Re: [PATCH 00/11] KASan for arm
From: Florian Fainelli
Date: Wed Oct 11 2017 - 17:36:57 EST
On 10/11/2017 12:50 PM, Florian Fainelli wrote:
> On 10/11/2017 12:13 PM, Florian Fainelli wrote:
>> Hi Abbott,
>>
>> On 10/11/2017 01:22 AM, Abbott Liu wrote:
>>> Hi,all:
>>> These patches add arch specific code for kernel address sanitizer
>>> (see Documentation/kasan.txt).
>>>
>>> 1/8 of kernel addresses reserved for shadow memory. There was no
>>> big enough hole for this, so virtual addresses for shadow were
>>> stolen from user space.
>>>
>>> At early boot stage the whole shadow region populated with just
>>> one physical page (kasan_zero_page). Later, this page reused
>>> as readonly zero shadow for some memory that KASan currently
>>> don't track (vmalloc).
>>>
>>> After mapping the physical memory, pages for shadow memory are
>>> allocated and mapped.
>>>
>>> KASan's stack instrumentation significantly increases stack's
>>> consumption, so CONFIG_KASAN doubles THREAD_SIZE.
>>>
>>> Functions like memset/memmove/memcpy do a lot of memory accesses.
>>> If bad pointer passed to one of these function it is important
>>> to catch this. Compiler's instrumentation cannot do this since
>>> these functions are written in assembly.
>>>
>>> KASan replaces memory functions with manually instrumented variants.
>>> Original functions declared as weak symbols so strong definitions
>>> in mm/kasan/kasan.c could replace them. Original functions have aliases
>>> with '__' prefix in name, so we could call non-instrumented variant
>>> if needed.
>>>
>>> Some files built without kasan instrumentation (e.g. mm/slub.c).
>>> Original mem* function replaced (via #define) with prefixed variants
>>> to disable memory access checks for such files.
>>>
>>> On arm LPAE architecture, the mapping table of KASan shadow memory(if
>>> PAGE_OFFSET is 0xc0000000, the KASan shadow memory's virtual space is
>>> 0xb6e000000~0xbf000000) can't be filled in do_translation_fault function,
>>> because kasan instrumentation maybe cause do_translation_fault function
>>> accessing KASan shadow memory. The accessing of KASan shadow memory in
>>> do_translation_fault function maybe cause dead circle. So the mapping table
>>> of KASan shadow memory need be copyed in pgd_alloc function.
>>>
>>>
>>> Most of the code comes from:
>>> https://github.com/aryabinin/linux/commit/0b54f17e70ff50a902c4af05bb92716eb95acefe.
>>
>> Thanks for putting these patches together, I can't get a kernel to build
>> with ARM_LPAE=y or ARM_LPAE=n that does not result in the following:
>>
>> AS arch/arm/kernel/entry-common.o
>> arch/arm/kernel/entry-common.S: Assembler messages:
>> arch/arm/kernel/entry-common.S:53: Error: invalid constant
>> (ffffffffb6e00000) after fixup
>> arch/arm/kernel/entry-common.S:118: Error: invalid constant
>> (ffffffffb6e00000) after fixup
>> scripts/Makefile.build:412: recipe for target
>> 'arch/arm/kernel/entry-common.o' failed
>> make[3]: *** [arch/arm/kernel/entry-common.o] Error 1
>> Makefile:1019: recipe for target 'arch/arm/kernel' failed
>> make[2]: *** [arch/arm/kernel] Error 2
>> make[2]: *** Waiting for unfinished jobs....
>>
>> This is coming from the increase in TASK_SIZE it seems.
>>
>> This is on top of v4.14-rc4-84-gff5abbe799e2
>
> Seems like we can use the following to get through that build failure:
>
> diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
> index 99c908226065..0de1160d136e 100644
> --- a/arch/arm/kernel/entry-common.S
> +++ b/arch/arm/kernel/entry-common.S
> @@ -50,7 +50,13 @@ ret_fast_syscall:
> UNWIND(.cantunwind )
> disable_irq_notrace @ disable interrupts
> ldr r2, [tsk, #TI_ADDR_LIMIT]
> +#ifdef CONFIG_KASAN
> + movw r1, #:lower16:TASK_SIZE
> + movt r1, #:upper16:TASK_SIZE
> + cmp r2, r1
> +#else
> cmp r2, #TASK_SIZE
> +#endif
> blne addr_limit_check_failed
> ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall
> tracing
> tst r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK
> @@ -115,7 +121,13 @@ ret_slow_syscall:
> disable_irq_notrace @ disable interrupts
> ENTRY(ret_to_user_from_irq)
> ldr r2, [tsk, #TI_ADDR_LIMIT]
> +#ifdef CONFIG_KASAN
> + movw r1, #:lower16:TASK_SIZE
> + movt r1, #:upper16:TASK_SIZE
> + cmp r2, r1
> +#else
> cmp r2, #TASK_SIZE
> +#endif
> blne addr_limit_check_failed
> ldr r1, [tsk, #TI_FLAGS]
> tst r1, #_TIF_WORK_MASK
>
>
>
> but then we will see another set of build failures with the decompressor
> code:
>
> WARNING: modpost: Found 2 section mismatch(es).
> To see full details build your kernel with:
> 'make CONFIG_DEBUG_SECTION_MISMATCH=y'
> KSYM .tmp_kallsyms1.o
> KSYM .tmp_kallsyms2.o
> LD vmlinux
> SORTEX vmlinux
> SYSMAP System.map
> OBJCOPY arch/arm/boot/Image
> Kernel: arch/arm/boot/Image is ready
> LDS arch/arm/boot/compressed/vmlinux.lds
> AS arch/arm/boot/compressed/head.o
> XZKERN arch/arm/boot/compressed/piggy_data
> CC arch/arm/boot/compressed/misc.o
> CC arch/arm/boot/compressed/decompress.o
> CC arch/arm/boot/compressed/string.o
> arch/arm/boot/compressed/decompress.c:51:0: warning: "memmove" redefined
> #define memmove memmove
>
> In file included from arch/arm/boot/compressed/decompress.c:7:0:
> ./arch/arm/include/asm/string.h:67:0: note: this is the location of the
> previous definition
> #define memmove(dst, src, len) __memmove(dst, src, len)
>
> arch/arm/boot/compressed/decompress.c:52:0: warning: "memcpy" redefined
> #define memcpy memcpy
>
> In file included from arch/arm/boot/compressed/decompress.c:7:0:
> ./arch/arm/include/asm/string.h:66:0: note: this is the location of the
> previous definition
> #define memcpy(dst, src, len) __memcpy(dst, src, len)
>
> SHIPPED arch/arm/boot/compressed/hyp-stub.S
> SHIPPED arch/arm/boot/compressed/fdt_rw.c
> SHIPPED arch/arm/boot/compressed/fdt.h
> SHIPPED arch/arm/boot/compressed/libfdt.h
> SHIPPED arch/arm/boot/compressed/libfdt_internal.h
> SHIPPED arch/arm/boot/compressed/fdt_ro.c
> SHIPPED arch/arm/boot/compressed/fdt_wip.c
> SHIPPED arch/arm/boot/compressed/fdt.c
> CC arch/arm/boot/compressed/atags_to_fdt.o
> SHIPPED arch/arm/boot/compressed/lib1funcs.S
> SHIPPED arch/arm/boot/compressed/ashldi3.S
> SHIPPED arch/arm/boot/compressed/bswapsdi2.S
> AS arch/arm/boot/compressed/hyp-stub.o
> CC arch/arm/boot/compressed/fdt_rw.o
> CC arch/arm/boot/compressed/fdt_ro.o
> CC arch/arm/boot/compressed/fdt_wip.o
> CC arch/arm/boot/compressed/fdt.o
> AS arch/arm/boot/compressed/lib1funcs.o
> AS arch/arm/boot/compressed/ashldi3.o
> AS arch/arm/boot/compressed/bswapsdi2.o
> AS arch/arm/boot/compressed/piggy.o
> LD arch/arm/boot/compressed/vmlinux
> arch/arm/boot/compressed/decompress.o: In function `fill_temp':
> /home/fainelli/dev/linux/arch/arm/boot/compressed/../../../../lib/xz/xz_dec_stream.c:162:
> undefined reference to `memcpy'
> arch/arm/boot/compressed/decompress.o: In function `bcj_flush':
> /home/fainelli/dev/linux/arch/arm/boot/compressed/../../../../lib/xz/xz_dec_bcj.c:404:
> undefined reference to `memcpy'
> /home/fainelli/dev/linux/arch/arm/boot/compressed/../../../../lib/xz/xz_dec_bcj.c:409:
> undefined reference to `memmove'
> arch/arm/boot/compressed/decompress.o: In function `lzma2_lzma':
> /home/fainelli/dev/linux/arch/arm/boot/compressed/../../../../lib/xz/xz_dec_lzma2.c:919:
> undefined reference to `memcpy'
> arch/arm/boot/compressed/decompress.o: In function `dict_flush':
> /home/fainelli/dev/linux/arch/arm/boot/compressed/../../../../lib/xz/xz_dec_lzma2.c:424:
> undefined reference to `memcpy'
> arch/arm/boot/compressed/decompress.o: In function `dict_uncompressed':
> /home/fainelli/dev/linux/arch/arm/boot/compressed/../../../../lib/xz/xz_dec_lzma2.c:390:
> undefined reference to `memcpy'
> /home/fainelli/dev/linux/arch/arm/boot/compressed/../../../../lib/xz/xz_dec_lzma2.c:400:
> undefined reference to `memcpy'
> arch/arm/boot/compressed/decompress.o: In function `lzma2_lzma':
> /home/fainelli/dev/linux/arch/arm/boot/compressed/../../../../lib/xz/xz_dec_lzma2.c:859:
> undefined reference to `memcpy'
> /home/fainelli/dev/linux/arch/arm/boot/compressed/../../../../lib/xz/xz_dec_lzma2.c:884:
> undefined reference to `memmove'
> arch/arm/boot/compressed/decompress.o: In function `xz_dec_bcj_run':
> /home/fainelli/dev/linux/arch/arm/boot/compressed/../../../../lib/xz/xz_dec_bcj.c:451:
> undefined reference to `memcpy'
> /home/fainelli/dev/linux/arch/arm/boot/compressed/../../../../lib/xz/xz_dec_bcj.c:471:
> undefined reference to `memcpy'
> arch/arm/boot/compressed/fdt_rw.o: In function `fdt_add_subnode_namelen':
> /home/fainelli/dev/linux/arch/arm/boot/compressed/fdt_rw.c:366:
> undefined reference to `__memset'
> arch/arm/boot/compressed/Makefile:182: recipe for target
> 'arch/arm/boot/compressed/vmlinux' failed
> make[4]: *** [arch/arm/boot/compressed/vmlinux] Error 1
> arch/arm/boot/Makefile:53: recipe for target
> 'arch/arm/boot/compressed/vmlinux' failed
> make[3]: *** [arch/arm/boot/compressed/vmlinux] Error 2
I ended up fixing the redefinition warnings/build failures this way, but
I am not 100% confident this is the right fix:
diff --git a/arch/arm/boot/compressed/decompress.c
b/arch/arm/boot/compressed/decompress.c
index f3a4bedd1afc..7d4a47752760 100644
--- a/arch/arm/boot/compressed/decompress.c
+++ b/arch/arm/boot/compressed/decompress.c
@@ -48,8 +48,10 @@ extern int memcmp(const void *cs, const void *ct,
size_t count);
#endif
#ifdef CONFIG_KERNEL_XZ
+#ifndef CONFIG_KASAN
#define memmove memmove
#define memcpy memcpy
+#endif
#include "../../../../lib/decompress_unxz.c"
#endif
Was not able yet to track down why __memset is not being resolved, but
since I don't need them, disabled CONFIG_ATAGS and
CONFIG_ARM_ATAG_DTB_COMPAT and this allowed me to get a build working.
This brought me all the way to a prompt and please find attached the
results of insmod test_kasan.ko for CONFIG_ARM_LPAE=y and
CONFIG_ARM_LPAE=n. Your patches actually spotted a genuine use after
free in one of our drivers (spi-bcm-qspi) so with this:
Tested-by: Florian Fainelli <f.fainelli@xxxxxxxxx>
Great job thanks!
--
Florian
# insmod test_kasan.ko
[ 90.732418] kasan test: kmalloc_oob_right out-of-bounds to right
[ 90.739598] ==================================================================
[ 90.747735] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x54/0x6c [test_kasan]
[ 90.756194] Write of size 1 at addr cb32df7b by task insmod/1456
[ 90.762532]
[ 90.764350] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 90.774742] Hardware name: Broadcom STB (Flattened Device Tree)
[ 90.781235] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 90.789608] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 90.797493] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 90.806809] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 90.816763] [<c02a7ab8>] (kasan_report) from [<bf0041bc>] (kmalloc_oob_right+0x54/0x6c [test_kasan])
[ 90.827327] [<bf0041bc>] (kmalloc_oob_right [test_kasan]) from [<bf004da0>] (kmalloc_tests_init+0x10/0x270 [test_kasan])
[ 90.839327] [<bf004da0>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 90.849645] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 90.858458] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 90.867177] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 90.875827] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 90.884407]
[ 90.886124] Allocated by task 1456:
[ 90.890022] kmem_cache_alloc_trace+0xb4/0x170
[ 90.895194] kmalloc_oob_right+0x30/0x6c [test_kasan]
[ 90.901002] kmalloc_tests_init+0x10/0x270 [test_kasan]
[ 90.906625] do_one_initcall+0x60/0x1b0
[ 90.910831] do_init_module+0xd4/0x2cc
[ 90.914949] load_module+0x3110/0x3af0
[ 90.919071] SyS_init_module+0x19c/0x1d4
[ 90.923385] ret_fast_syscall+0x0/0x50
[ 90.927396]
[ 90.929103] Freed by task 0:
[ 90.932240] (stack is not available)
[ 90.936080]
[ 90.937846] The buggy address belongs to the object at cb32df00
[ 90.937846] which belongs to the cache kmalloc-128 of size 128
[ 90.950387] The buggy address is located 123 bytes inside of
[ 90.950387] 128-byte region [cb32df00, cb32df80)
[ 90.961330] The buggy address belongs to the page:
[ 90.966480] page:ee95e5a0 count:1 mapcount:0 mapping:cb32d000 index:0x0
[ 90.973499] flags: 0x100(slab)
[ 90.977019] raw: 00000100 cb32d000 00000000 00000015 00000001 ee837f34 ee965014 d00000c0
[ 90.985610] page dumped because: kasan: bad access detected
[ 90.991497]
[ 90.993201] Memory state around the buggy address:
[ 90.998387] cb32de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.005363] cb32de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.012342] >cb32df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03
[ 91.019248] ^
[ 91.026142] cb32df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.033126] cb32e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 91.040032] ==================================================================
[ 91.048462] kasan test: kmalloc_oob_left out-of-bounds to left
[ 91.055542] ==================================================================
[ 91.063691] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x54/0x74 [test_kasan]
[ 91.072056] Read of size 1 at addr cb32c3ff by task insmod/1456
[ 91.078302]
[ 91.080116] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 91.090505] Hardware name: Broadcom STB (Flattened Device Tree)
[ 91.097004] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 91.105390] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 91.113278] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 91.122595] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 91.132521] [<c02a7ab8>] (kasan_report) from [<bf004228>] (kmalloc_oob_left+0x54/0x74 [test_kasan])
[ 91.143025] [<bf004228>] (kmalloc_oob_left [test_kasan]) from [<bf004da4>] (kmalloc_tests_init+0x14/0x270 [test_kasan])
[ 91.154958] [<bf004da4>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 91.165284] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 91.174106] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 91.182824] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 91.191495] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 91.200072]
[ 91.201782] Allocated by task 0:
[ 91.205273] (stack is not available)
[ 91.209111]
[ 91.210818] Freed by task 0:
[ 91.213965] (stack is not available)
[ 91.217804]
[ 91.219577] The buggy address belongs to the object at cb32c380
[ 91.219577] which belongs to the cache kmalloc-64 of size 64
[ 91.231940] The buggy address is located 63 bytes to the right of
[ 91.231940] 64-byte region [cb32c380, cb32c3c0)
[ 91.243258] The buggy address belongs to the page:
[ 91.248411] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0
[ 91.255439] flags: 0x100(slab)
[ 91.258968] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000
[ 91.267561] page dumped because: kasan: bad access detected
[ 91.273450]
[ 91.275152] Memory state around the buggy address:
[ 91.280338] cb32c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.287320] cb32c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.294302] >cb32c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.301207] ^
[ 91.308101] cb32c400: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.315083] cb32c480: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.321995] ==================================================================
[ 91.330451] kasan test: kmalloc_node_oob_right kmalloc_node(): out-of-bounds to right
[ 91.339664] ==================================================================
[ 91.347813] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x58/0x70 [test_kasan]
[ 91.356716] Write of size 1 at addr cb38d200 by task insmod/1456
[ 91.363060]
[ 91.364877] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 91.375280] Hardware name: Broadcom STB (Flattened Device Tree)
[ 91.381764] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 91.390148] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 91.398040] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 91.407367] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 91.417314] [<c02a7ab8>] (kasan_report) from [<bf0042a0>] (kmalloc_node_oob_right+0x58/0x70 [test_kasan])
[ 91.428358] [<bf0042a0>] (kmalloc_node_oob_right [test_kasan]) from [<bf004da8>] (kmalloc_tests_init+0x18/0x270 [test_kasan])
[ 91.440820] [<bf004da8>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 91.451152] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 91.459969] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 91.468684] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 91.477343] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 91.485918]
[ 91.487638] Allocated by task 1456:
[ 91.491537] kmem_cache_alloc_trace+0xb4/0x170
[ 91.496720] kmalloc_node_oob_right+0x30/0x70 [test_kasan]
[ 91.502987] kmalloc_tests_init+0x18/0x270 [test_kasan]
[ 91.508614] do_one_initcall+0x60/0x1b0
[ 91.512828] do_init_module+0xd4/0x2cc
[ 91.516964] load_module+0x3110/0x3af0
[ 91.521097] SyS_init_module+0x19c/0x1d4
[ 91.525425] ret_fast_syscall+0x0/0x50
[ 91.529435]
[ 91.531141] Freed by task 0:
[ 91.534268] (stack is not available)
[ 91.538103]
[ 91.539868] The buggy address belongs to the object at cb38c200
[ 91.539868] which belongs to the cache kmalloc-4096 of size 4096
[ 91.552587] The buggy address is located 0 bytes to the right of
[ 91.552587] 4096-byte region [cb38c200, cb38d200)
[ 91.563981] The buggy address belongs to the page:
[ 91.569141] page:ee95f180 count:1 mapcount:0 mapping:cb38c200 index:0x0 compound_mapcount: 0
[ 91.578155] flags: 0x8100(slab|head)
[ 91.582207] raw: 00008100 cb38c200 00000000 00000001 00000001 ee95f094 d000140c d0000540
[ 91.590792] page dumped because: kasan: bad access detected
[ 91.596678]
[ 91.598373] Memory state around the buggy address:
[ 91.603551] cb38d100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 91.610518] cb38d180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 91.617485] >cb38d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.624360] ^
[ 91.627217] cb38d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.634196] cb38d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.641103] ==================================================================
[ 91.649357] kasan test: kmalloc_large_oob_right kmalloc large allocation: out-of-bounds to right
[ 91.686569] ==================================================================
[ 91.694713] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x60/0x78 [test_kasan]
[ 91.703685] Write of size 1 at addr cabfff00 by task insmod/1456
[ 91.710024]
[ 91.711823] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 91.722227] Hardware name: Broadcom STB (Flattened Device Tree)
[ 91.728695] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 91.737073] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 91.744957] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 91.754277] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 91.764205] [<c02a7ab8>] (kasan_report) from [<bf004318>] (kmalloc_large_oob_right+0x60/0x78 [test_kasan])
