x60/0x1b0 [ 95.053614] do_init_module+0xd4/0x2cc [ 95.057722] load_module+0x3110/0x3af0 [ 95.061837] SyS_init_module+0x19c/0x1d4 [ 95.066168] ret_fast_syscall+0x0/0x50 [ 95.070172] [ 95.071940] The buggy address belongs to the object at cb681f00 [ 95.071940] which belongs to the cache kmalloc-64 of size 64 [ 95.084288] The buggy address is located 0 bytes inside of [ 95.084288] 64-byte region [cb681f00, cb681f40) [ 95.094960] The buggy address belongs to the page: [ 95.100113] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0 [ 95.107135] flags: 0x100(slab) [ 95.110640] raw: 00000100 cb681000 00000000 00000020 00000001 ee962934 d000108c d0000000 [ 95.119236] page dumped because: kasan: bad access detected [ 95.125126] [ 95.126823] Memory state around the buggy address: [ 95.132028] cb681e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.139010] cb681e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.145990] >cb681f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 95.152873] ^ [ 95.155737] cb681f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 95.162704] cb682000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.169596] ================================================================== [ 95.177458] kasan test: kmalloc_uaf2 use-after-free after another kmalloc [ 95.186287] ================================================================== [ 95.194418] BUG: KASAN: use-after-free in kmalloc_uaf2+0x74/0xa4 [test_kasan] [ 95.201989] Write of size 1 at addr cb681ea8 by task insmod/1456 [ 95.208316] [ 95.210127] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 95.220509] Hardware name: Broadcom STB (Flattened Device Tree) [ 95.226993] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 95.235366] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 95.243249] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 95.252562] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 95.262483] [] (kasan_report) from [] (kmalloc_uaf2+0x74/0xa4 [test_kasan]) [ 95.272593] [] (kmalloc_uaf2 [test_kasan]) from [] (kmalloc_tests_init+0x48/0x270 [test_kasan]) [ 95.284141] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 95.294459] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 95.303262] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 95.311979] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 95.320616] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 95.329186] [ 95.330902] Allocated by task 1456: [ 95.334796] kmem_cache_alloc_trace+0xb4/0x170 [ 95.339974] kmalloc_uaf2+0x30/0xa4 [test_kasan] [ 95.345338] kmalloc_tests_init+0x48/0x270 [test_kasan] [ 95.350971] do_one_initcall+0x60/0x1b0 [ 95.355182] do_init_module+0xd4/0x2cc [ 95.359292] load_module+0x3110/0x3af0 [ 95.363406] SyS_init_module+0x19c/0x1d4 [ 95.367714] ret_fast_syscall+0x0/0x50 [ 95.371717] [ 95.373420] Freed by task 1456: [ 95.376926] kfree+0x64/0x100 [ 95.380571] kmalloc_uaf2+0x50/0xa4 [test_kasan] [ 95.385929] kmalloc_tests_init+0x48/0x270 [test_kasan] [ 95.391551] do_one_initcall+0x60/0x1b0 [ 95.395751] do_init_module+0xd4/0x2cc [ 95.399864] load_module+0x3110/0x3af0 [ 95.404003] SyS_init_module+0x19c/0x1d4 [ 95.408310] ret_fast_syscall+0x0/0x50 [ 95.412312] [ 95.414073] The buggy address belongs to the object at cb681e80 [ 95.414073] which belongs to the cache kmalloc-64 of size 64 [ 95.426418] The buggy address is located 40 bytes inside of [ 95.426418] 64-byte region [cb681e80, cb681ec0) [ 95.437177] The buggy address belongs to the page: [ 95.442318] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0 [ 95.449329] flags: 0x100(slab) [ 95.452831] raw: 00000100 cb681000 00000000 00000020 00000001 ee95e594 d000108c d0000000 [ 95.461426] page dumped because: kasan: bad access detected [ 95.467307] [ 95.469012] Memory state around the buggy address: [ 95.474200] cb681d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.481179] cb681e00: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 95.488158] >cb681e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 95.495050] ^ [ 95.499247] cb681f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 95.506227] cb681f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 95.513133] ================================================================== [ 95.524422] kasan test: kmem_cache_oob out-of-bounds in kmem_cache_alloc [ 95.532322] ================================================================== [ 95.540461] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x88/0xb8 [test_kasan] [ 95.548629] Read of size 1 at addr cb32ef78 by task insmod/1456 [ 95.554877] [ 95.556684] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 95.567074] Hardware name: Broadcom STB (Flattened Device Tree) [ 95.573541] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 95.581912] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 95.589790] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 95.599117] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 