lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CACT4Y+b=3mEiQRQtkqRTOrDk0H7kvzpebyRZ3Dsz3W_35UF8nQ@mail.gmail.com>
Date:   Mon, 21 Jan 2019 13:33:43 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Christophe Leroy <christophe.leroy@....fr>
Cc:     Andrey Ryabinin <aryabinin@...tuozzo.com>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Paul Mackerras <paulus@...ba.org>,
        Michael Ellerman <mpe@...erman.id.au>,
        Nicholas Piggin <npiggin@...il.com>,
        "Aneesh Kumar K.V" <aneesh.kumar@...ux.ibm.com>,
        Alexander Potapenko <glider@...gle.com>,
        LKML <linux-kernel@...r.kernel.org>,
        linuxppc-dev@...ts.ozlabs.org,
        kasan-dev <kasan-dev@...glegroups.com>,
        Linux-MM <linux-mm@...ck.org>
Subject: Re: [PATCH v3 3/3] powerpc/32: Add KASAN support

On Mon, Jan 21, 2019 at 11:36 AM Christophe Leroy
<christophe.leroy@....fr> wrote:
>
>
>
> Le 15/01/2019 à 18:23, Andrey Ryabinin a écrit :
> >
> >
> > On 1/12/19 2:16 PM, Christophe Leroy wrote:
> >
> >> +KASAN_SANITIZE_early_32.o := n
> >> +KASAN_SANITIZE_cputable.o := n
> >> +KASAN_SANITIZE_prom_init.o := n
> >> +
> >
> > Usually it's also good idea to disable branch profiling - define DISABLE_BRANCH_PROFILING
> > either in top of these files or via Makefile. Branch profiling redefines if() statement and calls
> > instrumented ftrace_likely_update in every if().
> >
> >
> >
> >> diff --git a/arch/powerpc/mm/kasan_init.c b/arch/powerpc/mm/kasan_init.c
> >> new file mode 100644
> >> index 000000000000..3edc9c2d2f3e
> >
> >> +void __init kasan_init(void)
> >> +{
> >> +    struct memblock_region *reg;
> >> +
> >> +    for_each_memblock(memory, reg)
> >> +            kasan_init_region(reg);
> >> +
> >> +    pr_info("KASAN init done\n");
> >
> > Without "init_task.kasan_depth = 0;" kasan will not repot bugs.
> >
> > There is test_kasan module. Make sure that it produce reports.
> >
>
> I get the following report with test_kasan module.
>
> Could you have a look at it and tell if everything is as expected ?

Unfortunately kernel does not support tests that could check this.
This is called a test, but it does not actually test anything. There
is bug open for this:
https://bugzilla.kernel.org/show_bug.cgi?id=198441

You need to look at each test and understand if it is supposed to
produce a report or not, and then check if it actually produced the
report or not. In most cases this can be understood from the test name
(hopefully).


> [  667.298897] kasan test: kmalloc_oob_right out-of-bounds to right
> [  667.299036]
> ==================================================================
> [  667.306263] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_right+0x74/0x94 [test_kasan]
> [  667.313929] Write of size 1 at addr c53996fb by task exe/340
> [  667.319451]
> [  667.321021] CPU: 0 PID: 340 Comm: exe Not tainted
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  667.321072] Call Trace:
> [  667.321248] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  667.321452] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  667.321741] [c5649ce0] [c95d41d4] kmalloc_oob_right+0x74/0x94
> [test_kasan]
> [  667.322022] [c5649d00] [c95d5510] kmalloc_tests_init+0x18/0x2d0
> [test_kasan]
> [  667.322214] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  667.322428] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  667.322630] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  667.322834] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  667.323027] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  667.323193] --- interrupt: c01 at 0xfd6b914
> [  667.323193]     LR = 0x1001364c
> [  667.323239]
> [  667.324561] Allocated by task 340:
> [  667.327993]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  667.328241]  kmalloc_oob_right+0x44/0x94 [test_kasan]
> [  667.328477]  kmalloc_tests_init+0x18/0x2d0 [test_kasan]
> [  667.328622]  do_one_initcall+0x40/0x278
> [  667.328792]  do_init_module+0xcc/0x59c
> [  667.328948]  load_module+0x2bc4/0x320c
> [  667.329107]  sys_init_module+0x114/0x138
> [  667.329250]  ret_from_syscall+0x0/0x38
> [  667.329298]
> [  667.330580] Freed by task 335:
> [  667.333667]  __kasan_slab_free+0x120/0x22c
> [  667.333788]  kfree+0x74/0x270
> [  667.333950]  load_elf_binary+0xb0/0x162c
> [  667.334129]  search_binary_handler+0x120/0x374
> [  667.334297]  __do_execve_file+0x834/0xb20
> [  667.334460]  sys_execve+0x40/0x54
> [  667.334605]  ret_from_syscall+0x0/0x38
> [  667.334652]
> [  667.335954] The buggy address belongs to the object at c5399680
> [  667.335954]  which belongs to the cache kmalloc-128 of size 128
> [  667.347675] The buggy address is located 123 bytes inside of
> [  667.347675]  128-byte region [c5399680, c5399700)
> [  667.357847] The buggy address belongs to the page:
> [  667.362634] page:c7fd9cc0 count:1 mapcount:0 mapping:c5007a80 index:0x0
> [  667.362745] flags: 0x200(slab)
> [  667.362973] raw: 00000200 00000100 00000200 c5007a80 00000000
> 005500ab ffffffff 00000001
> [  667.363043] page dumped because: kasan: bad access detected
> [  667.363083]
> [  667.364384] Memory state around the buggy address:
> [  667.369190]  c5399580: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
> [  667.375645]  c5399600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
> [  667.382099] >c5399680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03
> [  667.388496]                                                         ^
> [  667.394921]  c5399700: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
> [  667.401377]  c5399780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
> [  667.407767]
> ==================================================================
> [  667.414904] Disabling lock debugging due to kernel taint
> [  667.421182] kasan test: kmalloc_oob_left out-of-bounds to left
> [  667.421314]
> ==================================================================
> [  667.428466] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_left+0x74/0x9c [test_kasan]
> [  667.436045] Read of size 1 at addr c58e9ddf by task exe/340
> [  667.441483]
> [  667.443064] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  667.443115] Call Trace:
> [  667.443290] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  667.443492] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  667.443779] [c5649ce0] [c95d4268] kmalloc_oob_left+0x74/0x9c [test_kasan]
> [  667.444057] [c5649d00] [c95d5514] kmalloc_tests_init+0x1c/0x2d0
> [test_kasan]
> [  667.444246] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  667.444458] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  667.444658] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  667.444859] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  667.445051] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  667.445215] --- interrupt: c01 at 0xfd6b914
> [  667.445215]     LR = 0x1001364c
> [  667.445260]
> [  667.446593] Allocated by task 340:
> [  667.450025]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  667.450191]  do_init_module+0x2c/0x59c
> [  667.450346]  load_module+0x2bc4/0x320c
> [  667.450503]  sys_init_module+0x114/0x138
> [  667.450645]  ret_from_syscall+0x0/0x38
> [  667.450691]
> [  667.452009] Freed by task 276:
> [  667.455096]  __kasan_slab_free+0x120/0x22c
> [  667.455214]  kfree+0x74/0x270
> [  667.455344]  single_release+0x54/0x6c
> [  667.455516]  close_pdeo+0x128/0x224
> [  667.455680]  proc_reg_release+0x110/0x128
> [  667.455811]  __fput+0xec/0x2d4
> [  667.455934]  task_work_run+0x13c/0x15c
> [  667.456101]  do_notify_resume+0x3d8/0x438
> [  667.456248]  do_user_signal+0x2c/0x34
> [  667.456294]
> [  667.457641] The buggy address belongs to the object at c58e9dc0
> [  667.457641]  which belongs to the cache kmalloc-16 of size 16
> [  667.469191] The buggy address is located 15 bytes to the right of
> [  667.469191]  16-byte region [c58e9dc0, c58e9dd0)
> [  667.479708] The buggy address belongs to the page:
> [  667.484495] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  667.484606] flags: 0x200(slab)
> [  667.484833] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  667.484900] page dumped because: kasan: bad access detected
> [  667.484940]
> [  667.486244] Memory state around the buggy address:
> [  667.491051]  c58e9c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
> [  667.497505]  c58e9d00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
> [  667.503959] >c58e9d80: 00 00 fc fc 00 00 fc fc 00 04 fc fc 00 07 fc fc
> [  667.510354]                                             ^
> [  667.515748]  c58e9e00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  667.522204]  c58e9e80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  667.528595]
> ==================================================================
> [  667.803662] kasan test: kmalloc_node_oob_right kmalloc_node():
> out-of-bounds to right
> [  667.803806]
> ==================================================================
> [  667.811008] BUG: KASAN: slab-out-of-bounds in
> kmalloc_node_oob_right+0x74/0x94 [test_kasan]
> [  667.819105] Write of size 1 at addr c59a4300 by task exe/340
> [  667.824627]
> [  667.826209] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  667.826260] Call Trace:
> [  667.826436] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  667.826640] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  667.826931] [c5649ce0] [c95d4304] kmalloc_node_oob_right+0x74/0x94
> [test_kasan]
> [  667.827211] [c5649d00] [c95d5518] kmalloc_tests_init+0x20/0x2d0
> [test_kasan]
> [  667.827402] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  667.827616] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  667.827818] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  667.828022] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  667.828216] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  667.828382] --- interrupt: c01 at 0xfd6b914
> [  667.828382]     LR = 0x1001364c
> [  667.828428]
> [  667.829737] Allocated by task 340:
> [  667.833169]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  667.833420]  kmalloc_node_oob_right+0x44/0x94 [test_kasan]
> [  667.833656]  kmalloc_tests_init+0x20/0x2d0 [test_kasan]
> [  667.833801]  do_one_initcall+0x40/0x278
> [  667.833970]  do_init_module+0xcc/0x59c
> [  667.834125]  load_module+0x2bc4/0x320c
> [  667.834284]  sys_init_module+0x114/0x138
> [  667.834427]  ret_from_syscall+0x0/0x38
> [  667.834475]
> [  667.835756] Freed by task 319:
> [  667.838843]  __kasan_slab_free+0x120/0x22c
> [  667.838963]  kfree+0x74/0x270
> [  667.839137]  kobject_uevent_env+0x15c/0x65c
> [  667.839299]  led_trigger_set+0x3f0/0x4fc
> [  667.839451]  led_trigger_store+0xd8/0x164
> [  667.839593]  kernfs_fop_write+0x18c/0x218
> [  667.839721]  __vfs_write+0x5c/0x258
> [  667.839843]  vfs_write+0xe4/0x248
> [  667.839966]  ksys_write+0x58/0xd8
> [  667.840111]  ret_from_syscall+0x0/0x38
> [  667.840158]
> [  667.841475] The buggy address belongs to the object at c59a3300
> [  667.841475]  which belongs to the cache kmalloc-4k of size 4096
> [  667.853196] The buggy address is located 0 bytes to the right of
> [  667.853196]  4096-byte region [c59a3300, c59a4300)
> [  667.863798] The buggy address belongs to the page:
> [  667.868586] page:c7fdcd00 count:1 mapcount:0 mapping:c50075a0
> index:0x0 compound_mapcount: 0
> [  667.868727] flags: 0x10200(slab|head)
> [  667.868956] raw: 00010200 00000100 00000200 c50075a0 00000000
> 000f001f ffffffff 00000001
> [  667.869025] page dumped because: kasan: bad access detected
> [  667.869065]
> [  667.870334] Memory state around the buggy address:
> [  667.875141]  c59a4200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  667.881595]  c59a4280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  667.888049] >c59a4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  667.894436]            ^
> [  667.896998]  c59a4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  667.903454]  c59a4400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  667.909845]
> ==================================================================
> [  667.923434] kasan test: kmalloc_pagealloc_oob_right kmalloc pagealloc
> allocation: out-of-bounds to right
> [  667.923647]
> ==================================================================
> [  667.930896] BUG: KASAN: slab-out-of-bounds in
> kmalloc_pagealloc_oob_right+0x78/0x98 [test_kasan]
> [  667.939503] Write of size 1 at addr c5bd800a by task exe/340
> [  667.945024]
> [  667.946607] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  667.946657] Call Trace:
> [  667.946833] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  667.947035] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  667.947325] [c5649ce0] [c95d4674]
> kmalloc_pagealloc_oob_right+0x78/0x98 [test_kasan]
> [  667.947603] [c5649d00] [c95d551c] kmalloc_tests_init+0x24/0x2d0
> [test_kasan]
> [  667.947792] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  667.948004] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  667.948204] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  667.948406] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  667.948597] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  667.948760] --- interrupt: c01 at 0xfd6b914
> [  667.948760]     LR = 0x1001364c
> [  667.948806]
> [  667.950115] The buggy address belongs to the page:
> [  667.954903] page:c7fdde80 count:1 mapcount:0 mapping:00000000
