[v3,3/3] powerpc/32: Add KASAN support

Message ID 935f9f83393affb5d55323b126468ecb90373b88.1547289808.git.christophe.leroy@c-s.fr
State Superseded
Headers show
Series
  • KASAN for powerpc/32
Related show

Checks

Context Check Description
snowpatch_ozlabs/checkpatch fail total: 1 errors, 0 warnings, 1 checks, 284 lines checked
snowpatch_ozlabs/build-pmac32 success build succeeded & removed 0 sparse warning(s)
snowpatch_ozlabs/build-ppc64e success build succeeded & removed 0 sparse warning(s)
snowpatch_ozlabs/build-ppc64be success build succeeded & removed 0 sparse warning(s)
snowpatch_ozlabs/build-ppc64le success build succeeded & removed 0 sparse warning(s)
snowpatch_ozlabs/apply_patch success next/apply_patch Successfully applied

Commit Message

Christophe Leroy Jan. 12, 2019, 11:16 a.m.
This patch adds KASAN support for PPC32.

Note that on book3s it will only work on the 603 because the other
ones use hash table and can therefore not share a single PTE table
covering the entire early KASAN shadow area.

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
---
 arch/powerpc/Kconfig                         |  1 +
 arch/powerpc/include/asm/book3s/32/pgtable.h |  2 +
 arch/powerpc/include/asm/kasan.h             | 24 ++++++++++
 arch/powerpc/include/asm/nohash/32/pgtable.h |  2 +
 arch/powerpc/include/asm/ppc_asm.h           |  5 ++
 arch/powerpc/include/asm/setup.h             |  5 ++
 arch/powerpc/include/asm/string.h            | 14 ++++++
 arch/powerpc/kernel/Makefile                 |  4 ++
 arch/powerpc/kernel/early_32.c               |  1 +
 arch/powerpc/kernel/prom_init_check.sh       |  1 +
 arch/powerpc/kernel/setup-common.c           |  2 +
 arch/powerpc/kernel/setup_32.c               |  3 ++
 arch/powerpc/lib/Makefile                    |  3 ++
 arch/powerpc/lib/copy_32.S                   |  9 ++--
 arch/powerpc/mm/Makefile                     |  3 ++
 arch/powerpc/mm/dump_linuxpagetables.c       |  8 ++++
 arch/powerpc/mm/kasan_init.c                 | 72 ++++++++++++++++++++++++++++
 arch/powerpc/mm/mem.c                        |  4 ++
 18 files changed, 160 insertions(+), 3 deletions(-)
 create mode 100644 arch/powerpc/include/asm/kasan.h
 create mode 100644 arch/powerpc/mm/kasan_init.c

Comments

Andrey Ryabinin Jan. 15, 2019, 5:23 p.m. | #1
On 1/12/19 2:16 PM, Christophe Leroy wrote:

> +KASAN_SANITIZE_early_32.o := n
> +KASAN_SANITIZE_cputable.o := n
> +KASAN_SANITIZE_prom_init.o := n
> +

Usually it's also good idea to disable branch profiling - define DISABLE_BRANCH_PROFILING
either in top of these files or via Makefile. Branch profiling redefines if() statement and calls
instrumented ftrace_likely_update in every if().



> diff --git a/arch/powerpc/mm/kasan_init.c b/arch/powerpc/mm/kasan_init.c
> new file mode 100644
> index 000000000000..3edc9c2d2f3e

> +void __init kasan_init(void)
> +{
> +	struct memblock_region *reg;
> +
> +	for_each_memblock(memory, reg)
> +		kasan_init_region(reg);
> +
> +	pr_info("KASAN init done\n");

Without "init_task.kasan_depth = 0;" kasan will not repot bugs.

There is test_kasan module. Make sure that it produce reports.
Christophe Leroy Jan. 21, 2019, 7:17 a.m. | #2
Le 15/01/2019 à 18:23, Andrey Ryabinin a écrit :
> 
> 
> On 1/12/19 2:16 PM, Christophe Leroy wrote:
> 
>> +KASAN_SANITIZE_early_32.o := n
>> +KASAN_SANITIZE_cputable.o := n
>> +KASAN_SANITIZE_prom_init.o := n
>> +
> 
> Usually it's also good idea to disable branch profiling - define DISABLE_BRANCH_PROFILING
> either in top of these files or via Makefile. Branch profiling redefines if() statement and calls
> instrumented ftrace_likely_update in every if().
> 
> 
> 
>> diff --git a/arch/powerpc/mm/kasan_init.c b/arch/powerpc/mm/kasan_init.c
>> new file mode 100644
>> index 000000000000..3edc9c2d2f3e
> 
>> +void __init kasan_init(void)
>> +{
>> +	struct memblock_region *reg;
>> +
>> +	for_each_memblock(memory, reg)
>> +		kasan_init_region(reg);
>> +
>> +	pr_info("KASAN init done\n");
> 
> Without "init_task.kasan_depth = 0;" kasan will not repot bugs.
> 
> There is test_kasan module. Make sure that it produce reports.
> 

Thanks for the review.

Now I get the following very early in boot, what does that mean ?

[    0.000000] KASAN init done
[    0.000000] 
==================================================================
[    0.000000] BUG: KASAN: unknown-crash in memblock_alloc_try_nid+0xd8/0xf0
[    0.000000] Write of size 68 at addr c7ff5a90 by task swapper/0
[    0.000000]
[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce #772
[    0.000000] Call Trace:
[    0.000000] [c094ded0] [c016c7e4] 
print_address_description+0x1a0/0x2b8 (unreliable)
[    0.000000] [c094df00] [c016caa0] kasan_report+0xe4/0x168
[    0.000000] [c094df40] [c016b464] memset+0x2c/0x4c
[    0.000000] [c094df60] [c08731f0] memblock_alloc_try_nid+0xd8/0xf0
[    0.000000] [c094df90] [c0861f20] mmu_context_init+0x58/0xa0
[    0.000000] [c094dfb0] [c085ca70] start_kernel+0x54/0x400
[    0.000000] [c094dff0] [c0002258] start_here+0x44/0x9c
[    0.000000]
[    0.000000]
[    0.000000] Memory state around the buggy address:
[    0.000000]  c7ff5980: e2 a1 87 81 bd d4 a5 b5 f8 8d 89 e7 72 bc 20 24
[    0.000000]  c7ff5a00: e7 b9 c1 c7 17 e9 b4 bd a4 d0 e7 a0 11 15 a5 b5
[    0.000000] >c7ff5a80: b5 e1 83 a5 2d 65 31 3f f3 e5 a7 ef 34 b5 69 b5
[    0.000000]                  ^
[    0.000000]  c7ff5b00: 21 a5 c1 c1 b4 bf 2d e5 e5 c3 f5 91 e3 b8 a1 34
[    0.000000]  c7ff5b80: ad ef 23 87 3d a6 ad b5 c3 c3 80 b7 ac b1 1f 37
[    0.000000] 
==================================================================
[    0.000000] Disabling lock debugging due to kernel taint
[    0.000000] MMU: Allocated 76 bytes of context maps for 16 contexts
[    0.000000] Built 1 zonelists, mobility grouping on.  Total pages: 8176
[    0.000000] Kernel command line: console=ttyCPM0,115200N8 
ip=192.168.2.7:192.168.2.2::255.0.0.0:vgoip:eth0:off kgdboc=ttyCPM0
[    0.000000] Dentry cache hash table entries: 16384 (order: 2, 65536 
bytes)
[    0.000000] Inode-cache hash table entries: 8192 (order: 1, 32768 bytes)
[    0.000000] Memory: 99904K/131072K available (7376K kernel code, 528K 
rwdata, 1168K rodata, 576K init, 4623K bss, 31168K reserved, 0K 
cma-reserved)
[    0.000000] Kernel virtual memory layout:
[    0.000000]   * 0xffefc000..0xffffc000  : fixmap
[    0.000000]   * 0xf7c00000..0xffc00000  : kasan shadow mem
[    0.000000]   * 0xf7a00000..0xf7c00000  : consistent mem
[    0.000000]   * 0xf7a00000..0xf7a00000  : early ioremap
[    0.000000]   * 0xc9000000..0xf7a00000  : vmalloc & ioremap


Christophe
Dmitry Vyukov Jan. 21, 2019, 8:30 a.m. | #3
On Mon, Jan 21, 2019 at 8:17 AM Christophe Leroy
<christophe.leroy@c-s.fr> wrote:
>
>
>
> Le 15/01/2019 à 18:23, Andrey Ryabinin a écrit :
> >
> >
> > On 1/12/19 2:16 PM, Christophe Leroy wrote:
> >
> >> +KASAN_SANITIZE_early_32.o := n
> >> +KASAN_SANITIZE_cputable.o := n
> >> +KASAN_SANITIZE_prom_init.o := n
> >> +
> >
> > Usually it's also good idea to disable branch profiling - define DISABLE_BRANCH_PROFILING
> > either in top of these files or via Makefile. Branch profiling redefines if() statement and calls
> > instrumented ftrace_likely_update in every if().
> >
> >
> >
> >> diff --git a/arch/powerpc/mm/kasan_init.c b/arch/powerpc/mm/kasan_init.c
> >> new file mode 100644
> >> index 000000000000..3edc9c2d2f3e
> >
> >> +void __init kasan_init(void)
> >> +{
> >> +    struct memblock_region *reg;
> >> +
> >> +    for_each_memblock(memory, reg)
> >> +            kasan_init_region(reg);
> >> +
> >> +    pr_info("KASAN init done\n");
> >
> > Without "init_task.kasan_depth = 0;" kasan will not repot bugs.
> >
> > There is test_kasan module. Make sure that it produce reports.
> >
>
> Thanks for the review.
>
> Now I get the following very early in boot, what does that mean ?

This looks like an instrumented memset call before kasan shadow is
mapped, or kasan shadow is not zeros. Does this happen before or after
mapping of kasan_early_shadow_page?
This version seems to miss what x86 code has to clear the early shadow:

/*
* kasan_early_shadow_page has been used as early shadow memory, thus
* it may contain some garbage. Now we can clear and write protect it,
* since after the TLB flush no one should write to it.
*/
memset(kasan_early_shadow_page, 0, PAGE_SIZE);


> [    0.000000] KASAN init done
> [    0.000000]
> ==================================================================
> [    0.000000] BUG: KASAN: unknown-crash in memblock_alloc_try_nid+0xd8/0xf0
> [    0.000000] Write of size 68 at addr c7ff5a90 by task swapper/0
> [    0.000000]
> [    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce #772
> [    0.000000] Call Trace:
> [    0.000000] [c094ded0] [c016c7e4]
> print_address_description+0x1a0/0x2b8 (unreliable)
> [    0.000000] [c094df00] [c016caa0] kasan_report+0xe4/0x168
> [    0.000000] [c094df40] [c016b464] memset+0x2c/0x4c
> [    0.000000] [c094df60] [c08731f0] memblock_alloc_try_nid+0xd8/0xf0
> [    0.000000] [c094df90] [c0861f20] mmu_context_init+0x58/0xa0
> [    0.000000] [c094dfb0] [c085ca70] start_kernel+0x54/0x400
> [    0.000000] [c094dff0] [c0002258] start_here+0x44/0x9c
> [    0.000000]
> [    0.000000]
> [    0.000000] Memory state around the buggy address:
> [    0.000000]  c7ff5980: e2 a1 87 81 bd d4 a5 b5 f8 8d 89 e7 72 bc 20 24
> [    0.000000]  c7ff5a00: e7 b9 c1 c7 17 e9 b4 bd a4 d0 e7 a0 11 15 a5 b5
> [    0.000000] >c7ff5a80: b5 e1 83 a5 2d 65 31 3f f3 e5 a7 ef 34 b5 69 b5
> [    0.000000]                  ^
> [    0.000000]  c7ff5b00: 21 a5 c1 c1 b4 bf 2d e5 e5 c3 f5 91 e3 b8 a1 34
> [    0.000000]  c7ff5b80: ad ef 23 87 3d a6 ad b5 c3 c3 80 b7 ac b1 1f 37
> [    0.000000]
> ==================================================================
> [    0.000000] Disabling lock debugging due to kernel taint
> [    0.000000] MMU: Allocated 76 bytes of context maps for 16 contexts
> [    0.000000] Built 1 zonelists, mobility grouping on.  Total pages: 8176
> [    0.000000] Kernel command line: console=ttyCPM0,115200N8
> ip=192.168.2.7:192.168.2.2::255.0.0.0:vgoip:eth0:off kgdboc=ttyCPM0
> [    0.000000] Dentry cache hash table entries: 16384 (order: 2, 65536
> bytes)
> [    0.000000] Inode-cache hash table entries: 8192 (order: 1, 32768 bytes)
> [    0.000000] Memory: 99904K/131072K available (7376K kernel code, 528K
> rwdata, 1168K rodata, 576K init, 4623K bss, 31168K reserved, 0K
> cma-reserved)
> [    0.000000] Kernel virtual memory layout:
> [    0.000000]   * 0xffefc000..0xffffc000  : fixmap
> [    0.000000]   * 0xf7c00000..0xffc00000  : kasan shadow mem
> [    0.000000]   * 0xf7a00000..0xf7c00000  : consistent mem
> [    0.000000]   * 0xf7a00000..0xf7a00000  : early ioremap
> [    0.000000]   * 0xc9000000..0xf7a00000  : vmalloc & ioremap
>
>
> Christophe
Christophe Leroy Jan. 21, 2019, 8:37 a.m. | #4
Le 21/01/2019 à 09:30, Dmitry Vyukov a écrit :
> On Mon, Jan 21, 2019 at 8:17 AM Christophe Leroy
> <christophe.leroy@c-s.fr> wrote:
>>
>>
>>
>> Le 15/01/2019 à 18:23, Andrey Ryabinin a écrit :
>>>
>>>
>>> On 1/12/19 2:16 PM, Christophe Leroy wrote:
>>>
>>>> +KASAN_SANITIZE_early_32.o := n
>>>> +KASAN_SANITIZE_cputable.o := n
>>>> +KASAN_SANITIZE_prom_init.o := n
>>>> +
>>>
>>> Usually it's also good idea to disable branch profiling - define DISABLE_BRANCH_PROFILING
>>> either in top of these files or via Makefile. Branch profiling redefines if() statement and calls
>>> instrumented ftrace_likely_update in every if().
>>>
>>>
>>>
>>>> diff --git a/arch/powerpc/mm/kasan_init.c b/arch/powerpc/mm/kasan_init.c
>>>> new file mode 100644
>>>> index 000000000000..3edc9c2d2f3e
>>>
>>>> +void __init kasan_init(void)
>>>> +{
>>>> +    struct memblock_region *reg;
>>>> +
>>>> +    for_each_memblock(memory, reg)
>>>> +            kasan_init_region(reg);
>>>> +
>>>> +    pr_info("KASAN init done\n");
>>>
>>> Without "init_task.kasan_depth = 0;" kasan will not repot bugs.
>>>
>>> There is test_kasan module. Make sure that it produce reports.
>>>
>>
>> Thanks for the review.
>>
>> Now I get the following very early in boot, what does that mean ?
> 
> This looks like an instrumented memset call before kasan shadow is
> mapped, or kasan shadow is not zeros. Does this happen before or after
> mapping of kasan_early_shadow_page?

This is after the mapping of kasan_early_shadow_page.

> This version seems to miss what x86 code has to clear the early shadow:
> 
> /*
> * kasan_early_shadow_page has been used as early shadow memory, thus
> * it may contain some garbage. Now we can clear and write protect it,
> * since after the TLB flush no one should write to it.
> */
> memset(kasan_early_shadow_page, 0, PAGE_SIZE);

In the early part, kasan_early_shadow_page is mapped read-only so I 
assumed this reset of its content was unneccessary.

I'll try with it.

Christophe

> 
> 
>> [    0.000000] KASAN init done
>> [    0.000000]
>> ==================================================================
>> [    0.000000] BUG: KASAN: unknown-crash in memblock_alloc_try_nid+0xd8/0xf0
>> [    0.000000] Write of size 68 at addr c7ff5a90 by task swapper/0
>> [    0.000000]
>> [    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted
>> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce #772
>> [    0.000000] Call Trace:
>> [    0.000000] [c094ded0] [c016c7e4]
>> print_address_description+0x1a0/0x2b8 (unreliable)
>> [    0.000000] [c094df00] [c016caa0] kasan_report+0xe4/0x168
>> [    0.000000] [c094df40] [c016b464] memset+0x2c/0x4c
>> [    0.000000] [c094df60] [c08731f0] memblock_alloc_try_nid+0xd8/0xf0
>> [    0.000000] [c094df90] [c0861f20] mmu_context_init+0x58/0xa0
>> [    0.000000] [c094dfb0] [c085ca70] start_kernel+0x54/0x400
>> [    0.000000] [c094dff0] [c0002258] start_here+0x44/0x9c
>> [    0.000000]
>> [    0.000000]
>> [    0.000000] Memory state around the buggy address:
>> [    0.000000]  c7ff5980: e2 a1 87 81 bd d4 a5 b5 f8 8d 89 e7 72 bc 20 24
>> [    0.000000]  c7ff5a00: e7 b9 c1 c7 17 e9 b4 bd a4 d0 e7 a0 11 15 a5 b5
>> [    0.000000] >c7ff5a80: b5 e1 83 a5 2d 65 31 3f f3 e5 a7 ef 34 b5 69 b5
>> [    0.000000]                  ^
>> [    0.000000]  c7ff5b00: 21 a5 c1 c1 b4 bf 2d e5 e5 c3 f5 91 e3 b8 a1 34
>> [    0.000000]  c7ff5b80: ad ef 23 87 3d a6 ad b5 c3 c3 80 b7 ac b1 1f 37
>> [    0.000000]
>> ==================================================================
>> [    0.000000] Disabling lock debugging due to kernel taint
>> [    0.000000] MMU: Allocated 76 bytes of context maps for 16 contexts
>> [    0.000000] Built 1 zonelists, mobility grouping on.  Total pages: 8176
>> [    0.000000] Kernel command line: console=ttyCPM0,115200N8
>> ip=192.168.2.7:192.168.2.2::255.0.0.0:vgoip:eth0:off kgdboc=ttyCPM0
>> [    0.000000] Dentry cache hash table entries: 16384 (order: 2, 65536
>> bytes)
>> [    0.000000] Inode-cache hash table entries: 8192 (order: 1, 32768 bytes)
>> [    0.000000] Memory: 99904K/131072K available (7376K kernel code, 528K
>> rwdata, 1168K rodata, 576K init, 4623K bss, 31168K reserved, 0K
>> cma-reserved)
>> [    0.000000] Kernel virtual memory layout:
>> [    0.000000]   * 0xffefc000..0xffffc000  : fixmap
>> [    0.000000]   * 0xf7c00000..0xffc00000  : kasan shadow mem
>> [    0.000000]   * 0xf7a00000..0xf7c00000  : consistent mem
>> [    0.000000]   * 0xf7a00000..0xf7a00000  : early ioremap
>> [    0.000000]   * 0xc9000000..0xf7a00000  : vmalloc & ioremap
>>
>>
>> Christophe
Dmitry Vyukov Jan. 21, 2019, 9:24 a.m. | #5
On Mon, Jan 21, 2019 at 9:37 AM Christophe Leroy
<christophe.leroy@c-s.fr> wrote:
>
>
>
> Le 21/01/2019 à 09:30, Dmitry Vyukov a écrit :
> > On Mon, Jan 21, 2019 at 8:17 AM Christophe Leroy
> > <christophe.leroy@c-s.fr> wrote:
> >>
> >>
> >>
> >> Le 15/01/2019 à 18:23, Andrey Ryabinin a écrit :
> >>>
> >>>
> >>> On 1/12/19 2:16 PM, Christophe Leroy wrote:
> >>>
> >>>> +KASAN_SANITIZE_early_32.o := n
> >>>> +KASAN_SANITIZE_cputable.o := n
> >>>> +KASAN_SANITIZE_prom_init.o := n
> >>>> +
> >>>
> >>> Usually it's also good idea to disable branch profiling - define DISABLE_BRANCH_PROFILING
> >>> either in top of these files or via Makefile. Branch profiling redefines if() statement and calls
> >>> instrumented ftrace_likely_update in every if().
> >>>
> >>>
> >>>
> >>>> diff --git a/arch/powerpc/mm/kasan_init.c b/arch/powerpc/mm/kasan_init.c
> >>>> new file mode 100644
> >>>> index 000000000000..3edc9c2d2f3e
> >>>
> >>>> +void __init kasan_init(void)
> >>>> +{
> >>>> +    struct memblock_region *reg;
> >>>> +
> >>>> +    for_each_memblock(memory, reg)
> >>>> +            kasan_init_region(reg);
> >>>> +
> >>>> +    pr_info("KASAN init done\n");
> >>>
> >>> Without "init_task.kasan_depth = 0;" kasan will not repot bugs.
> >>>
> >>> There is test_kasan module. Make sure that it produce reports.
> >>>
> >>
> >> Thanks for the review.
> >>
> >> Now I get the following very early in boot, what does that mean ?
> >
> > This looks like an instrumented memset call before kasan shadow is
> > mapped, or kasan shadow is not zeros. Does this happen before or after
> > mapping of kasan_early_shadow_page?
>
> This is after the mapping of kasan_early_shadow_page.
>
> > This version seems to miss what x86 code has to clear the early shadow:
> >
> > /*
> > * kasan_early_shadow_page has been used as early shadow memory, thus
> > * it may contain some garbage. Now we can clear and write protect it,
> > * since after the TLB flush no one should write to it.
> > */
> > memset(kasan_early_shadow_page, 0, PAGE_SIZE);
>
> In the early part, kasan_early_shadow_page is mapped read-only so I
> assumed this reset of its content was unneccessary.
>
> I'll try with it.
>
> Christophe

As far as I understand machine memory contains garbage after boot, and
that page needs to be all 0's so we need to explicitly memset it.