[ 91.775315] [<bf004318>] (kmalloc_large_oob_right [test_kasan]) from [<bf004dac>] (kmalloc_tests_init+0x1c/0x270 [test_kasan])
[ 91.787851] [<bf004dac>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 91.798174] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 91.806980] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 91.815681] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 91.824328] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 91.832894]
[ 91.834662] The buggy address belongs to the object at ca800000
[ 91.834662] which belongs to the cache kmalloc-4194304 of size 4194304
[ 91.847908] The buggy address is located 4194048 bytes inside of
[ 91.847908] 4194304-byte region [ca800000, cac00000)
[ 91.859557] The buggy address belongs to the page:
[ 91.864697] page:ee948000 count:1 mapcount:0 mapping:ca800000 index:0x0 compound_mapcount: 0
[ 91.873697] flags: 0x8100(slab|head)
[ 91.877735] raw: 00008100 ca800000 00000000 00000001 00000001 d000190c d000190c d0000cc0
[ 91.886325] page dumped because: kasan: bad access detected
[ 91.892207]
[ 91.893912] Memory state around the buggy address:
[ 91.899108] cabffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 91.906084] cabffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 91.913063] >cabfff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.919949] ^
[ 91.922804] cabfff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.929778] cac00000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 91.936676] ==================================================================
[ 91.950255] kasan test: kmalloc_oob_krealloc_more out-of-bounds after krealloc more
[ 91.959414] ==================================================================
[ 91.967560] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_krealloc_more+0x78/0x90 [test_kasan]
[ 91.976714] Write of size 1 at addr cb32c393 by task insmod/1456
[ 91.983052]
[ 91.984852] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 91.995253] Hardware name: Broadcom STB (Flattened Device Tree)
[ 92.001723] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 92.010095] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 92.017977] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 92.027295] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 92.037226] [<c02a7ab8>] (kasan_report) from [<bf004558>] (kmalloc_oob_krealloc_more+0x78/0x90 [test_kasan])
[ 92.048509] [<bf004558>] (kmalloc_oob_krealloc_more [test_kasan]) from [<bf004db0>] (kmalloc_tests_init+0x20/0x270 [test_kasan])
[ 92.061216] [<bf004db0>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 92.071531] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 92.080337] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 92.089050] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 92.097685] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 92.106254]
[ 92.107973] Allocated by task 1456:
[ 92.111809] krealloc+0x44/0xc8
[ 92.115649] kmalloc_oob_krealloc_more+0x44/0x90 [test_kasan]
[ 92.122170] kmalloc_tests_init+0x20/0x270 [test_kasan]
[ 92.127788] do_one_initcall+0x60/0x1b0
[ 92.132007] do_init_module+0xd4/0x2cc
[ 92.136129] load_module+0x3110/0x3af0
[ 92.140246] SyS_init_module+0x19c/0x1d4
[ 92.144551] ret_fast_syscall+0x0/0x50
[ 92.148554]
[ 92.150253] Freed by task 0:
[ 92.153373] (stack is not available)
[ 92.157198]
[ 92.158965] The buggy address belongs to the object at cb32c380
[ 92.158965] which belongs to the cache kmalloc-64 of size 64
[ 92.171311] The buggy address is located 19 bytes inside of
[ 92.171311] 64-byte region [cb32c380, cb32c3c0)
[ 92.182073] The buggy address belongs to the page:
[ 92.187218] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0
[ 92.194233] flags: 0x100(slab)
[ 92.197736] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000
[ 92.206328] page dumped because: kasan: bad access detected
[ 92.212210]
[ 92.213917] Memory state around the buggy address:
[ 92.219113] cb32c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 92.226092] cb32c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 92.233071] >cb32c380: 00 00 03 fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 92.239961] ^
[ 92.243351] cb32c400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 92.250319] cb32c480: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 92.257218] ==================================================================
[ 92.265303] kasan test: kmalloc_oob_krealloc_less out-of-bounds after krealloc less
[ 92.274463] ==================================================================
[ 92.282607] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_krealloc_less+0x78/0x90 [test_kasan]
[ 92.291759] Write of size 1 at addr cb32c30f by task insmod/1456
[ 92.298099]
[ 92.299905] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 92.310306] Hardware name: Broadcom STB (Flattened Device Tree)
[ 92.316774] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 92.325148] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 92.333030] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 92.342351] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 92.352280] [<c02a7ab8>] (kasan_report) from [<bf0045e8>] (kmalloc_oob_krealloc_less+0x78/0x90 [test_kasan])
[ 92.363564] [<bf0045e8>] (kmalloc_oob_krealloc_less [test_kasan]) from [<bf004db4>] (kmalloc_tests_init+0x24/0x270 [test_kasan])
[ 92.376275] [<bf004db4>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 92.386583] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 92.395387] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 92.404104] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 92.412742] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 92.421308]
[ 92.423024] Allocated by task 1456:
[ 92.426863] krealloc+0x44/0xc8
[ 92.430706] kmalloc_oob_krealloc_less+0x44/0x90 [test_kasan]
[ 92.437229] kmalloc_tests_init+0x24/0x270 [test_kasan]
[ 92.442848] do_one_initcall+0x60/0x1b0
[ 92.447072] do_init_module+0xd4/0x2cc
[ 92.451189] load_module+0x3110/0x3af0
[ 92.455303] SyS_init_module+0x19c/0x1d4
[ 92.459609] ret_fast_syscall+0x0/0x50
[ 92.463612]
[ 92.465311] Freed by task 0:
[ 92.468431] (stack is not available)
[ 92.472256]
[ 92.474025] The buggy address belongs to the object at cb32c300
[ 92.474025] which belongs to the cache kmalloc-64 of size 64
[ 92.486371] The buggy address is located 15 bytes inside of
[ 92.486371] 64-byte region [cb32c300, cb32c340)
[ 92.497131] The buggy address belongs to the page:
[ 92.502272] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0
[ 92.509280] flags: 0x100(slab)
[ 92.512782] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000
[ 92.521376] page dumped because: kasan: bad access detected
[ 92.527257]
[ 92.528968] Memory state around the buggy address:
[ 92.534159] cb32c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 92.541139] cb32c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 92.548118] >cb32c300: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 92.555005] ^
[ 92.558136] cb32c380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 92.565114] cb32c400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 92.572017] ==================================================================
[ 92.580279] kasan test: kmalloc_oob_16 kmalloc out-of-bounds for 16-bytes access
[ 92.589445] ==================================================================
[ 92.597580] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x78/0xa4 [test_kasan]
[ 92.605751] Write of size 16 at addr cb32c280 by task insmod/1456
[ 92.612175]
[ 92.613992] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 92.624380] Hardware name: Broadcom STB (Flattened Device Tree)
[ 92.630852] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 92.639233] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 92.647117] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 92.656435] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 92.666355] [<c02a7ab8>] (kasan_report) from [<bf0043a8>] (kmalloc_oob_16+0x78/0xa4 [test_kasan])
[ 92.676644] [<bf0043a8>] (kmalloc_oob_16 [test_kasan]) from [<bf004db8>] (kmalloc_tests_init+0x28/0x270 [test_kasan])
[ 92.688369] [<bf004db8>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 92.698671] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 92.707478] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 92.716194] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 92.724832] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 92.733398]
[ 92.735106] Allocated by task 1456:
[ 92.739006] kmem_cache_alloc_trace+0xb4/0x170
[ 92.744178] kmalloc_oob_16+0x30/0xa4 [test_kasan]
[ 92.749706] kmalloc_tests_init+0x28/0x270 [test_kasan]
[ 92.755323] do_one_initcall+0x60/0x1b0
[ 92.759523] do_init_module+0xd4/0x2cc
[ 92.763632] load_module+0x3110/0x3af0
[ 92.767746] SyS_init_module+0x19c/0x1d4
[ 92.772066] ret_fast_syscall+0x0/0x50
[ 92.776078]
[ 92.777778] Freed by task 0:
[ 92.780912] (stack is not available)
[ 92.784744]
[ 92.786496] The buggy address belongs to the object at cb32c280
[ 92.786496] which belongs to the cache kmalloc-64 of size 64
[ 92.798829] The buggy address is located 0 bytes inside of
[ 92.798829] 64-byte region [cb32c280, cb32c2c0)
[ 92.809505] The buggy address belongs to the page:
[ 92.814646] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0
[ 92.821657] flags: 0x100(slab)
[ 92.825173] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000
[ 92.833758] page dumped because: kasan: bad access detected
[ 92.839637]
[ 92.841334] Memory state around the buggy address:
[ 92.846511] cb32c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 92.853479] cb32c200: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 92.860447] >cb32c280: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 92.867322] ^
[ 92.870447] cb32c300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 92.877413] cb32c380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 92.884307] ==================================================================
[ 92.892598] kasan test: kmalloc_oob_in_memset out-of-bounds in memset
[ 92.900248] ==================================================================
[ 92.908420] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x58/0x68 [test_kasan]
[ 92.917228] Write of size 671 at addr cad89b40 by task insmod/1456
[ 92.923733]
[ 92.925532] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 92.935922] Hardware name: Broadcom STB (Flattened Device Tree)
[ 92.942404] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 92.950765] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 92.958639] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 92.967958] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 92.977571] [<c02a7ab8>] (kasan_report) from [<c02a6b5c>] (memset+0x20/0x34)
[ 92.985592] [<c02a6b5c>] (memset) from [<bf004658>] (kmalloc_oob_in_memset+0x58/0x68 [test_kasan])
[ 92.995990] [<bf004658>] (kmalloc_oob_in_memset [test_kasan]) from [<bf004dbc>] (kmalloc_tests_init+0x2c/0x270 [test_kasan])
[ 93.008345] [<bf004dbc>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 93.018648] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 93.027455] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 93.036169] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 93.044805] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 93.053371]
[ 93.055081] Allocated by task 1456:
[ 93.058980] kmem_cache_alloc_trace+0xb4/0x170
[ 93.064158] kmalloc_oob_in_memset+0x30/0x68 [test_kasan]
[ 93.070325] kmalloc_tests_init+0x2c/0x270 [test_kasan]
[ 93.075957] do_one_initcall+0x60/0x1b0
[ 93.080169] do_init_module+0xd4/0x2cc
[ 93.084277] load_module+0x3110/0x3af0
[ 93.088391] SyS_init_module+0x19c/0x1d4
[ 93.092697] ret_fast_syscall+0x0/0x50
[ 93.096701]
[ 93.098398] Freed by task 0:
[ 93.101517] (stack is not available)
[ 93.105339]
[ 93.107104] The buggy address belongs to the object at cad89b40
[ 93.107104] which belongs to the cache kmalloc-1024 of size 1024
[ 93.119796] The buggy address is located 0 bytes inside of
[ 93.119796] 1024-byte region [cad89b40, cad89f40)
[ 93.130644] The buggy address belongs to the page:
[ 93.135786] page:ee953100 count:1 mapcount:0 mapping:cad88040 index:0x0 compound_mapcount: 0
[ 93.144802] flags: 0x8100(slab|head)
[ 93.148850] raw: 00008100 cad88040 00000000 00000007 00000001 ee9596d4 d000130c d00003c0
[ 93.157444] page dumped because: kasan: bad access detected
[ 93.163324]
[ 93.165029] Memory state around the buggy address:
[ 93.170218] cad89c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 93.177197] cad89d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 93.184180] >cad89d80: 00 00 00 00 00 00 00 00 00 00 00 02 fc fc fc fc
[ 93.191080] ^
[ 93.196890] cad89e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.203868] cad89e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.210773] ==================================================================
[ 93.218837] kasan test: kmalloc_oob_memset_2 out-of-bounds in memset2
[ 93.226573] ==================================================================
[ 93.234711] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x5c/0x6c [test_kasan]
[ 93.243416] Write of size 2 at addr cb32c187 by task insmod/1456
[ 93.249743]
[ 93.251541] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 93.261933] Hardware name: Broadcom STB (Flattened Device Tree)
[ 93.268413] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 93.276773] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 93.284645] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 93.293964] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 93.303573] [<c02a7ab8>] (kasan_report) from [<c02a6b5c>] (memset+0x20/0x34)
[ 93.311591] [<c02a6b5c>] (memset) from [<bf0046c4>] (kmalloc_oob_memset_2+0x5c/0x6c [test_kasan])
[ 93.321894] [<bf0046c4>] (kmalloc_oob_memset_2 [test_kasan]) from [<bf004dc0>] (kmalloc_tests_init+0x30/0x270 [test_kasan])
[ 93.334164] [<bf004dc0>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 93.344478] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 93.353283] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 93.361998] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 93.370635] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 93.379203]
[ 93.380918] Allocated by task 1456:
[ 93.384808] kmem_cache_alloc_trace+0xb4/0x170
[ 93.389993] kmalloc_oob_memset_2+0x30/0x6c [test_kasan]
[ 93.396068] kmalloc_tests_init+0x30/0x270 [test_kasan]
[ 93.401684] do_one_initcall+0x60/0x1b0
[ 93.405891] do_init_module+0xd4/0x2cc
[ 93.410019] load_module+0x3110/0x3af0
[ 93.414145] SyS_init_module+0x19c/0x1d4
[ 93.418452] ret_fast_syscall+0x0/0x50
[ 93.422456]
[ 93.424153] Freed by task 0:
[ 93.427271] (stack is not available)
[ 93.431102]
[ 93.432855] The buggy address belongs to the object at cb32c180
[ 93.432855] which belongs to the cache kmalloc-64 of size 64
[ 93.445210] The buggy address is located 7 bytes inside of
[ 93.445210] 64-byte region [cb32c180, cb32c1c0)
[ 93.455875] The buggy address belongs to the page:
[ 93.461038] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0
[ 93.468058] flags: 0x100(slab)
[ 93.471561] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000
[ 93.480154] page dumped because: kasan: bad access detected
[ 93.486049]
[ 93.487745] Memory state around the buggy address:
[ 93.492938] cb32c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.499919] cb32c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.506902] >cb32c180: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.513786] ^
[ 93.516926] cb32c200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 93.523907] cb32c280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 93.530807] ==================================================================
[ 93.539046] kasan test: kmalloc_oob_memset_4 out-of-bounds in memset4
[ 93.546514] ==================================================================
[ 93.554656] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x5c/0x6c [test_kasan]
[ 93.563367] Write of size 4 at addr cb32c105 by task insmod/1456
[ 93.569692]
[ 93.571492] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 93.581880] Hardware name: Broadcom STB (Flattened Device Tree)
[ 93.588371] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 93.596730] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 93.604601] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 93.613918] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 93.623533] [<c02a7ab8>] (kasan_report) from [<c02a6b5c>] (memset+0x20/0x34)
[ 93.631557] [<c02a6b5c>] (memset) from [<bf004730>] (kmalloc_oob_memset_4+0x5c/0x6c [test_kasan])
[ 93.641857] [<bf004730>] (kmalloc_oob_memset_4 [test_kasan]) from [<bf004dc4>] (kmalloc_tests_init+0x34/0x270 [test_kasan])
[ 93.654131] [<bf004dc4>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 93.664446] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 93.673247] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 93.681962] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 93.690601] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 93.699172]
[ 93.700887] Allocated by task 1456:
[ 93.704782] kmem_cache_alloc_trace+0xb4/0x170
[ 93.709967] kmalloc_oob_memset_4+0x30/0x6c [test_kasan]
[ 93.716042] kmalloc_tests_init+0x34/0x270 [test_kasan]
[ 93.721657] do_one_initcall+0x60/0x1b0
[ 93.725862] do_init_module+0xd4/0x2cc
[ 93.729995] load_module+0x3110/0x3af0
[ 93.734121] SyS_init_module+0x19c/0x1d4
[ 93.738427] ret_fast_syscall+0x0/0x50
[ 93.742431]
[ 93.744130] Freed by task 0:
[ 93.747249] (stack is not available)
[ 93.751084]
[ 93.752837] The buggy address belongs to the object at cb32c100
[ 93.752837] which belongs to the cache kmalloc-64 of size 64
[ 93.765193] The buggy address is located 5 bytes inside of
[ 93.765193] 64-byte region [cb32c100, cb32c140)
[ 93.775856] The buggy address belongs to the page:
[ 93.781022] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0
[ 93.788043] flags: 0x100(slab)
[ 93.791546] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000
[ 93.800140] page dumped because: kasan: bad access detected
[ 93.806031]
[ 93.807727] Memory state around the buggy address:
[ 93.812915] cb32c000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.819896] cb32c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.826880] >cb32c100: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.833768] ^
[ 93.836900] cb32c180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 93.843883] cb32c200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 93.850787] ==================================================================