> index:0x0 compound_mapcount: 0
> [  667.955038] flags: 0x10000(head)
> [  667.955260] raw: 00010000 00000100 00000200 00000000 00000000
> 00000000 ffffffff 00000001
> [  667.955327] page dumped because: kasan: bad access detected
> [  667.955367]
> [  667.956652] Memory state around the buggy address:
> [  667.961458]  c5bd7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  667.967912]  c5bd7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  667.974367] >c5bd8000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
> [  667.980755]               ^
> [  667.983574]  c5bd8080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
> [  667.990030]  c5bd8100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
> [  667.996420]
> ==================================================================
> [  668.222064] kasan test: kmalloc_pagealloc_uaf kmalloc pagealloc
> allocation: use-after-free
> [  668.222349]
> ==================================================================
> [  668.229525] BUG: KASAN: use-after-free in
> kmalloc_pagealloc_uaf+0x78/0x94 [test_kasan]
> [  668.237274] Write of size 1 at addr c5bd0000 by task exe/340
> [  668.242796]
> [  668.244378] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  668.244429] Call Trace:
> [  668.244606] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  668.244810] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  668.245100] [c5649ce0] [c95d470c] kmalloc_pagealloc_uaf+0x78/0x94
> [test_kasan]
> [  668.245381] [c5649d00] [c95d5520] kmalloc_tests_init+0x28/0x2d0
> [test_kasan]
> [  668.245573] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  668.245787] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  668.245989] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  668.246192] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  668.246386] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  668.246552] --- interrupt: c01 at 0xfd6b914
> [  668.246552]     LR = 0x1001364c
> [  668.246598]
> [  668.247886] The buggy address belongs to the page:
> [  668.252671] page:c7fdde80 count:0 mapcount:-128 mapping:00000000
> index:0x0
> [  668.252769] flags: 0x0()
> [  668.252994] raw: 00000000 c7fdcf84 c0982ae8 00000000 00000000
> 00000002 ffffff7f 00000000
> [  668.253062] page dumped because: kasan: bad access detected
> [  668.253102]
> [  668.254337] Memory state around the buggy address:
> [  668.259143]  c5bcff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  668.265597]  c5bcff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  668.272052] >c5bd0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> [  668.278439]            ^
> [  668.281001]  c5bd0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> [  668.287458]  c5bd0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> [  668.293847]
> ==================================================================
> [  668.310744] kasan test: kmalloc_pagealloc_invalid_free kmalloc
> pagealloc allocation: invalid-free
> [  668.310957]
> ==================================================================
> [  668.318156] BUG: KASAN: double-free or invalid-free in
> kmalloc_tests_init+0x2c/0x2d0 [test_kasan]
> [  668.326705]
> [  668.328286] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  668.328337] Call Trace:
> [  668.328512] [c5649c80] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  668.328724] [c5649cb0] [c0176c24] kasan_report_invalid_free+0x48/0x74
> [  668.328888] [c5649ce0] [c0173c14] kfree+0x1f8/0x270
> [  668.329176] [c5649d00] [c95d5524] kmalloc_tests_init+0x2c/0x2d0
> [test_kasan]
> [  668.329365] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  668.329577] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  668.329777] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  668.329978] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  668.330170] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  668.330334] --- interrupt: c01 at 0xfd6b914
> [  668.330334]     LR = 0x1001364c
> [  668.330379]
> [  668.331622] The buggy address belongs to the page:
> [  668.336410] page:c7fdde80 count:1 mapcount:0 mapping:00000000
> index:0x0 compound_mapcount: 0
> [  668.336545] flags: 0x10000(head)
> [  668.336767] raw: 00010000 00000100 00000200 00000000 00000000
> 00000000 ffffffff 00000001
> [  668.336834] page dumped because: kasan: bad access detected
> [  668.336873]
> [  668.338158] Memory state around the buggy address:
> [  668.342965]  c5bcff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  668.349419]  c5bcff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  668.355874] >c5bd0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  668.362260]            ^
> [  668.364822]  c5bd0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  668.371279]  c5bd0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  668.377668]
> ==================================================================
> [  668.528086] kasan test: kmalloc_large_oob_right kmalloc large
> allocation: out-of-bounds to right
> [  668.528279]
> ==================================================================
> [  668.535471] BUG: KASAN: slab-out-of-bounds in
> kmalloc_large_oob_right+0x74/0x94 [test_kasan]
> [  668.543735] Write of size 1 at addr c5498700 by task exe/340
> [  668.549257]
> [  668.550840] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  668.550891] Call Trace:
> [  668.551068] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  668.551272] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  668.551561] [c5649ce0] [c95d4398] kmalloc_large_oob_right+0x74/0x94
> [test_kasan]
> [  668.551842] [c5649d00] [c95d5528] kmalloc_tests_init+0x30/0x2d0
> [test_kasan]
> [  668.552034] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  668.552248] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  668.552450] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  668.552655] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  668.552848] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  668.553013] --- interrupt: c01 at 0xfd6b914
> [  668.553013]     LR = 0x1001364c
> [  668.553059]
> [  668.554367] Allocated by task 340:
> [  668.557799]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  668.558049]  kmalloc_large_oob_right+0x44/0x94 [test_kasan]
> [  668.558285]  kmalloc_tests_init+0x30/0x2d0 [test_kasan]
> [  668.558430]  do_one_initcall+0x40/0x278
> [  668.558599]  do_init_module+0xcc/0x59c
> [  668.558756]  load_module+0x2bc4/0x320c
> [  668.558915]  sys_init_module+0x114/0x138
> [  668.559058]  ret_from_syscall+0x0/0x38
> [  668.559106]
> [  668.560386] Freed by task 173:
> [  668.563473]  __kasan_slab_free+0x120/0x22c
> [  668.563595]  kfree+0x74/0x270
> [  668.563763]  consume_skb+0x38/0x138
> [  668.563935]  skb_free_datagram+0x1c/0x80
> [  668.564104]  netlink_recvmsg+0x1d0/0x4d4
> [  668.564270]  ___sys_recvmsg+0xd8/0x194
> [  668.564436]  __sys_recvmsg+0x40/0x8c
> [  668.564563]  sys_socketcall+0xf8/0x210
> [  668.564709]  ret_from_syscall+0x0/0x38
> [  668.564756]
> [  668.566106] The buggy address belongs to the object at c5490800
> [  668.566106]  which belongs to the cache kmalloc-32k of size 32768
> [  668.578000] The buggy address is located 32512 bytes inside of
> [  668.578000]  32768-byte region [c5490800, c5498800)
> [  668.588514] The buggy address belongs to the page:
> [  668.593302] page:c7fda400 count:1 mapcount:0 mapping:c5007330
> index:0x0 compound_mapcount: 0
> [  668.593443] flags: 0x10200(slab|head)
> [  668.593672] raw: 00010200 00000100 00000200 c5007330 00000000
> 00030007 ffffffff 00000001
> [  668.593741] page dumped because: kasan: bad access detected
> [  668.593781]
> [  668.595051] Memory state around the buggy address:
> [  668.599857]  c5498600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  668.606311]  c5498680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  668.612765] >c5498700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  668.619152]            ^
> [  668.621714]  c5498780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  668.628171]  c5498800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  668.634561]
> ==================================================================
> [  668.645940] kasan test: kmalloc_oob_krealloc_more out-of-bounds after
> krealloc more
> [  668.646103]
> ==================================================================
> [  668.653286] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_krealloc_more+0x8c/0xac [test_kasan]
> [  668.661723] Write of size 1 at addr c53e8ca3 by task exe/340
> [  668.667245]
> [  668.668827] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  668.668877] Call Trace:
> [  668.669052] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  668.669254] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  668.669543] [c5649ce0] [c95d4838] kmalloc_oob_krealloc_more+0x8c/0xac
> [test_kasan]
> [  668.669823] [c5649d00] [c95d552c] kmalloc_tests_init+0x34/0x2d0
> [test_kasan]
> [  668.670012] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  668.670225] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  668.670426] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  668.670627] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  668.670819] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  668.670982] --- interrupt: c01 at 0xfd6b914
> [  668.670982]     LR = 0x1001364c
> [  668.671027]
> [  668.672354] Allocated by task 340:
> [  668.675786]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  668.675935]  krealloc+0xb0/0xe8
> [  668.676185]  kmalloc_oob_krealloc_more+0x58/0xac [test_kasan]
> [  668.676419]  kmalloc_tests_init+0x34/0x2d0 [test_kasan]
> [  668.676563]  do_one_initcall+0x40/0x278
> [  668.676730]  do_init_module+0xcc/0x59c
> [  668.676885]  load_module+0x2bc4/0x320c
> [  668.677042]  sys_init_module+0x114/0x138
> [  668.677185]  ret_from_syscall+0x0/0x38
> [  668.677231]
> [  668.678543] Freed by task 0:
> [  668.681460]  __kasan_slab_free+0x120/0x22c
> [  668.681579]  kfree+0x74/0x270
> [  668.681726]  rcu_process_callbacks+0x384/0x620
> [  668.681858]  __do_softirq+0x134/0x48c
> [  668.681904]
> [  668.683231] The buggy address belongs to the object at c53e8c90
> [  668.683231]  which belongs to the cache kmalloc-32 of size 32
> [  668.694778] The buggy address is located 19 bytes inside of
> [  668.694778]  32-byte region [c53e8c90, c53e8cb0)
> [  668.704780] The buggy address belongs to the page:
> [  668.709568] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
> [  668.709676] flags: 0x200(slab)
> [  668.709903] raw: 00000200 00000100 00000200 c5007cf0 00000000
> 015502ab ffffffff 00000001
> [  668.709970] page dumped because: kasan: bad access detected
> [  668.710010]
> [  668.711317] Memory state around the buggy address:
> [  668.716124]  c53e8b80: 00 fc fc fc 00 00 00 fc fc fc fb fb fb fb fc fc
> [  668.722579]  c53e8c00: 00 00 00 04 fc fc 00 00 00 04 fc fc 00 00 00 00
> [  668.729033] >c53e8c80: fc fc 00 00 03 fc fc fc 00 00 00 00 fc fc 00 00
> [  668.735421]                        ^
> [  668.739014]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
> [  668.745470]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
> [  668.751860]
> ==================================================================
> [  669.016775] kasan test: kmalloc_oob_krealloc_less out-of-bounds after
> krealloc less
> [  669.016942]
> ==================================================================
> [  669.024120] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_krealloc_less+0x8c/0xac [test_kasan]
> [  669.032474] Write of size 1 at addr c53e8bdf by task exe/340
> [  669.037995]
> [  669.039577] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  669.039628] Call Trace:
> [  669.039803] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  669.040007] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  669.040299] [c5649ce0] [c95d48e4] kmalloc_oob_krealloc_less+0x8c/0xac
> [test_kasan]
> [  669.040580] [c5649d00] [c95d5530] kmalloc_tests_init+0x38/0x2d0
> [test_kasan]
> [  669.040771] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  669.040984] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  669.041187] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  669.041390] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  669.041584] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  669.041750] --- interrupt: c01 at 0xfd6b914
> [  669.041750]     LR = 0x1001364c
> [  669.041796]
> [  669.043105] Allocated by task 340:
> [  669.046537]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  669.046687]  krealloc+0xb0/0xe8
> [  669.046940]  kmalloc_oob_krealloc_less+0x58/0xac [test_kasan]
> [  669.047176]  kmalloc_tests_init+0x38/0x2d0 [test_kasan]
> [  669.047321]  do_one_initcall+0x40/0x278
> [  669.047491]  do_init_module+0xcc/0x59c
> [  669.047648]  load_module+0x2bc4/0x320c
> [  669.047806]  sys_init_module+0x114/0x138
> [  669.047951]  ret_from_syscall+0x0/0x38
> [  669.047998]
> [  669.049294] Freed by task 0:
> [  669.052211]  __kasan_slab_free+0x120/0x22c
> [  669.052332]  kfree+0x74/0x270
> [  669.052479]  rcu_process_callbacks+0x384/0x620
> [  669.052612]  __do_softirq+0x134/0x48c
> [  669.052659]
> [  669.053981] The buggy address belongs to the object at c53e8bd0
> [  669.053981]  which belongs to the cache kmalloc-32 of size 32
> [  669.065529] The buggy address is located 15 bytes inside of
> [  669.065529]  32-byte region [c53e8bd0, c53e8bf0)