> >> [    0.000000] KASAN init done
> >> [    0.000000]
> >> ==================================================================
> >> [    0.000000] BUG: KASAN: unknown-crash in memblock_alloc_try_nid+0xd8/0xf0
> >> [    0.000000] Write of size 68 at addr c7ff5a90 by task swapper/0
> >> [    0.000000]
> >> [    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted
> >> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce #772
> >> [    0.000000] Call Trace:
> >> [    0.000000] [c094ded0] [c016c7e4]
> >> print_address_description+0x1a0/0x2b8 (unreliable)
> >> [    0.000000] [c094df00] [c016caa0] kasan_report+0xe4/0x168
> >> [    0.000000] [c094df40] [c016b464] memset+0x2c/0x4c
> >> [    0.000000] [c094df60] [c08731f0] memblock_alloc_try_nid+0xd8/0xf0
> >> [    0.000000] [c094df90] [c0861f20] mmu_context_init+0x58/0xa0
> >> [    0.000000] [c094dfb0] [c085ca70] start_kernel+0x54/0x400
> >> [    0.000000] [c094dff0] [c0002258] start_here+0x44/0x9c
> >> [    0.000000]
> >> [    0.000000]
> >> [    0.000000] Memory state around the buggy address:
> >> [    0.000000]  c7ff5980: e2 a1 87 81 bd d4 a5 b5 f8 8d 89 e7 72 bc 20 24
> >> [    0.000000]  c7ff5a00: e7 b9 c1 c7 17 e9 b4 bd a4 d0 e7 a0 11 15 a5 b5
> >> [    0.000000] >c7ff5a80: b5 e1 83 a5 2d 65 31 3f f3 e5 a7 ef 34 b5 69 b5
> >> [    0.000000]                  ^
> >> [    0.000000]  c7ff5b00: 21 a5 c1 c1 b4 bf 2d e5 e5 c3 f5 91 e3 b8 a1 34
> >> [    0.000000]  c7ff5b80: ad ef 23 87 3d a6 ad b5 c3 c3 80 b7 ac b1 1f 37
> >> [    0.000000]
> >> ==================================================================
> >> [    0.000000] Disabling lock debugging due to kernel taint
> >> [    0.000000] MMU: Allocated 76 bytes of context maps for 16 contexts
> >> [    0.000000] Built 1 zonelists, mobility grouping on.  Total pages: 8176
> >> [    0.000000] Kernel command line: console=ttyCPM0,115200N8
> >> ip=192.168.2.7:192.168.2.2::255.0.0.0:vgoip:eth0:off kgdboc=ttyCPM0
> >> [    0.000000] Dentry cache hash table entries: 16384 (order: 2, 65536
> >> bytes)
> >> [    0.000000] Inode-cache hash table entries: 8192 (order: 1, 32768 bytes)
> >> [    0.000000] Memory: 99904K/131072K available (7376K kernel code, 528K
> >> rwdata, 1168K rodata, 576K init, 4623K bss, 31168K reserved, 0K
> >> cma-reserved)
> >> [    0.000000] Kernel virtual memory layout:
> >> [    0.000000]   * 0xffefc000..0xffffc000  : fixmap
> >> [    0.000000]   * 0xf7c00000..0xffc00000  : kasan shadow mem
> >> [    0.000000]   * 0xf7a00000..0xf7c00000  : consistent mem
> >> [    0.000000]   * 0xf7a00000..0xf7a00000  : early ioremap
> >> [    0.000000]   * 0xc9000000..0xf7a00000  : vmalloc & ioremap
> >>
> >>
> >> Christophe
Christophe Leroy Jan. 21, 2019, 9:30 a.m. | #6
Le 21/01/2019 à 10:24, Dmitry Vyukov a écrit :
> On Mon, Jan 21, 2019 at 9:37 AM Christophe Leroy
> <christophe.leroy@c-s.fr> wrote:
>>
>>
>>
>> Le 21/01/2019 à 09:30, Dmitry Vyukov a écrit :
>>> On Mon, Jan 21, 2019 at 8:17 AM Christophe Leroy
>>> <christophe.leroy@c-s.fr> wrote:
>>>>
>>>>
>>>>
>>>> Le 15/01/2019 à 18:23, Andrey Ryabinin a écrit :
>>>>>
>>>>>
>>>>> On 1/12/19 2:16 PM, Christophe Leroy wrote:
>>>>>
>>>>>> +KASAN_SANITIZE_early_32.o := n
>>>>>> +KASAN_SANITIZE_cputable.o := n
>>>>>> +KASAN_SANITIZE_prom_init.o := n
>>>>>> +
>>>>>
>>>>> Usually it's also good idea to disable branch profiling - define DISABLE_BRANCH_PROFILING
>>>>> either in top of these files or via Makefile. Branch profiling redefines if() statement and calls
>>>>> instrumented ftrace_likely_update in every if().
>>>>>
>>>>>
>>>>>
>>>>>> diff --git a/arch/powerpc/mm/kasan_init.c b/arch/powerpc/mm/kasan_init.c
>>>>>> new file mode 100644
>>>>>> index 000000000000..3edc9c2d2f3e
>>>>>
>>>>>> +void __init kasan_init(void)
>>>>>> +{
>>>>>> +    struct memblock_region *reg;
>>>>>> +
>>>>>> +    for_each_memblock(memory, reg)
>>>>>> +            kasan_init_region(reg);
>>>>>> +
>>>>>> +    pr_info("KASAN init done\n");
>>>>>
>>>>> Without "init_task.kasan_depth = 0;" kasan will not repot bugs.
>>>>>
>>>>> There is test_kasan module. Make sure that it produce reports.
>>>>>
>>>>
>>>> Thanks for the review.
>>>>
>>>> Now I get the following very early in boot, what does that mean ?
>>>
>>> This looks like an instrumented memset call before kasan shadow is
>>> mapped, or kasan shadow is not zeros. Does this happen before or after
>>> mapping of kasan_early_shadow_page?
>>
>> This is after the mapping of kasan_early_shadow_page.
>>
>>> This version seems to miss what x86 code has to clear the early shadow:
>>>
>>> /*
>>> * kasan_early_shadow_page has been used as early shadow memory, thus
>>> * it may contain some garbage. Now we can clear and write protect it,
>>> * since after the TLB flush no one should write to it.
>>> */
>>> memset(kasan_early_shadow_page, 0, PAGE_SIZE);
>>
>> In the early part, kasan_early_shadow_page is mapped read-only so I
>> assumed this reset of its content was unneccessary.
>>
>> I'll try with it.
>>
>> Christophe
> 
> As far as I understand machine memory contains garbage after boot, and
> that page needs to be all 0's so we need to explicitly memset it.

That page is in BSS so it is zeroed before kasan_early_init().

Though as expected, that memset() doesn't fix the issue.

Indeed the problem is in kasan_init() : memblock_phys_alloc() doesn't 
zeroize the allocated memory. I changed it to memblock_alloc() and now 
it works.

Thanks for your help,
Christophe


> 
> 
>>>> [    0.000000] KASAN init done
>>>> [    0.000000]
>>>> ==================================================================
>>>> [    0.000000] BUG: KASAN: unknown-crash in memblock_alloc_try_nid+0xd8/0xf0
>>>> [    0.000000] Write of size 68 at addr c7ff5a90 by task swapper/0
>>>> [    0.000000]
>>>> [    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted
>>>> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce #772
>>>> [    0.000000] Call Trace:
>>>> [    0.000000] [c094ded0] [c016c7e4]
>>>> print_address_description+0x1a0/0x2b8 (unreliable)
>>>> [    0.000000] [c094df00] [c016caa0] kasan_report+0xe4/0x168
>>>> [    0.000000] [c094df40] [c016b464] memset+0x2c/0x4c
>>>> [    0.000000] [c094df60] [c08731f0] memblock_alloc_try_nid+0xd8/0xf0
>>>> [    0.000000] [c094df90] [c0861f20] mmu_context_init+0x58/0xa0
>>>> [    0.000000] [c094dfb0] [c085ca70] start_kernel+0x54/0x400
>>>> [    0.000000] [c094dff0] [c0002258] start_here+0x44/0x9c
>>>> [    0.000000]
>>>> [    0.000000]
>>>> [    0.000000] Memory state around the buggy address:
>>>> [    0.000000]  c7ff5980: e2 a1 87 81 bd d4 a5 b5 f8 8d 89 e7 72 bc 20 24
>>>> [    0.000000]  c7ff5a00: e7 b9 c1 c7 17 e9 b4 bd a4 d0 e7 a0 11 15 a5 b5
>>>> [    0.000000] >c7ff5a80: b5 e1 83 a5 2d 65 31 3f f3 e5 a7 ef 34 b5 69 b5
>>>> [    0.000000]                  ^
>>>> [    0.000000]  c7ff5b00: 21 a5 c1 c1 b4 bf 2d e5 e5 c3 f5 91 e3 b8 a1 34
>>>> [    0.000000]  c7ff5b80: ad ef 23 87 3d a6 ad b5 c3 c3 80 b7 ac b1 1f 37
>>>> [    0.000000]
>>>> ==================================================================
>>>> [    0.000000] Disabling lock debugging due to kernel taint
>>>> [    0.000000] MMU: Allocated 76 bytes of context maps for 16 contexts
>>>> [    0.000000] Built 1 zonelists, mobility grouping on.  Total pages: 8176
>>>> [    0.000000] Kernel command line: console=ttyCPM0,115200N8
>>>> ip=192.168.2.7:192.168.2.2::255.0.0.0:vgoip:eth0:off kgdboc=ttyCPM0
>>>> [    0.000000] Dentry cache hash table entries: 16384 (order: 2, 65536
>>>> bytes)
>>>> [    0.000000] Inode-cache hash table entries: 8192 (order: 1, 32768 bytes)
>>>> [    0.000000] Memory: 99904K/131072K available (7376K kernel code, 528K
>>>> rwdata, 1168K rodata, 576K init, 4623K bss, 31168K reserved, 0K
>>>> cma-reserved)
>>>> [    0.000000] Kernel virtual memory layout:
>>>> [    0.000000]   * 0xffefc000..0xffffc000  : fixmap
>>>> [    0.000000]   * 0xf7c00000..0xffc00000  : kasan shadow mem
>>>> [    0.000000]   * 0xf7a00000..0xf7c00000  : consistent mem
>>>> [    0.000000]   * 0xf7a00000..0xf7a00000  : early ioremap
>>>> [    0.000000]   * 0xc9000000..0xf7a00000  : vmalloc & ioremap
>>>>
>>>>
>>>> Christophe
Christophe Leroy Jan. 21, 2019, 10:36 a.m. | #7
Le 15/01/2019 à 18:23, Andrey Ryabinin a écrit :
> 
> 
> On 1/12/19 2:16 PM, Christophe Leroy wrote:
> 
>> +KASAN_SANITIZE_early_32.o := n
>> +KASAN_SANITIZE_cputable.o := n
>> +KASAN_SANITIZE_prom_init.o := n
>> +
> 
> Usually it's also good idea to disable branch profiling - define DISABLE_BRANCH_PROFILING
> either in top of these files or via Makefile. Branch profiling redefines if() statement and calls
> instrumented ftrace_likely_update in every if().
> 
> 
> 
>> diff --git a/arch/powerpc/mm/kasan_init.c b/arch/powerpc/mm/kasan_init.c
>> new file mode 100644
>> index 000000000000..3edc9c2d2f3e
> 
>> +void __init kasan_init(void)
>> +{
>> +	struct memblock_region *reg;
>> +
>> +	for_each_memblock(memory, reg)
>> +		kasan_init_region(reg);
>> +
>> +	pr_info("KASAN init done\n");
> 
> Without "init_task.kasan_depth = 0;" kasan will not repot bugs.
> 
> There is test_kasan module. Make sure that it produce reports.
> 

I get the following report with test_kasan module.

Could you have a look at it and tell if everything is as expected ?