[ 93.858849] kasan test: kmalloc_oob_memset_8 out-of-bounds in memset8
[ 93.866585] ==================================================================
[ 93.874723] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x5c/0x6c [test_kasan]
[ 93.883428] Write of size 8 at addr cb32c081 by task insmod/1456
[ 93.889754]
[ 93.891554] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 93.901950] Hardware name: Broadcom STB (Flattened Device Tree)
[ 93.908424] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 93.916784] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 93.924657] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 93.933976] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 93.943582] [<c02a7ab8>] (kasan_report) from [<c02a6b5c>] (memset+0x20/0x34)
[ 93.951602] [<c02a6b5c>] (memset) from [<bf00479c>] (kmalloc_oob_memset_8+0x5c/0x6c [test_kasan])
[ 93.961907] [<bf00479c>] (kmalloc_oob_memset_8 [test_kasan]) from [<bf004dc8>] (kmalloc_tests_init+0x38/0x270 [test_kasan])
[ 93.974177] [<bf004dc8>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 93.984490] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 93.993293] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 94.002010] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 94.010643] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 94.019213]
[ 94.020928] Allocated by task 1456:
[ 94.024816] kmem_cache_alloc_trace+0xb4/0x170
[ 94.030005] kmalloc_oob_memset_8+0x30/0x6c [test_kasan]
[ 94.036080] kmalloc_tests_init+0x38/0x270 [test_kasan]
[ 94.041696] do_one_initcall+0x60/0x1b0
[ 94.045906] do_init_module+0xd4/0x2cc
[ 94.050036] load_module+0x3110/0x3af0
[ 94.054161] SyS_init_module+0x19c/0x1d4
[ 94.058467] ret_fast_syscall+0x0/0x50
[ 94.062470]
[ 94.064166] Freed by task 0:
[ 94.067285] (stack is not available)
[ 94.071114]
[ 94.072869] The buggy address belongs to the object at cb32c080
[ 94.072869] which belongs to the cache kmalloc-64 of size 64
[ 94.085222] The buggy address is located 1 bytes inside of
[ 94.085222] 64-byte region [cb32c080, cb32c0c0)
[ 94.095889] The buggy address belongs to the page:
[ 94.101050] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0
[ 94.108074] flags: 0x100(slab)
[ 94.111577] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000
[ 94.120172] page dumped because: kasan: bad access detected
[ 94.126067]
[ 94.127761] Memory state around the buggy address:
[ 94.132954] cb32bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 94.139935] cb32c000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 94.146916] >cb32c080: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 94.153798] ^
[ 94.156938] cb32c100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 94.163918] cb32c180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 94.170817] ==================================================================
[ 94.179061] kasan test: kmalloc_oob_memset_16 out-of-bounds in memset16
[ 94.186673] ==================================================================
[ 94.194807] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x5c/0x6c [test_kasan]
[ 94.203608] Write of size 16 at addr cb32c001 by task insmod/1456
[ 94.210036]
[ 94.211836] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 94.222240] Hardware name: Broadcom STB (Flattened Device Tree)
[ 94.228707] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 94.237084] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 94.244968] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 94.254286] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 94.263895] [<c02a7ab8>] (kasan_report) from [<c02a6b5c>] (memset+0x20/0x34)
[ 94.271928] [<c02a6b5c>] (memset) from [<bf004808>] (kmalloc_oob_memset_16+0x5c/0x6c [test_kasan])
[ 94.282322] [<bf004808>] (kmalloc_oob_memset_16 [test_kasan]) from [<bf004dcc>] (kmalloc_tests_init+0x3c/0x270 [test_kasan])
[ 94.294672] [<bf004dcc>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 94.304988] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 94.313780] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 94.322498] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 94.331148] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 94.339705]
[ 94.341409] Allocated by task 1456:
[ 94.345293] kmem_cache_alloc_trace+0xb4/0x170
[ 94.350477] kmalloc_oob_memset_16+0x30/0x6c [test_kasan]
[ 94.356633] kmalloc_tests_init+0x3c/0x270 [test_kasan]
[ 94.362255] do_one_initcall+0x60/0x1b0
[ 94.366456] do_init_module+0xd4/0x2cc
[ 94.370563] load_module+0x3110/0x3af0
[ 94.374679] SyS_init_module+0x19c/0x1d4
[ 94.379000] ret_fast_syscall+0x0/0x50
[ 94.383015]
[ 94.384715] Freed by task 0:
[ 94.387837] (stack is not available)
[ 94.391668]
[ 94.393418] The buggy address belongs to the object at cb32c000
[ 94.393418] which belongs to the cache kmalloc-64 of size 64
[ 94.405751] The buggy address is located 1 bytes inside of
[ 94.405751] 64-byte region [cb32c000, cb32c040)
[ 94.416414] The buggy address belongs to the page:
[ 94.421557] page:ee95e580 count:1 mapcount:0 mapping:cb32c000 index:0x0
[ 94.428567] flags: 0x100(slab)
[ 94.432083] raw: 00000100 cb32c000 00000000 00000020 00000001 ee81ea94 ee962934 d0000000
[ 94.440668] page dumped because: kasan: bad access detected
[ 94.446547]
[ 94.448242] Memory state around the buggy address:
[ 94.453420] cb32bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 94.460386] cb32bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 94.467353] >cb32c000: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 94.474234] ^
[ 94.477624] cb32c080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 94.484590] cb32c100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 94.491485] ==================================================================
[ 94.499541] kasan test: kmalloc_uaf use-after-free
[ 94.505668] ==================================================================
[ 94.513786] BUG: KASAN: use-after-free in kmalloc_uaf+0x58/0x68 [test_kasan]
[ 94.521264] Write of size 1 at addr cb681f88 by task insmod/1456
[ 94.527589]
[ 94.529387] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 94.539768] Hardware name: Broadcom STB (Flattened Device Tree)
[ 94.546253] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 94.554614] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 94.562491] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 94.571796] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 94.581720] [<c02a7ab8>] (kasan_report) from [<bf00442c>] (kmalloc_uaf+0x58/0x68 [test_kasan])
[ 94.591738] [<bf00442c>] (kmalloc_uaf [test_kasan]) from [<bf004dd0>] (kmalloc_tests_init+0x40/0x270 [test_kasan])
[ 94.603200] [<bf004dd0>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 94.613514] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 94.622318] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 94.631031] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 94.639669] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 94.648238]
[ 94.649957] Allocated by task 1456:
[ 94.653847] kmem_cache_alloc_trace+0xb4/0x170
[ 94.659028] kmalloc_uaf+0x30/0x68 [test_kasan]
[ 94.664303] kmalloc_tests_init+0x40/0x270 [test_kasan]
[ 94.669928] do_one_initcall+0x60/0x1b0
[ 94.674144] do_init_module+0xd4/0x2cc
[ 94.678255] load_module+0x3110/0x3af0
[ 94.682370] SyS_init_module+0x19c/0x1d4
[ 94.686677] ret_fast_syscall+0x0/0x50
[ 94.690679]
[ 94.692383] Freed by task 1456:
[ 94.695888] kfree+0x64/0x100
[ 94.699541] kmalloc_uaf+0x50/0x68 [test_kasan]
[ 94.704802] kmalloc_tests_init+0x40/0x270 [test_kasan]
[ 94.710425] do_one_initcall+0x60/0x1b0
[ 94.714626] do_init_module+0xd4/0x2cc
[ 94.718734] load_module+0x3110/0x3af0
[ 94.722850] SyS_init_module+0x19c/0x1d4
[ 94.727177] ret_fast_syscall+0x0/0x50
[ 94.731181]
[ 94.732949] The buggy address belongs to the object at cb681f80
[ 94.732949] which belongs to the cache kmalloc-64 of size 64
[ 94.745294] The buggy address is located 8 bytes inside of
[ 94.745294] 64-byte region [cb681f80, cb681fc0)
[ 94.755966] The buggy address belongs to the page:
[ 94.761122] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0
[ 94.768145] flags: 0x100(slab)
[ 94.771647] raw: 00000100 cb681000 00000000 00000020 00000001 ee962934 d000108c d0000000
[ 94.780245] page dumped because: kasan: bad access detected
[ 94.786135]
[ 94.787832] Memory state around the buggy address:
[ 94.793035] cb681e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 94.800014] cb681f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 94.806997] >cb681f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 94.813881] ^
[ 94.817028] cb682000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 94.824009] cb682080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 94.830913] ==================================================================
[ 94.838770] kasan test: kmalloc_uaf_memset use-after-free in memset
[ 94.846416] ==================================================================
[ 94.854558] BUG: KASAN: use-after-free in kmalloc_tests_init+0x44/0x270 [test_kasan]
[ 94.862819] Write of size 33 at addr cb681f00 by task insmod/1456
[ 94.869245]
[ 94.871058] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 94.881438] Hardware name: Broadcom STB (Flattened Device Tree)
[ 94.887914] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 94.896292] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 94.904173] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 94.913492] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 94.923111] [<c02a7ab8>] (kasan_report) from [<c02a6b5c>] (memset+0x20/0x34)
[ 94.931134] [<c02a6b5c>] (memset) from [<bf004dd4>] (kmalloc_tests_init+0x44/0x270 [test_kasan])
[ 94.940986] [<bf004dd4>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 94.951300] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 94.960109] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 94.968810] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 94.977464] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 94.986029]
[ 94.987733] Allocated by task 1456:
[ 94.991619] kmem_cache_alloc_trace+0xb4/0x170
[ 94.996786] kmalloc_uaf_memset+0x30/0x68 [test_kasan]
[ 95.002677] kmalloc_tests_init+0x44/0x270 [test_kasan]
[ 95.008292] do_one_initcall+0x60/0x1b0
[ 95.012491] do_init_module+0xd4/0x2cc
[ 95.016599] load_module+0x3110/0x3af0
[ 95.020712] SyS_init_module+0x19c/0x1d4
[ 95.025029] ret_fast_syscall+0x0/0x50
[ 95.029043]
[ 95.030746] Freed by task 1456:
[ 95.034246] kfree+0x64/0x100
[ 95.037900] kmalloc_uaf_memset+0x50/0x68 [test_kasan]
[ 95.043794] kmalloc_tests_init+0x44/0x270 [test_kasan]
[ 95.049416] do_one_initcall+0x60/0x1b0
[ 95.053614] do_init_module+0xd4/0x2cc
[ 95.057722] load_module+0x3110/0x3af0
[ 95.061837] SyS_init_module+0x19c/0x1d4
[ 95.066168] ret_fast_syscall+0x0/0x50
[ 95.070172]
[ 95.071940] The buggy address belongs to the object at cb681f00
[ 95.071940] which belongs to the cache kmalloc-64 of size 64
[ 95.084288] The buggy address is located 0 bytes inside of
[ 95.084288] 64-byte region [cb681f00, cb681f40)
[ 95.094960] The buggy address belongs to the page:
[ 95.100113] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0
[ 95.107135] flags: 0x100(slab)
[ 95.110640] raw: 00000100 cb681000 00000000 00000020 00000001 ee962934 d000108c d0000000
[ 95.119236] page dumped because: kasan: bad access detected
[ 95.125126]
[ 95.126823] Memory state around the buggy address:
[ 95.132028] cb681e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 95.139010] cb681e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 95.145990] >cb681f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 95.152873] ^
[ 95.155737] cb681f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 95.162704] cb682000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 95.169596] ==================================================================
[ 95.177458] kasan test: kmalloc_uaf2 use-after-free after another kmalloc
[ 95.186287] ==================================================================
[ 95.194418] BUG: KASAN: use-after-free in kmalloc_uaf2+0x74/0xa4 [test_kasan]
[ 95.201989] Write of size 1 at addr cb681ea8 by task insmod/1456
[ 95.208316]
[ 95.210127] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 95.220509] Hardware name: Broadcom STB (Flattened Device Tree)
[ 95.226993] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 95.235366] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 95.243249] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 95.252562] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 95.262483] [<c02a7ab8>] (kasan_report) from [<bf0044b0>] (kmalloc_uaf2+0x74/0xa4 [test_kasan])
[ 95.272593] [<bf0044b0>] (kmalloc_uaf2 [test_kasan]) from [<bf004dd8>] (kmalloc_tests_init+0x48/0x270 [test_kasan])
[ 95.284141] [<bf004dd8>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 95.294459] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 95.303262] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 95.311979] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 95.320616] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 95.329186]
[ 95.330902] Allocated by task 1456:
[ 95.334796] kmem_cache_alloc_trace+0xb4/0x170
[ 95.339974] kmalloc_uaf2+0x30/0xa4 [test_kasan]
[ 95.345338] kmalloc_tests_init+0x48/0x270 [test_kasan]
[ 95.350971] do_one_initcall+0x60/0x1b0
[ 95.355182] do_init_module+0xd4/0x2cc
[ 95.359292] load_module+0x3110/0x3af0
[ 95.363406] SyS_init_module+0x19c/0x1d4
[ 95.367714] ret_fast_syscall+0x0/0x50
[ 95.371717]
[ 95.373420] Freed by task 1456:
[ 95.376926] kfree+0x64/0x100
[ 95.380571] kmalloc_uaf2+0x50/0xa4 [test_kasan]
[ 95.385929] kmalloc_tests_init+0x48/0x270 [test_kasan]
[ 95.391551] do_one_initcall+0x60/0x1b0
[ 95.395751] do_init_module+0xd4/0x2cc
[ 95.399864] load_module+0x3110/0x3af0
[ 95.404003] SyS_init_module+0x19c/0x1d4
[ 95.408310] ret_fast_syscall+0x0/0x50
[ 95.412312]
[ 95.414073] The buggy address belongs to the object at cb681e80
[ 95.414073] which belongs to the cache kmalloc-64 of size 64
[ 95.426418] The buggy address is located 40 bytes inside of
[ 95.426418] 64-byte region [cb681e80, cb681ec0)
[ 95.437177] The buggy address belongs to the page:
[ 95.442318] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0
[ 95.449329] flags: 0x100(slab)
[ 95.452831] raw: 00000100 cb681000 00000000 00000020 00000001 ee95e594 d000108c d0000000
[ 95.461426] page dumped because: kasan: bad access detected
[ 95.467307]
[ 95.469012] Memory state around the buggy address:
[ 95.474200] cb681d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 95.481179] cb681e00: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc
[ 95.488158] >cb681e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 95.495050] ^
[ 95.499247] cb681f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 95.506227] cb681f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 95.513133] ==================================================================
[ 95.524422] kasan test: kmem_cache_oob out-of-bounds in kmem_cache_alloc
[ 95.532322] ==================================================================
[ 95.540461] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x88/0xb8 [test_kasan]
[ 95.548629] Read of size 1 at addr cb32ef78 by task insmod/1456
[ 95.554877]
[ 95.556684] CPU: 0 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 95.567074] Hardware name: Broadcom STB (Flattened Device Tree)
[ 95.573541] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 95.581912] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 95.589790] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 95.599117] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 95.609041] [<c02a7ab8>] (kasan_report) from [<bf004908>] (kmem_cache_oob+0x88/0xb8 [test_kasan])
[ 95.619340] [<bf004908>] (kmem_cache_oob [test_kasan]) from [<bf004ddc>] (kmalloc_tests_init+0x4c/0x270 [test_kasan])
[ 95.631070] [<bf004ddc>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 95.641383] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 95.650190] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 95.658902] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 95.667555] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 95.676124]
[ 95.677831] Allocated by task 1456:
[ 95.681712] kmem_cache_alloc+0xac/0x16c
[ 95.686353] kmem_cache_oob+0x64/0xb8 [test_kasan]
[ 95.691887] kmalloc_tests_init+0x4c/0x270 [test_kasan]
[ 95.697515] do_one_initcall+0x60/0x1b0
[ 95.701717] do_init_module+0xd4/0x2cc
[ 95.705827] load_module+0x3110/0x3af0
[ 95.709965] SyS_init_module+0x19c/0x1d4
[ 95.714269] ret_fast_syscall+0x0/0x50
[ 95.718272]
[ 95.719984] Freed by task 0:
[ 95.723111] (stack is not available)
[ 95.726950]
[ 95.728706] The buggy address belongs to the object at cb32eeb0
[ 95.728706] which belongs to the cache test_cache of size 200
[ 95.741146] The buggy address is located 0 bytes to the right of
[ 95.741146] 200-byte region [cb32eeb0, cb32ef78)
[ 95.752433] The buggy address belongs to the page:
[ 95.757575] page:ee95e5c0 count:1 mapcount:0 mapping:cb32e040 index:0x0
[ 95.764583] flags: 0x100(slab)
[ 95.768100] raw: 00000100 cb32e040 00000000 0000000f 00000001 cb681d0c cb681d0c cdc6b000
[ 95.776685] page dumped because: kasan: bad access detected
[ 95.782566]
[ 95.784261] Memory state around the buggy address:
[ 95.789440] cb32ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 95.796408] cb32ee80: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00
[ 95.803376] >cb32ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 95.810268] ^
[ 95.817156] cb32ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 95.824135] cb32f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 95.831043] ==================================================================
[ 95.859462] kasan test: memcg_accounted_kmem_cache allocate memcg accounted object
[ 96.407433] kasan test: kasan_stack_oob out-of-bounds on stack
[ 96.413815] kasan test: kasan_global_oob out-of-bounds global variable
[ 96.421066] kasan test: ksize_unpoisons_memory ksize() unpoisons the whole allocated chunk
[ 96.430550] ==================================================================
[ 96.438688] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x6c/0x84 [test_kasan]
[ 96.447573] Write of size 1 at addr cac5ab00 by task insmod/1456
[ 96.453899]
[ 96.455700] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 96.466080] Hardware name: Broadcom STB (Flattened Device Tree)
[ 96.472554] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 96.480918] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 96.488792] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 96.498098] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 96.508019] [<c02a7ab8>] (kasan_report) from [<bf004a58>] (ksize_unpoisons_memory+0x6c/0x84 [test_kasan])