95.609041] [] (kasan_report) from [] (kmem_cache_oob+0x88/0xb8 [test_kasan]) [ 95.619340] [] (kmem_cache_oob [test_kasan]) from [] (kmalloc_tests_init+0x4c/0x270 [test_kasan]) [ 95.631070] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 95.641383] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 95.650190] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 95.658902] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 95.667555] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 95.676124] [ 95.677831] Allocated by task 1456: [ 95.681712] kmem_cache_alloc+0xac/0x16c [ 95.686353] kmem_cache_oob+0x64/0xb8 [test_kasan] [ 95.691887] kmalloc_tests_init+0x4c/0x270 [test_kasan] [ 95.697515] do_one_initcall+0x60/0x1b0 [ 95.701717] do_init_module+0xd4/0x2cc [ 95.705827] load_module+0x3110/0x3af0 [ 95.709965] SyS_init_module+0x19c/0x1d4 [ 95.714269] ret_fast_syscall+0x0/0x50 [ 95.718272] [ 95.719984] Freed by task 0: [ 95.723111] (stack is not available) [ 95.726950] [ 95.728706] The buggy address belongs to the object at cb32eeb0 [ 95.728706] which belongs to the cache test_cache of size 200 [ 95.741146] The buggy address is located 0 bytes to the right of [ 95.741146] 200-byte region [cb32eeb0, cb32ef78) [ 95.752433] The buggy address belongs to the page: [ 95.757575] page:ee95e5c0 count:1 mapcount:0 mapping:cb32e040 index:0x0 [ 95.764583] flags: 0x100(slab) [ 95.768100] raw: 00000100 cb32e040 00000000 0000000f 00000001 cb681d0c cb681d0c cdc6b000 [ 95.776685] page dumped because: kasan: bad access detected [ 95.782566] [ 95.784261] Memory state around the buggy address: [ 95.789440] cb32ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.796408] cb32ee80: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 [ 95.803376] >cb32ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 95.810268] ^ [ 95.817156] cb32ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.824135] cb32f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 95.831043] ================================================================== [ 95.859462] kasan test: memcg_accounted_kmem_cache allocate memcg accounted object [ 96.407433] kasan test: kasan_stack_oob out-of-bounds on stack [ 96.413815] kasan test: kasan_global_oob out-of-bounds global variable [ 96.421066] kasan test: ksize_unpoisons_memory ksize() unpoisons the whole allocated chunk [ 96.430550] ================================================================== [ 96.438688] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x6c/0x84 [test_kasan] [ 96.447573] Write of size 1 at addr cac5ab00 by task insmod/1456 [ 96.453899] [ 96.455700] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 96.466080] Hardware name: Broadcom STB (Flattened Device Tree) [ 96.472554] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 96.480918] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 96.488792] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 96.498098] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 96.508019] [] (kasan_report) from [] (ksize_unpoisons_memory+0x6c/0x84 [test_kasan]) [ 96.519026] [] (ksize_unpoisons_memory [test_kasan]) from [] (kmalloc_tests_init+0x5c/0x270 [test_kasan]) [ 96.531455] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 96.541758] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 96.550550] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 96.559254] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 96.567891] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 96.576451] [ 96.578156] Allocated by task 1456: [ 96.582043] kmem_cache_alloc_trace+0xb4/0x170 [ 96.587213] ksize_unpoisons_memory+0x30/0x84 [test_kasan] [ 96.593457] kmalloc_tests_init+0x5c/0x270 [test_kasan] [ 96.599075] do_one_initcall+0x60/0x1b0 [ 96.603274] do_init_module+0xd4/0x2cc [ 96.607382] load_module+0x3110/0x3af0 [ 96.611495] SyS_init_module+0x19c/0x1d4 [ 96.615803] ret_fast_syscall+0x0/0x50 [ 96.619805] [ 96.621504] Freed by task 0: [ 96.624623] (stack is not available) [ 96.628446] [ 96.630201] The buggy address belongs to the object at cac5aa80 [ 96.630201] which belongs to the cache kmalloc-128 of size 128 [ 96.642718] The buggy address is located 0 bytes to the right of [ 96.642718] 128-byte region [cac5aa80, cac5ab00) [ 96.654003] The buggy address belongs to the page: [ 96.659154] page:ee950b40 count:1 mapcount:0 mapping:cac5a000 index:0xcac5af00 [ 96.666869] flags: 0x100(slab) [ 96.670382] raw: 00000100 cac5a000 cac5af00 00000008 00000001 ee965014 d0001104 d00000c0 [ 96.678964] page dumped because: kasan: bad access detected [ 96.684846] [ 96.686541] Memory state around the buggy address: [ 96.691721] cac5aa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 96.698687] cac5aa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 96.705653] >cac5ab00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 96.712528] ^ [ 96.715382] cac5ab80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 