Thanks
Christophe

[  667.298897] kasan test: kmalloc_oob_right out-of-bounds to right
[  667.299036] 
==================================================================
[  667.306263] BUG: KASAN: slab-out-of-bounds in 
kmalloc_oob_right+0x74/0x94 [test_kasan]
[  667.313929] Write of size 1 at addr c53996fb by task exe/340
[  667.319451]
[  667.321021] CPU: 0 PID: 340 Comm: exe Not tainted 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  667.321072] Call Trace:
[  667.321248] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  667.321452] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  667.321741] [c5649ce0] [c95d41d4] kmalloc_oob_right+0x74/0x94 
[test_kasan]
[  667.322022] [c5649d00] [c95d5510] kmalloc_tests_init+0x18/0x2d0 
[test_kasan]
[  667.322214] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  667.322428] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  667.322630] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  667.322834] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  667.323027] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  667.323193] --- interrupt: c01 at 0xfd6b914
[  667.323193]     LR = 0x1001364c
[  667.323239]
[  667.324561] Allocated by task 340:
[  667.327993]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  667.328241]  kmalloc_oob_right+0x44/0x94 [test_kasan]
[  667.328477]  kmalloc_tests_init+0x18/0x2d0 [test_kasan]
[  667.328622]  do_one_initcall+0x40/0x278
[  667.328792]  do_init_module+0xcc/0x59c
[  667.328948]  load_module+0x2bc4/0x320c
[  667.329107]  sys_init_module+0x114/0x138
[  667.329250]  ret_from_syscall+0x0/0x38
[  667.329298]
[  667.330580] Freed by task 335:
[  667.333667]  __kasan_slab_free+0x120/0x22c
[  667.333788]  kfree+0x74/0x270
[  667.333950]  load_elf_binary+0xb0/0x162c
[  667.334129]  search_binary_handler+0x120/0x374
[  667.334297]  __do_execve_file+0x834/0xb20
[  667.334460]  sys_execve+0x40/0x54
[  667.334605]  ret_from_syscall+0x0/0x38
[  667.334652]
[  667.335954] The buggy address belongs to the object at c5399680
[  667.335954]  which belongs to the cache kmalloc-128 of size 128
[  667.347675] The buggy address is located 123 bytes inside of
[  667.347675]  128-byte region [c5399680, c5399700)
[  667.357847] The buggy address belongs to the page:
[  667.362634] page:c7fd9cc0 count:1 mapcount:0 mapping:c5007a80 index:0x0
[  667.362745] flags: 0x200(slab)
[  667.362973] raw: 00000200 00000100 00000200 c5007a80 00000000 
005500ab ffffffff 00000001
[  667.363043] page dumped because: kasan: bad access detected
[  667.363083]
[  667.364384] Memory state around the buggy address:
[  667.369190]  c5399580: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  667.375645]  c5399600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  667.382099] >c5399680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03
[  667.388496]                                                         ^
[  667.394921]  c5399700: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  667.401377]  c5399780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  667.407767] 
==================================================================
[  667.414904] Disabling lock debugging due to kernel taint
[  667.421182] kasan test: kmalloc_oob_left out-of-bounds to left
[  667.421314] 
==================================================================
[  667.428466] BUG: KASAN: slab-out-of-bounds in 
kmalloc_oob_left+0x74/0x9c [test_kasan]
[  667.436045] Read of size 1 at addr c58e9ddf by task exe/340
[  667.441483]
[  667.443064] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  667.443115] Call Trace:
[  667.443290] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  667.443492] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  667.443779] [c5649ce0] [c95d4268] kmalloc_oob_left+0x74/0x9c [test_kasan]
[  667.444057] [c5649d00] [c95d5514] kmalloc_tests_init+0x1c/0x2d0 
[test_kasan]
[  667.444246] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  667.444458] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  667.444658] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  667.444859] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  667.445051] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  667.445215] --- interrupt: c01 at 0xfd6b914
[  667.445215]     LR = 0x1001364c
[  667.445260]
[  667.446593] Allocated by task 340:
[  667.450025]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  667.450191]  do_init_module+0x2c/0x59c
[  667.450346]  load_module+0x2bc4/0x320c
[  667.450503]  sys_init_module+0x114/0x138
[  667.450645]  ret_from_syscall+0x0/0x38
[  667.450691]
[  667.452009] Freed by task 276:
[  667.455096]  __kasan_slab_free+0x120/0x22c
[  667.455214]  kfree+0x74/0x270
[  667.455344]  single_release+0x54/0x6c
[  667.455516]  close_pdeo+0x128/0x224
[  667.455680]  proc_reg_release+0x110/0x128
[  667.455811]  __fput+0xec/0x2d4
[  667.455934]  task_work_run+0x13c/0x15c
[  667.456101]  do_notify_resume+0x3d8/0x438
[  667.456248]  do_user_signal+0x2c/0x34
[  667.456294]
[  667.457641] The buggy address belongs to the object at c58e9dc0
[  667.457641]  which belongs to the cache kmalloc-16 of size 16
[  667.469191] The buggy address is located 15 bytes to the right of
[  667.469191]  16-byte region [c58e9dc0, c58e9dd0)
[  667.479708] The buggy address belongs to the page:
[  667.484495] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  667.484606] flags: 0x200(slab)
[  667.484833] raw: 00000200 00000100 00000200 c5007dc0 00000000 
02000401 ffffffff 00000001
[  667.484900] page dumped because: kasan: bad access detected
[  667.484940]
[  667.486244] Memory state around the buggy address:
[  667.491051]  c58e9c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[  667.497505]  c58e9d00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[  667.503959] >c58e9d80: 00 00 fc fc 00 00 fc fc 00 04 fc fc 00 07 fc fc
[  667.510354]                                             ^
[  667.515748]  c58e9e00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  667.522204]  c58e9e80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  667.528595] 
==================================================================
[  667.803662] kasan test: kmalloc_node_oob_right kmalloc_node(): 
out-of-bounds to right
[  667.803806] 
==================================================================
[  667.811008] BUG: KASAN: slab-out-of-bounds in 
kmalloc_node_oob_right+0x74/0x94 [test_kasan]
[  667.819105] Write of size 1 at addr c59a4300 by task exe/340
[  667.824627]
[  667.826209] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  667.826260] Call Trace:
[  667.826436] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  667.826640] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  667.826931] [c5649ce0] [c95d4304] kmalloc_node_oob_right+0x74/0x94 
[test_kasan]
[  667.827211] [c5649d00] [c95d5518] kmalloc_tests_init+0x20/0x2d0 
[test_kasan]
[  667.827402] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  667.827616] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  667.827818] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  667.828022] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  667.828216] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  667.828382] --- interrupt: c01 at 0xfd6b914
[  667.828382]     LR = 0x1001364c
[  667.828428]
[  667.829737] Allocated by task 340:
[  667.833169]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  667.833420]  kmalloc_node_oob_right+0x44/0x94 [test_kasan]
[  667.833656]  kmalloc_tests_init+0x20/0x2d0 [test_kasan]
[  667.833801]  do_one_initcall+0x40/0x278
[  667.833970]  do_init_module+0xcc/0x59c
[  667.834125]  load_module+0x2bc4/0x320c
[  667.834284]  sys_init_module+0x114/0x138
[  667.834427]  ret_from_syscall+0x0/0x38
[  667.834475]
[  667.835756] Freed by task 319:
[  667.838843]  __kasan_slab_free+0x120/0x22c
[  667.838963]  kfree+0x74/0x270
[  667.839137]  kobject_uevent_env+0x15c/0x65c
[  667.839299]  led_trigger_set+0x3f0/0x4fc
[  667.839451]  led_trigger_store+0xd8/0x164
[  667.839593]  kernfs_fop_write+0x18c/0x218
[  667.839721]  __vfs_write+0x5c/0x258
[  667.839843]  vfs_write+0xe4/0x248
[  667.839966]  ksys_write+0x58/0xd8
[  667.840111]  ret_from_syscall+0x0/0x38
[  667.840158]
[  667.841475] The buggy address belongs to the object at c59a3300
[  667.841475]  which belongs to the cache kmalloc-4k of size 4096
[  667.853196] The buggy address is located 0 bytes to the right of
[  667.853196]  4096-byte region [c59a3300, c59a4300)
[  667.863798] The buggy address belongs to the page:
[  667.868586] page:c7fdcd00 count:1 mapcount:0 mapping:c50075a0 
index:0x0 compound_mapcount: 0
[  667.868727] flags: 0x10200(slab|head)
[  667.868956] raw: 00010200 00000100 00000200 c50075a0 00000000 
000f001f ffffffff 00000001
[  667.869025] page dumped because: kasan: bad access detected
[  667.869065]
[  667.870334] Memory state around the buggy address:
[  667.875141]  c59a4200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  667.881595]  c59a4280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  667.888049] >c59a4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  667.894436]            ^
[  667.896998]  c59a4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  667.903454]  c59a4400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  667.909845] 
==================================================================
[  667.923434] kasan test: kmalloc_pagealloc_oob_right kmalloc pagealloc 
allocation: out-of-bounds to right
[  667.923647] 
==================================================================
[  667.930896] BUG: KASAN: slab-out-of-bounds in 
kmalloc_pagealloc_oob_right+0x78/0x98 [test_kasan]
[  667.939503] Write of size 1 at addr c5bd800a by task exe/340
[  667.945024]
[  667.946607] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  667.946657] Call Trace:
[  667.946833] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  667.947035] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  667.947325] [c5649ce0] [c95d4674] 
kmalloc_pagealloc_oob_right+0x78/0x98 [test_kasan]
[  667.947603] [c5649d00] [c95d551c] kmalloc_tests_init+0x24/0x2d0 
[test_kasan]
[  667.947792] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  667.948004] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  667.948204] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  667.948406] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  667.948597] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  667.948760] --- interrupt: c01 at 0xfd6b914
[  667.948760]     LR = 0x1001364c
[  667.948806]
[  667.950115] The buggy address belongs to the page:
[  667.954903] page:c7fdde80 count:1 mapcount:0 mapping:00000000 
index:0x0 compound_mapcount: 0
[  667.955038] flags: 0x10000(head)
[  667.955260] raw: 00010000 00000100 00000200 00000000 00000000 
00000000 ffffffff 00000001
[  667.955327] page dumped because: kasan: bad access detected
[  667.955367]
[  667.956652] Memory state around the buggy address:
[  667.961458]  c5bd7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  667.967912]  c5bd7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  667.974367] >c5bd8000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  667.980755]               ^
[  667.983574]  c5bd8080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  667.990030]  c5bd8100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  667.996420] 
==================================================================
[  668.222064] kasan test: kmalloc_pagealloc_uaf kmalloc pagealloc 
allocation: use-after-free
[  668.222349] 
==================================================================
[  668.229525] BUG: KASAN: use-after-free in 
kmalloc_pagealloc_uaf+0x78/0x94 [test_kasan]
[  668.237274] Write of size 1 at addr c5bd0000 by task exe/340
[  668.242796]
[  668.244378] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  668.244429] Call Trace:
[  668.244606] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  668.244810] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  668.245100] [c5649ce0] [c95d470c] kmalloc_pagealloc_uaf+0x78/0x94 
[test_kasan]
[  668.245381] [c5649d00] [c95d5520] kmalloc_tests_init+0x28/0x2d0 
[test_kasan]
[  668.245573] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  668.245787] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  668.245989] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  668.246192] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  668.246386] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  668.246552] --- interrupt: c01 at 0xfd6b914
[  668.246552]     LR = 0x1001364c
[  668.246598]
[  668.247886] The buggy address belongs to the page:
[  668.252671] page:c7fdde80 count:0 mapcount:-128 mapping:00000000 
index:0x0
[  668.252769] flags: 0x0()
[  668.252994] raw: 00000000 c7fdcf84 c0982ae8 00000000 00000000 
00000002 ffffff7f 00000000
[  668.253062] page dumped because: kasan: bad access detected
[  668.253102]
[  668.254337] Memory state around the buggy address:
[  668.259143]  c5bcff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  668.265597]  c5bcff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  668.272052] >c5bd0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  668.278439]            ^
[  668.281001]  c5bd0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  668.287458]  c5bd0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  668.293847] 
==================================================================
[  668.310744] kasan test: kmalloc_pagealloc_invalid_free kmalloc 
pagealloc allocation: invalid-free
[  668.310957] 
==================================================================
[  668.318156] BUG: KASAN: double-free or invalid-free in 
kmalloc_tests_init+0x2c/0x2d0 [test_kasan]
[  668.326705]
[  668.328286] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  668.328337] Call Trace:
[  668.328512] [c5649c80] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  668.328724] [c5649cb0] [c0176c24] kasan_report_invalid_free+0x48/0x74
[  668.328888] [c5649ce0] [c0173c14] kfree+0x1f8/0x270
[  668.329176] [c5649d00] [c95d5524] kmalloc_tests_init+0x2c/0x2d0 
[test_kasan]
[  668.329365] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  668.329577] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  668.329777] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  668.329978] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  668.330170] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  668.330334] --- interrupt: c01 at 0xfd6b914
[  668.330334]     LR = 0x1001364c
[  668.330379]
[  668.331622] The buggy address belongs to the page:
[  668.336410] page:c7fdde80 count:1 mapcount:0 mapping:00000000 
index:0x0 compound_mapcount: 0
[  668.336545] flags: 0x10000(head)
[  668.336767] raw: 00010000 00000100 00000200 00000000 00000000 
00000000 ffffffff 00000001
[  668.336834] page dumped because: kasan: bad access detected
[  668.336873]
[  668.338158] Memory state around the buggy address:
[  668.342965]  c5bcff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  668.349419]  c5bcff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  668.355874] >c5bd0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  668.362260]            ^
[  668.364822]  c5bd0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  668.371279]  c5bd0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  668.377668] 
==================================================================
[  668.528086] kasan test: kmalloc_large_oob_right kmalloc large 
allocation: out-of-bounds to right
[  668.528279] 
==================================================================
[  668.535471] BUG: KASAN: slab-out-of-bounds in 
kmalloc_large_oob_right+0x74/0x94 [test_kasan]
[  668.543735] Write of size 1 at addr c5498700 by task exe/340
[  668.549257]
[  668.550840] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  668.550891] Call Trace:
[  668.551068] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  668.551272] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  668.551561] [c5649ce0] [c95d4398] kmalloc_large_oob_right+0x74/0x94 
[test_kasan]
[  668.551842] [c5649d00] [c95d5528] kmalloc_tests_init+0x30/0x2d0 
[test_kasan]
[  668.552034] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  668.552248] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  668.552450] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  668.552655] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  668.552848] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  668.553013] --- interrupt: c01 at 0xfd6b914
[  668.553013]     LR = 0x1001364c
[  668.553059]
[  668.554367] Allocated by task 340:
[  668.557799]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  668.558049]  kmalloc_large_oob_right+0x44/0x94 [test_kasan]
[  668.558285]  kmalloc_tests_init+0x30/0x2d0 [test_kasan]
[  668.558430]  do_one_initcall+0x40/0x278
[  668.558599]  do_init_module+0xcc/0x59c
[  668.558756]  load_module+0x2bc4/0x320c
[  668.558915]  sys_init_module+0x114/0x138
[  668.559058]  ret_from_syscall+0x0/0x38
[  668.559106]
[  668.560386] Freed by task 173:
[  668.563473]  __kasan_slab_free+0x120/0x22c
[  668.563595]  kfree+0x74/0x270
[  668.563763]  consume_skb+0x38/0x138
[  668.563935]  skb_free_datagram+0x1c/0x80
[  668.564104]  netlink_recvmsg+0x1d0/0x4d4
[  668.564270]  ___sys_recvmsg+0xd8/0x194
[  668.564436]  __sys_recvmsg+0x40/0x8c
[  668.564563]  sys_socketcall+0xf8/0x210
[  668.564709]  ret_from_syscall+0x0/0x38
[  668.564756]
[  668.566106] The buggy address belongs to the object at c5490800
[  668.566106]  which belongs to the cache kmalloc-32k of size 32768
[  668.578000] The buggy address is located 32512 bytes inside of
[  668.578000]  32768-byte region [c5490800, c5498800)
[  668.588514] The buggy address belongs to the page:
[  668.593302] page:c7fda400 count:1 mapcount:0 mapping:c5007330 
index:0x0 compound_mapcount: 0
[  668.593443] flags: 0x10200(slab|head)
[  668.593672] raw: 00010200 00000100 00000200 c5007330 00000000 
00030007 ffffffff 00000001
[  668.593741] page dumped because: kasan: bad access detected
[  668.593781]
[  668.595051] Memory state around the buggy address:
[  668.599857]  c5498600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  668.606311]  c5498680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  668.612765] >c5498700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  668.619152]            ^
[  668.621714]  c5498780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  668.628171]  c5498800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  668.634561] 
==================================================================
[  668.645940] kasan test: kmalloc_oob_krealloc_more out-of-bounds after 
krealloc more
[  668.646103] 
==================================================================
[  668.653286] BUG: KASAN: slab-out-of-bounds in 
kmalloc_oob_krealloc_more+0x8c/0xac [test_kasan]
[  668.661723] Write of size 1 at addr c53e8ca3 by task exe/340
[  668.667245]
[  668.668827] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  668.668877] Call Trace:
[  668.669052] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  668.669254] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  668.669543] [c5649ce0] [c95d4838] kmalloc_oob_krealloc_more+0x8c/0xac 
[test_kasan]
[  668.669823] [c5649d00] [c95d552c] kmalloc_tests_init+0x34/0x2d0 
[test_kasan]
[  668.670012] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  668.670225] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  668.670426] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  668.670627] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  668.670819] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  668.670982] --- interrupt: c01 at 0xfd6b914
[  668.670982]     LR = 0x1001364c
[  668.671027]
[  668.672354] Allocated by task 340:
[  668.675786]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  668.675935]  krealloc+0xb0/0xe8
[  668.676185]  kmalloc_oob_krealloc_more+0x58/0xac [test_kasan]
[  668.676419]  kmalloc_tests_init+0x34/0x2d0 [test_kasan]
[  668.676563]  do_one_initcall+0x40/0x278
[  668.676730]  do_init_module+0xcc/0x59c
[  668.676885]  load_module+0x2bc4/0x320c
[  668.677042]  sys_init_module+0x114/0x138
[  668.677185]  ret_from_syscall+0x0/0x38
[  668.677231]
[  668.678543] Freed by task 0:
[  668.681460]  __kasan_slab_free+0x120/0x22c
[  668.681579]  kfree+0x74/0x270
[  668.681726]  rcu_process_callbacks+0x384/0x620
[  668.681858]  __do_softirq+0x134/0x48c
[  668.681904]
[  668.683231] The buggy address belongs to the object at c53e8c90
[  668.683231]  which belongs to the cache kmalloc-32 of size 32
[  668.694778] The buggy address is located 19 bytes inside of
[  668.694778]  32-byte region [c53e8c90, c53e8cb0)
[  668.704780] The buggy address belongs to the page:
[  668.709568] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
[  668.709676] flags: 0x200(slab)
[  668.709903] raw: 00000200 00000100 00000200 c5007cf0 00000000 
015502ab ffffffff 00000001
[  668.709970] page dumped because: kasan: bad access detected
[  668.710010]
[  668.711317] Memory state around the buggy address:
[  668.716124]  c53e8b80: 00 fc fc fc 00 00 00 fc fc fc fb fb fb fb fc fc
[  668.722579]  c53e8c00: 00 00 00 04 fc fc 00 00 00 04 fc fc 00 00 00 00
[  668.729033] >c53e8c80: fc fc 00 00 03 fc fc fc 00 00 00 00 fc fc 00 00
[  668.735421]                        ^
[  668.739014]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
[  668.745470]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
[  668.751860] 
==================================================================
[  669.016775] kasan test: kmalloc_oob_krealloc_less out-of-bounds after 
krealloc less
[  669.016942] 
==================================================================
[  669.024120] BUG: KASAN: slab-out-of-bounds in 
kmalloc_oob_krealloc_less+0x8c/0xac [test_kasan]
[  669.032474] Write of size 1 at addr c53e8bdf by task exe/340
[  669.037995]
[  669.039577] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  669.039628] Call Trace:
[  669.039803] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  669.040007] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  669.040299] [c5649ce0] [c95d48e4] kmalloc_oob_krealloc_less+0x8c/0xac 
[test_kasan]
[  669.040580] [c5649d00] [c95d5530] kmalloc_tests_init+0x38/0x2d0 
[test_kasan]
[  669.040771] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  669.040984] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  669.041187] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  669.041390] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  669.041584] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  669.041750] --- interrupt: c01 at 0xfd6b914
[  669.041750]     LR = 0x1001364c
[  669.041796]
[  669.043105] Allocated by task 340:
[  669.046537]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  669.046687]  krealloc+0xb0/0xe8
[  669.046940]  kmalloc_oob_krealloc_less+0x58/0xac [test_kasan]
[  669.047176]  kmalloc_tests_init+0x38/0x2d0 [test_kasan]
[  669.047321]  do_one_initcall+0x40/0x278
[  669.047491]  do_init_module+0xcc/0x59c
[  669.047648]  load_module+0x2bc4/0x320c
[  669.047806]  sys_init_module+0x114/0x138
[  669.047951]  ret_from_syscall+0x0/0x38
[  669.047998]
[  669.049294] Freed by task 0:
[  669.052211]  __kasan_slab_free+0x120/0x22c
[  669.052332]  kfree+0x74/0x270
[  669.052479]  rcu_process_callbacks+0x384/0x620
[  669.052612]  __do_softirq+0x134/0x48c
[  669.052659]
[  669.053981] The buggy address belongs to the object at c53e8bd0
[  669.053981]  which belongs to the cache kmalloc-32 of size 32
[  669.065529] The buggy address is located 15 bytes inside of
[  669.065529]  32-byte region [c53e8bd0, c53e8bf0)
[  669.075531] The buggy address belongs to the page:
[  669.080318] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
[  669.080428] flags: 0x200(slab)
[  669.080655] raw: 00000200 00000100 00000200 c5007cf0 00000000 
015502ab ffffffff 00000001
[  669.080724] page dumped because: kasan: bad access detected
[  669.080764]
[  669.082068] Memory state around the buggy address:
[  669.086874]  c53e8a80: 00 00 00 fc fc fc 00 00 00 fc fc fc 00 00 00 00
[  669.093328]  c53e8b00: fc fc 00 00 00 fc fc fc 00 00 00 fc fc fc 00 00
[  669.099783] >c53e8b80: 00 fc fc fc 00 00 00 fc fc fc 00 07 fc fc fc fc
[  669.106177]                                             ^
[  669.111572]  c53e8c00: 00 00 00 04 fc fc 00 00 00 04 fc fc 00 00 00 00
[  669.118028]  c53e8c80: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc 00 00
[  669.124418] 
==================================================================
[  669.137359] kasan test: kmalloc_oob_16 kmalloc out-of-bounds for 
16-bytes access
[  669.137538] 
==================================================================
[  669.144772] BUG: KASAN: slab-out-of-bounds in 
kmalloc_oob_16+0x94/0xdc [test_kasan]
[  669.152181] Write of size 16 at addr c58eada0 by task exe/340
[  669.157790]
[  669.159371] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  669.159421] Call Trace:
[  669.159597] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  669.159799] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  669.160086] [c5649ce0] [c95d444c] kmalloc_oob_16+0x94/0xdc [test_kasan]
[  669.160365] [c5649d00] [c95d5534] kmalloc_tests_init+0x3c/0x2d0 
[test_kasan]
[  669.160554] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  669.160765] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  669.160966] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  669.161167] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  669.161360] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  669.161523] --- interrupt: c01 at 0xfd6b914
[  669.161523]     LR = 0x1001364c
[  669.161569]
[  669.162900] Allocated by task 340:
[  669.166332]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  669.166578]  kmalloc_oob_16+0x48/0xdc [test_kasan]