[ 96.519026] [<bf004a58>] (ksize_unpoisons_memory [test_kasan]) from [<bf004dec>] (kmalloc_tests_init+0x5c/0x270 [test_kasan])
[ 96.531455] [<bf004dec>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 96.541758] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 96.550550] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 96.559254] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 96.567891] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 96.576451]
[ 96.578156] Allocated by task 1456:
[ 96.582043] kmem_cache_alloc_trace+0xb4/0x170
[ 96.587213] ksize_unpoisons_memory+0x30/0x84 [test_kasan]
[ 96.593457] kmalloc_tests_init+0x5c/0x270 [test_kasan]
[ 96.599075] do_one_initcall+0x60/0x1b0
[ 96.603274] do_init_module+0xd4/0x2cc
[ 96.607382] load_module+0x3110/0x3af0
[ 96.611495] SyS_init_module+0x19c/0x1d4
[ 96.615803] ret_fast_syscall+0x0/0x50
[ 96.619805]
[ 96.621504] Freed by task 0:
[ 96.624623] (stack is not available)
[ 96.628446]
[ 96.630201] The buggy address belongs to the object at cac5aa80
[ 96.630201] which belongs to the cache kmalloc-128 of size 128
[ 96.642718] The buggy address is located 0 bytes to the right of
[ 96.642718] 128-byte region [cac5aa80, cac5ab00)
[ 96.654003] The buggy address belongs to the page:
[ 96.659154] page:ee950b40 count:1 mapcount:0 mapping:cac5a000 index:0xcac5af00
[ 96.666869] flags: 0x100(slab)
[ 96.670382] raw: 00000100 cac5a000 cac5af00 00000008 00000001 ee965014 d0001104 d00000c0
[ 96.678964] page dumped because: kasan: bad access detected
[ 96.684846]
[ 96.686541] Memory state around the buggy address:
[ 96.691721] cac5aa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 96.698687] cac5aa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 96.705653] >cac5ab00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 96.712528] ^
[ 96.715382] cac5ab80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 96.722349] cac5ac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 96.729242] ==================================================================
[ 96.738725] kasan test: copy_user_test out-of-bounds in copy_from_user()
[ 96.746098] ==================================================================
[ 96.754226] BUG: KASAN: slab-out-of-bounds in copy_user_test+0xb8/0x320 [test_kasan]
[ 96.762485] Write of size 11 at addr cb681400 by task insmod/1456
[ 96.768900]
[ 96.770701] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 96.781081] Hardware name: Broadcom STB (Flattened Device Tree)
[ 96.787548] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 96.795911] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 96.803782] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 96.813088] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 96.823003] [<c02a7ab8>] (kasan_report) from [<bf004b28>] (copy_user_test+0xb8/0x320 [test_kasan])
[ 96.833378] [<bf004b28>] (copy_user_test [test_kasan]) from [<bf004df0>] (kmalloc_tests_init+0x60/0x270 [test_kasan])
[ 96.845096] [<bf004df0>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 96.855397] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 96.864191] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 96.872895] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 96.881531] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 96.890088]
[ 96.891791] Allocated by task 1456:
[ 96.895675] kmem_cache_alloc_trace+0xb4/0x170
[ 96.900843] copy_user_test+0x24/0x320 [test_kasan]
[ 96.906460] kmalloc_tests_init+0x60/0x270 [test_kasan]
[ 96.912077] do_one_initcall+0x60/0x1b0
[ 96.916276] do_init_module+0xd4/0x2cc
[ 96.920383] load_module+0x3110/0x3af0
[ 96.924497] SyS_init_module+0x19c/0x1d4
[ 96.928806] ret_fast_syscall+0x0/0x50
[ 96.932807]
[ 96.934506] Freed by task 0:
[ 96.937628] (stack is not available)
[ 96.941451]
[ 96.943204] The buggy address belongs to the object at cb681400
[ 96.943204] which belongs to the cache kmalloc-64 of size 64
[ 96.955538] The buggy address is located 0 bytes inside of
[ 96.955538] 64-byte region [cb681400, cb681440)
[ 96.966198] The buggy address belongs to the page:
[ 96.971339] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0
[ 96.978349] flags: 0x100(slab)
[ 96.981854] raw: 00000100 cb681000 00000000 00000020 00000001 ee962934 d000108c d0000000
[ 96.990439] page dumped because: kasan: bad access detected
[ 96.996321]
[ 96.998019] Memory state around the buggy address:
[ 97.003198] cb681300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.010164] cb681380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.017130] >cb681400: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.024006] ^
[ 97.027127] cb681480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.034095] cb681500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.040989] ==================================================================
[ 97.049167] kasan test: copy_user_test out-of-bounds in copy_to_user()
[ 97.056238] ==================================================================
[ 97.064369] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x15c/0x320 [test_kasan]
[ 97.072716] Read of size 11 at addr cb681400 by task insmod/1456
[ 97.079043]
[ 97.080842] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 97.091223] Hardware name: Broadcom STB (Flattened Device Tree)
[ 97.097690] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 97.106050] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 97.113921] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 97.123228] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 97.133145] [<c02a7ab8>] (kasan_report) from [<bf004bcc>] (copy_user_test+0x15c/0x320 [test_kasan])
[ 97.143608] [<bf004bcc>] (copy_user_test [test_kasan]) from [<bf004df0>] (kmalloc_tests_init+0x60/0x270 [test_kasan])
[ 97.155326] [<bf004df0>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 97.165628] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 97.174421] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 97.183124] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 97.191761] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 97.200319]
[ 97.202023] Allocated by task 1456:
[ 97.205910] kmem_cache_alloc_trace+0xb4/0x170
[ 97.211078] copy_user_test+0x24/0x320 [test_kasan]
[ 97.216695] kmalloc_tests_init+0x60/0x270 [test_kasan]
[ 97.222312] do_one_initcall+0x60/0x1b0
[ 97.226512] do_init_module+0xd4/0x2cc
[ 97.230619] load_module+0x3110/0x3af0
[ 97.234735] SyS_init_module+0x19c/0x1d4
[ 97.239041] ret_fast_syscall+0x0/0x50
[ 97.243046]
[ 97.244744] Freed by task 0:
[ 97.247862] (stack is not available)
[ 97.251685]
[ 97.253435] The buggy address belongs to the object at cb681400
[ 97.253435] which belongs to the cache kmalloc-64 of size 64
[ 97.265770] The buggy address is located 0 bytes inside of
[ 97.265770] 64-byte region [cb681400, cb681440)
[ 97.276428] The buggy address belongs to the page:
[ 97.281570] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0
[ 97.288581] flags: 0x100(slab)
[ 97.292085] raw: 00000100 cb681000 00000000 00000020 00000001 ee95e594 d000108c d0000000
[ 97.300671] page dumped because: kasan: bad access detected
[ 97.306552]
[ 97.308249] Memory state around the buggy address:
[ 97.313427] cb681300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.320393] cb681380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.327360] >cb681400: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.334235] ^
[ 97.337360] cb681480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.344326] cb681500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.351218] ==================================================================
[ 97.360461] kasan test: copy_user_test out-of-bounds in __copy_from_user()
[ 97.368031] ==================================================================
[ 97.376165] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x1b4/0x320 [test_kasan]
[ 97.384514] Write of size 11 at addr cb681400 by task insmod/1456
[ 97.390930]
[ 97.392727] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 97.403106] Hardware name: Broadcom STB (Flattened Device Tree)
[ 97.409574] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 97.417935] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 97.425805] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 97.435112] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 97.445028] [<c02a7ab8>] (kasan_report) from [<bf004c24>] (copy_user_test+0x1b4/0x320 [test_kasan])
[ 97.455492] [<bf004c24>] (copy_user_test [test_kasan]) from [<bf004df0>] (kmalloc_tests_init+0x60/0x270 [test_kasan])
[ 97.467205] [<bf004df0>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 97.477507] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 97.486302] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 97.495006] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 97.503641] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 97.512198]
[ 97.513901] Allocated by task 1456:
[ 97.517786] kmem_cache_alloc_trace+0xb4/0x170
[ 97.522950] copy_user_test+0x24/0x320 [test_kasan]
[ 97.528567] kmalloc_tests_init+0x60/0x270 [test_kasan]
[ 97.534184] do_one_initcall+0x60/0x1b0
[ 97.538383] do_init_module+0xd4/0x2cc
[ 97.542493] load_module+0x3110/0x3af0
[ 97.546606] SyS_init_module+0x19c/0x1d4
[ 97.550913] ret_fast_syscall+0x0/0x50
[ 97.554918]
[ 97.556619] Freed by task 0:
[ 97.559738] (stack is not available)
[ 97.563563]
[ 97.565314] The buggy address belongs to the object at cb681400
[ 97.565314] which belongs to the cache kmalloc-64 of size 64
[ 97.577659] The buggy address is located 0 bytes inside of
[ 97.577659] 64-byte region [cb681400, cb681440)
[ 97.588325] The buggy address belongs to the page:
[ 97.593471] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0
[ 97.600481] flags: 0x100(slab)
[ 97.603986] raw: 00000100 cb681000 00000000 00000020 00000001 ee95e594 d000108c d0000000
[ 97.612570] page dumped because: kasan: bad access detected
[ 97.618453]
[ 97.620148] Memory state around the buggy address:
[ 97.625327] cb681300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.632297] cb681380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.639263] >cb681400: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.646138] ^
[ 97.649262] cb681480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.656228] cb681500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.663121] ==================================================================
[ 97.671127] kasan test: copy_user_test out-of-bounds in __copy_to_user()
[ 97.678390] ==================================================================
[ 97.686523] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x204/0x320 [test_kasan]
[ 97.694873] Read of size 11 at addr cb681400 by task insmod/1456
[ 97.701201]
[ 97.703001] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 97.713382] Hardware name: Broadcom STB (Flattened Device Tree)
[ 97.719851] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 97.728211] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 97.736081] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 97.745390] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 97.755306] [<c02a7ab8>] (kasan_report) from [<bf004c74>] (copy_user_test+0x204/0x320 [test_kasan])
[ 97.765770] [<bf004c74>] (copy_user_test [test_kasan]) from [<bf004df0>] (kmalloc_tests_init+0x60/0x270 [test_kasan])
[ 97.777486] [<bf004df0>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 97.787789] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 97.796584] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 97.805287] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 97.813924] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 97.822480]
[ 97.824187] Allocated by task 1456:
[ 97.828073] kmem_cache_alloc_trace+0xb4/0x170
[ 97.833239] copy_user_test+0x24/0x320 [test_kasan]
[ 97.838857] kmalloc_tests_init+0x60/0x270 [test_kasan]
[ 97.844473] do_one_initcall+0x60/0x1b0
[ 97.848673] do_init_module+0xd4/0x2cc
[ 97.852783] load_module+0x3110/0x3af0
[ 97.856898] SyS_init_module+0x19c/0x1d4
[ 97.861205] ret_fast_syscall+0x0/0x50
[ 97.865208]
[ 97.866905] Freed by task 0:
[ 97.870024] (stack is not available)
[ 97.873846]
[ 97.875597] The buggy address belongs to the object at cb681400
[ 97.875597] which belongs to the cache kmalloc-64 of size 64
[ 97.887930] The buggy address is located 0 bytes inside of
[ 97.887930] 64-byte region [cb681400, cb681440)
[ 97.898589] The buggy address belongs to the page:
[ 97.903730] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0
[ 97.910741] flags: 0x100(slab)
[ 97.914246] raw: 00000100 cb681000 00000000 00000020 00000001 ee95e594 d000108c d0000000
[ 97.922832] page dumped because: kasan: bad access detected
[ 97.928713]
[ 97.930407] Memory state around the buggy address:
[ 97.935586] cb681300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.942551] cb681380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.949520] >cb681400: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.956395] ^
[ 97.959520] cb681480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.966486] cb681500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.973379] ==================================================================
[ 97.981357] kasan test: copy_user_test out-of-bounds in __copy_from_user_inatomic()
[ 97.989682] ==================================================================
[ 97.997814] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x254/0x320 [test_kasan]
[ 98.006164] Write of size 11 at addr cb681400 by task insmod/1456
[ 98.012579]
[ 98.014377] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 98.024756] Hardware name: Broadcom STB (Flattened Device Tree)
[ 98.031223] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 98.039584] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 98.047456] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 98.056762] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 98.066678] [<c02a7ab8>] (kasan_report) from [<bf004cc4>] (copy_user_test+0x254/0x320 [test_kasan])
[ 98.077142] [<bf004cc4>] (copy_user_test [test_kasan]) from [<bf004df0>] (kmalloc_tests_init+0x60/0x270 [test_kasan])
[ 98.088855] [<bf004df0>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 98.099157] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 98.107950] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 98.116652] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 98.125287] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 98.133847]
[ 98.135550] Allocated by task 1456:
[ 98.139436] kmem_cache_alloc_trace+0xb4/0x170
[ 98.144603] copy_user_test+0x24/0x320 [test_kasan]
[ 98.150222] kmalloc_tests_init+0x60/0x270 [test_kasan]
[ 98.155839] do_one_initcall+0x60/0x1b0
[ 98.160039] do_init_module+0xd4/0x2cc
[ 98.164148] load_module+0x3110/0x3af0
[ 98.168263] SyS_init_module+0x19c/0x1d4
[ 98.172571] ret_fast_syscall+0x0/0x50
[ 98.176573]
[ 98.178272] Freed by task 0:
[ 98.181392] (stack is not available)
[ 98.185216]
[ 98.186968] The buggy address belongs to the object at cb681400
[ 98.186968] which belongs to the cache kmalloc-64 of size 64
[ 98.199302] The buggy address is located 0 bytes inside of
[ 98.199302] 64-byte region [cb681400, cb681440)
[ 98.209962] The buggy address belongs to the page:
[ 98.215104] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0
[ 98.222112] flags: 0x100(slab)
[ 98.225617] raw: 00000100 cb681000 00000000 00000020 00000001 ee95e594 d000108c d0000000
[ 98.234202] page dumped because: kasan: bad access detected
[ 98.240083]
[ 98.241781] Memory state around the buggy address:
[ 98.246961] cb681300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.253927] cb681380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.260893] >cb681400: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.267771] ^
[ 98.270894] cb681480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.277861] cb681500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.284757] ==================================================================
[ 98.292719] kasan test: copy_user_test out-of-bounds in __copy_to_user_inatomic()
[ 98.301045] ==================================================================
[ 98.309179] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x2a4/0x320 [test_kasan]
[ 98.317528] Read of size 11 at addr cb681400 by task insmod/1456
[ 98.323855]
[ 98.325656] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 98.336036] Hardware name: Broadcom STB (Flattened Device Tree)
[ 98.342505] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 98.350868] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 98.358741] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 98.368048] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 98.377965] [<c02a7ab8>] (kasan_report) from [<bf004d14>] (copy_user_test+0x2a4/0x320 [test_kasan])
[ 98.388429] [<bf004d14>] (copy_user_test [test_kasan]) from [<bf004df0>] (kmalloc_tests_init+0x60/0x270 [test_kasan])
[ 98.400144] [<bf004df0>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 98.410445] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 98.419240] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 98.427942] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 98.436578] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 98.445137]
[ 98.446840] Allocated by task 1456:
[ 98.450726] kmem_cache_alloc_trace+0xb4/0x170
[ 98.455893] copy_user_test+0x24/0x320 [test_kasan]
[ 98.461510] kmalloc_tests_init+0x60/0x270 [test_kasan]
[ 98.467126] do_one_initcall+0x60/0x1b0
[ 98.471326] do_init_module+0xd4/0x2cc
[ 98.475437] load_module+0x3110/0x3af0
[ 98.479551] SyS_init_module+0x19c/0x1d4
[ 98.483860] ret_fast_syscall+0x0/0x50
[ 98.487864]
[ 98.489563] Freed by task 0:
[ 98.492683] (stack is not available)
[ 98.496507]
[ 98.498258] The buggy address belongs to the object at cb681400
[ 98.498258] which belongs to the cache kmalloc-64 of size 64
[ 98.510593] The buggy address is located 0 bytes inside of
[ 98.510593] 64-byte region [cb681400, cb681440)
[ 98.521253] The buggy address belongs to the page:
[ 98.526394] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0
[ 98.533404] flags: 0x100(slab)
[ 98.536906] raw: 00000100 cb681000 00000000 00000020 00000001 ee95e594 d000108c d0000000
[ 98.545491] page dumped because: kasan: bad access detected
[ 98.551370]
[ 98.553066] Memory state around the buggy address:
[ 98.558246] cb681300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.565213] cb681380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.572179] >cb681400: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.579054] ^
[ 98.582177] cb681480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.589144] cb681500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.596038] ==================================================================