96.722349] cac5ac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 96.729242] ================================================================== [ 96.738725] kasan test: copy_user_test out-of-bounds in copy_from_user() [ 96.746098] ================================================================== [ 96.754226] BUG: KASAN: slab-out-of-bounds in copy_user_test+0xb8/0x320 [test_kasan] [ 96.762485] Write of size 11 at addr cb681400 by task insmod/1456 [ 96.768900] [ 96.770701] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 96.781081] Hardware name: Broadcom STB (Flattened Device Tree) [ 96.787548] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 96.795911] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 96.803782] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 96.813088] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 96.823003] [] (kasan_report) from [] (copy_user_test+0xb8/0x320 [test_kasan]) [ 96.833378] [] (copy_user_test [test_kasan]) from [] (kmalloc_tests_init+0x60/0x270 [test_kasan]) [ 96.845096] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 96.855397] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 96.864191] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 96.872895] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 96.881531] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 96.890088] [ 96.891791] Allocated by task 1456: [ 96.895675] kmem_cache_alloc_trace+0xb4/0x170 [ 96.900843] copy_user_test+0x24/0x320 [test_kasan] [ 96.906460] kmalloc_tests_init+0x60/0x270 [test_kasan] [ 96.912077] do_one_initcall+0x60/0x1b0 [ 96.916276] do_init_module+0xd4/0x2cc [ 96.920383] load_module+0x3110/0x3af0 [ 96.924497] SyS_init_module+0x19c/0x1d4 [ 96.928806] ret_fast_syscall+0x0/0x50 [ 96.932807] [ 96.934506] Freed by task 0: [ 96.937628] (stack is not available) [ 96.941451] [ 96.943204] The buggy address belongs to the object at cb681400 [ 96.943204] which belongs to the cache kmalloc-64 of size 64 [ 96.955538] The buggy address is located 0 bytes inside of [ 96.955538] 64-byte region [cb681400, cb681440) [ 96.966198] The buggy address belongs to the page: [ 96.971339] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0 [ 96.978349] flags: 0x100(slab) [ 96.981854] raw: 00000100 cb681000 00000000 00000020 00000001 ee962934 d000108c d0000000 [ 96.990439] page dumped because: kasan: bad access detected [ 96.996321] [ 96.998019] Memory state around the buggy address: [ 97.003198] cb681300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.010164] cb681380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.017130] >cb681400: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.024006] ^ [ 97.027127] cb681480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.034095] cb681500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.040989] ================================================================== [ 97.049167] kasan test: copy_user_test out-of-bounds in copy_to_user() [ 97.056238] ================================================================== [ 97.064369] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x15c/0x320 [test_kasan] [ 97.072716] Read of size 11 at addr cb681400 by task insmod/1456 [ 97.079043] [ 97.080842] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 97.091223] Hardware name: Broadcom STB (Flattened Device Tree) [ 97.097690] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 97.106050] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 97.113921] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 97.123228] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 97.133145] [] (kasan_report) from [] (copy_user_test+0x15c/0x320 [test_kasan]) [ 97.143608] [] (copy_user_test [test_kasan]) from [] (kmalloc_tests_init+0x60/0x270 [test_kasan]) [ 97.155326] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 97.165628] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 97.174421] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 97.183124] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 97.191761] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 97.200319] [ 97.202023] Allocated by task 1456: [ 97.205910] kmem_cache_alloc_trace+0xb4/0x170 [ 97.211078] copy_user_test+0x24/0x320 [test_kasan] [ 97.216695] kmalloc_tests_init+0x60/0x270 [test_kasan] [ 97.222312] do_one_initcall+0x60/0x1b0 [ 97.226512] do_init_module+0xd4/0x2cc [ 97.230619] load_module+0x3110/0x3af0 [ 97.234735] SyS_init_module+0x19c/0x1d4 [ 97.239041] ret_fast_syscall+0x0/0x50 [ 97.243046] [ 97.244744] Freed by task 0: [ 97.247862] (stack is not available) [ 97.251685] [ 97.253435] The buggy address belongs to the object at cb681400 [ 97.253435] which belongs to the cache kmalloc-64 of size 64 [ 97.265770] The buggy address is located 0 bytes inside of [ 97.265770] 64-byte region [cb681400, cb681440) [ 97.276428] The buggy address belongs to the page: [ 