[  669.166812]  kmalloc_tests_init+0x3c/0x2d0 [test_kasan]
[  669.166955]  do_one_initcall+0x40/0x278
[  669.167121]  do_init_module+0xcc/0x59c
[  669.167275]  load_module+0x2bc4/0x320c
[  669.167432]  sys_init_module+0x114/0x138
[  669.167575]  ret_from_syscall+0x0/0x38
[  669.167620]
[  669.168919] Freed by task 338:
[  669.172004]  __kasan_slab_free+0x120/0x22c
[  669.172122]  kfree+0x74/0x270
[  669.172264]  walk_component+0x150/0x478
[  669.172399]  link_path_walk+0x374/0x63c
[  669.172535]  path_openat+0xe4/0x15f8
[  669.172674]  do_filp_open+0xd0/0x120
[  669.172843]  do_open_execat+0x64/0x264
[  669.173010]  __do_execve_file+0xa0c/0xb20
[  669.173172]  sys_execve+0x40/0x54
[  669.173318]  ret_from_syscall+0x0/0x38
[  669.173364]
[  669.174722] The buggy address belongs to the object at c58eada0
[  669.174722]  which belongs to the cache kmalloc-16 of size 16
[  669.186269] The buggy address is located 0 bytes inside of
[  669.186269]  16-byte region [c58eada0, c58eadb0)
[  669.196187] The buggy address belongs to the page:
[  669.200974] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  669.201083] flags: 0x200(slab)
[  669.201310] raw: 00000200 00000100 00000200 c5007dc0 00000000 
02000401 ffffffff 00000001
[  669.201378] page dumped because: kasan: bad access detected
[  669.201417]
[  669.202723] Memory state around the buggy address:
[  669.207530]  c58eac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  669.213984]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  669.220438] >c58ead80: fb fb fc fc 00 05 fc fc 00 00 fc fc fb fb fc fc
[  669.226828]                           ^
[  669.230678]  c58eae00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  669.237134]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
[  669.243524] 
==================================================================
[  669.521937] kasan test: kmalloc_oob_in_memset out-of-bounds in memset
[  669.522086] 
==================================================================
[  669.529294] BUG: KASAN: slab-out-of-bounds in 
kmalloc_oob_in_memset+0x78/0x90 [test_kasan]
[  669.537306] Write of size 671 at addr c5881b00 by task exe/340
[  669.543000]
[  669.544581] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  669.544632] Call Trace:
[  669.544808] [c5649c50] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  669.545012] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  669.545186] [c5649cc0] [c0175700] memset+0x2c/0x4c
[  669.545477] [c5649ce0] [c95d497c] kmalloc_oob_in_memset+0x78/0x90 
[test_kasan]
[  669.545759] [c5649d00] [c95d5538] kmalloc_tests_init+0x40/0x2d0 
[test_kasan]
[  669.545949] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  669.546163] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  669.546366] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  669.546570] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  669.546764] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  669.546929] --- interrupt: c01 at 0xfd6b914
[  669.546929]     LR = 0x1001364c
[  669.546976]
[  669.548281] Allocated by task 340:
[  669.551713]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  669.551963]  kmalloc_oob_in_memset+0x44/0x90 [test_kasan]
[  669.552199]  kmalloc_tests_init+0x40/0x2d0 [test_kasan]
[  669.552346]  do_one_initcall+0x40/0x278
[  669.552515]  do_init_module+0xcc/0x59c
[  669.552672]  load_module+0x2bc4/0x320c
[  669.552831]  sys_init_module+0x114/0x138
[  669.552976]  ret_from_syscall+0x0/0x38
[  669.553023]
[  669.554300] Freed by task 131:
[  669.557387]  __kasan_slab_free+0x120/0x22c
[  669.557508]  kfree+0x74/0x270
[  669.557682]  pskb_expand_head+0x2b0/0x434
[  669.557843]  netlink_trim+0xfc/0x114
[  669.558009]  netlink_broadcast_filtered+0x48/0x530
[  669.558169]  nlmsg_notify+0x7c/0x128
[  669.558330]  fib6_add+0xd44/0x11d4
[  669.558461]  __ip6_ins_rt+0x5c/0x88
[  669.558598]  ip6_ins_rt+0x34/0x44
[  669.558777]  __ipv6_ifa_notify+0x388/0x38c
[  669.558945]  ipv6_ifa_notify+0x68/0x88
[  669.559076]  addrconf_dad_completed+0x54/0x49c
[  669.559201]  addrconf_dad_work+0x558/0x84c
[  669.559369]  process_one_work+0x408/0x78c
[  669.559524]  worker_thread+0xb4/0x83c
[  669.559657]  kthread+0x144/0x184
[  669.559811]  ret_from_kernel_thread+0x14/0x1c
[  669.559858]
[  669.561223] The buggy address belongs to the object at c5881b00
[  669.561223]  which belongs to the cache kmalloc-1k of size 1024
[  669.572943] The buggy address is located 0 bytes inside of
[  669.572943]  1024-byte region [c5881b00, c5881f00)
[  669.583031] The buggy address belongs to the page:
[  669.587818] page:c7fdc400 count:1 mapcount:0 mapping:c5007740 index:0x0
[  669.587929] flags: 0x200(slab)
[  669.588156] raw: 00000200 00000100 00000200 c5007740 00000000 
000e001d ffffffff 00000001
[  669.588225] page dumped because: kasan: bad access detected
[  669.588265]
[  669.589567] Memory state around the buggy address:
[  669.594374]  c5881c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  669.600828]  c5881d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  669.607282] >c5881d80: 00 00 00 02 fc fc fc fc fc fc fc fc fc fc fc fc
[  669.613671]                     ^
[  669.617005]  c5881e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  669.623462]  c5881e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  669.629852] 
==================================================================
[  669.643287] kasan test: kmalloc_oob_memset_2 out-of-bounds in memset2
[  669.643423] 
==================================================================
[  669.650641] BUG: KASAN: slab-out-of-bounds in 
kmalloc_oob_memset_2+0x7c/0x94 [test_kasan]
[  669.658563] Write of size 2 at addr c58eae07 by task exe/340
[  669.664085]
[  669.665668] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  669.665718] Call Trace:
[  669.665891] [c5649c50] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  669.666095] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  669.666267] [c5649cc0] [c0175700] memset+0x2c/0x4c
[  669.666556] [c5649ce0] [c95d4a10] kmalloc_oob_memset_2+0x7c/0x94 
[test_kasan]
[  669.666836] [c5649d00] [c95d553c] kmalloc_tests_init+0x44/0x2d0 
[test_kasan]
[  669.667026] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  669.667239] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  669.667440] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  669.667643] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  669.667836] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  669.668002] --- interrupt: c01 at 0xfd6b914
[  669.668002]     LR = 0x1001364c
[  669.668046]
[  669.669366] Allocated by task 340:
[  669.672799]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  669.673048]  kmalloc_oob_memset_2+0x44/0x94 [test_kasan]
[  669.673283]  kmalloc_tests_init+0x44/0x2d0 [test_kasan]
[  669.673426]  do_one_initcall+0x40/0x278
[  669.673594]  do_init_module+0xcc/0x59c
[  669.673750]  load_module+0x2bc4/0x320c
[  669.673909]  sys_init_module+0x114/0x138
[  669.674051]  ret_from_syscall+0x0/0x38
[  669.674098]
[  669.675387] Freed by task 276:
[  669.678473]  __kasan_slab_free+0x120/0x22c
[  669.678594]  kfree+0x74/0x270
[  669.678724]  single_release+0x54/0x6c
[  669.678897]  close_pdeo+0x128/0x224
[  669.679064]  proc_reg_release+0x110/0x128
[  669.679197]  __fput+0xec/0x2d4
[  669.679320]  task_work_run+0x13c/0x15c
[  669.679487]  do_notify_resume+0x3d8/0x438
[  669.679636]  do_user_signal+0x2c/0x34
[  669.679682]
[  669.681018] The buggy address belongs to the object at c58eae00
[  669.681018]  which belongs to the cache kmalloc-16 of size 16
[  669.692565] The buggy address is located 7 bytes inside of
[  669.692565]  16-byte region [c58eae00, c58eae10)
[  669.702482] The buggy address belongs to the page:
[  669.707268] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  669.707380] flags: 0x200(slab)
[  669.707607] raw: 00000200 00000100 00000200 c5007dc0 00000000 
02000401 ffffffff 00000001
[  669.707674] page dumped because: kasan: bad access detected
[  669.707713]
[  669.709018] Memory state around the buggy address:
[  669.713825]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  669.720279]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  669.726734] >c58eae00: 00 fc fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  669.733120]               ^
[  669.735941]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
[  669.742397]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  669.748787] 
==================================================================
[  670.056503] kasan test: kmalloc_oob_memset_4 out-of-bounds in memset4
[  670.056640] 
==================================================================
[  670.063818] BUG: KASAN: slab-out-of-bounds in 
kmalloc_oob_memset_4+0x7c/0x94 [test_kasan]
[  670.071743] Write of size 4 at addr c58eae25 by task exe/340
[  670.077263]
[  670.078847] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  670.078898] Call Trace:
[  670.079074] [c5649c50] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  670.079279] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  670.079452] [c5649cc0] [c0175700] memset+0x2c/0x4c
[  670.079743] [c5649ce0] [c95d4aa4] kmalloc_oob_memset_4+0x7c/0x94 
[test_kasan]
[  670.080025] [c5649d00] [c95d5540] kmalloc_tests_init+0x48/0x2d0 
[test_kasan]
[  670.080216] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  670.080431] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  670.080635] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  670.080839] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  670.081034] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  670.081201] --- interrupt: c01 at 0xfd6b914
[  670.081201]     LR = 0x1001364c
[  670.081247]
[  670.082546] Allocated by task 340:
[  670.085978]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  670.086229]  kmalloc_oob_memset_4+0x44/0x94 [test_kasan]
[  670.086465]  kmalloc_tests_init+0x48/0x2d0 [test_kasan]
[  670.086611]  do_one_initcall+0x40/0x278
[  670.086782]  do_init_module+0xcc/0x59c
[  670.086941]  load_module+0x2bc4/0x320c
[  670.087101]  sys_init_module+0x114/0x138
[  670.087246]  ret_from_syscall+0x0/0x38
[  670.087293]
[  670.088563] Freed by task 276:
[  670.091652]  __kasan_slab_free+0x120/0x22c
[  670.091774]  kfree+0x74/0x270
[  670.091906]  single_release+0x54/0x6c
[  670.092080]  close_pdeo+0x128/0x224
[  670.092249]  proc_reg_release+0x110/0x128
[  670.092383]  __fput+0xec/0x2d4
[  670.092509]  task_work_run+0x13c/0x15c
[  670.092678]  do_notify_resume+0x3d8/0x438
[  670.092828]  do_user_signal+0x2c/0x34
[  670.092874]
[  670.094198] The buggy address belongs to the object at c58eae20
[  670.094198]  which belongs to the cache kmalloc-16 of size 16
[  670.105743] The buggy address is located 5 bytes inside of
[  670.105743]  16-byte region [c58eae20, c58eae30)
[  670.115660] The buggy address belongs to the page:
[  670.120447] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  670.120560] flags: 0x200(slab)
[  670.120789] raw: 00000200 00000100 00000200 c5007dc0 00000000 
02000401 ffffffff 00000001
[  670.120858] page dumped because: kasan: bad access detected
[  670.120899]
[  670.122198] Memory state around the buggy address:
[  670.127004]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.133458]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.139912] >c58eae00: fb fb fc fc 00 fc fc fc fb fb fc fc fb fb fc fc
[  670.146302]                           ^
[  670.150152]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
[  670.156608]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.162998] 
==================================================================
[  670.176210] kasan test: kmalloc_oob_memset_8 out-of-bounds in memset8
[  670.176342] 
==================================================================
[  670.183528] BUG: KASAN: slab-out-of-bounds in 
kmalloc_oob_memset_8+0x7c/0x94 [test_kasan]
[  670.191450] Write of size 8 at addr c58eae41 by task exe/340
[  670.196972]
[  670.198555] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  670.198605] Call Trace:
[  670.198779] [c5649c50] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  670.198982] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  670.199153] [c5649cc0] [c0175700] memset+0x2c/0x4c
[  670.199443] [c5649ce0] [c95d4b38] kmalloc_oob_memset_8+0x7c/0x94 
[test_kasan]
[  670.199722] [c5649d00] [c95d5544] kmalloc_tests_init+0x4c/0x2d0 
[test_kasan]
[  670.199912] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  670.200125] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  670.200327] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  670.200530] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  670.200723] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  670.200887] --- interrupt: c01 at 0xfd6b914
[  670.200887]     LR = 0x1001364c
[  670.200931]
[  670.202255] Allocated by task 340:
[  670.205686]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  670.205934]  kmalloc_oob_memset_8+0x44/0x94 [test_kasan]
[  670.206168]  kmalloc_tests_init+0x4c/0x2d0 [test_kasan]
[  670.206312]  do_one_initcall+0x40/0x278
[  670.206480]  do_init_module+0xcc/0x59c
[  670.206637]  load_module+0x2bc4/0x320c
[  670.206794]  sys_init_module+0x114/0x138
[  670.206937]  ret_from_syscall+0x0/0x38
[  670.206983]
[  670.208274] Freed by task 276:
[  670.211360]  __kasan_slab_free+0x120/0x22c
[  670.211479]  kfree+0x74/0x270
[  670.211611]  single_release+0x54/0x6c
[  670.211782]  close_pdeo+0x128/0x224
[  670.211947]  proc_reg_release+0x110/0x128
[  670.212079]  __fput+0xec/0x2d4
[  670.212202]  task_work_run+0x13c/0x15c
[  670.212368]  do_notify_resume+0x3d8/0x438
[  670.212515]  do_user_signal+0x2c/0x34
[  670.212561]
[  670.213904] The buggy address belongs to the object at c58eae40
[  670.213904]  which belongs to the cache kmalloc-16 of size 16
[  670.225452] The buggy address is located 1 bytes inside of
[  670.225452]  16-byte region [c58eae40, c58eae50)
[  670.235368] The buggy address belongs to the page:
[  670.240155] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  670.240265] flags: 0x200(slab)
[  670.240493] raw: 00000200 00000100 00000200 c5007dc0 00000000 
02000401 ffffffff 00000001
[  670.240560] page dumped because: kasan: bad access detected
[  670.240599]
[  670.241906] Memory state around the buggy address:
[  670.246712]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.253167]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.259621] >c58eae00: fb fb fc fc fb fb fc fc 00 fc fc fc fb fb fc fc
[  670.266014]                                       ^
[  670.270894]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
[  670.277349]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.283740] 
==================================================================
[  670.574861] kasan test: kmalloc_oob_memset_16 out-of-bounds in memset16
[  670.574999] 
==================================================================
[  670.582162] BUG: KASAN: slab-out-of-bounds in 
kmalloc_oob_memset_16+0x7c/0x94 [test_kasan]
[  670.590260] Write of size 16 at addr c58eae81 by task exe/340
[  670.595865]
[  670.597448] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  670.597499] Call Trace:
[  670.597674] [c5649c50] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  670.597880] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  670.598053] [c5649cc0] [c0175700] memset+0x2c/0x4c
[  670.598344] [c5649ce0] [c95d4bcc] kmalloc_oob_memset_16+0x7c/0x94 
[test_kasan]
[  670.598626] [c5649d00] [c95d5548] kmalloc_tests_init+0x50/0x2d0 
[test_kasan]
[  670.598816] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  670.599031] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  670.599234] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  670.599439] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  670.599634] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  670.599801] --- interrupt: c01 at 0xfd6b914
[  670.599801]     LR = 0x1001364c
[  670.599847]
[  670.601148] Allocated by task 340:
[  670.604580]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  670.604834]  kmalloc_oob_memset_16+0x44/0x94 [test_kasan]
[  670.605070]  kmalloc_tests_init+0x50/0x2d0 [test_kasan]
[  670.605215]  do_one_initcall+0x40/0x278
[  670.605385]  do_init_module+0xcc/0x59c
[  670.605543]  load_module+0x2bc4/0x320c
[  670.605704]  sys_init_module+0x114/0x138
[  670.605851]  ret_from_syscall+0x0/0x38
[  670.605897]
[  670.607166] Freed by task 276:
[  670.610253]  __kasan_slab_free+0x120/0x22c
[  670.610374]  kfree+0x74/0x270
[  670.610506]  single_release+0x54/0x6c
[  670.610681]  close_pdeo+0x128/0x224
[  670.610849]  proc_reg_release+0x110/0x128
[  670.610983]  __fput+0xec/0x2d4
[  670.611107]  task_work_run+0x13c/0x15c
[  670.611275]  do_notify_resume+0x3d8/0x438
[  670.611424]  do_user_signal+0x2c/0x34
[  670.611471]
[  670.612798] The buggy address belongs to the object at c58eae80
[  670.612798]  which belongs to the cache kmalloc-16 of size 16
[  670.624345] The buggy address is located 1 bytes inside of
[  670.624345]  16-byte region [c58eae80, c58eae90)
[  670.634260] The buggy address belongs to the page:
[  670.639048] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  670.639158] flags: 0x200(slab)
[  670.639387] raw: 00000200 00000100 00000200 c5007dc0 00000000 
02000401 ffffffff 00000001
[  670.639457] page dumped because: kasan: bad access detected
[  670.639497]
[  670.640799] Memory state around the buggy address:
[  670.645604]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.652058]  c58eae00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.658513] >c58eae80: 00 00 fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
[  670.664901]                  ^
[  670.667978]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.674434]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.680825] 
==================================================================
[  670.693766] kasan test: kmalloc_uaf use-after-free
[  670.693923] 
==================================================================
[  670.701091] BUG: KASAN: use-after-free in kmalloc_uaf+0x78/0x94 
[test_kasan]
[  670.707899] Write of size 1 at addr c58eaea8 by task exe/340
[  670.713422]
[  670.715004] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  670.715055] Call Trace:
[  670.715229] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  670.715433] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  670.715719] [c5649ce0] [c95d450c] kmalloc_uaf+0x78/0x94 [test_kasan]
[  670.715997] [c5649d00] [c95d554c] kmalloc_tests_init+0x54/0x2d0 
[test_kasan]
[  670.716187] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  670.716400] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  670.716601] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  670.716804] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  670.716998] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  670.717164] --- interrupt: c01 at 0xfd6b914
[  670.717164]     LR = 0x1001364c
[  670.717209]
[  670.718531] Allocated by task 340:
[  670.721965]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  670.722210]  kmalloc_uaf+0x44/0x94 [test_kasan]
[  670.722446]  kmalloc_tests_init+0x54/0x2d0 [test_kasan]
[  670.722588]  do_one_initcall+0x40/0x278
[  670.722756]  do_init_module+0xcc/0x59c
[  670.722912]  load_module+0x2bc4/0x320c
[  670.723069]  sys_init_module+0x114/0x138
[  670.723213]  ret_from_syscall+0x0/0x38
[  670.723260]
[  670.724550] Freed by task 340:
[  670.727635]  __kasan_slab_free+0x120/0x22c
[  670.727754]  kfree+0x74/0x270
[  670.727998]  kmalloc_uaf+0x70/0x94 [test_kasan]
[  670.728233]  kmalloc_tests_init+0x54/0x2d0 [test_kasan]
[  670.728375]  do_one_initcall+0x40/0x278
[  670.728543]  do_init_module+0xcc/0x59c
[  670.728698]  load_module+0x2bc4/0x320c
[  670.728855]  sys_init_module+0x114/0x138
[  670.728998]  ret_from_syscall+0x0/0x38
[  670.729044]
[  670.730356] The buggy address belongs to the object at c58eaea0
[  670.730356]  which belongs to the cache kmalloc-16 of size 16
[  670.741901] The buggy address is located 8 bytes inside of
[  670.741901]  16-byte region [c58eaea0, c58eaeb0)
[  670.751818] The buggy address belongs to the page:
[  670.756605] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  670.756716] flags: 0x200(slab)
[  670.756944] raw: 00000200 00000100 00000200 c5007dc0 00000000 
02000401 ffffffff 00000001
[  670.757012] page dumped because: kasan: bad access detected
[  670.757052]
[  670.758354] Memory state around the buggy address:
[  670.763163]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.769616]  c58eae00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.776070] >c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
[  670.782461]                           ^
[  670.786311]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.792765]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  670.799157] 
==================================================================
[  671.084949] kasan test: kmalloc_uaf_memset use-after-free in memset
[  671.085122] 
==================================================================
[  671.092328] BUG: KASAN: use-after-free in 
kmalloc_tests_init+0x58/0x2d0 [test_kasan]
[  671.099824] Write of size 33 at addr c534b0c0 by task exe/340
[  671.105430]
[  671.107012] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  671.107063] Call Trace:
[  671.107238] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  671.107443] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  671.107616] [c5649ce0] [c0175700] memset+0x2c/0x4c
[  671.107907] [c5649d00] [c95d5550] kmalloc_tests_init+0x58/0x2d0 
[test_kasan]
[  671.108098] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  671.108314] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  671.108518] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  671.108724] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  671.108918] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  671.109085] --- interrupt: c01 at 0xfd6b914
[  671.109085]     LR = 0x1001364c
[  671.109132]
[  671.110452] Allocated by task 340:
[  671.113886]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  671.114137]  kmalloc_uaf_memset+0x44/0x90 [test_kasan]
[  671.114374]  kmalloc_tests_init+0x58/0x2d0 [test_kasan]
[  671.114520]  do_one_initcall+0x40/0x278
[  671.114689]  do_init_module+0xcc/0x59c
[  671.114846]  load_module+0x2bc4/0x320c
[  671.115005]  sys_init_module+0x114/0x138
[  671.115151]  ret_from_syscall+0x0/0x38
[  671.115198]
[  671.116472] Freed by task 340:
[  671.119559]  __kasan_slab_free+0x120/0x22c
[  671.119681]  kfree+0x74/0x270
[  671.119927]  kmalloc_uaf_memset+0x70/0x90 [test_kasan]
[  671.120167]  kmalloc_tests_init+0x58/0x2d0 [test_kasan]
[  671.120312]  do_one_initcall+0x40/0x278
[  671.120481]  do_init_module+0xcc/0x59c
[  671.120640]  load_module+0x2bc4/0x320c
[  671.120801]  sys_init_module+0x114/0x138
[  671.120945]  ret_from_syscall+0x0/0x38
[  671.120992]
[  671.122276] The buggy address belongs to the object at c534b0c0
[  671.122276]  which belongs to the cache kmalloc-64 of size 64
[  671.133824] The buggy address is located 0 bytes inside of
[  671.133824]  64-byte region [c534b0c0, c534b100)
[  671.143741] The buggy address belongs to the page:
[  671.148527] page:c7fd9a40 count:1 mapcount:0 mapping:c5007c20 index:0x0
[  671.148637] flags: 0x200(slab)
[  671.148866] raw: 00000200 00000100 00000200 c5007c20 00000000 
00aa0155 ffffffff 00000001
[  671.148935] page dumped because: kasan: bad access detected
[  671.148975]
[  671.150277] Memory state around the buggy address:
[  671.155084]  c534af80: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
[  671.161538]  c534b000: 00 00 00 00 00 00 fc fc fc fc fc fc fb fb fb fb
[  671.167993] >c534b080: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
[  671.174383]                                    ^
[  671.179007]  c534b100: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
[  671.185461]  c534b180: 00 00 00 00 04 fc fc fc fc fc fc fc fb fb fb fb
[  671.191853] 
==================================================================
[  671.204460] kasan test: kmalloc_uaf2 use-after-free after another kmalloc
[  671.204676] 
==================================================================
[  671.211859] BUG: KASAN: use-after-free in kmalloc_uaf2+0x9c/0xd4 
[test_kasan]
[  671.218755] Write of size 1 at addr c534b088 by task exe/340
[  671.224277]
[  671.225860] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  671.225910] Call Trace:
[  671.226085] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  671.226288] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  671.226574] [c5649ce0] [c95d45c4] kmalloc_uaf2+0x9c/0xd4 [test_kasan]
[  671.226854] [c5649d00] [c95d5554] kmalloc_tests_init+0x5c/0x2d0 
[test_kasan]
[  671.227044] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  671.227257] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  671.227458] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  671.227659] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  671.227853] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  671.228018] --- interrupt: c01 at 0xfd6b914
[  671.228018]     LR = 0x1001364c
[  671.228063]
[  671.229387] Allocated by task 340:
[  671.232819]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  671.233065]  kmalloc_uaf2+0x48/0xd4 [test_kasan]
[  671.233299]  kmalloc_tests_init+0x5c/0x2d0 [test_kasan]
[  671.233442]  do_one_initcall+0x40/0x278
[  671.233609]  do_init_module+0xcc/0x59c
[  671.233765]  load_module+0x2bc4/0x320c
[  671.233922]  sys_init_module+0x114/0x138
[  671.234066]  ret_from_syscall+0x0/0x38
[  671.234111]
[  671.235407] Freed by task 340:
[  671.238491]  __kasan_slab_free+0x120/0x22c
[  671.238609]  kfree+0x74/0x270
[  671.238851]  kmalloc_uaf2+0x78/0xd4 [test_kasan]
[  671.239085]  kmalloc_tests_init+0x5c/0x2d0 [test_kasan]