> [  669.075531] The buggy address belongs to the page:
> [  669.080318] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
> [  669.080428] flags: 0x200(slab)
> [  669.080655] raw: 00000200 00000100 00000200 c5007cf0 00000000
> 015502ab ffffffff 00000001
> [  669.080724] page dumped because: kasan: bad access detected
> [  669.080764]
> [  669.082068] Memory state around the buggy address:
> [  669.086874]  c53e8a80: 00 00 00 fc fc fc 00 00 00 fc fc fc 00 00 00 00
> [  669.093328]  c53e8b00: fc fc 00 00 00 fc fc fc 00 00 00 fc fc fc 00 00
> [  669.099783] >c53e8b80: 00 fc fc fc 00 00 00 fc fc fc 00 07 fc fc fc fc
> [  669.106177]                                             ^
> [  669.111572]  c53e8c00: 00 00 00 04 fc fc 00 00 00 04 fc fc 00 00 00 00
> [  669.118028]  c53e8c80: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc 00 00
> [  669.124418]
> ==================================================================
> [  669.137359] kasan test: kmalloc_oob_16 kmalloc out-of-bounds for
> 16-bytes access
> [  669.137538]
> ==================================================================
> [  669.144772] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_16+0x94/0xdc [test_kasan]
> [  669.152181] Write of size 16 at addr c58eada0 by task exe/340
> [  669.157790]
> [  669.159371] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  669.159421] Call Trace:
> [  669.159597] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  669.159799] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  669.160086] [c5649ce0] [c95d444c] kmalloc_oob_16+0x94/0xdc [test_kasan]
> [  669.160365] [c5649d00] [c95d5534] kmalloc_tests_init+0x3c/0x2d0
> [test_kasan]
> [  669.160554] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  669.160765] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  669.160966] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  669.161167] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  669.161360] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  669.161523] --- interrupt: c01 at 0xfd6b914
> [  669.161523]     LR = 0x1001364c
> [  669.161569]
> [  669.162900] Allocated by task 340:
> [  669.166332]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  669.166578]  kmalloc_oob_16+0x48/0xdc [test_kasan]
> [  669.166812]  kmalloc_tests_init+0x3c/0x2d0 [test_kasan]
> [  669.166955]  do_one_initcall+0x40/0x278
> [  669.167121]  do_init_module+0xcc/0x59c
> [  669.167275]  load_module+0x2bc4/0x320c
> [  669.167432]  sys_init_module+0x114/0x138
> [  669.167575]  ret_from_syscall+0x0/0x38
> [  669.167620]
> [  669.168919] Freed by task 338:
> [  669.172004]  __kasan_slab_free+0x120/0x22c
> [  669.172122]  kfree+0x74/0x270
> [  669.172264]  walk_component+0x150/0x478
> [  669.172399]  link_path_walk+0x374/0x63c
> [  669.172535]  path_openat+0xe4/0x15f8
> [  669.172674]  do_filp_open+0xd0/0x120
> [  669.172843]  do_open_execat+0x64/0x264
> [  669.173010]  __do_execve_file+0xa0c/0xb20
> [  669.173172]  sys_execve+0x40/0x54
> [  669.173318]  ret_from_syscall+0x0/0x38
> [  669.173364]
> [  669.174722] The buggy address belongs to the object at c58eada0
> [  669.174722]  which belongs to the cache kmalloc-16 of size 16
> [  669.186269] The buggy address is located 0 bytes inside of
> [  669.186269]  16-byte region [c58eada0, c58eadb0)
> [  669.196187] The buggy address belongs to the page:
> [  669.200974] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  669.201083] flags: 0x200(slab)
> [  669.201310] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  669.201378] page dumped because: kasan: bad access detected
> [  669.201417]
> [  669.202723] Memory state around the buggy address:
> [  669.207530]  c58eac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  669.213984]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  669.220438] >c58ead80: fb fb fc fc 00 05 fc fc 00 00 fc fc fb fb fc fc
> [  669.226828]                           ^
> [  669.230678]  c58eae00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  669.237134]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
> [  669.243524]
> ==================================================================
> [  669.521937] kasan test: kmalloc_oob_in_memset out-of-bounds in memset
> [  669.522086]
> ==================================================================
> [  669.529294] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_in_memset+0x78/0x90 [test_kasan]
> [  669.537306] Write of size 671 at addr c5881b00 by task exe/340
> [  669.543000]
> [  669.544581] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  669.544632] Call Trace:
> [  669.544808] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  669.545012] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  669.545186] [c5649cc0] [c0175700] memset+0x2c/0x4c
> [  669.545477] [c5649ce0] [c95d497c] kmalloc_oob_in_memset+0x78/0x90
> [test_kasan]
> [  669.545759] [c5649d00] [c95d5538] kmalloc_tests_init+0x40/0x2d0
> [test_kasan]
> [  669.545949] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  669.546163] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  669.546366] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  669.546570] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  669.546764] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  669.546929] --- interrupt: c01 at 0xfd6b914
> [  669.546929]     LR = 0x1001364c
> [  669.546976]
> [  669.548281] Allocated by task 340:
> [  669.551713]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  669.551963]  kmalloc_oob_in_memset+0x44/0x90 [test_kasan]
> [  669.552199]  kmalloc_tests_init+0x40/0x2d0 [test_kasan]
> [  669.552346]  do_one_initcall+0x40/0x278
> [  669.552515]  do_init_module+0xcc/0x59c
> [  669.552672]  load_module+0x2bc4/0x320c
> [  669.552831]  sys_init_module+0x114/0x138
> [  669.552976]  ret_from_syscall+0x0/0x38
> [  669.553023]
> [  669.554300] Freed by task 131:
> [  669.557387]  __kasan_slab_free+0x120/0x22c
> [  669.557508]  kfree+0x74/0x270
> [  669.557682]  pskb_expand_head+0x2b0/0x434
> [  669.557843]  netlink_trim+0xfc/0x114
> [  669.558009]  netlink_broadcast_filtered+0x48/0x530
> [  669.558169]  nlmsg_notify+0x7c/0x128
> [  669.558330]  fib6_add+0xd44/0x11d4
> [  669.558461]  __ip6_ins_rt+0x5c/0x88
> [  669.558598]  ip6_ins_rt+0x34/0x44
> [  669.558777]  __ipv6_ifa_notify+0x388/0x38c
> [  669.558945]  ipv6_ifa_notify+0x68/0x88
> [  669.559076]  addrconf_dad_completed+0x54/0x49c
> [  669.559201]  addrconf_dad_work+0x558/0x84c
> [  669.559369]  process_one_work+0x408/0x78c
> [  669.559524]  worker_thread+0xb4/0x83c
> [  669.559657]  kthread+0x144/0x184
> [  669.559811]  ret_from_kernel_thread+0x14/0x1c
> [  669.559858]
> [  669.561223] The buggy address belongs to the object at c5881b00
> [  669.561223]  which belongs to the cache kmalloc-1k of size 1024
> [  669.572943] The buggy address is located 0 bytes inside of
> [  669.572943]  1024-byte region [c5881b00, c5881f00)
> [  669.583031] The buggy address belongs to the page:
> [  669.587818] page:c7fdc400 count:1 mapcount:0 mapping:c5007740 index:0x0
> [  669.587929] flags: 0x200(slab)
> [  669.588156] raw: 00000200 00000100 00000200 c5007740 00000000
> 000e001d ffffffff 00000001
> [  669.588225] page dumped because: kasan: bad access detected
> [  669.588265]
> [  669.589567] Memory state around the buggy address:
> [  669.594374]  c5881c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  669.600828]  c5881d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  669.607282] >c5881d80: 00 00 00 02 fc fc fc fc fc fc fc fc fc fc fc fc
> [  669.613671]                     ^
> [  669.617005]  c5881e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  669.623462]  c5881e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  669.629852]
> ==================================================================
> [  669.643287] kasan test: kmalloc_oob_memset_2 out-of-bounds in memset2
> [  669.643423]
> ==================================================================
> [  669.650641] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_memset_2+0x7c/0x94 [test_kasan]
> [  669.658563] Write of size 2 at addr c58eae07 by task exe/340
> [  669.664085]
> [  669.665668] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  669.665718] Call Trace:
> [  669.665891] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  669.666095] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  669.666267] [c5649cc0] [c0175700] memset+0x2c/0x4c
> [  669.666556] [c5649ce0] [c95d4a10] kmalloc_oob_memset_2+0x7c/0x94
> [test_kasan]
> [  669.666836] [c5649d00] [c95d553c] kmalloc_tests_init+0x44/0x2d0
> [test_kasan]
> [  669.667026] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  669.667239] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  669.667440] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  669.667643] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  669.667836] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  669.668002] --- interrupt: c01 at 0xfd6b914
> [  669.668002]     LR = 0x1001364c
> [  669.668046]
> [  669.669366] Allocated by task 340:
> [  669.672799]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  669.673048]  kmalloc_oob_memset_2+0x44/0x94 [test_kasan]
> [  669.673283]  kmalloc_tests_init+0x44/0x2d0 [test_kasan]
> [  669.673426]  do_one_initcall+0x40/0x278
> [  669.673594]  do_init_module+0xcc/0x59c
> [  669.673750]  load_module+0x2bc4/0x320c
> [  669.673909]  sys_init_module+0x114/0x138
> [  669.674051]  ret_from_syscall+0x0/0x38
> [  669.674098]
> [  669.675387] Freed by task 276:
> [  669.678473]  __kasan_slab_free+0x120/0x22c
> [  669.678594]  kfree+0x74/0x270
> [  669.678724]  single_release+0x54/0x6c
> [  669.678897]  close_pdeo+0x128/0x224
> [  669.679064]  proc_reg_release+0x110/0x128
> [  669.679197]  __fput+0xec/0x2d4
> [  669.679320]  task_work_run+0x13c/0x15c
> [  669.679487]  do_notify_resume+0x3d8/0x438
> [  669.679636]  do_user_signal+0x2c/0x34
> [  669.679682]
> [  669.681018] The buggy address belongs to the object at c58eae00
> [  669.681018]  which belongs to the cache kmalloc-16 of size 16
> [  669.692565] The buggy address is located 7 bytes inside of
> [  669.692565]  16-byte region [c58eae00, c58eae10)
> [  669.702482] The buggy address belongs to the page:
> [  669.707268] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  669.707380] flags: 0x200(slab)
> [  669.707607] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  669.707674] page dumped because: kasan: bad access detected
> [  669.707713]
> [  669.709018] Memory state around the buggy address:
> [  669.713825]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  669.720279]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  669.726734] >c58eae00: 00 fc fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  669.733120]               ^
> [  669.735941]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
> [  669.742397]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  669.748787]
> ==================================================================
> [  670.056503] kasan test: kmalloc_oob_memset_4 out-of-bounds in memset4
> [  670.056640]
> ==================================================================
> [  670.063818] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_memset_4+0x7c/0x94 [test_kasan]
> [  670.071743] Write of size 4 at addr c58eae25 by task exe/340
> [  670.077263]
> [  670.078847] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  670.078898] Call Trace:
> [  670.079074] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  670.079279] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  670.079452] [c5649cc0] [c0175700] memset+0x2c/0x4c
> [  670.079743] [c5649ce0] [c95d4aa4] kmalloc_oob_memset_4+0x7c/0x94
> [test_kasan]
> [  670.080025] [c5649d00] [c95d5540] kmalloc_tests_init+0x48/0x2d0
> [test_kasan]
> [  670.080216] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  670.080431] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  670.080635] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  670.080839] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  670.081034] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  670.081201] --- interrupt: c01 at 0xfd6b914
> [  670.081201]     LR = 0x1001364c
> [  670.081247]
> [  670.082546] Allocated by task 340:
> [  670.085978]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  670.086229]  kmalloc_oob_memset_4+0x44/0x94 [test_kasan]
> [  670.086465]  kmalloc_tests_init+0x48/0x2d0 [test_kasan]
> [  670.086611]  do_one_initcall+0x40/0x278
> [  670.086782]  do_init_module+0xcc/0x59c
> [  670.086941]  load_module+0x2bc4/0x320c
> [  670.087101]  sys_init_module+0x114/0x138
> [  670.087246]  ret_from_syscall+0x0/0x38
> [  670.087293]
> [  670.088563] Freed by task 276:
> [  670.091652]  __kasan_slab_free+0x120/0x22c
> [  670.091774]  kfree+0x74/0x270
> [  670.091906]  single_release+0x54/0x6c
> [  670.092080]  close_pdeo+0x128/0x224
> [  670.092249]  proc_reg_release+0x110/0x128
> [  670.092383]  __fput+0xec/0x2d4
> [  670.092509]  task_work_run+0x13c/0x15c
> [  670.092678]  do_notify_resume+0x3d8/0x438
> [  670.092828]  do_user_signal+0x2c/0x34
> [  670.092874]
> [  670.094198] The buggy address belongs to the object at c58eae20
> [  670.094198]  which belongs to the cache kmalloc-16 of size 16
> [  670.105743] The buggy address is located 5 bytes inside of
> [  670.105743]  16-byte region [c58eae20, c58eae30)
> [  670.115660] The buggy address belongs to the page:
> [  670.120447] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  670.120560] flags: 0x200(slab)
> [  670.120789] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  670.120858] page dumped because: kasan: bad access detected
> [  670.120899]
> [  670.122198] Memory state around the buggy address:
> [  670.127004]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.133458]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.139912] >c58eae00: fb fb fc fc 00 fc fc fc fb fb fc fc fb fb fc fc
> [  670.146302]                           ^
> [  670.150152]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
> [  670.156608]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.162998]
> ==================================================================
> [  670.176210] kasan test: kmalloc_oob_memset_8 out-of-bounds in memset8
> [  670.176342]
> ==================================================================
> [  670.183528] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_memset_8+0x7c/0x94 [test_kasan]
> [  670.191450] Write of size 8 at addr c58eae41 by task exe/340
> [  670.196972]
> [  670.198555] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  670.198605] Call Trace:
> [  670.198779] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  670.198982] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  670.199153] [c5649cc0] [c0175700] memset+0x2c/0x4c
> [  670.199443] [c5649ce0] [c95d4b38] kmalloc_oob_memset_8+0x7c/0x94
> [test_kasan]
> [  670.199722] [c5649d00] [c95d5544] kmalloc_tests_init+0x4c/0x2d0
> [test_kasan]
> [  670.199912] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  670.200125] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  670.200327] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  670.200530] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  670.200723] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  670.200887] --- interrupt: c01 at 0xfd6b914
> [  670.200887]     LR = 0x1001364c
> [  670.200931]
> [  670.202255] Allocated by task 340:
> [  670.205686]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  670.205934]  kmalloc_oob_memset_8+0x44/0x94 [test_kasan]
> [  670.206168]  kmalloc_tests_init+0x4c/0x2d0 [test_kasan]
> [  670.206312]  do_one_initcall+0x40/0x278
> [  670.206480]  do_init_module+0xcc/0x59c
> [  670.206637]  load_module+0x2bc4/0x320c
> [  670.206794]  sys_init_module+0x114/0x138
> [  670.206937]  ret_from_syscall+0x0/0x38
> [  670.206983]
> [  670.208274] Freed by task 276:
> [  670.211360]  __kasan_slab_free+0x120/0x22c
> [  670.211479]  kfree+0x74/0x270
> [  670.211611]  single_release+0x54/0x6c
> [  670.211782]  close_pdeo+0x128/0x224
> [  670.211947]  proc_reg_release+0x110/0x128
> [  670.212079]  __fput+0xec/0x2d4
> [  670.212202]  task_work_run+0x13c/0x15c
> [  670.212368]  do_notify_resume+0x3d8/0x438
> [  670.212515]  do_user_signal+0x2c/0x34
> [  670.212561]
> [  670.213904] The buggy address belongs to the object at c58eae40
> [  670.213904]  which belongs to the cache kmalloc-16 of size 16
> [  670.225452] The buggy address is located 1 bytes inside of
> [  670.225452]  16-byte region [c58eae40, c58eae50)
> [  670.235368] The buggy address belongs to the page:
> [  670.240155] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  670.240265] flags: 0x200(slab)
> [  670.240493] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  670.240560] page dumped because: kasan: bad access detected
> [  670.240599]
> [  670.241906] Memory state around the buggy address:
> [  670.246712]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.253167]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.259621] >c58eae00: fb fb fc fc fb fb fc fc 00 fc fc fc fb fb fc fc
> [  670.266014]                                       ^
> [  670.270894]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
> [  670.277349]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.283740]
> ==================================================================
> [  670.574861] kasan test: kmalloc_oob_memset_16 out-of-bounds in memset16
> [  670.574999]
> ==================================================================
> [  670.582162] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_memset_16+0x7c/0x94 [test_kasan]
> [  670.590260] Write of size 16 at addr c58eae81 by task exe/340
> [  670.595865]
> [  670.597448] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  670.597499] Call Trace:
> [  670.597674] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  670.597880] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  670.598053] [c5649cc0] [c0175700] memset+0x2c/0x4c
> [  670.598344] [c5649ce0] [c95d4bcc] kmalloc_oob_memset_16+0x7c/0x94
> [test_kasan]
> [  670.598626] [c5649d00] [c95d5548] kmalloc_tests_init+0x50/0x2d0
> [test_kasan]
> [  670.598816] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  670.599031] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  670.599234] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  670.599439] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  670.599634] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  670.599801] --- interrupt: c01 at 0xfd6b914
> [  670.599801]     LR = 0x1001364c
> [  670.599847]
> [  670.601148] Allocated by task 340:
> [  670.604580]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  670.604834]  kmalloc_oob_memset_16+0x44/0x94 [test_kasan]
> [  670.605070]  kmalloc_tests_init+0x50/0x2d0 [test_kasan]
> [  670.605215]  do_one_initcall+0x40/0x278
> [  670.605385]  do_init_module+0xcc/0x59c
> [  670.605543]  load_module+0x2bc4/0x320c
> [  670.605704]  sys_init_module+0x114/0x138
> [  670.605851]  ret_from_syscall+0x0/0x38
> [  670.605897]
> [  670.607166] Freed by task 276:
> [  670.610253]  __kasan_slab_free+0x120/0x22c
> [  670.610374]  kfree+0x74/0x270
> [  670.610506]  single_release+0x54/0x6c
> [  670.610681]  close_pdeo+0x128/0x224
> [  670.610849]  proc_reg_release+0x110/0x128
> [  670.610983]  __fput+0xec/0x2d4
> [  670.611107]  task_work_run+0x13c/0x15c
> [  670.611275]  do_notify_resume+0x3d8/0x438
> [  670.611424]  do_user_signal+0x2c/0x34
> [  670.611471]
> [  670.612798] The buggy address belongs to the object at c58eae80
> [  670.612798]  which belongs to the cache kmalloc-16 of size 16
> [  670.624345] The buggy address is located 1 bytes inside of
> [  670.624345]  16-byte region [c58eae80, c58eae90)
> [  670.634260] The buggy address belongs to the page:
> [  670.639048] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  670.639158] flags: 0x200(slab)
> [  670.639387] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  670.639457] page dumped because: kasan: bad access detected
> [  670.639497]
> [  670.640799] Memory state around the buggy address:
> [  670.645604]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.652058]  c58eae00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.658513] >c58eae80: 00 00 fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
> [  670.664901]                  ^
> [  670.667978]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.674434]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.680825]
> ==================================================================
> [  670.693766] kasan test: kmalloc_uaf use-after-free
> [  670.693923]
> ==================================================================
> [  670.701091] BUG: KASAN: use-after-free in kmalloc_uaf+0x78/0x94
> [test_kasan]
> [  670.707899] Write of size 1 at addr c58eaea8 by task exe/340
> [  670.713422]
> [  670.715004] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  670.715055] Call Trace:
> [  670.715229] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  670.715433] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  670.715719] [c5649ce0] [c95d450c] kmalloc_uaf+0x78/0x94 [test_kasan]
> [  670.715997] [c5649d00] [c95d554c] kmalloc_tests_init+0x54/0x2d0
> [test_kasan]
> [  670.716187] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  670.716400] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  670.716601] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  670.716804] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  670.716998] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  670.717164] --- interrupt: c01 at 0xfd6b914
> [  670.717164]     LR = 0x1001364c
> [  670.717209]
> [  670.718531] Allocated by task 340:
> [  670.721965]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  670.722210]  kmalloc_uaf+0x44/0x94 [test_kasan]
> [  670.722446]  kmalloc_tests_init+0x54/0x2d0 [test_kasan]
> [  670.722588]  do_one_initcall+0x40/0x278
> [  670.722756]  do_init_module+0xcc/0x59c
> [  670.722912]  load_module+0x2bc4/0x320c
> [  670.723069]  sys_init_module+0x114/0x138
> [  670.723213]  ret_from_syscall+0x0/0x38
> [  670.723260]
> [  670.724550] Freed by task 340:
> [  670.727635]  __kasan_slab_free+0x120/0x22c
> [  670.727754]  kfree+0x74/0x270
> [  670.727998]  kmalloc_uaf+0x70/0x94 [test_kasan]
> [  670.728233]  kmalloc_tests_init+0x54/0x2d0 [test_kasan]
> [  670.728375]  do_one_initcall+0x40/0x278
> [  670.728543]  do_init_module+0xcc/0x59c
> [  670.728698]  load_module+0x2bc4/0x320c
> [  670.728855]  sys_init_module+0x114/0x138
> [  670.728998]  ret_from_syscall+0x0/0x38
> [  670.729044]
> [  670.730356] The buggy address belongs to the object at c58eaea0
> [  670.730356]  which belongs to the cache kmalloc-16 of size 16
> [  670.741901] The buggy address is located 8 bytes inside of
> [  670.741901]  16-byte region [c58eaea0, c58eaeb0)
> [  670.751818] The buggy address belongs to the page:
> [  670.756605] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  670.756716] flags: 0x200(slab)
> [  670.756944] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  670.757012] page dumped because: kasan: bad access detected
> [  670.757052]
> [  670.758354] Memory state around the buggy address:
> [  670.763163]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.769616]  c58eae00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.776070] >c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
> [  670.782461]                           ^
> [  670.786311]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.792765]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.799157]
> ==================================================================
> [  671.084949] kasan test: kmalloc_uaf_memset use-after-free in memset
> [  671.085122]
> ==================================================================
> [  671.092328] BUG: KASAN: use-after-free in
> kmalloc_tests_init+0x58/0x2d0 [test_kasan]
> [  671.099824] Write of size 33 at addr c534b0c0 by task exe/340
> [  671.105430]
> [  671.107012] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  671.107063] Call Trace:
> [  671.107238] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  671.107443] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  671.107616] [c5649ce0] [c0175700] memset+0x2c/0x4c
> [  671.107907] [c5649d00] [c95d5550] kmalloc_tests_init+0x58/0x2d0
> [test_kasan]
> [  671.108098] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  671.108314] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  671.108518] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  671.108724] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  671.108918] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  671.109085] --- interrupt: c01 at 0xfd6b914
> [  671.109085]     LR = 0x1001364c
> [  671.109132]
> [  671.110452] Allocated by task 340:
> [  671.113886]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  671.114137]  kmalloc_uaf_memset+0x44/0x90 [test_kasan]
> [  671.114374]  kmalloc_tests_init+0x58/0x2d0 [test_kasan]
> [  671.114520]  do_one_initcall+0x40/0x278
> [  671.114689]  do_init_module+0xcc/0x59c
> [  671.114846]  load_module+0x2bc4/0x320c
> [  671.115005]  sys_init_module+0x114/0x138
> [  671.115151]  ret_from_syscall+0x0/0x38
> [  671.115198]
> [  671.116472] Freed by task 340:
> [  671.119559]  __kasan_slab_free+0x120/0x22c
> [  671.119681]  kfree+0x74/0x270
> [  671.119927]  kmalloc_uaf_memset+0x70/0x90 [test_kasan]
> [  671.120167]  kmalloc_tests_init+0x58/0x2d0 [test_kasan]
> [  671.120312]  do_one_initcall+0x40/0x278
> [  671.120481]  do_init_module+0xcc/0x59c
> [  671.120640]  load_module+0x2bc4/0x320c
> [  671.120801]  sys_init_module+0x114/0x138
> [  671.120945]  ret_from_syscall+0x0/0x38
> [  671.120992]
> [  671.122276] The buggy address belongs to the object at c534b0c0
> [  671.122276]  which belongs to the cache kmalloc-64 of size 64
> [  671.133824] The buggy address is located 0 bytes inside of
> [  671.133824]  64-byte region [c534b0c0, c534b100)
> [  671.143741] The buggy address belongs to the page:
> [  671.148527] page:c7fd9a40 count:1 mapcount:0 mapping:c5007c20 index:0x0
> [  671.148637] flags: 0x200(slab)
> [  671.148866] raw: 00000200 00000100 00000200 c5007c20 00000000
> 00aa0155 ffffffff 00000001
> [  671.148935] page dumped because: kasan: bad access detected
> [  671.148975]
> [  671.150277] Memory state around the buggy address:
> [  671.155084]  c534af80: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
> [  671.161538]  c534b000: 00 00 00 00 00 00 fc fc fc fc fc fc fb fb fb fb
> [  671.167993] >c534b080: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
> [  671.174383]                                    ^
> [  671.179007]  c534b100: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
> [  671.185461]  c534b180: 00 00 00 00 04 fc fc fc fc fc fc fc fb fb fb fb
> [  671.191853]