[ 98.604200] kasan test: copy_user_test out-of-bounds in strncpy_from_user()
[ 98.611705] ==================================================================
[ 98.619495] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x58/0x1e4
[ 98.626782] Write of size 11 at addr cb681400 by task insmod/1456
[ 98.633196]
[ 98.634993] CPU: 2 PID: 1456 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #27
[ 98.645374] Hardware name: Broadcom STB (Flattened Device Tree)
[ 98.651841] [<c01157c0>] (unwind_backtrace) from [<c010f118>] (show_stack+0x10/0x14)
[ 98.660204] [<c010f118>] (show_stack) from [<c0b85908>] (dump_stack+0x90/0xa4)
[ 98.668075] [<c0b85908>] (dump_stack) from [<c02a73b4>] (print_address_description+0x50/0x24c)
[ 98.677381] [<c02a73b4>] (print_address_description) from [<c02a7ab8>] (kasan_report+0x238/0x324)
[ 98.686951] [<c02a7ab8>] (kasan_report) from [<c05bbf68>] (strncpy_from_user+0x58/0x1e4)
[ 98.696085] [<c05bbf68>] (strncpy_from_user) from [<bf004d68>] (copy_user_test+0x2f8/0x320 [test_kasan])
[ 98.706998] [<bf004d68>] (copy_user_test [test_kasan]) from [<bf004df0>] (kmalloc_tests_init+0x60/0x270 [test_kasan])
[ 98.718716] [<bf004df0>] (kmalloc_tests_init [test_kasan]) from [<c0101f54>] (do_one_initcall+0x60/0x1b0)
[ 98.729018] [<c0101f54>] (do_one_initcall) from [<c01dcfc8>] (do_init_module+0xd4/0x2cc)
[ 98.737812] [<c01dcfc8>] (do_init_module) from [<c01dbad8>] (load_module+0x3110/0x3af0)
[ 98.746516] [<c01dbad8>] (load_module) from [<c01dc654>] (SyS_init_module+0x19c/0x1d4)
[ 98.755152] [<c01dc654>] (SyS_init_module) from [<c0109800>] (ret_fast_syscall+0x0/0x50)
[ 98.763710]
[ 98.765413] Allocated by task 1456:
[ 98.769299] kmem_cache_alloc_trace+0xb4/0x170
[ 98.774466] copy_user_test+0x24/0x320 [test_kasan]
[ 98.780083] kmalloc_tests_init+0x60/0x270 [test_kasan]
[ 98.785700] do_one_initcall+0x60/0x1b0
[ 98.789900] do_init_module+0xd4/0x2cc
[ 98.794010] load_module+0x3110/0x3af0
[ 98.798124] SyS_init_module+0x19c/0x1d4
[ 98.802433] ret_fast_syscall+0x0/0x50
[ 98.806436]
[ 98.808135] Freed by task 0:
[ 98.811258] (stack is not available)
[ 98.815081]
[ 98.816834] The buggy address belongs to the object at cb681400
[ 98.816834] which belongs to the cache kmalloc-64 of size 64
[ 98.829169] The buggy address is located 0 bytes inside of
[ 98.829169] 64-byte region [cb681400, cb681440)
[ 98.839829] The buggy address belongs to the page:
[ 98.844971] page:ee965020 count:1 mapcount:0 mapping:cb681000 index:0x0
[ 98.851979] flags: 0x100(slab)
[ 98.855484] raw: 00000100 cb681000 00000000 00000020 00000001 ee95e594 d000108c d0000000
[ 98.864067] page dumped because: kasan: bad access detected
[ 98.869950]
[ 98.871644] Memory state around the buggy address:
[ 98.876824] cb681300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.883790] cb681380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.890756] >cb681400: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.897632] ^
[ 98.900753] cb681480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.907720] cb681500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 98.914615] ==================================================================
[ 98.924518] kasan test: use_after_scope_test use-after-scope on int
[ 98.931329] kasan test: use_after_scope_test use-after-scope on array
insmod: can't insert 'test_kasan.ko': Resource temporarily unavailable
diff --git a/arch/arm/boot/compressed/decompress.c b/arch/arm/boot/compressed/decompress.c
index f3a4bedd1afc..7d4a47752760 100644
--- a/arch/arm/boot/compressed/decompress.c
+++ b/arch/arm/boot/compressed/decompress.c
@@ -48,8 +48,10 @@ extern int memcmp(const void *cs, const void *ct, size_t count);
#endif
#ifdef CONFIG_KERNEL_XZ
+#ifndef CONFIG_KASAN
#define memmove memmove
#define memcpy memcpy
+#endif
#include "../../../../lib/decompress_unxz.c"
#endif
diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
index 99c908226065..0de1160d136e 100644
--- a/arch/arm/kernel/entry-common.S
+++ b/arch/arm/kernel/entry-common.S
@@ -50,7 +50,13 @@ ret_fast_syscall:
UNWIND(.cantunwind )
disable_irq_notrace @ disable interrupts
ldr r2, [tsk, #TI_ADDR_LIMIT]
+#ifdef CONFIG_KASAN
+ movw r1, #:lower16:TASK_SIZE
+ movt r1, #:upper16:TASK_SIZE
+ cmp r2, r1
+#else
cmp r2, #TASK_SIZE
+#endif
blne addr_limit_check_failed
ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall tracing
tst r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK
@@ -115,7 +121,13 @@ ret_slow_syscall:
disable_irq_notrace @ disable interrupts
ENTRY(ret_to_user_from_irq)
ldr r2, [tsk, #TI_ADDR_LIMIT]
+#ifdef CONFIG_KASAN
+ movw r1, #:lower16:TASK_SIZE
+ movt r1, #:upper16:TASK_SIZE
+ cmp r2, r1
+#else
cmp r2, #TASK_SIZE
+#endif
blne addr_limit_check_failed
ldr r1, [tsk, #TI_FLAGS]
tst r1, #_TIF_WORK_MASK
test_kasan.ko
# insmod test_kasan.ko
[ 101.420931] test_kasan: no symbol version for module_layout
[ 101.470457] kasan test: kmalloc_oob_right out-of-bounds to right
[ 101.477653] ==================================================================
[ 101.485794] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x54/0x6c [test_kasan]
[ 101.494242] Write of size 1 at addr cb7dcdfb by task insmod/1453
[ 101.500584]
[ 101.502400] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 101.512802] Hardware name: Broadcom STB (Flattened Device Tree)
[ 101.519288] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 101.527663] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 101.535547] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 101.544868] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 101.554822] [<c03a838c>] (kasan_report) from [<bf0041bc>] (kmalloc_oob_right+0x54/0x6c [test_kasan])
[ 101.565384] [<bf0041bc>] (kmalloc_oob_right [test_kasan]) from [<bf004cb4>] (kmalloc_tests_init+0x10/0x35c [test_kasan])
[ 101.577390] [<bf004cb4>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 101.587716] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 101.596532] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 101.605249] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 101.613918] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 101.622490]
[ 101.624203] Allocated by task 1453:
[ 101.628107] kmem_cache_alloc_trace+0xb4/0x170
[ 101.633291] kmalloc_oob_right+0x30/0x6c [test_kasan]
[ 101.639099] kmalloc_tests_init+0x10/0x35c [test_kasan]
[ 101.644726] do_one_initcall+0x60/0x1b0
[ 101.648937] do_init_module+0xd4/0x2cc
[ 101.653057] load_module+0x3110/0x3af0
[ 101.657178] SyS_init_module+0x184/0x1bc
[ 101.661500] ret_fast_syscall+0x0/0x48
[ 101.665511]
[ 101.667219] Freed by task 0:
[ 101.670362] (stack is not available)
[ 101.674201]
[ 101.675972] The buggy address belongs to the object at cb7dcd80
[ 101.675972] which belongs to the cache kmalloc-128 of size 128
[ 101.688518] The buggy address is located 123 bytes inside of
[ 101.688518] 128-byte region [cb7dcd80, cb7dce00)
[ 101.699465] The buggy address belongs to the page:
[ 101.704622] page:ee967b80 count:1 mapcount:0 mapping:cb7dc000 index:0x0
[ 101.711646] flags: 0x100(slab)
[ 101.715164] raw: 00000100 cb7dc000 00000000 00000015 00000001 ee96b514 ee95e8f4 d00000c0
[ 101.723765] page dumped because: kasan: bad access detected
[ 101.729653]
[ 101.731366] Memory state around the buggy address:
[ 101.736565] cb7dcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 101.743559] cb7dcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 101.750547] >cb7dcd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03
[ 101.757462] ^
[ 101.764367] cb7dce00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 101.771363] cb7dce80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 101.778274] ==================================================================
[ 101.786797] kasan test: kmalloc_oob_left out-of-bounds to left
[ 101.793807] ==================================================================
[ 101.801963] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x54/0x74 [test_kasan]
[ 101.810337] Read of size 1 at addr cb18227f by task insmod/1453
[ 101.816588]
[ 101.818405] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 101.828800] Hardware name: Broadcom STB (Flattened Device Tree)
[ 101.835292] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 101.843683] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 101.851578] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 101.860909] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 101.870850] [<c03a838c>] (kasan_report) from [<bf004228>] (kmalloc_oob_left+0x54/0x74 [test_kasan])
[ 101.881361] [<bf004228>] (kmalloc_oob_left [test_kasan]) from [<bf004cb8>] (kmalloc_tests_init+0x14/0x35c [test_kasan])
[ 101.893292] [<bf004cb8>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 101.903621] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 101.912438] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 101.921154] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 101.929822] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 101.938404]
[ 101.940113] Allocated by task 0:
[ 101.943601] (stack is not available)
[ 101.947442]
[ 101.949150] Freed by task 0:
[ 101.952288] (stack is not available)
[ 101.956127]
[ 101.957888] The buggy address belongs to the object at cb182200
[ 101.957888] which belongs to the cache kmalloc-64 of size 64
[ 101.970258] The buggy address is located 63 bytes to the right of
[ 101.970258] 64-byte region [cb182200, cb182240)
[ 101.981570] The buggy address belongs to the page:
[ 101.986721] page:ee95b040 count:1 mapcount:0 mapping:cb182000 index:0x0
[ 101.993742] flags: 0x100(slab)
[ 101.997267] raw: 00000100 cb182000 00000000 00000020 00000001 ee9616f4 ee95e894 d0000000
[ 102.005866] page dumped because: kasan: bad access detected
[ 102.011758]
[ 102.013467] Memory state around the buggy address:
[ 102.018660] cb182100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.025646] cb182180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.032634] >cb182200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.039547] ^
[ 102.046443] cb182280: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.053430] cb182300: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.060342] ==================================================================
[ 102.068609] kasan test: kmalloc_node_oob_right kmalloc_node(): out-of-bounds to right
[ 102.077848] ==================================================================
[ 102.085999] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x58/0x70 [test_kasan]
[ 102.094898] Write of size 1 at addr cac85900 by task insmod/1453
[ 102.101237]
[ 102.103055] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 102.113456] Hardware name: Broadcom STB (Flattened Device Tree)
[ 102.119943] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 102.128327] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 102.136222] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 102.145567] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 102.155516] [<c03a838c>] (kasan_report) from [<bf0042a0>] (kmalloc_node_oob_right+0x58/0x70 [test_kasan])
[ 102.166571] [<bf0042a0>] (kmalloc_node_oob_right [test_kasan]) from [<bf004cbc>] (kmalloc_tests_init+0x18/0x35c [test_kasan])
[ 102.179031] [<bf004cbc>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 102.189356] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 102.198161] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 102.206895] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 102.215558] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 102.224126]
[ 102.225841] Allocated by task 1453:
[ 102.229744] kmem_cache_alloc_trace+0xb4/0x170
[ 102.234940] kmalloc_node_oob_right+0x30/0x70 [test_kasan]
[ 102.241200] kmalloc_tests_init+0x18/0x35c [test_kasan]
[ 102.246837] do_one_initcall+0x60/0x1b0
[ 102.251047] do_init_module+0xd4/0x2cc
[ 102.255165] load_module+0x3110/0x3af0
[ 102.259299] SyS_init_module+0x184/0x1bc
[ 102.263637] ret_fast_syscall+0x0/0x48
[ 102.267651]
[ 102.269367] Freed by task 0:
[ 102.272498] (stack is not available)
[ 102.276338]
[ 102.278107] The buggy address belongs to the object at cac84900
[ 102.278107] which belongs to the cache kmalloc-4096 of size 4096
[ 102.290832] The buggy address is located 0 bytes to the right of
[ 102.290832] 4096-byte region [cac84900, cac85900)
[ 102.302216] The buggy address belongs to the page:
[ 102.307378] page:ee951080 count:1 mapcount:0 mapping:cac84900 index:0x0 compound_mapcount: 0
[ 102.316392] flags: 0x8100(slab|head)
[ 102.320445] raw: 00008100 cac84900 00000000 00000001 00000001 ee95e754 d000140c d0000540
[ 102.329029] page dumped because: kasan: bad access detected
[ 102.334909]
[ 102.336608] Memory state around the buggy address:
[ 102.341793] cac85800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 102.348763] cac85880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 102.355733] >cac85900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.362612] ^
[ 102.365479] cac85980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.372454] cac85a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.379362] ==================================================================
[ 102.387622] kasan test: kmalloc_large_oob_right kmalloc large allocation: out-of-bounds to right
[ 102.424790] ==================================================================
[ 102.432931] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x60/0x78 [test_kasan]
[ 102.441905] Write of size 1 at addr cabfff00 by task insmod/1453
[ 102.448239]
[ 102.450050] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 102.460444] Hardware name: Broadcom STB (Flattened Device Tree)
[ 102.466913] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 102.475282] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 102.483161] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 102.492489] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 102.502413] [<c03a838c>] (kasan_report) from [<bf004318>] (kmalloc_large_oob_right+0x60/0x78 [test_kasan])
[ 102.513523] [<bf004318>] (kmalloc_large_oob_right [test_kasan]) from [<bf004cc0>] (kmalloc_tests_init+0x1c/0x35c [test_kasan])
[ 102.526051] [<bf004cc0>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 102.536368] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 102.545162] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 102.553890] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 102.562544] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 102.571104]
[ 102.572865] The buggy address belongs to the object at ca800000
[ 102.572865] which belongs to the cache kmalloc-4194304 of size 4194304
[ 102.586109] The buggy address is located 4194048 bytes inside of
[ 102.586109] 4194304-byte region [ca800000, cac00000)
[ 102.597768] The buggy address belongs to the page:
[ 102.602912] page:ee948000 count:1 mapcount:0 mapping:ca800000 index:0x0 compound_mapcount: 0
[ 102.611915] flags: 0x8100(slab|head)
[ 102.615955] raw: 00008100 ca800000 00000000 00000001 00000001 d000190c d000190c d0000cc0
[ 102.624552] page dumped because: kasan: bad access detected
[ 102.630442]
[ 102.632138] Memory state around the buggy address:
[ 102.637332] cabffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 102.644311] cabffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 102.651291] >cabfff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.658173] ^
[ 102.661035] cabfff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.668002] cac00000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.674899] ==================================================================
[ 102.688490] kasan test: kmalloc_oob_krealloc_more out-of-bounds after krealloc more
[ 102.697666] ==================================================================
[ 102.705816] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_krealloc_more+0x78/0x90 [test_kasan]
[ 102.714971] Write of size 1 at addr cb182213 by task insmod/1453
[ 102.721310]
[ 102.723113] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 102.733503] Hardware name: Broadcom STB (Flattened Device Tree)
[ 102.739971] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 102.748348] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 102.756226] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 102.765561] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 102.775491] [<c03a838c>] (kasan_report) from [<bf004558>] (kmalloc_oob_krealloc_more+0x78/0x90 [test_kasan])
[ 102.786776] [<bf004558>] (kmalloc_oob_krealloc_more [test_kasan]) from [<bf004cc4>] (kmalloc_tests_init+0x20/0x35c [test_kasan])
[ 102.799486] [<bf004cc4>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 102.809801] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 102.818603] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 102.827313] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 102.835959] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 102.844530]
[ 102.846238] Allocated by task 1453:
[ 102.850081] krealloc+0x44/0xc8
[ 102.853917] kmalloc_oob_krealloc_more+0x44/0x90 [test_kasan]
[ 102.860440] kmalloc_tests_init+0x20/0x35c [test_kasan]
[ 102.866057] do_one_initcall+0x60/0x1b0
[ 102.870262] do_init_module+0xd4/0x2cc
[ 102.874395] load_module+0x3110/0x3af0
[ 102.878519] SyS_init_module+0x184/0x1bc
[ 102.882826] ret_fast_syscall+0x0/0x48
[ 102.886831]
[ 102.888530] Freed by task 0:
[ 102.891651] (stack is not available)
[ 102.895483]
[ 102.897239] The buggy address belongs to the object at cb182200
[ 102.897239] which belongs to the cache kmalloc-64 of size 64
[ 102.909599] The buggy address is located 19 bytes inside of
[ 102.909599] 64-byte region [cb182200, cb182240)
[ 102.920360] The buggy address belongs to the page:
[ 102.925516] page:ee95b040 count:1 mapcount:0 mapping:cb182000 index:0x0
[ 102.932541] flags: 0x100(slab)
[ 102.936045] raw: 00000100 cb182000 00000000 00000020 00000001 ee9616f4 ee95e894 d0000000
[ 102.944642] page dumped because: kasan: bad access detected
[ 102.950530]
[ 102.952228] Memory state around the buggy address:
[ 102.957429] cb182100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.964408] cb182180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.971391] >cb182200: 00 00 03 fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.978279] ^
[ 102.981678] cb182280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 102.988653] cb182300: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 102.995558] ==================================================================
[ 103.003661] kasan test: kmalloc_oob_krealloc_less out-of-bounds after krealloc less
[ 103.012824] ==================================================================
[ 103.020973] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_krealloc_less+0x78/0x90 [test_kasan]