[  671.239228]  do_one_initcall+0x40/0x278
[  671.239395]  do_init_module+0xcc/0x59c
[  671.239550]  load_module+0x2bc4/0x320c
[  671.239707]  sys_init_module+0x114/0x138
[  671.239850]  ret_from_syscall+0x0/0x38
[  671.239897]
[  671.241211] The buggy address belongs to the object at c534b060
[  671.241211]  which belongs to the cache kmalloc-64 of size 64
[  671.252758] The buggy address is located 40 bytes inside of
[  671.252758]  64-byte region [c534b060, c534b0a0)
[  671.262761] The buggy address belongs to the page:
[  671.267547] page:c7fd9a40 count:1 mapcount:0 mapping:c5007c20 index:0x0
[  671.267657] flags: 0x200(slab)
[  671.267885] raw: 00000200 00000100 00000200 c5007c20 00000000 
00aa0155 ffffffff 00000001
[  671.267953] page dumped because: kasan: bad access detected
[  671.267993]
[  671.269296] Memory state around the buggy address:
[  671.274104]  c534af80: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
[  671.280561]  c534b000: 00 00 00 00 00 00 fc fc fc fc fc fc fb fb fb fb
[  671.287012] >c534b080: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
[  671.293399]               ^
[  671.296220]  c534b100: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
[  671.302676]  c534b180: 00 00 00 00 04 fc fc fc fc fc fc fc fb fb fb fb
[  671.309066] 
==================================================================
[  671.597554] kasan test: kmem_cache_oob out-of-bounds in kmem_cache_alloc
[  671.597819] 
==================================================================
[  671.604991] BUG: KASAN: slab-out-of-bounds in 
kmem_cache_oob+0x9c/0xd0 [test_kasan]
[  671.612398] Read of size 1 at addr c5e180c8 by task exe/340
[  671.617834]
[  671.619417] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  671.619469] Call Trace:
[  671.619645] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  671.619848] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  671.620138] [c5649ce0] [c95d4d10] kmem_cache_oob+0x9c/0xd0 [test_kasan]
[  671.620420] [c5649d00] [c95d5558] kmalloc_tests_init+0x60/0x2d0 
[test_kasan]
[  671.620611] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  671.620826] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  671.621030] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  671.621234] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  671.621428] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  671.621596] --- interrupt: c01 at 0xfd6b914
[  671.621596]     LR = 0x1001364c
[  671.621642]
[  671.622944] Allocated by task 340:
[  671.626376]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  671.626504]  kmem_cache_alloc+0xf4/0x210
[  671.626752]  kmem_cache_oob+0x78/0xd0 [test_kasan]
[  671.626989]  kmalloc_tests_init+0x60/0x2d0 [test_kasan]
[  671.627135]  do_one_initcall+0x40/0x278
[  671.627305]  do_init_module+0xcc/0x59c
[  671.627463]  load_module+0x2bc4/0x320c
[  671.627623]  sys_init_module+0x114/0x138
[  671.627769]  ret_from_syscall+0x0/0x38
[  671.627816]
[  671.629132] Freed by task 0:
[  671.631954] (stack is not available)
[  671.635476]
[  671.637007] The buggy address belongs to the object at c5e18000
[  671.637007]  which belongs to the cache test_cache of size 200
[  671.648642] The buggy address is located 0 bytes to the right of
[  671.648642]  200-byte region [c5e18000, c5e180c8)
[  671.659156] The buggy address belongs to the page:
[  671.663942] page:c7fdf0c0 count:1 mapcount:0 mapping:c540a560 index:0x0
[  671.664054] flags: 0x200(slab)
[  671.664283] raw: 00000200 00000100 00000200 c540a560 00000000 
003e007d ffffffff 00000001
[  671.664353] page dumped because: kasan: bad access detected
[  671.664393]
[  671.665694] Memory state around the buggy address:
[  671.670501]  c5e17f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  671.676954]  c5e18000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  671.683409] >c5e18080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[  671.689802]                                       ^
[  671.694680]  c5e18100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  671.701137]  c5e18180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  671.707528] 
==================================================================
[  671.758410] 
=============================================================================
[  671.766368] BUG test_cache (Tainted: G    B            ): Objects 
remaining in test_cache on __kmem_cache_shutdown()
[  671.776719] 
-----------------------------------------------------------------------------
[  671.776719]
[  671.786325] INFO: Slab 0x(ptrval) objects=62 used=1 fp=0x(ptrval) 
flags=0x0200
[  671.793514] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  671.793563] Call Trace:
[  671.793752] [c5649bf0] [c016ebe0] slab_err+0x98/0xac (unreliable)
[  671.793956] [c5649c90] [c01748f4] __kmem_cache_shutdown+0x15c/0x338
[  671.794160] [c5649cf0] [c013c3b4] kmem_cache_destroy+0x68/0x114
[  671.794463] [c5649d00] [c95d5558] kmalloc_tests_init+0x60/0x2d0 
[test_kasan]
[  671.794656] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  671.794868] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  671.795071] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  671.795275] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  671.795468] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  671.795633] --- interrupt: c01 at 0xfd6b914
[  671.795633]     LR = 0x1001364c
[  671.795738] INFO: Object 0x(ptrval) @offset=0
[  671.909762] kmem_cache_destroy test_cache: Slab cache still has objects
[  671.931546] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  671.931601] Call Trace:
[  671.931790] [c5649cf0] [c013c45c] kmem_cache_destroy+0x110/0x114 
(unreliable)
[  671.932116] [c5649d00] [c95d5558] kmalloc_tests_init+0x60/0x2d0 
[test_kasan]
[  671.932310] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  671.932526] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  671.932730] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  671.932934] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  671.933130] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  671.933300] --- interrupt: c01 at 0xfd6b914
[  671.933300]     LR = 0x1001364c
[  671.952750] kasan test: memcg_accounted_kmem_cache allocate memcg 
accounted object
[  672.556766] kasan test: kasan_stack_oob out-of-bounds on stack
[  672.556850] kasan test: kasan_global_oob out-of-bounds global variable
[  672.556922] kasan test: kasan_alloca_oob_left out-of-bounds to left 
on alloca
[  672.556995] kasan test: kasan_alloca_oob_right out-of-bounds to right 
on alloca
[  672.557070] kasan test: ksize_unpoisons_memory ksize() unpoisons the 
whole allocated chunk
[  672.557200] 
==================================================================
[  672.564395] BUG: KASAN: slab-out-of-bounds in 
ksize_unpoisons_memory+0x8c/0xac [test_kasan]
[  672.572578] Write of size 1 at addr c539ab40 by task exe/340
[  672.578098]
[  672.579682] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  672.579734] Call Trace:
[  672.579909] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  672.580114] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  672.580406] [c5649ce0] [c95d5100] ksize_unpoisons_memory+0x8c/0xac 
[test_kasan]
[  672.580689] [c5649d00] [c95d5570] kmalloc_tests_init+0x78/0x2d0 
[test_kasan]
[  672.580880] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  672.581096] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  672.581299] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  672.581503] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  672.581697] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  672.581864] --- interrupt: c01 at 0xfd6b914
[  672.581864]     LR = 0x1001364c
[  672.581910]
[  672.583208] Allocated by task 340:
[  672.586642]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  672.586892]  ksize_unpoisons_memory+0x44/0xac [test_kasan]
[  672.587129]  kmalloc_tests_init+0x78/0x2d0 [test_kasan]
[  672.587275]  do_one_initcall+0x40/0x278
[  672.587445]  do_init_module+0xcc/0x59c
[  672.587602]  load_module+0x2bc4/0x320c
[  672.587761]  sys_init_module+0x114/0x138
[  672.587906]  ret_from_syscall+0x0/0x38
[  672.587953]
[  672.589227] Freed by task 338:
[  672.592316]  __kasan_slab_free+0x120/0x22c
[  672.592437]  kfree+0x74/0x270
[  672.592602]  load_elf_binary+0xb0/0x162c
[  672.592782]  search_binary_handler+0x120/0x374
[  672.592950]  __do_execve_file+0x834/0xb20
[  672.593114]  sys_execve+0x40/0x54
[  672.593259]  ret_from_syscall+0x0/0x38
[  672.593307]
[  672.594603] The buggy address belongs to the object at c539aac0
[  672.594603]  which belongs to the cache kmalloc-128 of size 128
[  672.606324] The buggy address is located 0 bytes to the right of
[  672.606324]  128-byte region [c539aac0, c539ab40)
[  672.616840] The buggy address belongs to the page:
[  672.621625] page:c7fd9cc0 count:1 mapcount:0 mapping:c5007a80 index:0x0
[  672.621738] flags: 0x200(slab)
[  672.621967] raw: 00000200 00000100 00000200 c5007a80 00000000 
005500ab ffffffff 00000001
[  672.622038] page dumped because: kasan: bad access detected
[  672.622077]
[  672.623375] Memory state around the buggy address:
[  672.628183]  c539aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  672.634637]  c539aa80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  672.641090] >c539ab00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  672.647483]                                    ^
[  672.652106]  c539ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  672.658562]  c539ac00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  672.664951] 
==================================================================
[  672.814421] kasan test: copy_user_test out-of-bounds in copy_from_user()
[  672.814499] 
==================================================================
[  672.821643] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x48/0xc4
[  672.828089] Write of size 11 at addr c58eb020 by task exe/340
[  672.833699]
[  672.835280] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  672.835331] Call Trace:
[  672.835504] [c5649c50] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  672.835708] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  672.835929] [c5649cc0] [c0307be0] _copy_from_user+0x48/0xc4
[  672.836230] [c5649ce0] [c95d51b4] copy_user_test+0x94/0x1bc [test_kasan]
[  672.836512] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0 
[test_kasan]
[  672.836703] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  672.836917] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  672.837121] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  672.837326] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  672.837522] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  672.837687] --- interrupt: c01 at 0xfd6b914
[  672.837687]     LR = 0x1001364c
[  672.837733]
[  672.839067] Allocated by task 340:
[  672.842500]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  672.842749]  copy_user_test+0x28/0x1bc [test_kasan]
[  672.842985]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  672.843131]  do_one_initcall+0x40/0x278
[  672.843301]  do_init_module+0xcc/0x59c
[  672.843458]  load_module+0x2bc4/0x320c
[  672.843619]  sys_init_module+0x114/0x138
[  672.843764]  ret_from_syscall+0x0/0x38
[  672.843812]
[  672.845085] Freed by task 276:
[  672.848173]  __kasan_slab_free+0x120/0x22c
[  672.848295]  kfree+0x74/0x270
[  672.848427]  single_release+0x54/0x6c
[  672.848601]  close_pdeo+0x128/0x224
[  672.848768]  proc_reg_release+0x110/0x128
[  672.848903]  __fput+0xec/0x2d4
[  672.849028]  task_work_run+0x13c/0x15c
[  672.849197]  do_notify_resume+0x3d8/0x438
[  672.849346]  do_user_signal+0x2c/0x34
[  672.849393]
[  672.850719] The buggy address belongs to the object at c58eb020
[  672.850719]  which belongs to the cache kmalloc-16 of size 16
[  672.862264] The buggy address is located 0 bytes inside of
[  672.862264]  16-byte region [c58eb020, c58eb030)
[  672.872182] The buggy address belongs to the page:
[  672.876968] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  672.877079] flags: 0x200(slab)
[  672.877309] raw: 00000200 00000100 00000200 c5007dc0 00000000 
02000401 ffffffff 00000001
[  672.877377] page dumped because: kasan: bad access detected
[  672.877418]
[  672.878717] Memory state around the buggy address:
[  672.883527]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[  672.889979]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  672.896433] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
[  672.902824]                           ^
[  672.906673]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  672.913129]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  672.919520] 
==================================================================
[  672.932289] kasan test: copy_user_test out-of-bounds in copy_to_user()
[  672.932363] 
==================================================================
[  672.939457] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x9c/0xbc
[  672.945733] Read of size 11 at addr c58eb020 by task exe/340
[  672.951255]
[  672.952840] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  672.952890] Call Trace:
[  672.953061] [c5649c50] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  672.953264] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  672.953480] [c5649cc0] [c0307cf8] _copy_to_user+0x9c/0xbc
[  672.953781] [c5649ce0] [c95d51d4] copy_user_test+0xb4/0x1bc [test_kasan]
[  672.954060] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0 
[test_kasan]
[  672.954249] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  672.954461] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  672.954662] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  672.954866] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  672.955058] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  672.955224] --- interrupt: c01 at 0xfd6b914
[  672.955224]     LR = 0x1001364c
[  672.955269]
[  672.956538] Allocated by task 340:
[  672.959969]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  672.960219]  copy_user_test+0x28/0x1bc [test_kasan]
[  672.960454]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  672.960597]  do_one_initcall+0x40/0x278
[  672.960766]  do_init_module+0xcc/0x59c
[  672.960924]  load_module+0x2bc4/0x320c
[  672.961081]  sys_init_module+0x114/0x138
[  672.961226]  ret_from_syscall+0x0/0x38
[  672.961272]
[  672.962558] Freed by task 276:
[  672.965645]  __kasan_slab_free+0x120/0x22c
[  672.965764]  kfree+0x74/0x270
[  672.965896]  single_release+0x54/0x6c
[  672.966070]  close_pdeo+0x128/0x224
[  672.966236]  proc_reg_release+0x110/0x128
[  672.966369]  __fput+0xec/0x2d4
[  672.966493]  task_work_run+0x13c/0x15c
[  672.966660]  do_notify_resume+0x3d8/0x438
[  672.966809]  do_user_signal+0x2c/0x34
[  672.966855]
[  672.968190] The buggy address belongs to the object at c58eb020
[  672.968190]  which belongs to the cache kmalloc-16 of size 16
[  672.979735] The buggy address is located 0 bytes inside of
[  672.979735]  16-byte region [c58eb020, c58eb030)
[  672.989653] The buggy address belongs to the page:
[  672.994439] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  672.994550] flags: 0x200(slab)
[  672.994778] raw: 00000200 00000100 00000200 c5007dc0 00000000 
02000401 ffffffff 00000001
[  672.994845] page dumped because: kasan: bad access detected
[  672.994885]
[  672.996188] Memory state around the buggy address:
[  673.000996]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[  673.007450]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.013904] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
[  673.020295]                           ^
[  673.024144]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.030600]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.036990] 
==================================================================
[  673.327457] kasan test: copy_user_test out-of-bounds in 
__copy_from_user()
[  673.327537] 
==================================================================
[  673.334723] BUG: KASAN: slab-out-of-bounds in 
copy_user_test+0xd0/0x1bc [test_kasan]
[  673.342217] Write of size 11 at addr c58eb020 by task exe/340
[  673.347825]
[  673.349408] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  673.349459] Call Trace:
[  673.349637] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  673.349842] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  673.350130] [c5649ce0] [c95d51f0] copy_user_test+0xd0/0x1bc [test_kasan]
[  673.350412] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0 
[test_kasan]
[  673.350605] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  673.350821] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  673.351025] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  673.351231] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  673.351426] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  673.351592] --- interrupt: c01 at 0xfd6b914
[  673.351592]     LR = 0x1001364c
[  673.351638]
[  673.352936] Allocated by task 340:
[  673.356367]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  673.356619]  copy_user_test+0x28/0x1bc [test_kasan]
[  673.356855]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  673.357000]  do_one_initcall+0x40/0x278
[  673.357168]  do_init_module+0xcc/0x59c
[  673.357324]  load_module+0x2bc4/0x320c
[  673.357483]  sys_init_module+0x114/0x138
[  673.357626]  ret_from_syscall+0x0/0x38
[  673.357673]
[  673.358954] Freed by task 276:
[  673.362040]  __kasan_slab_free+0x120/0x22c
[  673.362161]  kfree+0x74/0x270
[  673.362293]  single_release+0x54/0x6c
[  673.362465]  close_pdeo+0x128/0x224
[  673.362632]  proc_reg_release+0x110/0x128
[  673.362764]  __fput+0xec/0x2d4
[  673.362888]  task_work_run+0x13c/0x15c
[  673.363057]  do_notify_resume+0x3d8/0x438
[  673.363208]  do_user_signal+0x2c/0x34
[  673.363256]
[  673.364587] The buggy address belongs to the object at c58eb020
[  673.364587]  which belongs to the cache kmalloc-16 of size 16
[  673.376132] The buggy address is located 0 bytes inside of
[  673.376132]  16-byte region [c58eb020, c58eb030)
[  673.386050] The buggy address belongs to the page:
[  673.390836] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  673.390947] flags: 0x200(slab)
[  673.391175] raw: 00000200 00000100 00000200 c5007dc0 00000000 
02000401 ffffffff 00000001
[  673.391245] page dumped because: kasan: bad access detected
[  673.391285]
[  673.392585] Memory state around the buggy address:
[  673.397393]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[  673.403847]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.410301] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
[  673.416691]                           ^
[  673.420541]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.426997]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.433387] 
==================================================================
[  673.446960] kasan test: copy_user_test out-of-bounds in __copy_to_user()
[  673.447031] 
==================================================================
[  673.454258] BUG: KASAN: slab-out-of-bounds in 
copy_user_test+0xfc/0x1bc [test_kasan]
[  673.461753] Read of size 11 at addr c58eb020 by task exe/340
[  673.467275]
[  673.468858] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  673.468909] Call Trace:
[  673.469084] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  673.469286] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  673.469573] [c5649ce0] [c95d521c] copy_user_test+0xfc/0x1bc [test_kasan]
[  673.469851] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0 
[test_kasan]
[  673.470042] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  673.470256] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  673.470457] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  673.470660] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  673.470853] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  673.471019] --- interrupt: c01 at 0xfd6b914
[  673.471019]     LR = 0x1001364c
[  673.471064]
[  673.472385] Allocated by task 340:
[  673.475818]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  673.476065]  copy_user_test+0x28/0x1bc [test_kasan]
[  673.476301]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  673.476444]  do_one_initcall+0x40/0x278
[  673.476612]  do_init_module+0xcc/0x59c
[  673.476768]  load_module+0x2bc4/0x320c
[  673.476925]  sys_init_module+0x114/0x138
[  673.477067]  ret_from_syscall+0x0/0x38
[  673.477113]
[  673.478403] Freed by task 276:
[  673.481490]  __kasan_slab_free+0x120/0x22c
[  673.481610]  kfree+0x74/0x270
[  673.481740]  single_release+0x54/0x6c
[  673.481911]  close_pdeo+0x128/0x224
[  673.482077]  proc_reg_release+0x110/0x128
[  673.482209]  __fput+0xec/0x2d4
[  673.482331]  task_work_run+0x13c/0x15c
[  673.482500]  do_notify_resume+0x3d8/0x438
[  673.482648]  do_user_signal+0x2c/0x34
[  673.482694]
[  673.484036] The buggy address belongs to the object at c58eb020
[  673.484036]  which belongs to the cache kmalloc-16 of size 16
[  673.495583] The buggy address is located 0 bytes inside of
[  673.495583]  16-byte region [c58eb020, c58eb030)
[  673.505500] The buggy address belongs to the page:
[  673.510287] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  673.510396] flags: 0x200(slab)
[  673.510622] raw: 00000200 00000100 00000200 c5007dc0 00000000 
02000401 ffffffff 00000001
[  673.510690] page dumped because: kasan: bad access detected
[  673.510729]
[  673.512037] Memory state around the buggy address:
[  673.516842]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[  673.523297]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.529751] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
[  673.536142]                           ^
[  673.539991]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.546447]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.552838] 
==================================================================
[  673.835827] kasan test: copy_user_test out-of-bounds in 
__copy_from_user_inatomic()
[  673.835905] 
==================================================================
[  673.843082] BUG: KASAN: slab-out-of-bounds in 
copy_user_test+0x128/0x1bc [test_kasan]
[  673.850662] Write of size 11 at addr c58eb020 by task exe/340
[  673.856272]
[  673.857853] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  673.857905] Call Trace:
[  673.858080] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  673.858285] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  673.858574] [c5649ce0] [c95d5248] copy_user_test+0x128/0x1bc [test_kasan]
[  673.858855] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0 
[test_kasan]
[  673.859046] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  673.859261] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  673.859463] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  673.859668] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  673.859863] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  673.860029] --- interrupt: c01 at 0xfd6b914
[  673.860029]     LR = 0x1001364c
[  673.860075]
[  673.861380] Allocated by task 340:
[  673.864812]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  673.865062]  copy_user_test+0x28/0x1bc [test_kasan]
[  673.865299]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  673.865444]  do_one_initcall+0x40/0x278
[  673.865615]  do_init_module+0xcc/0x59c
[  673.865773]  load_module+0x2bc4/0x320c
[  673.865932]  sys_init_module+0x114/0x138
[  673.866077]  ret_from_syscall+0x0/0x38
[  673.866123]
[  673.867399] Freed by task 276:
[  673.870488]  __kasan_slab_free+0x120/0x22c
[  673.870609]  kfree+0x74/0x270
[  673.870741]  single_release+0x54/0x6c
[  673.870913]  close_pdeo+0x128/0x224
[  673.871080]  proc_reg_release+0x110/0x128
[  673.871213]  __fput+0xec/0x2d4
[  673.871337]  task_work_run+0x13c/0x15c
[  673.871506]  do_notify_resume+0x3d8/0x438
[  673.871655]  do_user_signal+0x2c/0x34
[  673.871702]
[  673.873032] The buggy address belongs to the object at c58eb020
[  673.873032]  which belongs to the cache kmalloc-16 of size 16
[  673.884578] The buggy address is located 0 bytes inside of
[  673.884578]  16-byte region [c58eb020, c58eb030)
[  673.894494] The buggy address belongs to the page:
[  673.899282] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  673.899395] flags: 0x200(slab)
[  673.899625] raw: 00000200 00000100 00000200 c5007dc0 00000000 
02000401 ffffffff 00000001
[  673.899694] page dumped because: kasan: bad access detected
[  673.899734]
[  673.901033] Memory state around the buggy address:
[  673.905838]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[  673.912293]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.918748] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
[  673.925136]                           ^
[  673.928987]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.935442]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  673.941833] 
==================================================================
[  673.954463] kasan test: copy_user_test out-of-bounds in 
__copy_to_user_inatomic()
[  673.954535] 
==================================================================
[  673.961759] BUG: KASAN: slab-out-of-bounds in 
copy_user_test+0x154/0x1bc [test_kasan]
[  673.969339] Read of size 11 at addr c58eb020 by task exe/340
[  673.974860]
[  673.976444] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  673.976494] Call Trace:
[  673.976668] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  673.976870] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  673.977160] [c5649ce0] [c95d5274] copy_user_test+0x154/0x1bc [test_kasan]
[  673.977439] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0 
[test_kasan]