> ==================================================================
> [  671.204460] kasan test: kmalloc_uaf2 use-after-free after another kmalloc
> [  671.204676]
> ==================================================================
> [  671.211859] BUG: KASAN: use-after-free in kmalloc_uaf2+0x9c/0xd4
> [test_kasan]
> [  671.218755] Write of size 1 at addr c534b088 by task exe/340
> [  671.224277]
> [  671.225860] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  671.225910] Call Trace:
> [  671.226085] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  671.226288] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  671.226574] [c5649ce0] [c95d45c4] kmalloc_uaf2+0x9c/0xd4 [test_kasan]
> [  671.226854] [c5649d00] [c95d5554] kmalloc_tests_init+0x5c/0x2d0
> [test_kasan]
> [  671.227044] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  671.227257] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  671.227458] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  671.227659] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  671.227853] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  671.228018] --- interrupt: c01 at 0xfd6b914
> [  671.228018]     LR = 0x1001364c
> [  671.228063]
> [  671.229387] Allocated by task 340:
> [  671.232819]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  671.233065]  kmalloc_uaf2+0x48/0xd4 [test_kasan]
> [  671.233299]  kmalloc_tests_init+0x5c/0x2d0 [test_kasan]
> [  671.233442]  do_one_initcall+0x40/0x278
> [  671.233609]  do_init_module+0xcc/0x59c
> [  671.233765]  load_module+0x2bc4/0x320c
> [  671.233922]  sys_init_module+0x114/0x138
> [  671.234066]  ret_from_syscall+0x0/0x38
> [  671.234111]
> [  671.235407] Freed by task 340:
> [  671.238491]  __kasan_slab_free+0x120/0x22c
> [  671.238609]  kfree+0x74/0x270
> [  671.238851]  kmalloc_uaf2+0x78/0xd4 [test_kasan]
> [  671.239085]  kmalloc_tests_init+0x5c/0x2d0 [test_kasan]
> [  671.239228]  do_one_initcall+0x40/0x278
> [  671.239395]  do_init_module+0xcc/0x59c
> [  671.239550]  load_module+0x2bc4/0x320c
> [  671.239707]  sys_init_module+0x114/0x138
> [  671.239850]  ret_from_syscall+0x0/0x38
> [  671.239897]
> [  671.241211] The buggy address belongs to the object at c534b060
> [  671.241211]  which belongs to the cache kmalloc-64 of size 64
> [  671.252758] The buggy address is located 40 bytes inside of
> [  671.252758]  64-byte region [c534b060, c534b0a0)
> [  671.262761] The buggy address belongs to the page:
> [  671.267547] page:c7fd9a40 count:1 mapcount:0 mapping:c5007c20 index:0x0
> [  671.267657] flags: 0x200(slab)
> [  671.267885] raw: 00000200 00000100 00000200 c5007c20 00000000
> 00aa0155 ffffffff 00000001
> [  671.267953] page dumped because: kasan: bad access detected
> [  671.267993]
> [  671.269296] Memory state around the buggy address:
> [  671.274104]  c534af80: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
> [  671.280561]  c534b000: 00 00 00 00 00 00 fc fc fc fc fc fc fb fb fb fb
> [  671.287012] >c534b080: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
> [  671.293399]               ^
> [  671.296220]  c534b100: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
> [  671.302676]  c534b180: 00 00 00 00 04 fc fc fc fc fc fc fc fb fb fb fb
> [  671.309066]
> ==================================================================
> [  671.597554] kasan test: kmem_cache_oob out-of-bounds in kmem_cache_alloc
> [  671.597819]
> ==================================================================
> [  671.604991] BUG: KASAN: slab-out-of-bounds in
> kmem_cache_oob+0x9c/0xd0 [test_kasan]
> [  671.612398] Read of size 1 at addr c5e180c8 by task exe/340
> [  671.617834]
> [  671.619417] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  671.619469] Call Trace:
> [  671.619645] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  671.619848] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  671.620138] [c5649ce0] [c95d4d10] kmem_cache_oob+0x9c/0xd0 [test_kasan]
> [  671.620420] [c5649d00] [c95d5558] kmalloc_tests_init+0x60/0x2d0
> [test_kasan]
> [  671.620611] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  671.620826] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  671.621030] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  671.621234] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  671.621428] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  671.621596] --- interrupt: c01 at 0xfd6b914
> [  671.621596]     LR = 0x1001364c
> [  671.621642]
> [  671.622944] Allocated by task 340:
> [  671.626376]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  671.626504]  kmem_cache_alloc+0xf4/0x210
> [  671.626752]  kmem_cache_oob+0x78/0xd0 [test_kasan]
> [  671.626989]  kmalloc_tests_init+0x60/0x2d0 [test_kasan]
> [  671.627135]  do_one_initcall+0x40/0x278
> [  671.627305]  do_init_module+0xcc/0x59c
> [  671.627463]  load_module+0x2bc4/0x320c
> [  671.627623]  sys_init_module+0x114/0x138
> [  671.627769]  ret_from_syscall+0x0/0x38
> [  671.627816]
> [  671.629132] Freed by task 0:
> [  671.631954] (stack is not available)
> [  671.635476]
> [  671.637007] The buggy address belongs to the object at c5e18000
> [  671.637007]  which belongs to the cache test_cache of size 200
> [  671.648642] The buggy address is located 0 bytes to the right of
> [  671.648642]  200-byte region [c5e18000, c5e180c8)
> [  671.659156] The buggy address belongs to the page:
> [  671.663942] page:c7fdf0c0 count:1 mapcount:0 mapping:c540a560 index:0x0
> [  671.664054] flags: 0x200(slab)
> [  671.664283] raw: 00000200 00000100 00000200 c540a560 00000000
> 003e007d ffffffff 00000001
> [  671.664353] page dumped because: kasan: bad access detected
> [  671.664393]
> [  671.665694] Memory state around the buggy address:
> [  671.670501]  c5e17f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  671.676954]  c5e18000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  671.683409] >c5e18080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
> [  671.689802]                                       ^
> [  671.694680]  c5e18100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  671.701137]  c5e18180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  671.707528]
> ==================================================================
> [  671.758410]
> =============================================================================
> [  671.766368] BUG test_cache (Tainted: G    B            ): Objects
> remaining in test_cache on __kmem_cache_shutdown()
> [  671.776719]
> -----------------------------------------------------------------------------
> [  671.776719]
> [  671.786325] INFO: Slab 0x(ptrval) objects=62 used=1 fp=0x(ptrval)
> flags=0x0200
> [  671.793514] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  671.793563] Call Trace:
> [  671.793752] [c5649bf0] [c016ebe0] slab_err+0x98/0xac (unreliable)
> [  671.793956] [c5649c90] [c01748f4] __kmem_cache_shutdown+0x15c/0x338
> [  671.794160] [c5649cf0] [c013c3b4] kmem_cache_destroy+0x68/0x114
> [  671.794463] [c5649d00] [c95d5558] kmalloc_tests_init+0x60/0x2d0
> [test_kasan]
> [  671.794656] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  671.794868] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  671.795071] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  671.795275] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  671.795468] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  671.795633] --- interrupt: c01 at 0xfd6b914
> [  671.795633]     LR = 0x1001364c
> [  671.795738] INFO: Object 0x(ptrval) @offset=0
> [  671.909762] kmem_cache_destroy test_cache: Slab cache still has objects
> [  671.931546] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  671.931601] Call Trace:
> [  671.931790] [c5649cf0] [c013c45c] kmem_cache_destroy+0x110/0x114
> (unreliable)
> [  671.932116] [c5649d00] [c95d5558] kmalloc_tests_init+0x60/0x2d0
> [test_kasan]
> [  671.932310] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  671.932526] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  671.932730] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  671.932934] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  671.933130] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  671.933300] --- interrupt: c01 at 0xfd6b914
> [  671.933300]     LR = 0x1001364c
> [  671.952750] kasan test: memcg_accounted_kmem_cache allocate memcg
> accounted object
> [  672.556766] kasan test: kasan_stack_oob out-of-bounds on stack
> [  672.556850] kasan test: kasan_global_oob out-of-bounds global variable
> [  672.556922] kasan test: kasan_alloca_oob_left out-of-bounds to left
> on alloca
> [  672.556995] kasan test: kasan_alloca_oob_right out-of-bounds to right
> on alloca
> [  672.557070] kasan test: ksize_unpoisons_memory ksize() unpoisons the
> whole allocated chunk
> [  672.557200]
> ==================================================================
> [  672.564395] BUG: KASAN: slab-out-of-bounds in
> ksize_unpoisons_memory+0x8c/0xac [test_kasan]
> [  672.572578] Write of size 1 at addr c539ab40 by task exe/340
> [  672.578098]
> [  672.579682] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  672.579734] Call Trace:
> [  672.579909] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  672.580114] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  672.580406] [c5649ce0] [c95d5100] ksize_unpoisons_memory+0x8c/0xac
> [test_kasan]
> [  672.580689] [c5649d00] [c95d5570] kmalloc_tests_init+0x78/0x2d0
> [test_kasan]
> [  672.580880] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  672.581096] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  672.581299] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  672.581503] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  672.581697] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  672.581864] --- interrupt: c01 at 0xfd6b914
> [  672.581864]     LR = 0x1001364c
> [  672.581910]
> [  672.583208] Allocated by task 340:
> [  672.586642]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  672.586892]  ksize_unpoisons_memory+0x44/0xac [test_kasan]
> [  672.587129]  kmalloc_tests_init+0x78/0x2d0 [test_kasan]
> [  672.587275]  do_one_initcall+0x40/0x278
> [  672.587445]  do_init_module+0xcc/0x59c
> [  672.587602]  load_module+0x2bc4/0x320c
> [  672.587761]  sys_init_module+0x114/0x138
> [  672.587906]  ret_from_syscall+0x0/0x38
> [  672.587953]
> [  672.589227] Freed by task 338:
> [  672.592316]  __kasan_slab_free+0x120/0x22c
> [  672.592437]  kfree+0x74/0x270
> [  672.592602]  load_elf_binary+0xb0/0x162c
> [  672.592782]  search_binary_handler+0x120/0x374
> [  672.592950]  __do_execve_file+0x834/0xb20
> [  672.593114]  sys_execve+0x40/0x54
> [  672.593259]  ret_from_syscall+0x0/0x38
> [  672.593307]
> [  672.594603] The buggy address belongs to the object at c539aac0
> [  672.594603]  which belongs to the cache kmalloc-128 of size 128
> [  672.606324] The buggy address is located 0 bytes to the right of
> [  672.606324]  128-byte region [c539aac0, c539ab40)
> [  672.616840] The buggy address belongs to the page:
> [  672.621625] page:c7fd9cc0 count:1 mapcount:0 mapping:c5007a80 index:0x0
> [  672.621738] flags: 0x200(slab)
> [  672.621967] raw: 00000200 00000100 00000200 c5007a80 00000000
> 005500ab ffffffff 00000001
> [  672.622038] page dumped because: kasan: bad access detected
> [  672.622077]
> [  672.623375] Memory state around the buggy address:
> [  672.628183]  c539aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  672.634637]  c539aa80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
> [  672.641090] >c539ab00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
> [  672.647483]                                    ^
> [  672.652106]  c539ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> [  672.658562]  c539ac00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
> [  672.664951]
> ==================================================================
> [  672.814421] kasan test: copy_user_test out-of-bounds in copy_from_user()
> [  672.814499]
> ==================================================================
> [  672.821643] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x48/0xc4
> [  672.828089] Write of size 11 at addr c58eb020 by task exe/340
> [  672.833699]
> [  672.835280] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  672.835331] Call Trace:
> [  672.835504] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  672.835708] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  672.835929] [c5649cc0] [c0307be0] _copy_from_user+0x48/0xc4
> [  672.836230] [c5649ce0] [c95d51b4] copy_user_test+0x94/0x1bc [test_kasan]
> [  672.836512] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0
> [test_kasan]
> [  672.836703] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  672.836917] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  672.837121] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  672.837326] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  672.837522] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  672.837687] --- interrupt: c01 at 0xfd6b914
> [  672.837687]     LR = 0x1001364c
> [  672.837733]
> [  672.839067] Allocated by task 340:
> [  672.842500]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  672.842749]  copy_user_test+0x28/0x1bc [test_kasan]
> [  672.842985]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
> [  672.843131]  do_one_initcall+0x40/0x278
> [  672.843301]  do_init_module+0xcc/0x59c
> [  672.843458]  load_module+0x2bc4/0x320c