[ 103.030125] Write of size 1 at addr cb18218f by task insmod/1453
[ 103.036467]
[ 103.038272] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 103.048670] Hardware name: Broadcom STB (Flattened Device Tree)
[ 103.055136] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 103.063511] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 103.071394] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 103.080712] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 103.090645] [<c03a838c>] (kasan_report) from [<bf0045e8>] (kmalloc_oob_krealloc_less+0x78/0x90 [test_kasan])
[ 103.101928] [<bf0045e8>] (kmalloc_oob_krealloc_less [test_kasan]) from [<bf004cc8>] (kmalloc_tests_init+0x24/0x35c [test_kasan])
[ 103.114640] [<bf004cc8>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 103.124951] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 103.133754] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 103.142470] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 103.151105] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 103.159673]
[ 103.161390] Allocated by task 1453:
[ 103.165227] krealloc+0x44/0xc8
[ 103.169068] kmalloc_oob_krealloc_less+0x44/0x90 [test_kasan]
[ 103.175589] kmalloc_tests_init+0x24/0x35c [test_kasan]
[ 103.181207] do_one_initcall+0x60/0x1b0
[ 103.185433] do_init_module+0xd4/0x2cc
[ 103.189553] load_module+0x3110/0x3af0
[ 103.193669] SyS_init_module+0x184/0x1bc
[ 103.197976] ret_fast_syscall+0x0/0x48
[ 103.201980]
[ 103.203680] Freed by task 0:
[ 103.206803] (stack is not available)
[ 103.210628]
[ 103.212393] The buggy address belongs to the object at cb182180
[ 103.212393] which belongs to the cache kmalloc-64 of size 64
[ 103.224742] The buggy address is located 15 bytes inside of
[ 103.224742] 64-byte region [cb182180, cb1821c0)
[ 103.235500] The buggy address belongs to the page:
[ 103.240643] page:ee95b040 count:1 mapcount:0 mapping:cb182000 index:0x0
[ 103.247654] flags: 0x100(slab)
[ 103.251157] raw: 00000100 cb182000 00000000 00000020 00000001 ee9616f4 ee95e894 d0000000
[ 103.259751] page dumped because: kasan: bad access detected
[ 103.265634]
[ 103.267341] Memory state around the buggy address:
[ 103.272534] cb182080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 103.279513] cb182100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 103.286490] >cb182180: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 103.293378] ^
[ 103.296513] cb182200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 103.303491] cb182280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 103.310398] ==================================================================
[ 103.318645] kasan test: kmalloc_oob_16 kmalloc out-of-bounds for 16-bytes access
[ 103.327807] ==================================================================
[ 103.335944] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x78/0xa4 [test_kasan]
[ 103.344114] Write of size 16 at addr cb182100 by task insmod/1453
[ 103.350539]
[ 103.352353] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 103.362746] Hardware name: Broadcom STB (Flattened Device Tree)
[ 103.369218] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 103.377603] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 103.385493] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 103.394819] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 103.404740] [<c03a838c>] (kasan_report) from [<bf0043a8>] (kmalloc_oob_16+0x78/0xa4 [test_kasan])
[ 103.415029] [<bf0043a8>] (kmalloc_oob_16 [test_kasan]) from [<bf004ccc>] (kmalloc_tests_init+0x28/0x35c [test_kasan])
[ 103.426756] [<bf004ccc>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 103.437058] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 103.445862] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 103.454577] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 103.463215] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 103.471786]
[ 103.473494] Allocated by task 1453:
[ 103.477395] kmem_cache_alloc_trace+0xb4/0x170
[ 103.482566] kmalloc_oob_16+0x30/0xa4 [test_kasan]
[ 103.488094] kmalloc_tests_init+0x28/0x35c [test_kasan]
[ 103.493713] do_one_initcall+0x60/0x1b0
[ 103.497913] do_init_module+0xd4/0x2cc
[ 103.502021] load_module+0x3110/0x3af0
[ 103.506136] SyS_init_module+0x184/0x1bc
[ 103.510456] ret_fast_syscall+0x0/0x48
[ 103.514471]
[ 103.516172] Freed by task 0:
[ 103.519309] (stack is not available)
[ 103.523140]
[ 103.524896] The buggy address belongs to the object at cb182100
[ 103.524896] which belongs to the cache kmalloc-64 of size 64
[ 103.537236] The buggy address is located 0 bytes inside of
[ 103.537236] 64-byte region [cb182100, cb182140)
[ 103.547910] The buggy address belongs to the page:
[ 103.553051] page:ee95b040 count:1 mapcount:0 mapping:cb182000 index:0x0
[ 103.560062] flags: 0x100(slab)
[ 103.563577] raw: 00000100 cb182000 00000000 00000020 00000001 ee9616f4 ee95e894 d0000000
[ 103.572163] page dumped because: kasan: bad access detected
[ 103.578051]
[ 103.579751] Memory state around the buggy address:
[ 103.584932] cb182000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 103.591900] cb182080: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 103.598867] >cb182100: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 103.605744] ^
[ 103.608868] cb182180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 103.615834] cb182200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 103.622729] ==================================================================
[ 103.631013] kasan test: kmalloc_oob_in_memset out-of-bounds in memset
[ 103.638659] ==================================================================
[ 103.646828] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x58/0x68 [test_kasan]
[ 103.655638] Write of size 671 at addr cad5db40 by task insmod/1453
[ 103.662145]
[ 103.663946] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 103.674342] Hardware name: Broadcom STB (Flattened Device Tree)
[ 103.680815] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 103.689177] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 103.697056] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 103.706378] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 103.715985] [<c03a838c>] (kasan_report) from [<c03a7430>] (memset+0x20/0x34)
[ 103.724003] [<c03a7430>] (memset) from [<bf004658>] (kmalloc_oob_in_memset+0x58/0x68 [test_kasan])
[ 103.734395] [<bf004658>] (kmalloc_oob_in_memset [test_kasan]) from [<bf004cd0>] (kmalloc_tests_init+0x2c/0x35c [test_kasan])
[ 103.746745] [<bf004cd0>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 103.757048] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 103.765852] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 103.774567] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 103.783205] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 103.791774]
[ 103.793484] Allocated by task 1453:
[ 103.797385] kmem_cache_alloc_trace+0xb4/0x170
[ 103.802562] kmalloc_oob_in_memset+0x30/0x68 [test_kasan]
[ 103.808729] kmalloc_tests_init+0x2c/0x35c [test_kasan]
[ 103.814363] do_one_initcall+0x60/0x1b0
[ 103.818573] do_init_module+0xd4/0x2cc
[ 103.822681] load_module+0x3110/0x3af0
[ 103.826796] SyS_init_module+0x184/0x1bc
[ 103.831103] ret_fast_syscall+0x0/0x48
[ 103.835108]
[ 103.836808] Freed by task 0:
[ 103.839930] (stack is not available)
[ 103.843754]
[ 103.845519] The buggy address belongs to the object at cad5db40
[ 103.845519] which belongs to the cache kmalloc-1024 of size 1024
[ 103.858218] The buggy address is located 0 bytes inside of
[ 103.858218] 1024-byte region [cad5db40, cad5df40)
[ 103.869071] The buggy address belongs to the page:
[ 103.874215] page:ee952b80 count:1 mapcount:0 mapping:cad5c040 index:0x0 compound_mapcount: 0
[ 103.883237] flags: 0x8100(slab|head)
[ 103.887289] raw: 00008100 cad5c040 00000000 00000007 00000001 ee950f14 d000130c d00003c0
[ 103.895881] page dumped because: kasan: bad access detected
[ 103.901763]
[ 103.903466] Memory state around the buggy address:
[ 103.908650] cad5dc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 103.915629] cad5dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 103.922609] >cad5dd80: 00 00 00 00 00 00 00 00 00 00 00 02 fc fc fc fc
[ 103.929513] ^
[ 103.935333] cad5de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 103.942308] cad5de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 103.949208] ==================================================================
[ 103.957453] kasan test: kmalloc_oob_memset_2 out-of-bounds in memset2
[ 103.964912] ==================================================================
[ 103.973051] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x5c/0x6c [test_kasan]
[ 103.981764] Write of size 2 at addr cb182007 by task insmod/1453
[ 103.988094]
[ 103.989893] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 104.000283] Hardware name: Broadcom STB (Flattened Device Tree)
[ 104.006766] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 104.015128] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 104.023002] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 104.032322] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 104.041940] [<c03a838c>] (kasan_report) from [<c03a7430>] (memset+0x20/0x34)
[ 104.049960] [<c03a7430>] (memset) from [<bf0046c4>] (kmalloc_oob_memset_2+0x5c/0x6c [test_kasan])
[ 104.060258] [<bf0046c4>] (kmalloc_oob_memset_2 [test_kasan]) from [<bf004cd4>] (kmalloc_tests_init+0x30/0x35c [test_kasan])
[ 104.072531] [<bf004cd4>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 104.082847] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 104.091650] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 104.100363] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 104.109000] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 104.117570]
[ 104.119284] Allocated by task 1453:
[ 104.123180] kmem_cache_alloc_trace+0xb4/0x170
[ 104.128367] kmalloc_oob_memset_2+0x30/0x6c [test_kasan]
[ 104.134442] kmalloc_tests_init+0x30/0x35c [test_kasan]
[ 104.140061] do_one_initcall+0x60/0x1b0
[ 104.144269] do_init_module+0xd4/0x2cc
[ 104.148402] load_module+0x3110/0x3af0
[ 104.152529] SyS_init_module+0x184/0x1bc
[ 104.156837] ret_fast_syscall+0x0/0x48
[ 104.160841]
[ 104.162543] Freed by task 0:
[ 104.165664] (stack is not available)
[ 104.169498]
[ 104.171259] The buggy address belongs to the object at cb182000
[ 104.171259] which belongs to the cache kmalloc-64 of size 64
[ 104.183618] The buggy address is located 7 bytes inside of
[ 104.183618] 64-byte region [cb182000, cb182040)
[ 104.194288] The buggy address belongs to the page:
[ 104.199448] page:ee95b040 count:1 mapcount:0 mapping:cb182000 index:0x0
[ 104.206472] flags: 0x100(slab)
[ 104.209977] raw: 00000100 cb182000 00000000 00000020 00000001 ee9616f4 ee95e894 d0000000
[ 104.218573] page dumped because: kasan: bad access detected
[ 104.224470]
[ 104.226169] Memory state around the buggy address:
[ 104.231367] cb181f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 104.238348] cb181f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 104.245324] >cb182000: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 104.252205] ^
[ 104.255354] cb182080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 104.262336] cb182100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 104.269235] ==================================================================
[ 104.277474] kasan test: kmalloc_oob_memset_4 out-of-bounds in memset4
[ 104.284953] ==================================================================
[ 104.293092] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x5c/0x6c [test_kasan]
[ 104.301799] Write of size 4 at addr cb183f85 by task insmod/1453
[ 104.308129]
[ 104.309928] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 104.320321] Hardware name: Broadcom STB (Flattened Device Tree)
[ 104.326799] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 104.335164] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 104.343045] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 104.352366] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 104.361979] [<c03a838c>] (kasan_report) from [<c03a7430>] (memset+0x20/0x34)
[ 104.369999] [<c03a7430>] (memset) from [<bf004730>] (kmalloc_oob_memset_4+0x5c/0x6c [test_kasan])
[ 104.380298] [<bf004730>] (kmalloc_oob_memset_4 [test_kasan]) from [<bf004cd8>] (kmalloc_tests_init+0x34/0x35c [test_kasan])
[ 104.392567] [<bf004cd8>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 104.402884] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 104.411686] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 104.420399] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 104.429038] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 104.437608]
[ 104.439329] Allocated by task 1453:
[ 104.443220] kmem_cache_alloc_trace+0xb4/0x170
[ 104.448408] kmalloc_oob_memset_4+0x30/0x6c [test_kasan]
[ 104.454482] kmalloc_tests_init+0x34/0x35c [test_kasan]
[ 104.460099] do_one_initcall+0x60/0x1b0
[ 104.464310] do_init_module+0xd4/0x2cc
[ 104.468438] load_module+0x3110/0x3af0
[ 104.472562] SyS_init_module+0x184/0x1bc
[ 104.476870] ret_fast_syscall+0x0/0x48
[ 104.480875]
[ 104.482577] Freed by task 0:
[ 104.485698] (stack is not available)
[ 104.489525]
[ 104.491284] The buggy address belongs to the object at cb183f80
[ 104.491284] which belongs to the cache kmalloc-64 of size 64
[ 104.503637] The buggy address is located 5 bytes inside of
[ 104.503637] 64-byte region [cb183f80, cb183fc0)
[ 104.514309] The buggy address belongs to the page:
[ 104.519465] page:ee95b060 count:1 mapcount:0 mapping:cb183000 index:0x0
[ 104.526484] flags: 0x100(slab)
[ 104.529989] raw: 00000100 cb183000 00000000 00000020 00000001 ee95e894 d000108c d0000000
[ 104.538585] page dumped because: kasan: bad access detected
[ 104.544480]
[ 104.546178] Memory state around the buggy address:
[ 104.551378] cb183e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 104.558360] cb183f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 104.565341] >cb183f80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 104.572221] ^
[ 104.575366] cb184000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 104.582349] cb184080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 104.589249] ==================================================================
[ 104.597495] kasan test: kmalloc_oob_memset_8 out-of-bounds in memset8
[ 104.604928] ==================================================================
[ 104.613072] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x5c/0x6c [test_kasan]
[ 104.621782] Write of size 8 at addr cb183f01 by task insmod/1453
[ 104.628110]
[ 104.629909] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 104.640299] Hardware name: Broadcom STB (Flattened Device Tree)
[ 104.646779] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 104.655142] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 104.663017] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 104.672337] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 104.681949] [<c03a838c>] (kasan_report) from [<c03a7430>] (memset+0x20/0x34)
[ 104.689970] [<c03a7430>] (memset) from [<bf00479c>] (kmalloc_oob_memset_8+0x5c/0x6c [test_kasan])
[ 104.700272] [<bf00479c>] (kmalloc_oob_memset_8 [test_kasan]) from [<bf004cdc>] (kmalloc_tests_init+0x38/0x35c [test_kasan])
[ 104.712541] [<bf004cdc>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 104.722856] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 104.731661] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 104.740373] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 104.749010] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 104.757583]
[ 104.759299] Allocated by task 1453:
[ 104.763193] kmem_cache_alloc_trace+0xb4/0x170
[ 104.768378] kmalloc_oob_memset_8+0x30/0x6c [test_kasan]
[ 104.774453] kmalloc_tests_init+0x38/0x35c [test_kasan]
[ 104.780070] do_one_initcall+0x60/0x1b0
[ 104.784277] do_init_module+0xd4/0x2cc
[ 104.788403] load_module+0x3110/0x3af0
[ 104.792531] SyS_init_module+0x184/0x1bc
[ 104.796839] ret_fast_syscall+0x0/0x48
[ 104.800843]
[ 104.802544] Freed by task 0:
[ 104.805666] (stack is not available)
[ 104.809498]
[ 104.811258] The buggy address belongs to the object at cb183f00
[ 104.811258] which belongs to the cache kmalloc-64 of size 64
[ 104.823614] The buggy address is located 1 bytes inside of
[ 104.823614] 64-byte region [cb183f00, cb183f40)
[ 104.834286] The buggy address belongs to the page:
[ 104.839444] page:ee95b060 count:1 mapcount:0 mapping:cb183000 index:0x0
[ 104.846467] flags: 0x100(slab)
[ 104.849970] raw: 00000100 cb183000 00000000 00000020 00000001 ee95e894 d000108c d0000000
[ 104.858570] page dumped because: kasan: bad access detected
[ 104.864466]
[ 104.866165] Memory state around the buggy address:
[ 104.871364] cb183e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 104.878347] cb183e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 104.885326] >cb183f00: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 104.892207] ^
[ 104.895356] cb183f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 104.902337] cb184000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 104.909235] ==================================================================
[ 104.917473] kasan test: kmalloc_oob_memset_16 out-of-bounds in memset16
[ 104.925082] ==================================================================
[ 104.933214] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x5c/0x6c [test_kasan]
[ 104.942023] Write of size 16 at addr cb183e81 by task insmod/1453
[ 104.948453]
[ 104.950258] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 104.960667] Hardware name: Broadcom STB (Flattened Device Tree)
[ 104.967135] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 104.975510] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 104.983395] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 104.992717] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 105.002334] [<c03a838c>] (kasan_report) from [<c03a7430>] (memset+0x20/0x34)
[ 105.010356] [<c03a7430>] (memset) from [<bf004808>] (kmalloc_oob_memset_16+0x5c/0x6c [test_kasan])
[ 105.020741] [<bf004808>] (kmalloc_oob_memset_16 [test_kasan]) from [<bf004ce0>] (kmalloc_tests_init+0x3c/0x35c [test_kasan])
[ 105.033091] [<bf004ce0>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 105.043404] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 105.052196] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 105.060913] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 105.069564] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 105.078121]
[ 105.079825] Allocated by task 1453:
[ 105.083712] kmem_cache_alloc_trace+0xb4/0x170
[ 105.088892] kmalloc_oob_memset_16+0x30/0x6c [test_kasan]
[ 105.095046] kmalloc_tests_init+0x3c/0x35c [test_kasan]
[ 105.100664] do_one_initcall+0x60/0x1b0
[ 105.104865] do_init_module+0xd4/0x2cc
[ 105.108975] load_module+0x3110/0x3af0
[ 105.113088] SyS_init_module+0x184/0x1bc
[ 105.117409] ret_fast_syscall+0x0/0x48
[ 105.121428]
[ 105.123130] Freed by task 0:
[ 105.126260] (stack is not available)
[ 105.130099]
[ 105.131853] The buggy address belongs to the object at cb183e80
[ 105.131853] which belongs to the cache kmalloc-64 of size 64
[ 105.144192] The buggy address is located 1 bytes inside of
[ 105.144192] 64-byte region [cb183e80, cb183ec0)
[ 105.154867] The buggy address belongs to the page:
[ 105.160009] page:ee95b060 count:1 mapcount:0 mapping:cb183000 index:0x0
[ 105.167020] flags: 0x100(slab)
[ 105.170536] raw: 00000100 cb183000 00000000 00000020 00000001 ee95e894 d000108c d0000000
[ 105.179122] page dumped because: kasan: bad access detected
[ 105.185004]
[ 105.186701] Memory state around the buggy address:
[ 105.191884] cb183d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 105.198851] cb183e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 105.205820] >cb183e80: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 105.212698] ^
[ 105.216091] cb183f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 105.223059] cb183f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 105.229953] ==================================================================
[ 105.238004] kasan test: kmalloc_uaf use-after-free
[ 105.244102] ==================================================================
[ 105.252221] BUG: KASAN: use-after-free in kmalloc_uaf+0x58/0x68 [test_kasan]
[ 105.259698] Write of size 1 at addr cb183e08 by task insmod/1453
[ 105.266027]
[ 105.267827] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 105.278209] Hardware name: Broadcom STB (Flattened Device Tree)
[ 105.284703] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 105.293065] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 105.300939] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 105.310252] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 105.320182] [<c03a838c>] (kasan_report) from [<bf00442c>] (kmalloc_uaf+0x58/0x68 [test_kasan])
[ 105.330209] [<bf00442c>] (kmalloc_uaf [test_kasan]) from [<bf004ce4>] (kmalloc_tests_init+0x40/0x35c [test_kasan])
[ 105.341674] [<bf004ce4>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 105.351982] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 105.360787] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 105.369505] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 105.378142] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 105.386710]
[ 105.388423] Allocated by task 1453:
[ 105.392317] kmem_cache_alloc_trace+0xb4/0x170
[ 105.397487] kmalloc_uaf+0x30/0x68 [test_kasan]
[ 105.402758] kmalloc_tests_init+0x40/0x35c [test_kasan]
[ 105.408389] do_one_initcall+0x60/0x1b0
[ 105.412597] do_init_module+0xd4/0x2cc
[ 105.416705] load_module+0x3110/0x3af0
[ 105.420819] SyS_init_module+0x184/0x1bc
[ 105.425126] ret_fast_syscall+0x0/0x48
[ 105.429130]
[ 105.430833] Freed by task 1453:
[ 105.434344] kfree+0x64/0x100
[ 105.437983] kmalloc_uaf+0x50/0x68 [test_kasan]
[ 105.443246] kmalloc_tests_init+0x40/0x35c [test_kasan]
[ 105.448877] do_one_initcall+0x60/0x1b0
[ 105.453079] do_init_module+0xd4/0x2cc
[ 105.457188] load_module+0x3110/0x3af0
[ 105.461319] SyS_init_module+0x184/0x1bc
[ 105.465634] ret_fast_syscall+0x0/0x48
[ 105.469638]
[ 105.471403] The buggy address belongs to the object at cb183e00
[ 105.471403] which belongs to the cache kmalloc-64 of size 64
[ 105.483749] The buggy address is located 8 bytes inside of
[ 105.483749] 64-byte region [cb183e00, cb183e40)
[ 105.494422] The buggy address belongs to the page:
[ 105.499573] page:ee95b060 count:1 mapcount:0 mapping:cb183000 index:0x0
[ 105.506589] flags: 0x100(slab)
[ 105.510094] raw: 00000100 cb183000 00000000 00000020 00000001 ee95e894 d000108c d0000000
[ 105.518688] page dumped because: kasan: bad access detected
[ 105.524572]
[ 105.526279] Memory state around the buggy address:
[ 105.531479] cb183d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 105.538456] cb183d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 105.545437] >cb183e00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 105.552325] ^
[ 105.555460] cb183e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 105.562442] cb183f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 105.569352] ==================================================================
[ 105.577198] kasan test: kmalloc_uaf_memset use-after-free in memset
[ 105.585014] ==================================================================
[ 105.593150] BUG: KASAN: use-after-free in kmalloc_tests_init+0x44/0x35c [test_kasan]
[ 105.601420] Write of size 33 at addr cb183d80 by task insmod/1453
[ 105.607836]
[ 105.609637] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 105.620019] Hardware name: Broadcom STB (Flattened Device Tree)
[ 105.626501] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 105.634870] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 105.642758] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 105.652066] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 105.661682] [<c03a838c>] (kasan_report) from [<c03a7430>] (memset+0x20/0x34)
[ 105.669707] [<c03a7430>] (memset) from [<bf004ce8>] (kmalloc_tests_init+0x44/0x35c [test_kasan])
[ 105.679557] [<bf004ce8>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 105.689871] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 105.698676] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 105.707390] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 105.716025] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 105.724597]
[ 105.726311] Allocated by task 1453:
[ 105.730203] kmem_cache_alloc_trace+0xb4/0x170
[ 105.735391] kmalloc_uaf_memset+0x30/0x68 [test_kasan]
[ 105.741283] kmalloc_tests_init+0x44/0x35c [test_kasan]
[ 105.746909] do_one_initcall+0x60/0x1b0
[ 105.751109] do_init_module+0xd4/0x2cc
[ 105.755220] load_module+0x3110/0x3af0
[ 105.759361] SyS_init_module+0x184/0x1bc
[ 105.763668] ret_fast_syscall+0x0/0x48
[ 105.767672]
[ 105.769385] Freed by task 1453:
[ 105.772886] kfree+0x64/0x100
[ 105.776546] kmalloc_uaf_memset+0x50/0x68 [test_kasan]
[ 105.782446] kmalloc_tests_init+0x44/0x35c [test_kasan]
[ 105.788062] do_one_initcall+0x60/0x1b0
[ 105.792267] do_init_module+0xd4/0x2cc
[ 105.796396] load_module+0x3110/0x3af0
[ 105.800521] SyS_init_module+0x184/0x1bc
[ 105.804828] ret_fast_syscall+0x0/0x48
[ 105.808834]
[ 105.810588] The buggy address belongs to the object at cb183d80
[ 105.810588] which belongs to the cache kmalloc-64 of size 64
[ 105.822925] The buggy address is located 0 bytes inside of
[ 105.822925] 64-byte region [cb183d80, cb183dc0)
[ 105.833598] The buggy address belongs to the page:
[ 105.838741] page:ee95b060 count:1 mapcount:0 mapping:cb183000 index:0x0
[ 105.845752] flags: 0x100(slab)
[ 105.849263] raw: 00000100 cb183000 00000000 00000020 00000001 ee95e894 d000108c d0000000
[ 105.857858] page dumped because: kasan: bad access detected
[ 105.863739]
[ 105.865444] Memory state around the buggy address:
[ 105.870631] cb183c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 105.877613] cb183d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 105.884593] >cb183d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 105.891483] ^
[ 105.894352] cb183e00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 105.901334] cb183e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 105.908233] ==================================================================
[ 105.916094] kasan test: kmalloc_uaf2 use-after-free after another kmalloc
[ 105.924783] ==================================================================
[ 105.932911] BUG: KASAN: use-after-free in kmalloc_uaf2+0x74/0xa4 [test_kasan]
[ 105.940479] Write of size 1 at addr cb183d28 by task insmod/1453
[ 105.946808]
[ 105.948610] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 105.958991] Hardware name: Broadcom STB (Flattened Device Tree)
[ 105.965474] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 105.973845] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 105.981733] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 105.991041] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 106.000959] [<c03a838c>] (kasan_report) from [<bf0044b0>] (kmalloc_uaf2+0x74/0xa4 [test_kasan])
[ 106.011065] [<bf0044b0>] (kmalloc_uaf2 [test_kasan]) from [<bf004cec>] (kmalloc_tests_init+0x48/0x35c [test_kasan])
[ 106.022610] [<bf004cec>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 106.032925] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 106.041727] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 106.050441] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 106.059077] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 106.067646]
[ 106.069367] Allocated by task 1453:
[ 106.073259] kmem_cache_alloc_trace+0xb4/0x170
[ 106.078436] kmalloc_uaf2+0x30/0xa4 [test_kasan]
[ 106.083796] kmalloc_tests_init+0x48/0x35c [test_kasan]
[ 106.089428] do_one_initcall+0x60/0x1b0
[ 106.093631] do_init_module+0xd4/0x2cc
[ 106.097739] load_module+0x3110/0x3af0
[ 106.101852] SyS_init_module+0x184/0x1bc
[ 106.106158] ret_fast_syscall+0x0/0x48
[ 106.110170]
[ 106.111878] Freed by task 1453:
[ 106.115390] kfree+0x64/0x100
[ 106.119030] kmalloc_uaf2+0x50/0xa4 [test_kasan]
[ 106.124389] kmalloc_tests_init+0x48/0x35c [test_kasan]
[ 106.130007] do_one_initcall+0x60/0x1b0
[ 106.134208] do_init_module+0xd4/0x2cc
[ 106.138345] load_module+0x3110/0x3af0
[ 106.142467] SyS_init_module+0x184/0x1bc
[ 106.146775] ret_fast_syscall+0x0/0x48
[ 106.150781]
[ 106.152538] The buggy address belongs to the object at cb183d00
[ 106.152538] which belongs to the cache kmalloc-64 of size 64
[ 106.164882] The buggy address is located 40 bytes inside of
[ 106.164882] 64-byte region [cb183d00, cb183d40)
[ 106.175645] The buggy address belongs to the page:
[ 106.180788] page:ee95b060 count:1 mapcount:0 mapping:cb183000 index:0x0
[ 106.187798] flags: 0x100(slab)
[ 106.191312] raw: 00000100 cb183000 00000000 00000020 00000001 ee95e894 d000108c d0000000
[ 106.199900] page dumped because: kasan: bad access detected
[ 106.205782]
[ 106.207483] Memory state around the buggy address:
[ 106.212663] cb183c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 106.219640] cb183c80: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc
[ 106.226619] >cb183d00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 106.233515] ^
[ 106.237712] cb183d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 106.244688] cb183e00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 106.251590] ==================================================================
[ 106.262793] kasan test: kmem_cache_oob out-of-bounds in kmem_cache_alloc
[ 106.270686] ==================================================================
[ 106.278825] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x88/0xb8 [test_kasan]
[ 106.286996] Read of size 1 at addr cb184f78 by task insmod/1453
[ 106.293239]
[ 106.295051] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 106.305445] Hardware name: Broadcom STB (Flattened Device Tree)
[ 106.311914] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 106.320283] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 106.328166] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 106.337495] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 106.347417] [<c03a838c>] (kasan_report) from [<bf004908>] (kmem_cache_oob+0x88/0xb8 [test_kasan])
[ 106.357708] [<bf004908>] (kmem_cache_oob [test_kasan]) from [<bf004cf0>] (kmalloc_tests_init+0x4c/0x35c [test_kasan])
[ 106.369435] [<bf004cf0>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 106.379750] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 106.388558] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 106.397267] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 106.405922] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 106.414491]
[ 106.416198] Allocated by task 1453:
[ 106.420081] kmem_cache_alloc+0xac/0x16c
[ 106.424720] kmem_cache_oob+0x64/0xb8 [test_kasan]
[ 106.430252] kmalloc_tests_init+0x4c/0x35c [test_kasan]
[ 106.435880] do_one_initcall+0x60/0x1b0
[ 106.440084] do_init_module+0xd4/0x2cc
[ 106.444191] load_module+0x3110/0x3af0
[ 106.448321] SyS_init_module+0x184/0x1bc
[ 106.452635] ret_fast_syscall+0x0/0x48
[ 106.456641]
[ 106.458353] Freed by task 0:
[ 106.461480] (stack is not available)
[ 106.465313]
[ 106.467071] The buggy address belongs to the object at cb184eb0
[ 106.467071] which belongs to the cache test_cache of size 200
[ 106.479514] The buggy address is located 0 bytes to the right of
[ 106.479514] 200-byte region [cb184eb0, cb184f78)
[ 106.490804] The buggy address belongs to the page:
[ 106.495945] page:ee95b080 count:1 mapcount:0 mapping:cb184040 index:0x0
[ 106.502959] flags: 0x100(slab)
[ 106.506476] raw: 00000100 cb184040 00000000 0000000f 00000001 cb183b8c cb183b8c cdc35780
[ 106.515063] page dumped because: kasan: bad access detected
[ 106.520946]
[ 106.522642] Memory state around the buggy address:
[ 106.527824] cb184e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 106.534793] cb184e80: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00
[ 106.541761] >cb184f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 106.548655] ^
[ 106.555546] cb184f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 106.562527] cb185000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 106.569433] ==================================================================
[ 106.598153] kasan test: memcg_accounted_kmem_cache allocate memcg accounted object
[ 107.145531] kasan test: kasan_stack_oob out-of-bounds on stack
[ 107.151915] kasan test: kasan_global_oob out-of-bounds global variable
[ 107.159004] kasan test: ksize_unpoisons_memory ksize() unpoisons the whole allocated chunk
[ 107.168566] ==================================================================
[ 107.176705] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x6c/0x84 [test_kasan]
[ 107.185593] Write of size 1 at addr cb347a40 by task insmod/1453
[ 107.191920]
[ 107.193723] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 107.204106] Hardware name: Broadcom STB (Flattened Device Tree)
[ 107.210581] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 107.218944] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 107.226817] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 107.236127] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 107.246046] [<c03a838c>] (kasan_report) from [<bf004a58>] (ksize_unpoisons_memory+0x6c/0x84 [test_kasan])
[ 107.257051] [<bf004a58>] (ksize_unpoisons_memory [test_kasan]) from [<bf004d00>] (kmalloc_tests_init+0x5c/0x35c [test_kasan])
[ 107.269479] [<bf004d00>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 107.279783] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 107.288579] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 107.297282] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 107.305919] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 107.314480]
[ 107.316187] Allocated by task 1453:
[ 107.320078] kmem_cache_alloc_trace+0xb4/0x170
[ 107.325251] ksize_unpoisons_memory+0x30/0x84 [test_kasan]
[ 107.331495] kmalloc_tests_init+0x5c/0x35c [test_kasan]
[ 107.337113] do_one_initcall+0x60/0x1b0
[ 107.341317] do_init_module+0xd4/0x2cc
[ 107.345424] load_module+0x3110/0x3af0
[ 107.349540] SyS_init_module+0x184/0x1bc
[ 107.353848] ret_fast_syscall+0x0/0x48
[ 107.357855]
[ 107.359554] Freed by task 0:
[ 107.362677] (stack is not available)
[ 107.366501]
[ 107.368256] The buggy address belongs to the object at cb3479c0
[ 107.368256] which belongs to the cache kmalloc-128 of size 128
[ 107.380776] The buggy address is located 0 bytes to the right of
[ 107.380776] 128-byte region [cb3479c0, cb347a40)
[ 107.392062] The buggy address belongs to the page:
[ 107.397206] page:ee95e8e0 count:1 mapcount:0 mapping:cb347000 index:0x0
[ 107.404219] flags: 0x100(slab)
[ 107.407727] raw: 00000100 cb347000 00000000 00000015 00000001 ee967b94 d000110c d00000c0
[ 107.416312] page dumped because: kasan: bad access detected
[ 107.422192]
[ 107.423888] Memory state around the buggy address:
[ 107.429068] cb347900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 107.436035] cb347980: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 107.443004] >cb347a00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 107.449890] ^
[ 107.454892] cb347a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 107.461859] cb347b00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 107.468756] ==================================================================
[ 107.478535] kasan test: copy_user_test out-of-bounds in copy_from_user()
[ 107.485803] ==================================================================
[ 107.493934] BUG: KASAN: slab-out-of-bounds in copy_user_test+0xb4/0x234 [test_kasan]
[ 107.502195] Write of size 11 at addr cb344100 by task insmod/1453
[ 107.508613]
[ 107.510413] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 107.520797] Hardware name: Broadcom STB (Flattened Device Tree)
[ 107.527267] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 107.535629] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 107.543505] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 107.552815] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 107.562729] [<c03a838c>] (kasan_report) from [<bf004b24>] (copy_user_test+0xb4/0x234 [test_kasan])
[ 107.573101] [<bf004b24>] (copy_user_test [test_kasan]) from [<bf004d04>] (kmalloc_tests_init+0x60/0x35c [test_kasan])
[ 107.584818] [<bf004d04>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 107.595123] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 107.603918] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 107.612623] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 107.621261] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 107.629818]
[ 107.631524] Allocated by task 1453:
[ 107.635412] kmem_cache_alloc_trace+0xb4/0x170
[ 107.640577] copy_user_test+0x24/0x234 [test_kasan]
[ 107.646195] kmalloc_tests_init+0x60/0x35c [test_kasan]
[ 107.651813] do_one_initcall+0x60/0x1b0
[ 107.656014] do_init_module+0xd4/0x2cc
[ 107.660125] load_module+0x3110/0x3af0
[ 107.664241] SyS_init_module+0x184/0x1bc
[ 107.668549] ret_fast_syscall+0x0/0x48
[ 107.672553]
[ 107.674254] Freed by task 0:
[ 107.677374] (stack is not available)
[ 107.681198]
[ 107.682953] The buggy address belongs to the object at cb344100
[ 107.682953] which belongs to the cache kmalloc-64 of size 64