[  673.977630] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  673.977843] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  673.978045] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  673.978249] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  673.978441] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  673.978607] --- interrupt: c01 at 0xfd6b914
[  673.978607]     LR = 0x1001364c
[  673.978651]
[  673.979971] Allocated by task 340:
[  673.983401]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  673.983650]  copy_user_test+0x28/0x1bc [test_kasan]
[  673.983885]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  673.984030]  do_one_initcall+0x40/0x278
[  673.984198]  do_init_module+0xcc/0x59c
[  673.984354]  load_module+0x2bc4/0x320c
[  673.984512]  sys_init_module+0x114/0x138
[  673.984655]  ret_from_syscall+0x0/0x38
[  673.984701]
[  673.985990] Freed by task 276:
[  673.989077]  __kasan_slab_free+0x120/0x22c
[  673.989197]  kfree+0x74/0x270
[  673.989327]  single_release+0x54/0x6c
[  673.989499]  close_pdeo+0x128/0x224
[  673.989664]  proc_reg_release+0x110/0x128
[  673.989796]  __fput+0xec/0x2d4
[  673.989918]  task_work_run+0x13c/0x15c
[  673.990086]  do_notify_resume+0x3d8/0x438
[  673.990235]  do_user_signal+0x2c/0x34
[  673.990281]
[  673.991622] The buggy address belongs to the object at c58eb020
[  673.991622]  which belongs to the cache kmalloc-16 of size 16
[  674.003168] The buggy address is located 0 bytes inside of
[  674.003168]  16-byte region [c58eb020, c58eb030)
[  674.013086] The buggy address belongs to the page:
[  674.017872] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  674.017982] flags: 0x200(slab)
[  674.018210] raw: 00000200 00000100 00000200 c5007dc0 00000000 
02000401 ffffffff 00000001
[  674.018277] page dumped because: kasan: bad access detected
[  674.018316]
[  674.019622] Memory state around the buggy address:
[  674.024429]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[  674.030883]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  674.037338] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
[  674.043727]                           ^
[  674.047578]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  674.054034]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  674.060424] 
==================================================================
[  674.346609] kasan test: copy_user_test out-of-bounds in 
strncpy_from_user()
[  674.346689] 
==================================================================
[  674.353778] BUG: KASAN: slab-out-of-bounds in 
strncpy_from_user+0x48/0x240
[  674.360487] Write of size 11 at addr c58eb020 by task exe/340
[  674.366094]
[  674.367678] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  674.367731] Call Trace:
[  674.367904] [c5649c40] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  674.368108] [c5649c70] [c0176d34] kasan_report+0xe4/0x168
[  674.368323] [c5649cb0] [c03202f8] strncpy_from_user+0x48/0x240
[  674.368627] [c5649ce0] [c95d52a4] copy_user_test+0x184/0x1bc [test_kasan]
[  674.368908] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0 
[test_kasan]
[  674.369100] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  674.369315] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  674.369518] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  674.369724] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  674.369919] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  674.370086] --- interrupt: c01 at 0xfd6b914
[  674.370086]     LR = 0x1001364c
[  674.370132]
[  674.371463] Allocated by task 340:
[  674.374894]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  674.375146]  copy_user_test+0x28/0x1bc [test_kasan]
[  674.375383]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
[  674.375527]  do_one_initcall+0x40/0x278
[  674.375697]  do_init_module+0xcc/0x59c
[  674.375854]  load_module+0x2bc4/0x320c
[  674.376015]  sys_init_module+0x114/0x138
[  674.376162]  ret_from_syscall+0x0/0x38
[  674.376209]
[  674.377481] Freed by task 276:
[  674.380568]  __kasan_slab_free+0x120/0x22c
[  674.380691]  kfree+0x74/0x270
[  674.380824]  single_release+0x54/0x6c
[  674.380998]  close_pdeo+0x128/0x224
[  674.381165]  proc_reg_release+0x110/0x128
[  674.381299]  __fput+0xec/0x2d4
[  674.381424]  task_work_run+0x13c/0x15c
[  674.381592]  do_notify_resume+0x3d8/0x438
[  674.381743]  do_user_signal+0x2c/0x34
[  674.381792]
[  674.383113] The buggy address belongs to the object at c58eb020
[  674.383113]  which belongs to the cache kmalloc-16 of size 16
[  674.394659] The buggy address is located 0 bytes inside of
[  674.394659]  16-byte region [c58eb020, c58eb030)
[  674.404577] The buggy address belongs to the page:
[  674.409363] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
[  674.409474] flags: 0x200(slab)
[  674.409703] raw: 00000200 00000100 00000200 c5007dc0 00000000 
02000401 ffffffff 00000001
[  674.409772] page dumped because: kasan: bad access detected
[  674.409812]
[  674.411112] Memory state around the buggy address:
[  674.415920]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
[  674.422374]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  674.428827] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
[  674.435218]                           ^
[  674.439067]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  674.445524]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[  674.451914] 
==================================================================
[  674.466513] kasan test: use_after_scope_test use-after-scope on int
[  674.466592] kasan test: use_after_scope_test use-after-scope on array
[  674.470775] kasan test: kmem_cache_double_free double-free on heap object
[  674.471059] 
==================================================================
[  674.478286] BUG: KASAN: double-free or invalid-free in 
kmem_cache_double_free+0xac/0xc4 [test_kasan]
[  674.487095]
[  674.488679] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  674.488730] Call Trace:
[  674.488906] [c5649b30] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  674.489118] [c5649b60] [c0176c24] kasan_report_invalid_free+0x48/0x74
[  674.489296] [c5649b90] [c0175620] __kasan_slab_free+0x198/0x22c
[  674.489467] [c5649cc0] [c0173838] kmem_cache_free+0x64/0x228
[  674.489754] [c5649ce0] [c95d4df0] kmem_cache_double_free+0xac/0xc4 
[test_kasan]
[  674.490029] [c5649d00] [c95d557c] kmalloc_tests_init+0x84/0x2d0 
[test_kasan]
[  674.490219] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  674.490432] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  674.490633] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  674.490837] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  674.491031] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  674.491194] --- interrupt: c01 at 0xfd6b914
[  674.491194]     LR = 0x1001364c
[  674.491239]
[  674.492547] Allocated by task 340:
[  674.495981]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  674.496108]  kmem_cache_alloc+0xf4/0x210
[  674.496355]  kmem_cache_double_free+0x78/0xc4 [test_kasan]
[  674.496584]  kmalloc_tests_init+0x84/0x2d0 [test_kasan]
[  674.496727]  do_one_initcall+0x40/0x278
[  674.496893]  do_init_module+0xcc/0x59c
[  674.497050]  load_module+0x2bc4/0x320c
[  674.497208]  sys_init_module+0x114/0x138
[  674.497354]  ret_from_syscall+0x0/0x38
[  674.497400]
[  674.498652] Freed by task 340:
[  674.501739]  __kasan_slab_free+0x120/0x22c
[  674.501866]  kmem_cache_free+0x64/0x228
[  674.502112]  kmem_cache_double_free+0xa0/0xc4 [test_kasan]
[  674.502340]  kmalloc_tests_init+0x84/0x2d0 [test_kasan]
[  674.502483]  do_one_initcall+0x40/0x278
[  674.502650]  do_init_module+0xcc/0x59c
[  674.502807]  load_module+0x2bc4/0x320c
[  674.502966]  sys_init_module+0x114/0x138
[  674.503112]  ret_from_syscall+0x0/0x38
[  674.503158]
[  674.504460] The buggy address belongs to the object at c5528000
[  674.504460]  which belongs to the cache test_cache of size 200
[  674.516091] The buggy address is located 0 bytes inside of
[  674.516091]  200-byte region [c5528000, c55280c8)
[  674.526092] The buggy address belongs to the page:
[  674.530877] page:c7fda940 count:1 mapcount:0 mapping:c540a700 index:0x0
[  674.530988] flags: 0x200(slab)
[  674.531216] raw: 00000200 00000100 00000200 c540a700 00000000 
003e007d ffffffff 00000001
[  674.531284] page dumped because: kasan: bad access detected
[  674.531323]
[  674.532630] Memory state around the buggy address:
[  674.537436]  c5527f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  674.543890]  c5527f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  674.550345] >c5528000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  674.556731]            ^
[  674.559293]  c5528080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
[  674.565750]  c5528100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  674.572138] 
==================================================================
[  674.880790] kasan test: kmem_cache_invalid_free invalid-free of heap 
object
[  674.881044] 
==================================================================
[  674.888197] BUG: KASAN: double-free or invalid-free in 
kmem_cache_invalid_free+0xa0/0xc4 [test_kasan]
[  674.897089]
[  674.898670] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  674.898722] Call Trace:
[  674.898899] [c5649b30] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  674.899113] [c5649b60] [c0176c24] kasan_report_invalid_free+0x48/0x74
[  674.899293] [c5649b90] [c0175620] __kasan_slab_free+0x198/0x22c
[  674.899467] [c5649cc0] [c0173838] kmem_cache_free+0x64/0x228
[  674.899756] [c5649ce0] [c95d4ea8] kmem_cache_invalid_free+0xa0/0xc4 
[test_kasan]
[  674.900031] [c5649d00] [c95d5580] kmalloc_tests_init+0x88/0x2d0 
[test_kasan]
[  674.900222] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  674.900437] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  674.900639] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  674.900845] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  674.901040] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  674.901206] --- interrupt: c01 at 0xfd6b914
[  674.901206]     LR = 0x1001364c
[  674.901251]
[  674.902542] Allocated by task 340:
[  674.905975]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  674.906103]  kmem_cache_alloc+0xf4/0x210
[  674.906351]  kmem_cache_invalid_free+0x78/0xc4 [test_kasan]
[  674.906584]  kmalloc_tests_init+0x88/0x2d0 [test_kasan]
[  674.906730]  do_one_initcall+0x40/0x278
[  674.906899]  do_init_module+0xcc/0x59c
[  674.907056]  load_module+0x2bc4/0x320c
[  674.907217]  sys_init_module+0x114/0x138
[  674.907364]  ret_from_syscall+0x0/0x38
[  674.907411]
[  674.908731] Freed by task 0:
[  674.911551] (stack is not available)
[  674.915074]
[  674.916605] The buggy address belongs to the object at c5528000
[  674.916605]  which belongs to the cache test_cache of size 200
[  674.928237] The buggy address is located 1 bytes inside of
[  674.928237]  200-byte region [c5528000, c55280c8)
[  674.938237] The buggy address belongs to the page:
[  674.943024] page:c7fda940 count:1 mapcount:0 mapping:c540a7d0 index:0x0
[  674.943136] flags: 0x200(slab)
[  674.943365] raw: 00000200 00000100 00000200 c540a7d0 00000000 
003e007d ffffffff 00000001
[  674.943434] page dumped because: kasan: bad access detected
[  674.943475]
[  674.944775] Memory state around the buggy address:
[  674.949581]  c5527f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  674.956036]  c5527f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  674.962491] >c5528000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  674.968876]            ^
[  674.971438]  c5528080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[  674.977895]  c5528100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  674.984285] 
==================================================================
[  675.126818] kasan test: kasan_memchr out-of-bounds in memchr
[  675.126994] kasan test: kasan_memcmp out-of-bounds in memcmp
[  675.127158] kasan test: kasan_strings use-after-free in strchr
[  675.127309] 
==================================================================
[  675.134382] BUG: KASAN: use-after-free in strchr+0x1c/0x80
[  675.139762] Read of size 1 at addr c53e8e20 by task exe/340
[  675.145200]
[  675.146784] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  675.146836] Call Trace:
[  675.147010] [c5649c50] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  675.147215] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  675.147385] [c5649cc0] [c072ec4c] strchr+0x1c/0x80
[  675.147684] [c5649ce0] [c95d5440] kasan_strings+0x60/0x118 [test_kasan]
[  675.147966] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0 
[test_kasan]
[  675.148157] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  675.148372] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  675.148577] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  675.148781] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  675.148976] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  675.149143] --- interrupt: c01 at 0xfd6b914
[  675.149143]     LR = 0x1001364c
[  675.149189]
[  675.150483] Allocated by task 340:
[  675.153915]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  675.154163]  kasan_strings+0x44/0x118 [test_kasan]
[  675.154400]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.154545]  do_one_initcall+0x40/0x278
[  675.154714]  do_init_module+0xcc/0x59c
[  675.154872]  load_module+0x2bc4/0x320c
[  675.155033]  sys_init_module+0x114/0x138
[  675.155179]  ret_from_syscall+0x0/0x38
[  675.155225]
[  675.156501] Freed by task 340:
[  675.159587]  __kasan_slab_free+0x120/0x22c
[  675.159709]  kfree+0x74/0x270
[  675.159954]  kasan_strings+0x54/0x118 [test_kasan]
[  675.160191]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.160337]  do_one_initcall+0x40/0x278
[  675.160508]  do_init_module+0xcc/0x59c
[  675.160667]  load_module+0x2bc4/0x320c
[  675.160828]  sys_init_module+0x114/0x138
[  675.160973]  ret_from_syscall+0x0/0x38
[  675.161019]
[  675.162306] The buggy address belongs to the object at c53e8e10
[  675.162306]  which belongs to the cache kmalloc-32 of size 32
[  675.173853] The buggy address is located 16 bytes inside of
[  675.173853]  32-byte region [c53e8e10, c53e8e30)
[  675.183856] The buggy address belongs to the page:
[  675.188642] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
[  675.188753] flags: 0x200(slab)
[  675.188982] raw: 00000200 00000100 00000200 c5007cf0 00000000 
015502ab ffffffff 00000001
[  675.189051] page dumped because: kasan: bad access detected
[  675.189091]
[  675.190392] Memory state around the buggy address:
[  675.195199]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
[  675.201653]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
[  675.208108] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
[  675.214497]                        ^
[  675.218089]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
[  675.224544]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
[  675.230935] 
==================================================================
[  675.383353] kasan test: kasan_strings use-after-free in strrchr
[  675.383430] 
==================================================================
[  675.390498] BUG: KASAN: use-after-free in strrchr+0x30/0x64
[  675.395964] Read of size 1 at addr c53e8e20 by task exe/340
[  675.401403]
[  675.402986] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  675.403038] Call Trace:
[  675.403212] [c5649c50] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  675.403415] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  675.403587] [c5649cc0] [c072ed48] strrchr+0x30/0x64
[  675.403888] [c5649ce0] [c95d545c] kasan_strings+0x7c/0x118 [test_kasan]
[  675.404170] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0 
[test_kasan]
[  675.404362] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  675.404576] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  675.404779] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  675.404983] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  675.405177] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  675.405344] --- interrupt: c01 at 0xfd6b914
[  675.405344]     LR = 0x1001364c
[  675.405390]
[  675.406684] Allocated by task 340:
[  675.410118]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  675.410366]  kasan_strings+0x44/0x118 [test_kasan]
[  675.410603]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.410750]  do_one_initcall+0x40/0x278
[  675.410919]  do_init_module+0xcc/0x59c
[  675.411078]  load_module+0x2bc4/0x320c
[  675.411238]  sys_init_module+0x114/0x138
[  675.411384]  ret_from_syscall+0x0/0x38
[  675.411430]
[  675.412704] Freed by task 340:
[  675.415789]  __kasan_slab_free+0x120/0x22c
[  675.415910]  kfree+0x74/0x270
[  675.416155]  kasan_strings+0x54/0x118 [test_kasan]
[  675.416391]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.416537]  do_one_initcall+0x40/0x278
[  675.416706]  do_init_module+0xcc/0x59c
[  675.416865]  load_module+0x2bc4/0x320c
[  675.417024]  sys_init_module+0x114/0x138
[  675.417169]  ret_from_syscall+0x0/0x38
[  675.417215]
[  675.418509] The buggy address belongs to the object at c53e8e10
[  675.418509]  which belongs to the cache kmalloc-32 of size 32
[  675.430055] The buggy address is located 16 bytes inside of
[  675.430055]  32-byte region [c53e8e10, c53e8e30)
[  675.440057] The buggy address belongs to the page:
[  675.444844] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
[  675.444955] flags: 0x200(slab)
[  675.445184] raw: 00000200 00000100 00000200 c5007cf0 00000000 
015502ab ffffffff 00000001
[  675.445253] page dumped because: kasan: bad access detected
[  675.445293]
[  675.446595] Memory state around the buggy address:
[  675.451401]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
[  675.457856]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
[  675.464310] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
[  675.470698]                        ^
[  675.474291]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
[  675.480747]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
[  675.487138] 
==================================================================
[  675.500419] kasan test: kasan_strings use-after-free in strcmp
[  675.500491] 
==================================================================
[  675.507536] BUG: KASAN: use-after-free in strcmp+0x30/0x90
[  675.512918] Read of size 1 at addr c53e8e20 by task exe/340
[  675.518358]
[  675.519942] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  675.519994] Call Trace:
[  675.520167] [c5649c50] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  675.520369] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
[  675.520536] [c5649cc0] [c072ebd0] strcmp+0x30/0x90
[  675.520833] [c5649ce0] [c95d5480] kasan_strings+0xa0/0x118 [test_kasan]
[  675.521113] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0 
[test_kasan]
[  675.521303] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  675.521514] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  675.521716] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  675.521919] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  675.522111] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  675.522275] --- interrupt: c01 at 0xfd6b914
[  675.522275]     LR = 0x1001364c
[  675.522320]
[  675.523640] Allocated by task 340:
[  675.527073]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  675.527321]  kasan_strings+0x44/0x118 [test_kasan]
[  675.527556]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.527699]  do_one_initcall+0x40/0x278
[  675.527867]  do_init_module+0xcc/0x59c
[  675.528024]  load_module+0x2bc4/0x320c
[  675.528182]  sys_init_module+0x114/0x138
[  675.528327]  ret_from_syscall+0x0/0x38
[  675.528373]
[  675.529658] Freed by task 340:
[  675.532745]  __kasan_slab_free+0x120/0x22c
[  675.532865]  kfree+0x74/0x270
[  675.533109]  kasan_strings+0x54/0x118 [test_kasan]
[  675.533343]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.533486]  do_one_initcall+0x40/0x278
[  675.533654]  do_init_module+0xcc/0x59c
[  675.533810]  load_module+0x2bc4/0x320c
[  675.533967]  sys_init_module+0x114/0x138
[  675.534112]  ret_from_syscall+0x0/0x38
[  675.534157]
[  675.535463] The buggy address belongs to the object at c53e8e10
[  675.535463]  which belongs to the cache kmalloc-32 of size 32
[  675.547010] The buggy address is located 16 bytes inside of
[  675.547010]  32-byte region [c53e8e10, c53e8e30)
[  675.557012] The buggy address belongs to the page:
[  675.561799] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
[  675.561909] flags: 0x200(slab)
[  675.562137] raw: 00000200 00000100 00000200 c5007cf0 00000000 
015502ab ffffffff 00000001
[  675.562204] page dumped because: kasan: bad access detected
[  675.562243]
[  675.563549] Memory state around the buggy address:
[  675.568356]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
[  675.574809]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
[  675.581265] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
[  675.587653]                        ^
[  675.591247]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
[  675.597702]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
[  675.604091] 
==================================================================
[  675.894391] kasan test: kasan_strings use-after-free in strncmp
[  675.894468] kasan test: kasan_strings use-after-free in strlen
[  675.894536] kasan test: kasan_strings use-after-free in strnlen
[  675.894600] 
==================================================================
[  675.901698] BUG: KASAN: use-after-free in strnlen+0x24/0x88
[  675.907165] Read of size 1 at addr c53e8e20 by task exe/340
[  675.912603]
[  675.914186] CPU: 0 PID: 340 Comm: exe Tainted: G    B 
5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
[  675.914237] Call Trace:
[  675.914412] [c5649c70] [c0176998] 
print_address_description+0x6c/0x2b0 (unreliable)
[  675.914617] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
[  675.914788] [c5649ce0] [c072eeb4] strnlen+0x24/0x88
[  675.915091] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0 
[test_kasan]
[  675.915283] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
[  675.915497] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
[  675.915700] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
[  675.915904] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
[  675.916099] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
[  675.916267] --- interrupt: c01 at 0xfd6b914
[  675.916267]     LR = 0x1001364c
[  675.916312]
[  675.917626] Allocated by task 340:
[  675.921059]  __kasan_kmalloc.isra.0+0xc8/0x1b0
[  675.921309]  kasan_strings+0x44/0x118 [test_kasan]
[  675.921546]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.921690]  do_one_initcall+0x40/0x278
[  675.921858]  do_init_module+0xcc/0x59c
[  675.922016]  load_module+0x2bc4/0x320c
[  675.922174]  sys_init_module+0x114/0x138
[  675.922318]  ret_from_syscall+0x0/0x38
[  675.922365]
[  675.923645] Freed by task 340:
[  675.926731]  __kasan_slab_free+0x120/0x22c
[  675.926851]  kfree+0x74/0x270
[  675.927097]  kasan_strings+0x54/0x118 [test_kasan]
[  675.927334]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
[  675.927479]  do_one_initcall+0x40/0x278
[  675.927647]  do_init_module+0xcc/0x59c
[  675.927804]  load_module+0x2bc4/0x320c
[  675.927962]  sys_init_module+0x114/0x138
[  675.928107]  ret_from_syscall+0x0/0x38
[  675.928154]
[  675.929450] The buggy address belongs to the object at c53e8e10
[  675.929450]  which belongs to the cache kmalloc-32 of size 32
[  675.940997] The buggy address is located 16 bytes inside of
[  675.940997]  32-byte region [c53e8e10, c53e8e30)
[  675.950999] The buggy address belongs to the page:
[  675.955786] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
[  675.955897] flags: 0x200(slab)
[  675.956127] raw: 00000200 00000100 00000200 c5007cf0 00000000 
015502ab ffffffff 00000001
[  675.956196] page dumped because: kasan: bad access detected
[  675.956236]
[  675.957536] Memory state around the buggy address:
[  675.962343]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
[  675.968796]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
[  675.975251] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
[  675.981640]                        ^
[  675.985233]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
[  675.991688]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
[  675.998080] 
==================================================================
[  721.624809] random: crng init done
Dmitry Vyukov Jan. 21, 2019, 12:33 p.m. | #8
On Mon, Jan 21, 2019 at 11:36 AM Christophe Leroy
<christophe.leroy@c-s.fr> wrote:
>
>
>
> Le 15/01/2019 à 18:23, Andrey Ryabinin a écrit :
> >
> >
> > On 1/12/19 2:16 PM, Christophe Leroy wrote:
> >
> >> +KASAN_SANITIZE_early_32.o := n
> >> +KASAN_SANITIZE_cputable.o := n
> >> +KASAN_SANITIZE_prom_init.o := n
> >> +
> >
> > Usually it's also good idea to disable branch profiling - define DISABLE_BRANCH_PROFILING
> > either in top of these files or via Makefile. Branch profiling redefines if() statement and calls
> > instrumented ftrace_likely_update in every if().
> >
> >
> >
> >> diff --git a/arch/powerpc/mm/kasan_init.c b/arch/powerpc/mm/kasan_init.c
> >> new file mode 100644
> >> index 000000000000..3edc9c2d2f3e
> >
> >> +void __init kasan_init(void)
> >> +{
> >> +    struct memblock_region *reg;
> >> +
> >> +    for_each_memblock(memory, reg)
> >> +            kasan_init_region(reg);
> >> +
> >> +    pr_info("KASAN init done\n");
> >
> > Without "init_task.kasan_depth = 0;" kasan will not repot bugs.
> >
> > There is test_kasan module. Make sure that it produce reports.
> >
>
> I get the following report with test_kasan module.
>
> Could you have a look at it and tell if everything is as expected ?