> [  672.843619]  sys_init_module+0x114/0x138
> [  672.843764]  ret_from_syscall+0x0/0x38
> [  672.843812]
> [  672.845085] Freed by task 276:
> [  672.848173]  __kasan_slab_free+0x120/0x22c
> [  672.848295]  kfree+0x74/0x270
> [  672.848427]  single_release+0x54/0x6c
> [  672.848601]  close_pdeo+0x128/0x224
> [  672.848768]  proc_reg_release+0x110/0x128
> [  672.848903]  __fput+0xec/0x2d4
> [  672.849028]  task_work_run+0x13c/0x15c
> [  672.849197]  do_notify_resume+0x3d8/0x438
> [  672.849346]  do_user_signal+0x2c/0x34
> [  672.849393]
> [  672.850719] The buggy address belongs to the object at c58eb020
> [  672.850719]  which belongs to the cache kmalloc-16 of size 16
> [  672.862264] The buggy address is located 0 bytes inside of
> [  672.862264]  16-byte region [c58eb020, c58eb030)
> [  672.872182] The buggy address belongs to the page:
> [  672.876968] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  672.877079] flags: 0x200(slab)
> [  672.877309] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  672.877377] page dumped because: kasan: bad access detected
> [  672.877418]
> [  672.878717] Memory state around the buggy address:
> [  672.883527]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
> [  672.889979]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  672.896433] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
> [  672.902824]                           ^
> [  672.906673]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  672.913129]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  672.919520]
> ==================================================================
> [  672.932289] kasan test: copy_user_test out-of-bounds in copy_to_user()
> [  672.932363]
> ==================================================================
> [  672.939457] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x9c/0xbc
> [  672.945733] Read of size 11 at addr c58eb020 by task exe/340
> [  672.951255]
> [  672.952840] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  672.952890] Call Trace:
> [  672.953061] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  672.953264] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  672.953480] [c5649cc0] [c0307cf8] _copy_to_user+0x9c/0xbc
> [  672.953781] [c5649ce0] [c95d51d4] copy_user_test+0xb4/0x1bc [test_kasan]
> [  672.954060] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0
> [test_kasan]
> [  672.954249] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  672.954461] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  672.954662] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  672.954866] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  672.955058] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  672.955224] --- interrupt: c01 at 0xfd6b914
> [  672.955224]     LR = 0x1001364c
> [  672.955269]
> [  672.956538] Allocated by task 340:
> [  672.959969]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  672.960219]  copy_user_test+0x28/0x1bc [test_kasan]
> [  672.960454]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
> [  672.960597]  do_one_initcall+0x40/0x278
> [  672.960766]  do_init_module+0xcc/0x59c
> [  672.960924]  load_module+0x2bc4/0x320c
> [  672.961081]  sys_init_module+0x114/0x138
> [  672.961226]  ret_from_syscall+0x0/0x38
> [  672.961272]
> [  672.962558] Freed by task 276:
> [  672.965645]  __kasan_slab_free+0x120/0x22c
> [  672.965764]  kfree+0x74/0x270
> [  672.965896]  single_release+0x54/0x6c
> [  672.966070]  close_pdeo+0x128/0x224
> [  672.966236]  proc_reg_release+0x110/0x128
> [  672.966369]  __fput+0xec/0x2d4
> [  672.966493]  task_work_run+0x13c/0x15c
> [  672.966660]  do_notify_resume+0x3d8/0x438
> [  672.966809]  do_user_signal+0x2c/0x34
> [  672.966855]
> [  672.968190] The buggy address belongs to the object at c58eb020
> [  672.968190]  which belongs to the cache kmalloc-16 of size 16
> [  672.979735] The buggy address is located 0 bytes inside of
> [  672.979735]  16-byte region [c58eb020, c58eb030)
> [  672.989653] The buggy address belongs to the page:
> [  672.994439] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  672.994550] flags: 0x200(slab)
> [  672.994778] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  672.994845] page dumped because: kasan: bad access detected
> [  672.994885]
> [  672.996188] Memory state around the buggy address:
> [  673.000996]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
> [  673.007450]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.013904] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
> [  673.020295]                           ^
> [  673.024144]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.030600]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.036990]
> ==================================================================
> [  673.327457] kasan test: copy_user_test out-of-bounds in
> __copy_from_user()
> [  673.327537]
> ==================================================================
> [  673.334723] BUG: KASAN: slab-out-of-bounds in
> copy_user_test+0xd0/0x1bc [test_kasan]
> [  673.342217] Write of size 11 at addr c58eb020 by task exe/340
> [  673.347825]
> [  673.349408] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  673.349459] Call Trace:
> [  673.349637] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  673.349842] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  673.350130] [c5649ce0] [c95d51f0] copy_user_test+0xd0/0x1bc [test_kasan]
> [  673.350412] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0
> [test_kasan]
> [  673.350605] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  673.350821] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  673.351025] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  673.351231] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  673.351426] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  673.351592] --- interrupt: c01 at 0xfd6b914
> [  673.351592]     LR = 0x1001364c
> [  673.351638]
> [  673.352936] Allocated by task 340:
> [  673.356367]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  673.356619]  copy_user_test+0x28/0x1bc [test_kasan]
> [  673.356855]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
> [  673.357000]  do_one_initcall+0x40/0x278
> [  673.357168]  do_init_module+0xcc/0x59c
> [  673.357324]  load_module+0x2bc4/0x320c
> [  673.357483]  sys_init_module+0x114/0x138
> [  673.357626]  ret_from_syscall+0x0/0x38
> [  673.357673]
> [  673.358954] Freed by task 276:
> [  673.362040]  __kasan_slab_free+0x120/0x22c
> [  673.362161]  kfree+0x74/0x270
> [  673.362293]  single_release+0x54/0x6c
> [  673.362465]  close_pdeo+0x128/0x224
> [  673.362632]  proc_reg_release+0x110/0x128
> [  673.362764]  __fput+0xec/0x2d4
> [  673.362888]  task_work_run+0x13c/0x15c
> [  673.363057]  do_notify_resume+0x3d8/0x438
> [  673.363208]  do_user_signal+0x2c/0x34
> [  673.363256]
> [  673.364587] The buggy address belongs to the object at c58eb020
> [  673.364587]  which belongs to the cache kmalloc-16 of size 16
> [  673.376132] The buggy address is located 0 bytes inside of
> [  673.376132]  16-byte region [c58eb020, c58eb030)
> [  673.386050] The buggy address belongs to the page:
> [  673.390836] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  673.390947] flags: 0x200(slab)
> [  673.391175] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  673.391245] page dumped because: kasan: bad access detected
> [  673.391285]
> [  673.392585] Memory state around the buggy address:
> [  673.397393]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
> [  673.403847]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.410301] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
> [  673.416691]                           ^
> [  673.420541]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.426997]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.433387]
> ==================================================================
> [  673.446960] kasan test: copy_user_test out-of-bounds in __copy_to_user()
> [  673.447031]
> ==================================================================
> [  673.454258] BUG: KASAN: slab-out-of-bounds in
> copy_user_test+0xfc/0x1bc [test_kasan]
> [  673.461753] Read of size 11 at addr c58eb020 by task exe/340
> [  673.467275]
> [  673.468858] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  673.468909] Call Trace:
> [  673.469084] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  673.469286] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  673.469573] [c5649ce0] [c95d521c] copy_user_test+0xfc/0x1bc [test_kasan]
> [  673.469851] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0
> [test_kasan]
> [  673.470042] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  673.470256] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  673.470457] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  673.470660] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  673.470853] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  673.471019] --- interrupt: c01 at 0xfd6b914
> [  673.471019]     LR = 0x1001364c
> [  673.471064]
> [  673.472385] Allocated by task 340:
> [  673.475818]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  673.476065]  copy_user_test+0x28/0x1bc [test_kasan]
> [  673.476301]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
> [  673.476444]  do_one_initcall+0x40/0x278
> [  673.476612]  do_init_module+0xcc/0x59c
> [  673.476768]  load_module+0x2bc4/0x320c
> [  673.476925]  sys_init_module+0x114/0x138
> [  673.477067]  ret_from_syscall+0x0/0x38
> [  673.477113]
> [  673.478403] Freed by task 276:
> [  673.481490]  __kasan_slab_free+0x120/0x22c
> [  673.481610]  kfree+0x74/0x270
> [  673.481740]  single_release+0x54/0x6c
> [  673.481911]  close_pdeo+0x128/0x224
> [  673.482077]  proc_reg_release+0x110/0x128
> [  673.482209]  __fput+0xec/0x2d4
> [  673.482331]  task_work_run+0x13c/0x15c
> [  673.482500]  do_notify_resume+0x3d8/0x438
> [  673.482648]  do_user_signal+0x2c/0x34
> [  673.482694]
> [  673.484036] The buggy address belongs to the object at c58eb020
> [  673.484036]  which belongs to the cache kmalloc-16 of size 16
> [  673.495583] The buggy address is located 0 bytes inside of
> [  673.495583]  16-byte region [c58eb020, c58eb030)
> [  673.505500] The buggy address belongs to the page:
> [  673.510287] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  673.510396] flags: 0x200(slab)
> [  673.510622] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  673.510690] page dumped because: kasan: bad access detected
> [  673.510729]
> [  673.512037] Memory state around the buggy address:
> [  673.516842]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
> [  673.523297]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.529751] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
> [  673.536142]                           ^
> [  673.539991]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.546447]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.552838]
> ==================================================================
> [  673.835827] kasan test: copy_user_test out-of-bounds in
> __copy_from_user_inatomic()
> [  673.835905]
> ==================================================================
> [  673.843082] BUG: KASAN: slab-out-of-bounds in
> copy_user_test+0x128/0x1bc [test_kasan]
> [  673.850662] Write of size 11 at addr c58eb020 by task exe/340
> [  673.856272]
> [  673.857853] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  673.857905] Call Trace:
> [  673.858080] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  673.858285] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  673.858574] [c5649ce0] [c95d5248] copy_user_test+0x128/0x1bc [test_kasan]
> [  673.858855] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0
> [test_kasan]
> [  673.859046] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  673.859261] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  673.859463] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  673.859668] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  673.859863] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  673.860029] --- interrupt: c01 at 0xfd6b914
> [  673.860029]     LR = 0x1001364c
> [  673.860075]
> [  673.861380] Allocated by task 340:
> [  673.864812]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  673.865062]  copy_user_test+0x28/0x1bc [test_kasan]
> [  673.865299]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
> [  673.865444]  do_one_initcall+0x40/0x278
> [  673.865615]  do_init_module+0xcc/0x59c
> [  673.865773]  load_module+0x2bc4/0x320c
> [  673.865932]  sys_init_module+0x114/0x138
> [  673.866077]  ret_from_syscall+0x0/0x38
> [  673.866123]
> [  673.867399] Freed by task 276:
> [  673.870488]  __kasan_slab_free+0x120/0x22c
> [  673.870609]  kfree+0x74/0x270
> [  673.870741]  single_release+0x54/0x6c
> [  673.870913]  close_pdeo+0x128/0x224
> [  673.871080]  proc_reg_release+0x110/0x128
> [  673.871213]  __fput+0xec/0x2d4
> [  673.871337]  task_work_run+0x13c/0x15c
> [  673.871506]  do_notify_resume+0x3d8/0x438
> [  673.871655]  do_user_signal+0x2c/0x34
> [  673.871702]
> [  673.873032] The buggy address belongs to the object at c58eb020
> [  673.873032]  which belongs to the cache kmalloc-16 of size 16
> [  673.884578] The buggy address is located 0 bytes inside of
> [  673.884578]  16-byte region [c58eb020, c58eb030)
> [  673.894494] The buggy address belongs to the page:
> [  673.899282] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  673.899395] flags: 0x200(slab)
> [  673.899625] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  673.899694] page dumped because: kasan: bad access detected
> [  673.899734]
> [  673.901033] Memory state around the buggy address:
> [  673.905838]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
> [  673.912293]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.918748] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
> [  673.925136]                           ^
> [  673.928987]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.935442]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.941833]
> ==================================================================
> [  673.954463] kasan test: copy_user_test out-of-bounds in
> __copy_to_user_inatomic()
> [  673.954535]
> ==================================================================
> [  673.961759] BUG: KASAN: slab-out-of-bounds in
> copy_user_test+0x154/0x1bc [test_kasan]
> [  673.969339] Read of size 11 at addr c58eb020 by task exe/340
> [  673.974860]
> [  673.976444] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  673.976494] Call Trace:
> [  673.976668] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  673.976870] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  673.977160] [c5649ce0] [c95d5274] copy_user_test+0x154/0x1bc [test_kasan]
> [  673.977439] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0
> [test_kasan]
> [  673.977630] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  673.977843] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  673.978045] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  673.978249] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  673.978441] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  673.978607] --- interrupt: c01 at 0xfd6b914
> [  673.978607]     LR = 0x1001364c
> [  673.978651]
> [  673.979971] Allocated by task 340:
> [  673.983401]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  673.983650]  copy_user_test+0x28/0x1bc [test_kasan]
> [  673.983885]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
> [  673.984030]  do_one_initcall+0x40/0x278
> [  673.984198]  do_init_module+0xcc/0x59c
> [  673.984354]  load_module+0x2bc4/0x320c
> [  673.984512]  sys_init_module+0x114/0x138
> [  673.984655]  ret_from_syscall+0x0/0x38
> [  673.984701]
> [  673.985990] Freed by task 276:
> [  673.989077]  __kasan_slab_free+0x120/0x22c
> [  673.989197]  kfree+0x74/0x270
> [  673.989327]  single_release+0x54/0x6c
> [  673.989499]  close_pdeo+0x128/0x224
> [  673.989664]  proc_reg_release+0x110/0x128
> [  673.989796]  __fput+0xec/0x2d4
> [  673.989918]  task_work_run+0x13c/0x15c
> [  673.990086]  do_notify_resume+0x3d8/0x438
> [  673.990235]  do_user_signal+0x2c/0x34
> [  673.990281]
> [  673.991622] The buggy address belongs to the object at c58eb020
> [  673.991622]  which belongs to the cache kmalloc-16 of size 16
> [  674.003168] The buggy address is located 0 bytes inside of
> [  674.003168]  16-byte region [c58eb020, c58eb030)
> [  674.013086] The buggy address belongs to the page:
> [  674.017872] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  674.017982] flags: 0x200(slab)
> [  674.018210] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  674.018277] page dumped because: kasan: bad access detected
> [  674.018316]
> [  674.019622] Memory state around the buggy address:
> [  674.024429]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
> [  674.030883]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  674.037338] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
> [  674.043727]                           ^
> [  674.047578]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  674.054034]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  674.060424]
> ==================================================================
> [  674.346609] kasan test: copy_user_test out-of-bounds in
> strncpy_from_user()
> [  674.346689]
> ==================================================================
> [  674.353778] BUG: KASAN: slab-out-of-bounds in
> strncpy_from_user+0x48/0x240
> [  674.360487] Write of size 11 at addr c58eb020 by task exe/340
> [  674.366094]
> [  674.367678] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  674.367731] Call Trace:
> [  674.367904] [c5649c40] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  674.368108] [c5649c70] [c0176d34] kasan_report+0xe4/0x168
> [  674.368323] [c5649cb0] [c03202f8] strncpy_from_user+0x48/0x240
> [  674.368627] [c5649ce0] [c95d52a4] copy_user_test+0x184/0x1bc [test_kasan]
> [  674.368908] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0
> [test_kasan]
> [  674.369100] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  674.369315] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  674.369518] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  674.369724] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  674.369919] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  674.370086] --- interrupt: c01 at 0xfd6b914
> [  674.370086]     LR = 0x1001364c
> [  674.370132]
> [  674.371463] Allocated by task 340:
> [  674.374894]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  674.375146]  copy_user_test+0x28/0x1bc [test_kasan]
> [  674.375383]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
> [  674.375527]  do_one_initcall+0x40/0x278
> [  674.375697]  do_init_module+0xcc/0x59c
> [  674.375854]  load_module+0x2bc4/0x320c
> [  674.376015]  sys_init_module+0x114/0x138
> [  674.376162]  ret_from_syscall+0x0/0x38
> [  674.376209]
> [  674.377481] Freed by task 276:
> [  674.380568]  __kasan_slab_free+0x120/0x22c
> [  674.380691]  kfree+0x74/0x270
> [  674.380824]  single_release+0x54/0x6c
> [  674.380998]  close_pdeo+0x128/0x224
> [  674.381165]  proc_reg_release+0x110/0x128
> [  674.381299]  __fput+0xec/0x2d4
> [  674.381424]  task_work_run+0x13c/0x15c
> [  674.381592]  do_notify_resume+0x3d8/0x438
> [  674.381743]  do_user_signal+0x2c/0x34
> [  674.381792]
> [  674.383113] The buggy address belongs to the object at c58eb020
> [  674.383113]  which belongs to the cache kmalloc-16 of size 16
> [  674.394659] The buggy address is located 0 bytes inside of
> [  674.394659]  16-byte region [c58eb020, c58eb030)
> [  674.404577] The buggy address belongs to the page:
> [  674.409363] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  674.409474] flags: 0x200(slab)
> [  674.409703] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  674.409772] page dumped because: kasan: bad access detected
> [  674.409812]
> [  674.411112] Memory state around the buggy address:
> [  674.415920]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
> [  674.422374]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  674.428827] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
> [  674.435218]                           ^
> [  674.439067]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  674.445524]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  674.451914]
> ==================================================================
> [  674.466513] kasan test: use_after_scope_test use-after-scope on int
> [  674.466592] kasan test: use_after_scope_test use-after-scope on array
> [  674.470775] kasan test: kmem_cache_double_free double-free on heap object
> [  674.471059]
> ==================================================================
> [  674.478286] BUG: KASAN: double-free or invalid-free in
> kmem_cache_double_free+0xac/0xc4 [test_kasan]
> [  674.487095]
> [  674.488679] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  674.488730] Call Trace:
> [  674.488906] [c5649b30] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  674.489118] [c5649b60] [c0176c24] kasan_report_invalid_free+0x48/0x74
> [  674.489296] [c5649b90] [c0175620] __kasan_slab_free+0x198/0x22c
> [  674.489467] [c5649cc0] [c0173838] kmem_cache_free+0x64/0x228
> [  674.489754] [c5649ce0] [c95d4df0] kmem_cache_double_free+0xac/0xc4
> [test_kasan]
> [  674.490029] [c5649d00] [c95d557c] kmalloc_tests_init+0x84/0x2d0
> [test_kasan]
> [  674.490219] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  674.490432] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  674.490633] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  674.490837] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  674.491031] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  674.491194] --- interrupt: c01 at 0xfd6b914
> [  674.491194]     LR = 0x1001364c
> [  674.491239]
> [  674.492547] Allocated by task 340:
> [  674.495981]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  674.496108]  kmem_cache_alloc+0xf4/0x210
> [  674.496355]  kmem_cache_double_free+0x78/0xc4 [test_kasan]
> [  674.496584]  kmalloc_tests_init+0x84/0x2d0 [test_kasan]
> [  674.496727]  do_one_initcall+0x40/0x278
> [  674.496893]  do_init_module+0xcc/0x59c
> [  674.497050]  load_module+0x2bc4/0x320c
> [  674.497208]  sys_init_module+0x114/0x138
> [  674.497354]  ret_from_syscall+0x0/0x38
> [  674.497400]
> [  674.498652] Freed by task 340:
> [  674.501739]  __kasan_slab_free+0x120/0x22c
> [  674.501866]  kmem_cache_free+0x64/0x228
> [  674.502112]  kmem_cache_double_free+0xa0/0xc4 [test_kasan]
> [  674.502340]  kmalloc_tests_init+0x84/0x2d0 [test_kasan]
> [  674.502483]  do_one_initcall+0x40/0x278
> [  674.502650]  do_init_module+0xcc/0x59c
> [  674.502807]  load_module+0x2bc4/0x320c
> [  674.502966]  sys_init_module+0x114/0x138
> [  674.503112]  ret_from_syscall+0x0/0x38
> [  674.503158]
> [  674.504460] The buggy address belongs to the object at c5528000
> [  674.504460]  which belongs to the cache test_cache of size 200
> [  674.516091] The buggy address is located 0 bytes inside of
> [  674.516091]  200-byte region [c5528000, c55280c8)
> [  674.526092] The buggy address belongs to the page:
> [  674.530877] page:c7fda940 count:1 mapcount:0 mapping:c540a700 index:0x0
> [  674.530988] flags: 0x200(slab)
> [  674.531216] raw: 00000200 00000100 00000200 c540a700 00000000
> 003e007d ffffffff 00000001
> [  674.531284] page dumped because: kasan: bad access detected
> [  674.531323]
> [  674.532630] Memory state around the buggy address:
> [  674.537436]  c5527f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  674.543890]  c5527f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  674.550345] >c5528000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> [  674.556731]            ^
> [  674.559293]  c5528080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
> [  674.565750]  c5528100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  674.572138]
> ==================================================================
> [  674.880790] kasan test: kmem_cache_invalid_free invalid-free of heap
> object
> [  674.881044]
> ==================================================================
> [  674.888197] BUG: KASAN: double-free or invalid-free in
> kmem_cache_invalid_free+0xa0/0xc4 [test_kasan]
> [  674.897089]
> [  674.898670] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  674.898722] Call Trace:
> [  674.898899] [c5649b30] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  674.899113] [c5649b60] [c0176c24] kasan_report_invalid_free+0x48/0x74
> [  674.899293] [c5649b90] [c0175620] __kasan_slab_free+0x198/0x22c
> [  674.899467] [c5649cc0] [c0173838] kmem_cache_free+0x64/0x228
> [  674.899756] [c5649ce0] [c95d4ea8] kmem_cache_invalid_free+0xa0/0xc4
> [test_kasan]
> [  674.900031] [c5649d00] [c95d5580] kmalloc_tests_init+0x88/0x2d0
> [test_kasan]
> [  674.900222] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  674.900437] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  674.900639] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  674.900845] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  674.901040] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  674.901206] --- interrupt: c01 at 0xfd6b914
> [  674.901206]     LR = 0x1001364c
> [  674.901251]
> [  674.902542] Allocated by task 340:
> [  674.905975]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  674.906103]  kmem_cache_alloc+0xf4/0x210
> [  674.906351]  kmem_cache_invalid_free+0x78/0xc4 [test_kasan]
> [  674.906584]  kmalloc_tests_init+0x88/0x2d0 [test_kasan]
> [  674.906730]  do_one_initcall+0x40/0x278
> [  674.906899]  do_init_module+0xcc/0x59c
> [  674.907056]  load_module+0x2bc4/0x320c
> [  674.907217]  sys_init_module+0x114/0x138
> [  674.907364]  ret_from_syscall+0x0/0x38
> [  674.907411]
> [  674.908731] Freed by task 0:
> [  674.911551] (stack is not available)
> [  674.915074]
> [  674.916605] The buggy address belongs to the object at c5528000
> [  674.916605]  which belongs to the cache test_cache of size 200
> [  674.928237] The buggy address is located 1 bytes inside of
> [  674.928237]  200-byte region [c5528000, c55280c8)
> [  674.938237] The buggy address belongs to the page:
> [  674.943024] page:c7fda940 count:1 mapcount:0 mapping:c540a7d0 index:0x0
> [  674.943136] flags: 0x200(slab)
> [  674.943365] raw: 00000200 00000100 00000200 c540a7d0 00000000
> 003e007d ffffffff 00000001
> [  674.943434] page dumped because: kasan: bad access detected
> [  674.943475]
> [  674.944775] Memory state around the buggy address:
> [  674.949581]  c5527f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  674.956036]  c5527f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  674.962491] >c5528000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  674.968876]            ^