[ 107.695289] The buggy address is located 0 bytes inside of
[ 107.695289] 64-byte region [cb344100, cb344140)
[ 107.705951] The buggy address belongs to the page:
[ 107.711102] page:ee95e880 count:1 mapcount:0 mapping:cb344000 index:0xcb344800
[ 107.718822] flags: 0x100(slab)
[ 107.722333] raw: 00000100 cb344000 cb344800 0000001f 00000001 d0001084 ee963174 d0000000
[ 107.730918] page dumped because: kasan: bad access detected
[ 107.736798]
[ 107.738496] Memory state around the buggy address:
[ 107.743677] cb344000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 107.750644] cb344080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 107.757613] >cb344100: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 107.764491] ^
[ 107.767617] cb344180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 107.774585] cb344200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 107.781477] ==================================================================
[ 107.789655] kasan test: copy_user_test out-of-bounds in copy_to_user()
[ 107.796746] ==================================================================
[ 107.804879] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x12c/0x234 [test_kasan]
[ 107.813230] Read of size 11 at addr cb344100 by task insmod/1453
[ 107.819558]
[ 107.821357] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 107.831739] Hardware name: Broadcom STB (Flattened Device Tree)
[ 107.838207] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 107.846572] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 107.854448] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 107.863759] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 107.873676] [<c03a838c>] (kasan_report) from [<bf004b9c>] (copy_user_test+0x12c/0x234 [test_kasan])
[ 107.884138] [<bf004b9c>] (copy_user_test [test_kasan]) from [<bf004d04>] (kmalloc_tests_init+0x60/0x35c [test_kasan])
[ 107.895852] [<bf004d04>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 107.906156] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 107.914947] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 107.923650] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 107.932286] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 107.940847]
[ 107.942552] Allocated by task 1453:
[ 107.946439] kmem_cache_alloc_trace+0xb4/0x170
[ 107.951604] copy_user_test+0x24/0x234 [test_kasan]
[ 107.957221] kmalloc_tests_init+0x60/0x35c [test_kasan]
[ 107.962839] do_one_initcall+0x60/0x1b0
[ 107.967039] do_init_module+0xd4/0x2cc
[ 107.971151] load_module+0x3110/0x3af0
[ 107.975266] SyS_init_module+0x184/0x1bc
[ 107.979575] ret_fast_syscall+0x0/0x48
[ 107.983581]
[ 107.985281] Freed by task 0:
[ 107.988405] (stack is not available)
[ 107.992231]
[ 107.993985] The buggy address belongs to the object at cb344100
[ 107.993985] which belongs to the cache kmalloc-64 of size 64
[ 108.006323] The buggy address is located 0 bytes inside of
[ 108.006323] 64-byte region [cb344100, cb344140)
[ 108.016983] The buggy address belongs to the page:
[ 108.022132] page:ee95e880 count:1 mapcount:0 mapping:cb344000 index:0xcb344800
[ 108.029848] flags: 0x100(slab)
[ 108.033360] raw: 00000100 cb344000 cb344800 0000001f 00000001 d0001084 ee963174 d0000000
[ 108.041943] page dumped because: kasan: bad access detected
[ 108.047827]
[ 108.049523] Memory state around the buggy address:
[ 108.054704] cb344000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 108.061671] cb344080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 108.068641] >cb344100: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 108.075517] ^
[ 108.078643] cb344180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 108.085610] cb344200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 108.092507] ==================================================================
[ 108.101783] kasan test: copy_user_test out-of-bounds in __copy_from_user()
[ 108.109227] ==================================================================
[ 108.117361] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x158/0x234 [test_kasan]
[ 108.125709] Write of size 11 at addr cb344100 by task insmod/1453
[ 108.132128]
[ 108.133928] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 108.144311] Hardware name: Broadcom STB (Flattened Device Tree)
[ 108.150781] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 108.159144] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 108.167016] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 108.176328] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 108.186244] [<c03a838c>] (kasan_report) from [<bf004bc8>] (copy_user_test+0x158/0x234 [test_kasan])
[ 108.196705] [<bf004bc8>] (copy_user_test [test_kasan]) from [<bf004d04>] (kmalloc_tests_init+0x60/0x35c [test_kasan])
[ 108.208423] [<bf004d04>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 108.218726] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 108.227519] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 108.236221] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 108.244858] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 108.253418]
[ 108.255125] Allocated by task 1453:
[ 108.259014] kmem_cache_alloc_trace+0xb4/0x170
[ 108.264181] copy_user_test+0x24/0x234 [test_kasan]
[ 108.269799] kmalloc_tests_init+0x60/0x35c [test_kasan]
[ 108.275416] do_one_initcall+0x60/0x1b0
[ 108.279617] do_init_module+0xd4/0x2cc
[ 108.283727] load_module+0x3110/0x3af0
[ 108.287839] SyS_init_module+0x184/0x1bc
[ 108.292147] ret_fast_syscall+0x0/0x48
[ 108.296154]
[ 108.297852] Freed by task 0:
[ 108.300973] (stack is not available)
[ 108.304797]
[ 108.306555] The buggy address belongs to the object at cb344100
[ 108.306555] which belongs to the cache kmalloc-64 of size 64
[ 108.318895] The buggy address is located 0 bytes inside of
[ 108.318895] 64-byte region [cb344100, cb344140)
[ 108.329557] The buggy address belongs to the page:
[ 108.334708] page:ee95e880 count:1 mapcount:0 mapping:cb344000 index:0xcb344800
[ 108.342426] flags: 0x100(slab)
[ 108.345936] raw: 00000100 cb344000 cb344800 0000001f 00000001 d0001084 ee963174 d0000000
[ 108.354520] page dumped because: kasan: bad access detected
[ 108.360400]
[ 108.362099] Memory state around the buggy address:
[ 108.367278] cb344000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 108.374245] cb344080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 108.381212] >cb344100: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 108.388088] ^
[ 108.391212] cb344180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 108.398180] cb344200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 108.405076] ==================================================================
[ 108.413052] kasan test: copy_user_test out-of-bounds in __copy_to_user()
[ 108.420442] ==================================================================
[ 108.428575] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x184/0x234 [test_kasan]
[ 108.436926] Read of size 11 at addr cb344100 by task insmod/1453
[ 108.443256]
[ 108.445055] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 108.455438] Hardware name: Broadcom STB (Flattened Device Tree)
[ 108.461907] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 108.470272] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 108.478148] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 108.487457] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 108.497374] [<c03a838c>] (kasan_report) from [<bf004bf4>] (copy_user_test+0x184/0x234 [test_kasan])
[ 108.507838] [<bf004bf4>] (copy_user_test [test_kasan]) from [<bf004d04>] (kmalloc_tests_init+0x60/0x35c [test_kasan])
[ 108.519555] [<bf004d04>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 108.529858] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 108.538652] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 108.547355] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 108.555992] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 108.564551]
[ 108.566256] Allocated by task 1453:
[ 108.570143] kmem_cache_alloc_trace+0xb4/0x170
[ 108.575307] copy_user_test+0x24/0x234 [test_kasan]
[ 108.580926] kmalloc_tests_init+0x60/0x35c [test_kasan]
[ 108.586544] do_one_initcall+0x60/0x1b0
[ 108.590744] do_init_module+0xd4/0x2cc
[ 108.594852] load_module+0x3110/0x3af0
[ 108.598968] SyS_init_module+0x184/0x1bc
[ 108.603277] ret_fast_syscall+0x0/0x48
[ 108.607280]
[ 108.608980] Freed by task 0:
[ 108.612101] (stack is not available)
[ 108.615927]
[ 108.617680] The buggy address belongs to the object at cb344100
[ 108.617680] which belongs to the cache kmalloc-64 of size 64
[ 108.630019] The buggy address is located 0 bytes inside of
[ 108.630019] 64-byte region [cb344100, cb344140)
[ 108.640683] The buggy address belongs to the page:
[ 108.645833] page:ee95e880 count:1 mapcount:0 mapping:cb344000 index:0xcb344800
[ 108.653549] flags: 0x100(slab)
[ 108.657059] raw: 00000100 cb344000 cb344800 0000001f 00000001 d0001084 ee963174 d0000000
[ 108.665644] page dumped because: kasan: bad access detected
[ 108.671525]
[ 108.673222] Memory state around the buggy address:
[ 108.678403] cb344000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 108.685371] cb344080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 108.692338] >cb344100: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 108.699215] ^
[ 108.702340] cb344180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 108.709306] cb344200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 108.716201] ==================================================================
[ 108.724182] kasan test: copy_user_test out-of-bounds in __copy_from_user_inatomic()
[ 108.732511] ==================================================================
[ 108.740646] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x1b0/0x234 [test_kasan]
[ 108.748996] Write of size 11 at addr cb344100 by task insmod/1453
[ 108.755415]
[ 108.757209] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 108.767593] Hardware name: Broadcom STB (Flattened Device Tree)
[ 108.774063] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 108.782426] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 108.790300] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 108.799611] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 108.809526] [<c03a838c>] (kasan_report) from [<bf004c20>] (copy_user_test+0x1b0/0x234 [test_kasan])
[ 108.819989] [<bf004c20>] (copy_user_test [test_kasan]) from [<bf004d04>] (kmalloc_tests_init+0x60/0x35c [test_kasan])
[ 108.831703] [<bf004d04>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 108.842007] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 108.850803] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 108.859506] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 108.868144] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 108.876702]
[ 108.878410] Allocated by task 1453:
[ 108.882300] kmem_cache_alloc_trace+0xb4/0x170
[ 108.887470] copy_user_test+0x24/0x234 [test_kasan]
[ 108.893088] kmalloc_tests_init+0x60/0x35c [test_kasan]
[ 108.898705] do_one_initcall+0x60/0x1b0
[ 108.902906] do_init_module+0xd4/0x2cc
[ 108.907016] load_module+0x3110/0x3af0
[ 108.911130] SyS_init_module+0x184/0x1bc
[ 108.915437] ret_fast_syscall+0x0/0x48
[ 108.919441]
[ 108.921140] Freed by task 0:
[ 108.924260] (stack is not available)
[ 108.928084]
[ 108.929836] The buggy address belongs to the object at cb344100
[ 108.929836] which belongs to the cache kmalloc-64 of size 64
[ 108.942173] The buggy address is located 0 bytes inside of
[ 108.942173] 64-byte region [cb344100, cb344140)
[ 108.952835] The buggy address belongs to the page:
[ 108.957986] page:ee95e880 count:1 mapcount:0 mapping:cb344000 index:0xcb344800
[ 108.965702] flags: 0x100(slab)
[ 108.969213] raw: 00000100 cb344000 cb344800 0000001f 00000001 d0001084 ee963174 d0000000
[ 108.977800] page dumped because: kasan: bad access detected
[ 108.983683]
[ 108.985379] Memory state around the buggy address:
[ 108.990559] cb344000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 108.997526] cb344080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 109.004496] >cb344100: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 109.011374] ^
[ 109.014497] cb344180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 109.021465] cb344200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 109.028359] ==================================================================
[ 109.036546] kasan test: copy_user_test out-of-bounds in __copy_to_user_inatomic()
[ 109.044665] ==================================================================
[ 109.052799] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x1dc/0x234 [test_kasan]
[ 109.061147] Read of size 11 at addr cb344100 by task insmod/1453
[ 109.067476]
[ 109.069276] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 109.079660] Hardware name: Broadcom STB (Flattened Device Tree)
[ 109.086129] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 109.094491] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 109.102366] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 109.111678] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 109.121592] [<c03a838c>] (kasan_report) from [<bf004c4c>] (copy_user_test+0x1dc/0x234 [test_kasan])
[ 109.132052] [<bf004c4c>] (copy_user_test [test_kasan]) from [<bf004d04>] (kmalloc_tests_init+0x60/0x35c [test_kasan])
[ 109.143765] [<bf004d04>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 109.154070] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 109.162863] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 109.171565] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 109.180203] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 109.188763]
[ 109.190472] Allocated by task 1453:
[ 109.194361] kmem_cache_alloc_trace+0xb4/0x170
[ 109.199529] copy_user_test+0x24/0x234 [test_kasan]
[ 109.205147] kmalloc_tests_init+0x60/0x35c [test_kasan]
[ 109.210765] do_one_initcall+0x60/0x1b0
[ 109.214965] do_init_module+0xd4/0x2cc
[ 109.219073] load_module+0x3110/0x3af0
[ 109.223188] SyS_init_module+0x184/0x1bc
[ 109.227497] ret_fast_syscall+0x0/0x48
[ 109.231503]
[ 109.233201] Freed by task 0:
[ 109.236322] (stack is not available)
[ 109.240146]
[ 109.241898] The buggy address belongs to the object at cb344100
[ 109.241898] which belongs to the cache kmalloc-64 of size 64
[ 109.254235] The buggy address is located 0 bytes inside of
[ 109.254235] 64-byte region [cb344100, cb344140)
[ 109.264898] The buggy address belongs to the page:
[ 109.270049] page:ee95e880 count:1 mapcount:0 mapping:cb344000 index:0xcb344800
[ 109.277765] flags: 0x100(slab)
[ 109.281277] raw: 00000100 cb344000 cb344800 0000001f 00000001 d0001084 ee963174 d0000000
[ 109.289861] page dumped because: kasan: bad access detected
[ 109.295742]
[ 109.297438] Memory state around the buggy address:
[ 109.302618] cb344000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 109.309585] cb344080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 109.316555] >cb344100: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 109.323431] ^
[ 109.326556] cb344180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 109.333526] cb344200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 109.340420] ==================================================================
[ 109.348407] kasan test: copy_user_test out-of-bounds in strncpy_from_user()
[ 109.355915] ==================================================================
[ 109.363705] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x58/0x1f4
[ 109.370996] Write of size 11 at addr cb344100 by task insmod/1453
[ 109.377414]
[ 109.379217] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31
[ 109.389600] Hardware name: Broadcom STB (Flattened Device Tree)
[ 109.396070] [<c0214cb4>] (unwind_backtrace) from [<c020e664>] (show_stack+0x10/0x14)
[ 109.404433] [<c020e664>] (show_stack) from [<c0c7daa8>] (dump_stack+0x90/0xa4)
[ 109.412306] [<c0c7daa8>] (dump_stack) from [<c03a7c88>] (print_address_description+0x50/0x24c)
[ 109.421615] [<c03a7c88>] (print_address_description) from [<c03a838c>] (kasan_report+0x238/0x324)
[ 109.431187] [<c03a838c>] (kasan_report) from [<c06ba0e8>] (strncpy_from_user+0x58/0x1f4)
[ 109.440325] [<c06ba0e8>] (strncpy_from_user) from [<bf004c7c>] (copy_user_test+0x20c/0x234 [test_kasan])
[ 109.451233] [<bf004c7c>] (copy_user_test [test_kasan]) from [<bf004d04>] (kmalloc_tests_init+0x60/0x35c [test_kasan])
[ 109.462947] [<bf004d04>] (kmalloc_tests_init [test_kasan]) from [<c0201ef4>] (do_one_initcall+0x60/0x1b0)
[ 109.473251] [<c0201ef4>] (do_one_initcall) from [<c02db4bc>] (do_init_module+0xd4/0x2cc)
[ 109.482046] [<c02db4bc>] (do_init_module) from [<c02d9fe4>] (load_module+0x3110/0x3af0)
[ 109.490748] [<c02d9fe4>] (load_module) from [<c02dab48>] (SyS_init_module+0x184/0x1bc)
[ 109.499385] [<c02dab48>] (SyS_init_module) from [<c0209640>] (ret_fast_syscall+0x0/0x48)
[ 109.507946]
[ 109.509652] Allocated by task 1453:
[ 109.513540] kmem_cache_alloc_trace+0xb4/0x170
[ 109.518705] copy_user_test+0x24/0x234 [test_kasan]
[ 109.524323] kmalloc_tests_init+0x60/0x35c [test_kasan]
[ 109.529941] do_one_initcall+0x60/0x1b0
[ 109.534142] do_init_module+0xd4/0x2cc
[ 109.538252] load_module+0x3110/0x3af0
[ 109.542359] SyS_init_module+0x184/0x1bc
[ 109.546668] ret_fast_syscall+0x0/0x48
[ 109.550672]
[ 109.552370] Freed by task 0:
[ 109.555490] (stack is not available)
[ 109.559315]
[ 109.561069] The buggy address belongs to the object at cb344100
[ 109.561069] which belongs to the cache kmalloc-64 of size 64
[ 109.573405] The buggy address is located 0 bytes inside of
[ 109.573405] 64-byte region [cb344100, cb344140)
[ 109.584068] The buggy address belongs to the page:
[ 109.589219] page:ee95e880 count:1 mapcount:0 mapping:cb344000 index:0xcb344800
[ 109.596935] flags: 0x100(slab)
[ 109.600444] raw: 00000100 cb344000 cb344800 0000001f 00000001 ee963174 d0001084 d0000000
[ 109.609032] page dumped because: kasan: bad access detected
[ 109.614911]
[ 109.616608] Memory state around the buggy address:
[ 109.621788] cb344000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 109.628756] cb344080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 109.635723] >cb344100: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 109.642600] ^
[ 109.645725] cb344180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 109.652693] cb344200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 109.659589] ==================================================================
[ 109.668931] kasan test: use_after_scope_test use-after-scope on int
[ 109.675755] kasan test: use_after_scope_test use-after-scope on array
insmod: can't insert 'test_kasan.ko': Resource temporarily unavailable