Unfortunately kernel does not support tests that could check this.
This is called a test, but it does not actually test anything. There
is bug open for this:
https://bugzilla.kernel.org/show_bug.cgi?id=198441

You need to look at each test and understand if it is supposed to
produce a report or not, and then check if it actually produced the
report or not. In most cases this can be understood from the test name
(hopefully).


> [  667.298897] kasan test: kmalloc_oob_right out-of-bounds to right
> [  667.299036]
> ==================================================================
> [  667.306263] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_right+0x74/0x94 [test_kasan]
> [  667.313929] Write of size 1 at addr c53996fb by task exe/340
> [  667.319451]
> [  667.321021] CPU: 0 PID: 340 Comm: exe Not tainted
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  667.321072] Call Trace:
> [  667.321248] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  667.321452] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  667.321741] [c5649ce0] [c95d41d4] kmalloc_oob_right+0x74/0x94
> [test_kasan]
> [  667.322022] [c5649d00] [c95d5510] kmalloc_tests_init+0x18/0x2d0
> [test_kasan]
> [  667.322214] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  667.322428] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  667.322630] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  667.322834] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  667.323027] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  667.323193] --- interrupt: c01 at 0xfd6b914
> [  667.323193]     LR = 0x1001364c
> [  667.323239]
> [  667.324561] Allocated by task 340:
> [  667.327993]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  667.328241]  kmalloc_oob_right+0x44/0x94 [test_kasan]
> [  667.328477]  kmalloc_tests_init+0x18/0x2d0 [test_kasan]
> [  667.328622]  do_one_initcall+0x40/0x278
> [  667.328792]  do_init_module+0xcc/0x59c
> [  667.328948]  load_module+0x2bc4/0x320c
> [  667.329107]  sys_init_module+0x114/0x138
> [  667.329250]  ret_from_syscall+0x0/0x38
> [  667.329298]
> [  667.330580] Freed by task 335:
> [  667.333667]  __kasan_slab_free+0x120/0x22c
> [  667.333788]  kfree+0x74/0x270
> [  667.333950]  load_elf_binary+0xb0/0x162c
> [  667.334129]  search_binary_handler+0x120/0x374
> [  667.334297]  __do_execve_file+0x834/0xb20
> [  667.334460]  sys_execve+0x40/0x54
> [  667.334605]  ret_from_syscall+0x0/0x38
> [  667.334652]
> [  667.335954] The buggy address belongs to the object at c5399680
> [  667.335954]  which belongs to the cache kmalloc-128 of size 128
> [  667.347675] The buggy address is located 123 bytes inside of
> [  667.347675]  128-byte region [c5399680, c5399700)
> [  667.357847] The buggy address belongs to the page:
> [  667.362634] page:c7fd9cc0 count:1 mapcount:0 mapping:c5007a80 index:0x0
> [  667.362745] flags: 0x200(slab)
> [  667.362973] raw: 00000200 00000100 00000200 c5007a80 00000000
> 005500ab ffffffff 00000001
> [  667.363043] page dumped because: kasan: bad access detected
> [  667.363083]
> [  667.364384] Memory state around the buggy address:
> [  667.369190]  c5399580: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
> [  667.375645]  c5399600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
> [  667.382099] >c5399680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03
> [  667.388496]                                                         ^
> [  667.394921]  c5399700: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
> [  667.401377]  c5399780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
> [  667.407767]
> ==================================================================
> [  667.414904] Disabling lock debugging due to kernel taint
> [  667.421182] kasan test: kmalloc_oob_left out-of-bounds to left
> [  667.421314]
> ==================================================================
> [  667.428466] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_left+0x74/0x9c [test_kasan]
> [  667.436045] Read of size 1 at addr c58e9ddf by task exe/340
> [  667.441483]
> [  667.443064] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  667.443115] Call Trace:
> [  667.443290] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  667.443492] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  667.443779] [c5649ce0] [c95d4268] kmalloc_oob_left+0x74/0x9c [test_kasan]
> [  667.444057] [c5649d00] [c95d5514] kmalloc_tests_init+0x1c/0x2d0
> [test_kasan]
> [  667.444246] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  667.444458] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  667.444658] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  667.444859] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  667.445051] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  667.445215] --- interrupt: c01 at 0xfd6b914
> [  667.445215]     LR = 0x1001364c
> [  667.445260]
> [  667.446593] Allocated by task 340:
> [  667.450025]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  667.450191]  do_init_module+0x2c/0x59c
> [  667.450346]  load_module+0x2bc4/0x320c
> [  667.450503]  sys_init_module+0x114/0x138
> [  667.450645]  ret_from_syscall+0x0/0x38
> [  667.450691]
> [  667.452009] Freed by task 276:
> [  667.455096]  __kasan_slab_free+0x120/0x22c
> [  667.455214]  kfree+0x74/0x270
> [  667.455344]  single_release+0x54/0x6c
> [  667.455516]  close_pdeo+0x128/0x224
> [  667.455680]  proc_reg_release+0x110/0x128
> [  667.455811]  __fput+0xec/0x2d4
> [  667.455934]  task_work_run+0x13c/0x15c
> [  667.456101]  do_notify_resume+0x3d8/0x438
> [  667.456248]  do_user_signal+0x2c/0x34
> [  667.456294]
> [  667.457641] The buggy address belongs to the object at c58e9dc0
> [  667.457641]  which belongs to the cache kmalloc-16 of size 16
> [  667.469191] The buggy address is located 15 bytes to the right of
> [  667.469191]  16-byte region [c58e9dc0, c58e9dd0)
> [  667.479708] The buggy address belongs to the page:
> [  667.484495] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  667.484606] flags: 0x200(slab)
> [  667.484833] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  667.484900] page dumped because: kasan: bad access detected
> [  667.484940]
> [  667.486244] Memory state around the buggy address:
> [  667.491051]  c58e9c80: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
> [  667.497505]  c58e9d00: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
> [  667.503959] >c58e9d80: 00 00 fc fc 00 00 fc fc 00 04 fc fc 00 07 fc fc
> [  667.510354]                                             ^
> [  667.515748]  c58e9e00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  667.522204]  c58e9e80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  667.528595]
> ==================================================================
> [  667.803662] kasan test: kmalloc_node_oob_right kmalloc_node():
> out-of-bounds to right
> [  667.803806]
> ==================================================================
> [  667.811008] BUG: KASAN: slab-out-of-bounds in
> kmalloc_node_oob_right+0x74/0x94 [test_kasan]
> [  667.819105] Write of size 1 at addr c59a4300 by task exe/340
> [  667.824627]
> [  667.826209] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  667.826260] Call Trace:
> [  667.826436] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  667.826640] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  667.826931] [c5649ce0] [c95d4304] kmalloc_node_oob_right+0x74/0x94
> [test_kasan]
> [  667.827211] [c5649d00] [c95d5518] kmalloc_tests_init+0x20/0x2d0
> [test_kasan]
> [  667.827402] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  667.827616] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  667.827818] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  667.828022] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  667.828216] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  667.828382] --- interrupt: c01 at 0xfd6b914
> [  667.828382]     LR = 0x1001364c
> [  667.828428]
> [  667.829737] Allocated by task 340:
> [  667.833169]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  667.833420]  kmalloc_node_oob_right+0x44/0x94 [test_kasan]
> [  667.833656]  kmalloc_tests_init+0x20/0x2d0 [test_kasan]
> [  667.833801]  do_one_initcall+0x40/0x278
> [  667.833970]  do_init_module+0xcc/0x59c
> [  667.834125]  load_module+0x2bc4/0x320c
> [  667.834284]  sys_init_module+0x114/0x138
> [  667.834427]  ret_from_syscall+0x0/0x38
> [  667.834475]
> [  667.835756] Freed by task 319:
> [  667.838843]  __kasan_slab_free+0x120/0x22c
> [  667.838963]  kfree+0x74/0x270
> [  667.839137]  kobject_uevent_env+0x15c/0x65c
> [  667.839299]  led_trigger_set+0x3f0/0x4fc
> [  667.839451]  led_trigger_store+0xd8/0x164
> [  667.839593]  kernfs_fop_write+0x18c/0x218
> [  667.839721]  __vfs_write+0x5c/0x258
> [  667.839843]  vfs_write+0xe4/0x248
> [  667.839966]  ksys_write+0x58/0xd8
> [  667.840111]  ret_from_syscall+0x0/0x38
> [  667.840158]
> [  667.841475] The buggy address belongs to the object at c59a3300
> [  667.841475]  which belongs to the cache kmalloc-4k of size 4096
> [  667.853196] The buggy address is located 0 bytes to the right of
> [  667.853196]  4096-byte region [c59a3300, c59a4300)
> [  667.863798] The buggy address belongs to the page:
> [  667.868586] page:c7fdcd00 count:1 mapcount:0 mapping:c50075a0
> index:0x0 compound_mapcount: 0
> [  667.868727] flags: 0x10200(slab|head)
> [  667.868956] raw: 00010200 00000100 00000200 c50075a0 00000000
> 000f001f ffffffff 00000001
> [  667.869025] page dumped because: kasan: bad access detected
> [  667.869065]
> [  667.870334] Memory state around the buggy address:
> [  667.875141]  c59a4200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  667.881595]  c59a4280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  667.888049] >c59a4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  667.894436]            ^
> [  667.896998]  c59a4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  667.903454]  c59a4400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  667.909845]
> ==================================================================
> [  667.923434] kasan test: kmalloc_pagealloc_oob_right kmalloc pagealloc
> allocation: out-of-bounds to right
> [  667.923647]
> ==================================================================
> [  667.930896] BUG: KASAN: slab-out-of-bounds in
> kmalloc_pagealloc_oob_right+0x78/0x98 [test_kasan]
> [  667.939503] Write of size 1 at addr c5bd800a by task exe/340
> [  667.945024]
> [  667.946607] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  667.946657] Call Trace:
> [  667.946833] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  667.947035] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  667.947325] [c5649ce0] [c95d4674]
> kmalloc_pagealloc_oob_right+0x78/0x98 [test_kasan]
> [  667.947603] [c5649d00] [c95d551c] kmalloc_tests_init+0x24/0x2d0
> [test_kasan]
> [  667.947792] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  667.948004] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  667.948204] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  667.948406] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  667.948597] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  667.948760] --- interrupt: c01 at 0xfd6b914
> [  667.948760]     LR = 0x1001364c
> [  667.948806]
> [  667.950115] The buggy address belongs to the page:
> [  667.954903] page:c7fdde80 count:1 mapcount:0 mapping:00000000
> index:0x0 compound_mapcount: 0
> [  667.955038] flags: 0x10000(head)
> [  667.955260] raw: 00010000 00000100 00000200 00000000 00000000
> 00000000 ffffffff 00000001
> [  667.955327] page dumped because: kasan: bad access detected
> [  667.955367]
> [  667.956652] Memory state around the buggy address:
> [  667.961458]  c5bd7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  667.967912]  c5bd7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  667.974367] >c5bd8000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
> [  667.980755]               ^
> [  667.983574]  c5bd8080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
> [  667.990030]  c5bd8100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
> [  667.996420]
> ==================================================================
> [  668.222064] kasan test: kmalloc_pagealloc_uaf kmalloc pagealloc
> allocation: use-after-free
> [  668.222349]
> ==================================================================
> [  668.229525] BUG: KASAN: use-after-free in
> kmalloc_pagealloc_uaf+0x78/0x94 [test_kasan]
> [  668.237274] Write of size 1 at addr c5bd0000 by task exe/340
> [  668.242796]
> [  668.244378] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  668.244429] Call Trace:
> [  668.244606] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  668.244810] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  668.245100] [c5649ce0] [c95d470c] kmalloc_pagealloc_uaf+0x78/0x94
> [test_kasan]
> [  668.245381] [c5649d00] [c95d5520] kmalloc_tests_init+0x28/0x2d0
> [test_kasan]
> [  668.245573] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  668.245787] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  668.245989] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  668.246192] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  668.246386] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  668.246552] --- interrupt: c01 at 0xfd6b914
> [  668.246552]     LR = 0x1001364c
> [  668.246598]
> [  668.247886] The buggy address belongs to the page:
> [  668.252671] page:c7fdde80 count:0 mapcount:-128 mapping:00000000
> index:0x0
> [  668.252769] flags: 0x0()
> [  668.252994] raw: 00000000 c7fdcf84 c0982ae8 00000000 00000000
> 00000002 ffffff7f 00000000
> [  668.253062] page dumped because: kasan: bad access detected
> [  668.253102]
> [  668.254337] Memory state around the buggy address:
> [  668.259143]  c5bcff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  668.265597]  c5bcff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  668.272052] >c5bd0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> [  668.278439]            ^
> [  668.281001]  c5bd0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> [  668.287458]  c5bd0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
> [  668.293847]
> ==================================================================
> [  668.310744] kasan test: kmalloc_pagealloc_invalid_free kmalloc
> pagealloc allocation: invalid-free
> [  668.310957]
> ==================================================================
> [  668.318156] BUG: KASAN: double-free or invalid-free in
> kmalloc_tests_init+0x2c/0x2d0 [test_kasan]
> [  668.326705]
> [  668.328286] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  668.328337] Call Trace:
> [  668.328512] [c5649c80] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  668.328724] [c5649cb0] [c0176c24] kasan_report_invalid_free+0x48/0x74
> [  668.328888] [c5649ce0] [c0173c14] kfree+0x1f8/0x270
> [  668.329176] [c5649d00] [c95d5524] kmalloc_tests_init+0x2c/0x2d0
> [test_kasan]
> [  668.329365] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  668.329577] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  668.329777] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  668.329978] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  668.330170] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  668.330334] --- interrupt: c01 at 0xfd6b914
> [  668.330334]     LR = 0x1001364c
> [  668.330379]
> [  668.331622] The buggy address belongs to the page:
> [  668.336410] page:c7fdde80 count:1 mapcount:0 mapping:00000000
> index:0x0 compound_mapcount: 0
> [  668.336545] flags: 0x10000(head)
> [  668.336767] raw: 00010000 00000100 00000200 00000000 00000000
> 00000000 ffffffff 00000001
> [  668.336834] page dumped because: kasan: bad access detected
> [  668.336873]
> [  668.338158] Memory state around the buggy address:
> [  668.342965]  c5bcff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  668.349419]  c5bcff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  668.355874] >c5bd0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  668.362260]            ^
> [  668.364822]  c5bd0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  668.371279]  c5bd0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  668.377668]
> ==================================================================
> [  668.528086] kasan test: kmalloc_large_oob_right kmalloc large
> allocation: out-of-bounds to right
> [  668.528279]
> ==================================================================
> [  668.535471] BUG: KASAN: slab-out-of-bounds in
> kmalloc_large_oob_right+0x74/0x94 [test_kasan]
> [  668.543735] Write of size 1 at addr c5498700 by task exe/340
> [  668.549257]
> [  668.550840] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  668.550891] Call Trace:
> [  668.551068] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  668.551272] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  668.551561] [c5649ce0] [c95d4398] kmalloc_large_oob_right+0x74/0x94
> [test_kasan]
> [  668.551842] [c5649d00] [c95d5528] kmalloc_tests_init+0x30/0x2d0
> [test_kasan]
> [  668.552034] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  668.552248] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  668.552450] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  668.552655] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  668.552848] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  668.553013] --- interrupt: c01 at 0xfd6b914
> [  668.553013]     LR = 0x1001364c
> [  668.553059]
> [  668.554367] Allocated by task 340:
> [  668.557799]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  668.558049]  kmalloc_large_oob_right+0x44/0x94 [test_kasan]
> [  668.558285]  kmalloc_tests_init+0x30/0x2d0 [test_kasan]
> [  668.558430]  do_one_initcall+0x40/0x278
> [  668.558599]  do_init_module+0xcc/0x59c
> [  668.558756]  load_module+0x2bc4/0x320c
> [  668.558915]  sys_init_module+0x114/0x138
> [  668.559058]  ret_from_syscall+0x0/0x38
> [  668.559106]
> [  668.560386] Freed by task 173:
> [  668.563473]  __kasan_slab_free+0x120/0x22c
> [  668.563595]  kfree+0x74/0x270
> [  668.563763]  consume_skb+0x38/0x138
> [  668.563935]  skb_free_datagram+0x1c/0x80
> [  668.564104]  netlink_recvmsg+0x1d0/0x4d4
> [  668.564270]  ___sys_recvmsg+0xd8/0x194
> [  668.564436]  __sys_recvmsg+0x40/0x8c
> [  668.564563]  sys_socketcall+0xf8/0x210
> [  668.564709]  ret_from_syscall+0x0/0x38
> [  668.564756]
> [  668.566106] The buggy address belongs to the object at c5490800
> [  668.566106]  which belongs to the cache kmalloc-32k of size 32768
> [  668.578000] The buggy address is located 32512 bytes inside of
> [  668.578000]  32768-byte region [c5490800, c5498800)
> [  668.588514] The buggy address belongs to the page:
> [  668.593302] page:c7fda400 count:1 mapcount:0 mapping:c5007330
> index:0x0 compound_mapcount: 0
> [  668.593443] flags: 0x10200(slab|head)
> [  668.593672] raw: 00010200 00000100 00000200 c5007330 00000000
> 00030007 ffffffff 00000001
> [  668.593741] page dumped because: kasan: bad access detected
> [  668.593781]
> [  668.595051] Memory state around the buggy address:
> [  668.599857]  c5498600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  668.606311]  c5498680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  668.612765] >c5498700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  668.619152]            ^
> [  668.621714]  c5498780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  668.628171]  c5498800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  668.634561]
> ==================================================================
> [  668.645940] kasan test: kmalloc_oob_krealloc_more out-of-bounds after
> krealloc more
> [  668.646103]
> ==================================================================
> [  668.653286] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_krealloc_more+0x8c/0xac [test_kasan]
> [  668.661723] Write of size 1 at addr c53e8ca3 by task exe/340
> [  668.667245]
> [  668.668827] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  668.668877] Call Trace:
> [  668.669052] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  668.669254] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  668.669543] [c5649ce0] [c95d4838] kmalloc_oob_krealloc_more+0x8c/0xac
> [test_kasan]
> [  668.669823] [c5649d00] [c95d552c] kmalloc_tests_init+0x34/0x2d0
> [test_kasan]
> [  668.670012] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  668.670225] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  668.670426] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  668.670627] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  668.670819] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  668.670982] --- interrupt: c01 at 0xfd6b914
> [  668.670982]     LR = 0x1001364c
> [  668.671027]
> [  668.672354] Allocated by task 340:
> [  668.675786]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  668.675935]  krealloc+0xb0/0xe8
> [  668.676185]  kmalloc_oob_krealloc_more+0x58/0xac [test_kasan]
> [  668.676419]  kmalloc_tests_init+0x34/0x2d0 [test_kasan]
> [  668.676563]  do_one_initcall+0x40/0x278
> [  668.676730]  do_init_module+0xcc/0x59c
> [  668.676885]  load_module+0x2bc4/0x320c
> [  668.677042]  sys_init_module+0x114/0x138
> [  668.677185]  ret_from_syscall+0x0/0x38
> [  668.677231]
> [  668.678543] Freed by task 0:
> [  668.681460]  __kasan_slab_free+0x120/0x22c
> [  668.681579]  kfree+0x74/0x270
> [  668.681726]  rcu_process_callbacks+0x384/0x620
> [  668.681858]  __do_softirq+0x134/0x48c
> [  668.681904]
> [  668.683231] The buggy address belongs to the object at c53e8c90
> [  668.683231]  which belongs to the cache kmalloc-32 of size 32
> [  668.694778] The buggy address is located 19 bytes inside of
> [  668.694778]  32-byte region [c53e8c90, c53e8cb0)
> [  668.704780] The buggy address belongs to the page:
> [  668.709568] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
> [  668.709676] flags: 0x200(slab)
> [  668.709903] raw: 00000200 00000100 00000200 c5007cf0 00000000
> 015502ab ffffffff 00000001
> [  668.709970] page dumped because: kasan: bad access detected
> [  668.710010]
> [  668.711317] Memory state around the buggy address:
> [  668.716124]  c53e8b80: 00 fc fc fc 00 00 00 fc fc fc fb fb fb fb fc fc
> [  668.722579]  c53e8c00: 00 00 00 04 fc fc 00 00 00 04 fc fc 00 00 00 00
> [  668.729033] >c53e8c80: fc fc 00 00 03 fc fc fc 00 00 00 00 fc fc 00 00
> [  668.735421]                        ^
> [  668.739014]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
> [  668.745470]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
> [  668.751860]
> ==================================================================
> [  669.016775] kasan test: kmalloc_oob_krealloc_less out-of-bounds after
> krealloc less
> [  669.016942]
> ==================================================================
> [  669.024120] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_krealloc_less+0x8c/0xac [test_kasan]
> [  669.032474] Write of size 1 at addr c53e8bdf by task exe/340
> [  669.037995]
> [  669.039577] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  669.039628] Call Trace:
> [  669.039803] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  669.040007] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  669.040299] [c5649ce0] [c95d48e4] kmalloc_oob_krealloc_less+0x8c/0xac
> [test_kasan]
> [  669.040580] [c5649d00] [c95d5530] kmalloc_tests_init+0x38/0x2d0
> [test_kasan]
> [  669.040771] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  669.040984] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  669.041187] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  669.041390] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  669.041584] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  669.041750] --- interrupt: c01 at 0xfd6b914
> [  669.041750]     LR = 0x1001364c
> [  669.041796]
> [  669.043105] Allocated by task 340:
> [  669.046537]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  669.046687]  krealloc+0xb0/0xe8
> [  669.046940]  kmalloc_oob_krealloc_less+0x58/0xac [test_kasan]
> [  669.047176]  kmalloc_tests_init+0x38/0x2d0 [test_kasan]
> [  669.047321]  do_one_initcall+0x40/0x278
> [  669.047491]  do_init_module+0xcc/0x59c
> [  669.047648]  load_module+0x2bc4/0x320c
> [  669.047806]  sys_init_module+0x114/0x138
> [  669.047951]  ret_from_syscall+0x0/0x38
> [  669.047998]
> [  669.049294] Freed by task 0:
> [  669.052211]  __kasan_slab_free+0x120/0x22c
> [  669.052332]  kfree+0x74/0x270
> [  669.052479]  rcu_process_callbacks+0x384/0x620
> [  669.052612]  __do_softirq+0x134/0x48c
> [  669.052659]
> [  669.053981] The buggy address belongs to the object at c53e8bd0