> [  674.971438]  c5528080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
> [  674.977895]  c5528100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  674.984285]
> ==================================================================
> [  675.126818] kasan test: kasan_memchr out-of-bounds in memchr
> [  675.126994] kasan test: kasan_memcmp out-of-bounds in memcmp
> [  675.127158] kasan test: kasan_strings use-after-free in strchr
> [  675.127309]
> ==================================================================
> [  675.134382] BUG: KASAN: use-after-free in strchr+0x1c/0x80
> [  675.139762] Read of size 1 at addr c53e8e20 by task exe/340
> [  675.145200]
> [  675.146784] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  675.146836] Call Trace:
> [  675.147010] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  675.147215] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  675.147385] [c5649cc0] [c072ec4c] strchr+0x1c/0x80
> [  675.147684] [c5649ce0] [c95d5440] kasan_strings+0x60/0x118 [test_kasan]
> [  675.147966] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0
> [test_kasan]
> [  675.148157] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  675.148372] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  675.148577] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  675.148781] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  675.148976] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  675.149143] --- interrupt: c01 at 0xfd6b914
> [  675.149143]     LR = 0x1001364c
> [  675.149189]
> [  675.150483] Allocated by task 340:
> [  675.153915]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  675.154163]  kasan_strings+0x44/0x118 [test_kasan]
> [  675.154400]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.154545]  do_one_initcall+0x40/0x278
> [  675.154714]  do_init_module+0xcc/0x59c
> [  675.154872]  load_module+0x2bc4/0x320c
> [  675.155033]  sys_init_module+0x114/0x138
> [  675.155179]  ret_from_syscall+0x0/0x38
> [  675.155225]
> [  675.156501] Freed by task 340:
> [  675.159587]  __kasan_slab_free+0x120/0x22c
> [  675.159709]  kfree+0x74/0x270
> [  675.159954]  kasan_strings+0x54/0x118 [test_kasan]
> [  675.160191]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.160337]  do_one_initcall+0x40/0x278
> [  675.160508]  do_init_module+0xcc/0x59c
> [  675.160667]  load_module+0x2bc4/0x320c
> [  675.160828]  sys_init_module+0x114/0x138
> [  675.160973]  ret_from_syscall+0x0/0x38
> [  675.161019]
> [  675.162306] The buggy address belongs to the object at c53e8e10
> [  675.162306]  which belongs to the cache kmalloc-32 of size 32
> [  675.173853] The buggy address is located 16 bytes inside of
> [  675.173853]  32-byte region [c53e8e10, c53e8e30)
> [  675.183856] The buggy address belongs to the page:
> [  675.188642] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
> [  675.188753] flags: 0x200(slab)
> [  675.188982] raw: 00000200 00000100 00000200 c5007cf0 00000000
> 015502ab ffffffff 00000001
> [  675.189051] page dumped because: kasan: bad access detected
> [  675.189091]
> [  675.190392] Memory state around the buggy address:
> [  675.195199]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
> [  675.201653]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
> [  675.208108] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
> [  675.214497]                        ^
> [  675.218089]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
> [  675.224544]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
> [  675.230935]
> ==================================================================
> [  675.383353] kasan test: kasan_strings use-after-free in strrchr
> [  675.383430]
> ==================================================================
> [  675.390498] BUG: KASAN: use-after-free in strrchr+0x30/0x64
> [  675.395964] Read of size 1 at addr c53e8e20 by task exe/340
> [  675.401403]
> [  675.402986] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  675.403038] Call Trace:
> [  675.403212] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  675.403415] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  675.403587] [c5649cc0] [c072ed48] strrchr+0x30/0x64
> [  675.403888] [c5649ce0] [c95d545c] kasan_strings+0x7c/0x118 [test_kasan]
> [  675.404170] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0
> [test_kasan]
> [  675.404362] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  675.404576] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  675.404779] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  675.404983] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  675.405177] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  675.405344] --- interrupt: c01 at 0xfd6b914
> [  675.405344]     LR = 0x1001364c
> [  675.405390]
> [  675.406684] Allocated by task 340:
> [  675.410118]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  675.410366]  kasan_strings+0x44/0x118 [test_kasan]
> [  675.410603]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.410750]  do_one_initcall+0x40/0x278
> [  675.410919]  do_init_module+0xcc/0x59c
> [  675.411078]  load_module+0x2bc4/0x320c
> [  675.411238]  sys_init_module+0x114/0x138
> [  675.411384]  ret_from_syscall+0x0/0x38
> [  675.411430]
> [  675.412704] Freed by task 340:
> [  675.415789]  __kasan_slab_free+0x120/0x22c
> [  675.415910]  kfree+0x74/0x270
> [  675.416155]  kasan_strings+0x54/0x118 [test_kasan]
> [  675.416391]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.416537]  do_one_initcall+0x40/0x278
> [  675.416706]  do_init_module+0xcc/0x59c
> [  675.416865]  load_module+0x2bc4/0x320c
> [  675.417024]  sys_init_module+0x114/0x138
> [  675.417169]  ret_from_syscall+0x0/0x38
> [  675.417215]
> [  675.418509] The buggy address belongs to the object at c53e8e10
> [  675.418509]  which belongs to the cache kmalloc-32 of size 32
> [  675.430055] The buggy address is located 16 bytes inside of
> [  675.430055]  32-byte region [c53e8e10, c53e8e30)
> [  675.440057] The buggy address belongs to the page:
> [  675.444844] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
> [  675.444955] flags: 0x200(slab)
> [  675.445184] raw: 00000200 00000100 00000200 c5007cf0 00000000
> 015502ab ffffffff 00000001
> [  675.445253] page dumped because: kasan: bad access detected
> [  675.445293]
> [  675.446595] Memory state around the buggy address:
> [  675.451401]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
> [  675.457856]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
> [  675.464310] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
> [  675.470698]                        ^
> [  675.474291]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
> [  675.480747]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
> [  675.487138]
> ==================================================================
> [  675.500419] kasan test: kasan_strings use-after-free in strcmp
> [  675.500491]
> ==================================================================
> [  675.507536] BUG: KASAN: use-after-free in strcmp+0x30/0x90
> [  675.512918] Read of size 1 at addr c53e8e20 by task exe/340
> [  675.518358]
> [  675.519942] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  675.519994] Call Trace:
> [  675.520167] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  675.520369] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  675.520536] [c5649cc0] [c072ebd0] strcmp+0x30/0x90
> [  675.520833] [c5649ce0] [c95d5480] kasan_strings+0xa0/0x118 [test_kasan]
> [  675.521113] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0
> [test_kasan]
> [  675.521303] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  675.521514] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  675.521716] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  675.521919] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  675.522111] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  675.522275] --- interrupt: c01 at 0xfd6b914
> [  675.522275]     LR = 0x1001364c
> [  675.522320]
> [  675.523640] Allocated by task 340:
> [  675.527073]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  675.527321]  kasan_strings+0x44/0x118 [test_kasan]
> [  675.527556]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.527699]  do_one_initcall+0x40/0x278
> [  675.527867]  do_init_module+0xcc/0x59c
> [  675.528024]  load_module+0x2bc4/0x320c
> [  675.528182]  sys_init_module+0x114/0x138
> [  675.528327]  ret_from_syscall+0x0/0x38
> [  675.528373]
> [  675.529658] Freed by task 340:
> [  675.532745]  __kasan_slab_free+0x120/0x22c
> [  675.532865]  kfree+0x74/0x270
> [  675.533109]  kasan_strings+0x54/0x118 [test_kasan]
> [  675.533343]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.533486]  do_one_initcall+0x40/0x278
> [  675.533654]  do_init_module+0xcc/0x59c
> [  675.533810]  load_module+0x2bc4/0x320c
> [  675.533967]  sys_init_module+0x114/0x138
> [  675.534112]  ret_from_syscall+0x0/0x38
> [  675.534157]
> [  675.535463] The buggy address belongs to the object at c53e8e10
> [  675.535463]  which belongs to the cache kmalloc-32 of size 32
> [  675.547010] The buggy address is located 16 bytes inside of
> [  675.547010]  32-byte region [c53e8e10, c53e8e30)
> [  675.557012] The buggy address belongs to the page:
> [  675.561799] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
> [  675.561909] flags: 0x200(slab)
> [  675.562137] raw: 00000200 00000100 00000200 c5007cf0 00000000
> 015502ab ffffffff 00000001
> [  675.562204] page dumped because: kasan: bad access detected
> [  675.562243]
> [  675.563549] Memory state around the buggy address:
> [  675.568356]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
> [  675.574809]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
> [  675.581265] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
> [  675.587653]                        ^
> [  675.591247]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
> [  675.597702]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
> [  675.604091]
> ==================================================================
> [  675.894391] kasan test: kasan_strings use-after-free in strncmp
> [  675.894468] kasan test: kasan_strings use-after-free in strlen
> [  675.894536] kasan test: kasan_strings use-after-free in strnlen
> [  675.894600]
> ==================================================================
> [  675.901698] BUG: KASAN: use-after-free in strnlen+0x24/0x88
> [  675.907165] Read of size 1 at addr c53e8e20 by task exe/340
> [  675.912603]
> [  675.914186] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  675.914237] Call Trace:
> [  675.914412] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  675.914617] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  675.914788] [c5649ce0] [c072eeb4] strnlen+0x24/0x88
> [  675.915091] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0
> [test_kasan]
> [  675.915283] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  675.915497] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  675.915700] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  675.915904] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  675.916099] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  675.916267] --- interrupt: c01 at 0xfd6b914
> [  675.916267]     LR = 0x1001364c
> [  675.916312]
> [  675.917626] Allocated by task 340:
> [  675.921059]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  675.921309]  kasan_strings+0x44/0x118 [test_kasan]
> [  675.921546]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.921690]  do_one_initcall+0x40/0x278
> [  675.921858]  do_init_module+0xcc/0x59c
> [  675.922016]  load_module+0x2bc4/0x320c
> [  675.922174]  sys_init_module+0x114/0x138
> [  675.922318]  ret_from_syscall+0x0/0x38
> [  675.922365]
> [  675.923645] Freed by task 340:
> [  675.926731]  __kasan_slab_free+0x120/0x22c
> [  675.926851]  kfree+0x74/0x270
> [  675.927097]  kasan_strings+0x54/0x118 [test_kasan]
> [  675.927334]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.927479]  do_one_initcall+0x40/0x278
> [  675.927647]  do_init_module+0xcc/0x59c
> [  675.927804]  load_module+0x2bc4/0x320c
> [  675.927962]  sys_init_module+0x114/0x138
> [  675.928107]  ret_from_syscall+0x0/0x38
> [  675.928154]
> [  675.929450] The buggy address belongs to the object at c53e8e10
> [  675.929450]  which belongs to the cache kmalloc-32 of size 32
> [  675.940997] The buggy address is located 16 bytes inside of
> [  675.940997]  32-byte region [c53e8e10, c53e8e30)
> [  675.950999] The buggy address belongs to the page:
> [  675.955786] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
> [  675.955897] flags: 0x200(slab)
> [  675.956127] raw: 00000200 00000100 00000200 c5007cf0 00000000
> 015502ab ffffffff 00000001
> [  675.956196] page dumped because: kasan: bad access detected
> [  675.956236]
> [  675.957536] Memory state around the buggy address:
> [  675.962343]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
> [  675.968796]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
> [  675.975251] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
> [  675.981640]                        ^
> [  675.985233]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
> [  675.991688]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
> [  675.998080]
> ==================================================================
> [  721.624809] random: crng init done

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