97.281570] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0 [ 97.288581] flags: 0x100(slab) [ 97.292085] raw: 00000100 cb681000 00000000 00000020 00000001 ee95e594 d000108c d0000000 [ 97.300671] page dumped because: kasan: bad access detected [ 97.306552] [ 97.308249] Memory state around the buggy address: [ 97.313427] cb681300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.320393] cb681380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.327360] >cb681400: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.334235] ^ [ 97.337360] cb681480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.344326] cb681500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.351218] ================================================================== [ 97.360461] kasan test: copy_user_test out-of-bounds in __copy_from_user() [ 97.368031] ================================================================== [ 97.376165] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x1b4/0x320 [test_kasan] [ 97.384514] Write of size 11 at addr cb681400 by task insmod/1456 [ 97.390930] [ 97.392727] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 97.403106] Hardware name: Broadcom STB (Flattened Device Tree) [ 97.409574] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 97.417935] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 97.425805] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 97.435112] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 97.445028] [] (kasan_report) from [] (copy_user_test+0x1b4/0x320 [test_kasan]) [ 97.455492] [] (copy_user_test [test_kasan]) from [] (kmalloc_tests_init+0x60/0x270 [test_kasan]) [ 97.467205] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 97.477507] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 97.486302] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 97.495006] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 97.503641] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 97.512198] [ 97.513901] Allocated by task 1456: [ 97.517786] kmem_cache_alloc_trace+0xb4/0x170 [ 97.522950] copy_user_test+0x24/0x320 [test_kasan] [ 97.528567] kmalloc_tests_init+0x60/0x270 [test_kasan] [ 97.534184] do_one_initcall+0x60/0x1b0 [ 97.538383] do_init_module+0xd4/0x2cc [ 97.542493] load_module+0x3110/0x3af0 [ 97.546606] SyS_init_module+0x19c/0x1d4 [ 97.550913] ret_fast_syscall+0x0/0x50 [ 97.554918] [ 97.556619] Freed by task 0: [ 97.559738] (stack is not available) [ 97.563563] [ 97.565314] The buggy address belongs to the object at cb681400 [ 97.565314] which belongs to the cache kmalloc-64 of size 64 [ 97.577659] The buggy address is located 0 bytes inside of [ 97.577659] 64-byte region [cb681400, cb681440) [ 97.588325] The buggy address belongs to the page: [ 97.593471] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0 [ 97.600481] flags: 0x100(slab) [ 97.603986] raw: 00000100 cb681000 00000000 00000020 00000001 ee95e594 d000108c d0000000 [ 97.612570] page dumped because: kasan: bad access detected [ 97.618453] [ 97.620148] Memory state around the buggy address: [ 97.625327] cb681300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.632297] cb681380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.639263] >cb681400: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.646138] ^ [ 97.649262] cb681480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.656228] cb681500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.663121] ================================================================== [ 97.671127] kasan test: copy_user_test out-of-bounds in __copy_to_user() [ 97.678390] ================================================================== [ 97.686523] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x204/0x320 [test_kasan] [ 97.694873] Read of size 11 at addr cb681400 by task insmod/1456 [ 97.701201] [ 97.703001] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 97.713382] Hardware name: Broadcom STB (Flattened Device Tree) [ 97.719851] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 97.728211] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 97.736081] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 97.745390] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 97.755306] [] (kasan_report) from [] (copy_user_test+0x204/0x320 [test_kasan]) [ 97.765770] [] (copy_user_test [test_kasan]) from [] (kmalloc_tests_init+0x60/0x270 [test_kasan]) [ 97.777486] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 97.787789] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 97.796584] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 97.805287] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 97.813924] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 97.822480] [ 97.824187] Allocated by task 1456: [ 97.828073] kmem_cache_alloc_trace+0xb4/0x170 [ 97.833239] copy_user_test+0x24/0x320 [test_kasan] [ 97.838857] kmalloc_tests_init+0x60/0x270 [test_kasan] [ 97.844473] do_one_initcall+0x60/0x1b0 [ 97.848673] do_init_module+0xd4/0x2cc [ 97.852783] load_module+0x3110/0x3af0 [ 97.856898] SyS_init_module+0x19c/0x1d4 [ 97.861205] ret_fast_syscall+0x0/0x50 [ 97.865208] [ 97.866905] Freed by task 0: [ 97.870024] (stack is not available) [ 97.873846] [ 97.875597] The buggy address belongs to the object at cb681400 [ 97.875597] which belongs to the cache kmalloc-64 of size 64 [ 97.887930] The buggy address is located 0 bytes inside of [ 97.887930] 64-byte region [cb681400, cb681440) [ 97.898589] The buggy address belongs to the page: [ 97.903730] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0 [ 97.910741] flags: 0x100(slab) [ 97.914246] raw: 00000100 cb681000 00000000 00000020 00000001 ee95e594 d000108c d0000000 [ 97.922832] page dumped because: kasan: bad access detected [ 97.928713] [ 97.930407] Memory state around the buggy address: [ 97.935586] cb681300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.942551] cb681380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.949520] >cb681400: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.956395] ^ [ 97.959520] cb681480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.966486] cb681500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 97.973379] ================================================================== [ 97.981357] kasan test: copy_user_test out-of-bounds in __copy_from_user_inatomic() [ 97.989682] ================================================================== [ 97.997814] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x254/0x320 [test_kasan] [ 98.006164] Write of size 11 at addr cb681400 by task insmod/1456 [ 98.012579] [ 98.014377] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 98.024756] Hardware name: Broadcom STB (Flattened Device Tree) [ 98.031223] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 98.039584] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 98.047456] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 98.056762] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 98.066678] [] (kasan_report) from [] (copy_user_test+0x254/0x320 [test_kasan]) [ 98.077142] [] (copy_user_test [test_kasan]) from [] (kmalloc_tests_init+0x60/0x270 [test_kasan]) [ 98.088855] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 98.099157] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 98.107950] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 98.116652] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 98.125287] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 98.133847] [ 98.135550] Allocated by task 1456: [ 98.139436] kmem_cache_alloc_trace+0xb4/0x170 [ 98.144603] copy_user_test+0x24/0x320 [test_kasan] [ 98.150222] kmalloc_tests_init+0x60/0x270 [test_kasan] [ 98.155839] do_one_initcall+0x60/0x1b0 [ 98.160039] do_init_module+0xd4/0x2cc [ 98.164148] load_module+0x3110/0x3af0 [ 98.168263] SyS_init_module+0x19c/0x1d4 [ 98.172571] ret_fast_syscall+0x0/0x50 [ 98.176573] [ 98.178272] Freed by task 0: [ 98.181392] (stack is not available) [ 98.185216] [ 98.186968] The buggy address belongs to the object at cb681400 [ 98.186968] which belongs to the cache kmalloc-64 of size 64 [ 98.199302] The buggy address is located 0 bytes inside of [ 98.199302] 64-byte region [cb681400, cb681440) [ 98.209962] The buggy address belongs to the page: [ 98.215104] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0 [ 98.222112] flags: 0x100(slab) [ 98.225617] raw: 00000100 cb681000 00000000 00000020 00000001 ee95e594 d000108c d0000000 [ 98.234202] page dumped because: kasan: bad access detected [ 98.240083] [ 98.241781] Memory state around the buggy address: [ 98.246961] cb681300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.253927] cb681380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.260893] >cb681400: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.267771] ^ [ 98.270894] cb681480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.277861] cb681500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.284757] ================================================================== [ 98.292719] kasan test: copy_user_test out-of-bounds in __copy_to_user_inatomic() [ 98.301045] ================================================================== [ 98.309179] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x2a4/0x320 [test_kasan] [ 98.317528] Read of size 11 at addr cb681400 by task insmod/1456 [ 98.323855] [ 98.325656] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 98.336036] Hardware name: Broadcom STB (Flattened Device Tree) [ 98.342505] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 98.350868] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 98.358741] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 98.368048] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 98.377965] [] (kasan_report) from [] (copy_user_test+0x2a4/0x320 [test_kasan]) [ 98.388429] [] (copy_user_test [test_kasan]) from [] (kmalloc_tests_init+0x60/0x270 [test_kasan]) [ 98.400144] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 98.410445] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 98.419240] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 98.427942] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 98.436578] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 98.445137] [ 98.446840] Allocated by task 1456: [ 98.450726] kmem_cache_alloc_trace+0xb4/0x170 [ 98.455893] copy_user_test+0x24/0x320 [test_kasan] [ 98.461510] kmalloc_tests_init+0x60/0x270 [test_kasan] [ 98.467126] do_one_initcall+0x60/0x1b0 [ 98.471326] do_init_module+0xd4/0x2cc [ 98.475437] load_module+0x3110/0x3af0 [ 98.479551] SyS_init_module+0x19c/0x1d4 [ 98.483860] ret_fast_syscall+0x0/0x50 [ 98.487864] [ 98.489563] Freed by task 0: [ 98.492683] (stack is not available) [ 98.496507] [ 98.498258] The buggy address belongs to the object at cb681400 [ 98.498258] which belongs to the cache kmalloc-64 of size 64 [ 98.510593] The buggy address is located 0 bytes inside of [ 98.510593] 64-byte region [cb681400, cb681440) [ 98.521253] The buggy address belongs to the page: [ 98.526394] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0 [ 98.533404] flags: 0x100(slab) [ 98.536906] raw: 00000100 cb681000 00000000 00000020 00000001 ee95e594 d000108c d0000000 [ 98.545491] page dumped because: kasan: bad access detected [ 98.551370] [ 98.553066] Memory state around the buggy address: [ 98.558246] cb681300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.565213] cb681380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.572179] >cb681400: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.579054] ^ [ 98.582177] cb681480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.589144] cb681500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.596038] ================================================================== [ 98.604200] kasan test: copy_user_test out-of-bounds in strncpy_from_user() [ 98.611705] ================================================================== [ 98.619495] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x58/0x1e4 [ 98.626782] Write of size 11 at addr cb681400 by task insmod/1456 [ 98.633196] [ 98.634993] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27 [ 98.645374] Hardware name: Broadcom STB (Flattened Device Tree) [ 98.651841] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 98.660204] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 98.668075] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 98.677381] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 98.686951] [] (kasan_report) from [] (strncpy_from_user+0x58/0x1e4) [ 98.696085] [] (strncpy_from_user) from [] (copy_user_test+0x2f8/0x320 [test_kasan]) [ 98.706998] [] (copy_user_test [test_kasan]) from [] (kmalloc_tests_init+0x60/0x270 [test_kasan]) [ 98.718716] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 98.729018] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 98.737812] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 98.746516] [] (load_module) from [] (SyS_init_module+0x19c/0x1d4) [ 98.755152] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x50) [ 98.763710] [ 98.765413] Allocated by task 1456: [ 98.769299] kmem_cache_alloc_trace+0xb4/0x170 [ 98.774466] copy_user_test+0x24/0x320 [test_kasan] [ 98.780083] kmalloc_tests_init+0x60/0x270 [test_kasan] [ 98.785700] do_one_initcall+0x60/0x1b0 [ 98.789900] do_init_module+0xd4/0x2cc [ 98.794010] load_module+0x3110/0x3af0 [ 98.798124] SyS_init_module+0x19c/0x1d4 [ 98.802433] ret_fast_syscall+0x0/0x50 [ 98.806436] [ 98.808135] Freed by task 0: [ 98.811258] (stack is not available) [ 98.815081] [ 98.816834] The buggy address belongs to the object at cb681400 [ 98.816834] which belongs to the cache kmalloc-64 of size 64 [ 98.829169] The buggy address is located 0 bytes inside of [ 98.829169] 64-byte region [cb681400, cb681440) [ 98.839829] The buggy address belongs to the page: [ 98.844971] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0 [ 98.851979] flags: 0x100(slab) [ 98.855484] raw: 00000100 cb681000 00000000 00000020 00000001 ee95e594 d000108c d0000000 [ 98.864067] page dumped because: kasan: bad access detected [ 98.869950] [ 98.871644] Memory state around the buggy address: [ 98.876824] cb681300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.883790] cb681380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.890756] >cb681400: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.897632] ^ [ 98.900753] cb681480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.907720] cb681500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.914615] ================================================================== [ 98.924518] kasan test: use_after_scope_test use-after-scope on int [ 98.931329] kasan test: use_after_scope_test use-after-scope on array insmod: can't insert 'test_kasan.ko': Resource temporarily unavailable