> [  669.053981]  which belongs to the cache kmalloc-32 of size 32
> [  669.065529] The buggy address is located 15 bytes inside of
> [  669.065529]  32-byte region [c53e8bd0, c53e8bf0)
> [  669.075531] The buggy address belongs to the page:
> [  669.080318] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
> [  669.080428] flags: 0x200(slab)
> [  669.080655] raw: 00000200 00000100 00000200 c5007cf0 00000000
> 015502ab ffffffff 00000001
> [  669.080724] page dumped because: kasan: bad access detected
> [  669.080764]
> [  669.082068] Memory state around the buggy address:
> [  669.086874]  c53e8a80: 00 00 00 fc fc fc 00 00 00 fc fc fc 00 00 00 00
> [  669.093328]  c53e8b00: fc fc 00 00 00 fc fc fc 00 00 00 fc fc fc 00 00
> [  669.099783] >c53e8b80: 00 fc fc fc 00 00 00 fc fc fc 00 07 fc fc fc fc
> [  669.106177]                                             ^
> [  669.111572]  c53e8c00: 00 00 00 04 fc fc 00 00 00 04 fc fc 00 00 00 00
> [  669.118028]  c53e8c80: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc 00 00
> [  669.124418]
> ==================================================================
> [  669.137359] kasan test: kmalloc_oob_16 kmalloc out-of-bounds for
> 16-bytes access
> [  669.137538]
> ==================================================================
> [  669.144772] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_16+0x94/0xdc [test_kasan]
> [  669.152181] Write of size 16 at addr c58eada0 by task exe/340
> [  669.157790]
> [  669.159371] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  669.159421] Call Trace:
> [  669.159597] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  669.159799] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  669.160086] [c5649ce0] [c95d444c] kmalloc_oob_16+0x94/0xdc [test_kasan]
> [  669.160365] [c5649d00] [c95d5534] kmalloc_tests_init+0x3c/0x2d0
> [test_kasan]
> [  669.160554] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  669.160765] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  669.160966] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  669.161167] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  669.161360] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  669.161523] --- interrupt: c01 at 0xfd6b914
> [  669.161523]     LR = 0x1001364c
> [  669.161569]
> [  669.162900] Allocated by task 340:
> [  669.166332]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  669.166578]  kmalloc_oob_16+0x48/0xdc [test_kasan]
> [  669.166812]  kmalloc_tests_init+0x3c/0x2d0 [test_kasan]
> [  669.166955]  do_one_initcall+0x40/0x278
> [  669.167121]  do_init_module+0xcc/0x59c
> [  669.167275]  load_module+0x2bc4/0x320c
> [  669.167432]  sys_init_module+0x114/0x138
> [  669.167575]  ret_from_syscall+0x0/0x38
> [  669.167620]
> [  669.168919] Freed by task 338:
> [  669.172004]  __kasan_slab_free+0x120/0x22c
> [  669.172122]  kfree+0x74/0x270
> [  669.172264]  walk_component+0x150/0x478
> [  669.172399]  link_path_walk+0x374/0x63c
> [  669.172535]  path_openat+0xe4/0x15f8
> [  669.172674]  do_filp_open+0xd0/0x120
> [  669.172843]  do_open_execat+0x64/0x264
> [  669.173010]  __do_execve_file+0xa0c/0xb20
> [  669.173172]  sys_execve+0x40/0x54
> [  669.173318]  ret_from_syscall+0x0/0x38
> [  669.173364]
> [  669.174722] The buggy address belongs to the object at c58eada0
> [  669.174722]  which belongs to the cache kmalloc-16 of size 16
> [  669.186269] The buggy address is located 0 bytes inside of
> [  669.186269]  16-byte region [c58eada0, c58eadb0)
> [  669.196187] The buggy address belongs to the page:
> [  669.200974] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  669.201083] flags: 0x200(slab)
> [  669.201310] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  669.201378] page dumped because: kasan: bad access detected
> [  669.201417]
> [  669.202723] Memory state around the buggy address:
> [  669.207530]  c58eac80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  669.213984]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  669.220438] >c58ead80: fb fb fc fc 00 05 fc fc 00 00 fc fc fb fb fc fc
> [  669.226828]                           ^
> [  669.230678]  c58eae00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  669.237134]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
> [  669.243524]
> ==================================================================
> [  669.521937] kasan test: kmalloc_oob_in_memset out-of-bounds in memset
> [  669.522086]
> ==================================================================
> [  669.529294] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_in_memset+0x78/0x90 [test_kasan]
> [  669.537306] Write of size 671 at addr c5881b00 by task exe/340
> [  669.543000]
> [  669.544581] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  669.544632] Call Trace:
> [  669.544808] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  669.545012] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  669.545186] [c5649cc0] [c0175700] memset+0x2c/0x4c
> [  669.545477] [c5649ce0] [c95d497c] kmalloc_oob_in_memset+0x78/0x90
> [test_kasan]
> [  669.545759] [c5649d00] [c95d5538] kmalloc_tests_init+0x40/0x2d0
> [test_kasan]
> [  669.545949] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  669.546163] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  669.546366] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  669.546570] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  669.546764] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  669.546929] --- interrupt: c01 at 0xfd6b914
> [  669.546929]     LR = 0x1001364c
> [  669.546976]
> [  669.548281] Allocated by task 340:
> [  669.551713]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  669.551963]  kmalloc_oob_in_memset+0x44/0x90 [test_kasan]
> [  669.552199]  kmalloc_tests_init+0x40/0x2d0 [test_kasan]
> [  669.552346]  do_one_initcall+0x40/0x278
> [  669.552515]  do_init_module+0xcc/0x59c
> [  669.552672]  load_module+0x2bc4/0x320c
> [  669.552831]  sys_init_module+0x114/0x138
> [  669.552976]  ret_from_syscall+0x0/0x38
> [  669.553023]
> [  669.554300] Freed by task 131:
> [  669.557387]  __kasan_slab_free+0x120/0x22c
> [  669.557508]  kfree+0x74/0x270
> [  669.557682]  pskb_expand_head+0x2b0/0x434
> [  669.557843]  netlink_trim+0xfc/0x114
> [  669.558009]  netlink_broadcast_filtered+0x48/0x530
> [  669.558169]  nlmsg_notify+0x7c/0x128
> [  669.558330]  fib6_add+0xd44/0x11d4
> [  669.558461]  __ip6_ins_rt+0x5c/0x88
> [  669.558598]  ip6_ins_rt+0x34/0x44
> [  669.558777]  __ipv6_ifa_notify+0x388/0x38c
> [  669.558945]  ipv6_ifa_notify+0x68/0x88
> [  669.559076]  addrconf_dad_completed+0x54/0x49c
> [  669.559201]  addrconf_dad_work+0x558/0x84c
> [  669.559369]  process_one_work+0x408/0x78c
> [  669.559524]  worker_thread+0xb4/0x83c
> [  669.559657]  kthread+0x144/0x184
> [  669.559811]  ret_from_kernel_thread+0x14/0x1c
> [  669.559858]
> [  669.561223] The buggy address belongs to the object at c5881b00
> [  669.561223]  which belongs to the cache kmalloc-1k of size 1024
> [  669.572943] The buggy address is located 0 bytes inside of
> [  669.572943]  1024-byte region [c5881b00, c5881f00)
> [  669.583031] The buggy address belongs to the page:
> [  669.587818] page:c7fdc400 count:1 mapcount:0 mapping:c5007740 index:0x0
> [  669.587929] flags: 0x200(slab)
> [  669.588156] raw: 00000200 00000100 00000200 c5007740 00000000
> 000e001d ffffffff 00000001
> [  669.588225] page dumped because: kasan: bad access detected
> [  669.588265]
> [  669.589567] Memory state around the buggy address:
> [  669.594374]  c5881c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  669.600828]  c5881d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  669.607282] >c5881d80: 00 00 00 02 fc fc fc fc fc fc fc fc fc fc fc fc
> [  669.613671]                     ^
> [  669.617005]  c5881e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  669.623462]  c5881e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  669.629852]
> ==================================================================
> [  669.643287] kasan test: kmalloc_oob_memset_2 out-of-bounds in memset2
> [  669.643423]
> ==================================================================
> [  669.650641] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_memset_2+0x7c/0x94 [test_kasan]
> [  669.658563] Write of size 2 at addr c58eae07 by task exe/340
> [  669.664085]
> [  669.665668] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  669.665718] Call Trace:
> [  669.665891] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  669.666095] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  669.666267] [c5649cc0] [c0175700] memset+0x2c/0x4c
> [  669.666556] [c5649ce0] [c95d4a10] kmalloc_oob_memset_2+0x7c/0x94
> [test_kasan]
> [  669.666836] [c5649d00] [c95d553c] kmalloc_tests_init+0x44/0x2d0
> [test_kasan]
> [  669.667026] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  669.667239] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  669.667440] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  669.667643] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  669.667836] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  669.668002] --- interrupt: c01 at 0xfd6b914
> [  669.668002]     LR = 0x1001364c
> [  669.668046]
> [  669.669366] Allocated by task 340:
> [  669.672799]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  669.673048]  kmalloc_oob_memset_2+0x44/0x94 [test_kasan]
> [  669.673283]  kmalloc_tests_init+0x44/0x2d0 [test_kasan]
> [  669.673426]  do_one_initcall+0x40/0x278
> [  669.673594]  do_init_module+0xcc/0x59c
> [  669.673750]  load_module+0x2bc4/0x320c
> [  669.673909]  sys_init_module+0x114/0x138
> [  669.674051]  ret_from_syscall+0x0/0x38
> [  669.674098]
> [  669.675387] Freed by task 276:
> [  669.678473]  __kasan_slab_free+0x120/0x22c
> [  669.678594]  kfree+0x74/0x270
> [  669.678724]  single_release+0x54/0x6c
> [  669.678897]  close_pdeo+0x128/0x224
> [  669.679064]  proc_reg_release+0x110/0x128
> [  669.679197]  __fput+0xec/0x2d4
> [  669.679320]  task_work_run+0x13c/0x15c
> [  669.679487]  do_notify_resume+0x3d8/0x438
> [  669.679636]  do_user_signal+0x2c/0x34
> [  669.679682]
> [  669.681018] The buggy address belongs to the object at c58eae00
> [  669.681018]  which belongs to the cache kmalloc-16 of size 16
> [  669.692565] The buggy address is located 7 bytes inside of
> [  669.692565]  16-byte region [c58eae00, c58eae10)
> [  669.702482] The buggy address belongs to the page:
> [  669.707268] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  669.707380] flags: 0x200(slab)
> [  669.707607] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  669.707674] page dumped because: kasan: bad access detected
> [  669.707713]
> [  669.709018] Memory state around the buggy address:
> [  669.713825]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  669.720279]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  669.726734] >c58eae00: 00 fc fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  669.733120]               ^
> [  669.735941]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
> [  669.742397]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  669.748787]
> ==================================================================
> [  670.056503] kasan test: kmalloc_oob_memset_4 out-of-bounds in memset4
> [  670.056640]
> ==================================================================
> [  670.063818] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_memset_4+0x7c/0x94 [test_kasan]
> [  670.071743] Write of size 4 at addr c58eae25 by task exe/340
> [  670.077263]
> [  670.078847] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  670.078898] Call Trace:
> [  670.079074] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  670.079279] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  670.079452] [c5649cc0] [c0175700] memset+0x2c/0x4c
> [  670.079743] [c5649ce0] [c95d4aa4] kmalloc_oob_memset_4+0x7c/0x94
> [test_kasan]
> [  670.080025] [c5649d00] [c95d5540] kmalloc_tests_init+0x48/0x2d0
> [test_kasan]
> [  670.080216] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  670.080431] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  670.080635] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  670.080839] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  670.081034] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  670.081201] --- interrupt: c01 at 0xfd6b914
> [  670.081201]     LR = 0x1001364c
> [  670.081247]
> [  670.082546] Allocated by task 340:
> [  670.085978]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  670.086229]  kmalloc_oob_memset_4+0x44/0x94 [test_kasan]
> [  670.086465]  kmalloc_tests_init+0x48/0x2d0 [test_kasan]
> [  670.086611]  do_one_initcall+0x40/0x278
> [  670.086782]  do_init_module+0xcc/0x59c
> [  670.086941]  load_module+0x2bc4/0x320c
> [  670.087101]  sys_init_module+0x114/0x138
> [  670.087246]  ret_from_syscall+0x0/0x38
> [  670.087293]
> [  670.088563] Freed by task 276:
> [  670.091652]  __kasan_slab_free+0x120/0x22c
> [  670.091774]  kfree+0x74/0x270
> [  670.091906]  single_release+0x54/0x6c
> [  670.092080]  close_pdeo+0x128/0x224
> [  670.092249]  proc_reg_release+0x110/0x128
> [  670.092383]  __fput+0xec/0x2d4
> [  670.092509]  task_work_run+0x13c/0x15c
> [  670.092678]  do_notify_resume+0x3d8/0x438
> [  670.092828]  do_user_signal+0x2c/0x34
> [  670.092874]
> [  670.094198] The buggy address belongs to the object at c58eae20
> [  670.094198]  which belongs to the cache kmalloc-16 of size 16
> [  670.105743] The buggy address is located 5 bytes inside of
> [  670.105743]  16-byte region [c58eae20, c58eae30)
> [  670.115660] The buggy address belongs to the page:
> [  670.120447] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  670.120560] flags: 0x200(slab)
> [  670.120789] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  670.120858] page dumped because: kasan: bad access detected
> [  670.120899]
> [  670.122198] Memory state around the buggy address:
> [  670.127004]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.133458]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.139912] >c58eae00: fb fb fc fc 00 fc fc fc fb fb fc fc fb fb fc fc
> [  670.146302]                           ^
> [  670.150152]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
> [  670.156608]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.162998]
> ==================================================================
> [  670.176210] kasan test: kmalloc_oob_memset_8 out-of-bounds in memset8
> [  670.176342]
> ==================================================================
> [  670.183528] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_memset_8+0x7c/0x94 [test_kasan]
> [  670.191450] Write of size 8 at addr c58eae41 by task exe/340
> [  670.196972]
> [  670.198555] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  670.198605] Call Trace:
> [  670.198779] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  670.198982] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  670.199153] [c5649cc0] [c0175700] memset+0x2c/0x4c
> [  670.199443] [c5649ce0] [c95d4b38] kmalloc_oob_memset_8+0x7c/0x94
> [test_kasan]
> [  670.199722] [c5649d00] [c95d5544] kmalloc_tests_init+0x4c/0x2d0
> [test_kasan]
> [  670.199912] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  670.200125] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  670.200327] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  670.200530] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  670.200723] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  670.200887] --- interrupt: c01 at 0xfd6b914
> [  670.200887]     LR = 0x1001364c
> [  670.200931]
> [  670.202255] Allocated by task 340:
> [  670.205686]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  670.205934]  kmalloc_oob_memset_8+0x44/0x94 [test_kasan]
> [  670.206168]  kmalloc_tests_init+0x4c/0x2d0 [test_kasan]
> [  670.206312]  do_one_initcall+0x40/0x278
> [  670.206480]  do_init_module+0xcc/0x59c
> [  670.206637]  load_module+0x2bc4/0x320c
> [  670.206794]  sys_init_module+0x114/0x138
> [  670.206937]  ret_from_syscall+0x0/0x38
> [  670.206983]
> [  670.208274] Freed by task 276:
> [  670.211360]  __kasan_slab_free+0x120/0x22c
> [  670.211479]  kfree+0x74/0x270
> [  670.211611]  single_release+0x54/0x6c
> [  670.211782]  close_pdeo+0x128/0x224
> [  670.211947]  proc_reg_release+0x110/0x128
> [  670.212079]  __fput+0xec/0x2d4
> [  670.212202]  task_work_run+0x13c/0x15c
> [  670.212368]  do_notify_resume+0x3d8/0x438
> [  670.212515]  do_user_signal+0x2c/0x34
> [  670.212561]
> [  670.213904] The buggy address belongs to the object at c58eae40
> [  670.213904]  which belongs to the cache kmalloc-16 of size 16
> [  670.225452] The buggy address is located 1 bytes inside of
> [  670.225452]  16-byte region [c58eae40, c58eae50)
> [  670.235368] The buggy address belongs to the page:
> [  670.240155] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  670.240265] flags: 0x200(slab)
> [  670.240493] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  670.240560] page dumped because: kasan: bad access detected
> [  670.240599]
> [  670.241906] Memory state around the buggy address:
> [  670.246712]  c58ead00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.253167]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.259621] >c58eae00: fb fb fc fc fb fb fc fc 00 fc fc fc fb fb fc fc
> [  670.266014]                                       ^
> [  670.270894]  c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
> [  670.277349]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.283740]
> ==================================================================
> [  670.574861] kasan test: kmalloc_oob_memset_16 out-of-bounds in memset16
> [  670.574999]
> ==================================================================
> [  670.582162] BUG: KASAN: slab-out-of-bounds in
> kmalloc_oob_memset_16+0x7c/0x94 [test_kasan]
> [  670.590260] Write of size 16 at addr c58eae81 by task exe/340
> [  670.595865]
> [  670.597448] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  670.597499] Call Trace:
> [  670.597674] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  670.597880] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  670.598053] [c5649cc0] [c0175700] memset+0x2c/0x4c
> [  670.598344] [c5649ce0] [c95d4bcc] kmalloc_oob_memset_16+0x7c/0x94
> [test_kasan]
> [  670.598626] [c5649d00] [c95d5548] kmalloc_tests_init+0x50/0x2d0
> [test_kasan]
> [  670.598816] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  670.599031] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  670.599234] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  670.599439] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  670.599634] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  670.599801] --- interrupt: c01 at 0xfd6b914
> [  670.599801]     LR = 0x1001364c
> [  670.599847]
> [  670.601148] Allocated by task 340:
> [  670.604580]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  670.604834]  kmalloc_oob_memset_16+0x44/0x94 [test_kasan]
> [  670.605070]  kmalloc_tests_init+0x50/0x2d0 [test_kasan]
> [  670.605215]  do_one_initcall+0x40/0x278
> [  670.605385]  do_init_module+0xcc/0x59c
> [  670.605543]  load_module+0x2bc4/0x320c
> [  670.605704]  sys_init_module+0x114/0x138
> [  670.605851]  ret_from_syscall+0x0/0x38
> [  670.605897]
> [  670.607166] Freed by task 276:
> [  670.610253]  __kasan_slab_free+0x120/0x22c
> [  670.610374]  kfree+0x74/0x270
> [  670.610506]  single_release+0x54/0x6c
> [  670.610681]  close_pdeo+0x128/0x224
> [  670.610849]  proc_reg_release+0x110/0x128
> [  670.610983]  __fput+0xec/0x2d4
> [  670.611107]  task_work_run+0x13c/0x15c
> [  670.611275]  do_notify_resume+0x3d8/0x438
> [  670.611424]  do_user_signal+0x2c/0x34
> [  670.611471]
> [  670.612798] The buggy address belongs to the object at c58eae80
> [  670.612798]  which belongs to the cache kmalloc-16 of size 16
> [  670.624345] The buggy address is located 1 bytes inside of
> [  670.624345]  16-byte region [c58eae80, c58eae90)
> [  670.634260] The buggy address belongs to the page:
> [  670.639048] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  670.639158] flags: 0x200(slab)
> [  670.639387] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  670.639457] page dumped because: kasan: bad access detected
> [  670.639497]
> [  670.640799] Memory state around the buggy address:
> [  670.645604]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.652058]  c58eae00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.658513] >c58eae80: 00 00 fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
> [  670.664901]                  ^
> [  670.667978]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.674434]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.680825]
> ==================================================================
> [  670.693766] kasan test: kmalloc_uaf use-after-free
> [  670.693923]
> ==================================================================
> [  670.701091] BUG: KASAN: use-after-free in kmalloc_uaf+0x78/0x94
> [test_kasan]
> [  670.707899] Write of size 1 at addr c58eaea8 by task exe/340
> [  670.713422]
> [  670.715004] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  670.715055] Call Trace:
> [  670.715229] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  670.715433] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  670.715719] [c5649ce0] [c95d450c] kmalloc_uaf+0x78/0x94 [test_kasan]
> [  670.715997] [c5649d00] [c95d554c] kmalloc_tests_init+0x54/0x2d0
> [test_kasan]
> [  670.716187] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  670.716400] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  670.716601] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  670.716804] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  670.716998] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  670.717164] --- interrupt: c01 at 0xfd6b914
> [  670.717164]     LR = 0x1001364c
> [  670.717209]
> [  670.718531] Allocated by task 340:
> [  670.721965]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  670.722210]  kmalloc_uaf+0x44/0x94 [test_kasan]
> [  670.722446]  kmalloc_tests_init+0x54/0x2d0 [test_kasan]
> [  670.722588]  do_one_initcall+0x40/0x278
> [  670.722756]  do_init_module+0xcc/0x59c
> [  670.722912]  load_module+0x2bc4/0x320c
> [  670.723069]  sys_init_module+0x114/0x138
> [  670.723213]  ret_from_syscall+0x0/0x38
> [  670.723260]
> [  670.724550] Freed by task 340:
> [  670.727635]  __kasan_slab_free+0x120/0x22c
> [  670.727754]  kfree+0x74/0x270
> [  670.727998]  kmalloc_uaf+0x70/0x94 [test_kasan]
> [  670.728233]  kmalloc_tests_init+0x54/0x2d0 [test_kasan]
> [  670.728375]  do_one_initcall+0x40/0x278
> [  670.728543]  do_init_module+0xcc/0x59c
> [  670.728698]  load_module+0x2bc4/0x320c
> [  670.728855]  sys_init_module+0x114/0x138
> [  670.728998]  ret_from_syscall+0x0/0x38
> [  670.729044]
> [  670.730356] The buggy address belongs to the object at c58eaea0
> [  670.730356]  which belongs to the cache kmalloc-16 of size 16
> [  670.741901] The buggy address is located 8 bytes inside of
> [  670.741901]  16-byte region [c58eaea0, c58eaeb0)
> [  670.751818] The buggy address belongs to the page:
> [  670.756605] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  670.756716] flags: 0x200(slab)
> [  670.756944] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  670.757012] page dumped because: kasan: bad access detected
> [  670.757052]
> [  670.758354] Memory state around the buggy address:
> [  670.763163]  c58ead80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.769616]  c58eae00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.776070] >c58eae80: fb fb fc fc fb fb fc fc fb fb fc fc 00 04 fc fc
> [  670.782461]                           ^
> [  670.786311]  c58eaf00: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.792765]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  670.799157]
> ==================================================================
> [  671.084949] kasan test: kmalloc_uaf_memset use-after-free in memset
> [  671.085122]
> ==================================================================
> [  671.092328] BUG: KASAN: use-after-free in
> kmalloc_tests_init+0x58/0x2d0 [test_kasan]
> [  671.099824] Write of size 33 at addr c534b0c0 by task exe/340
> [  671.105430]
> [  671.107012] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  671.107063] Call Trace:
> [  671.107238] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  671.107443] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  671.107616] [c5649ce0] [c0175700] memset+0x2c/0x4c
> [  671.107907] [c5649d00] [c95d5550] kmalloc_tests_init+0x58/0x2d0
> [test_kasan]
> [  671.108098] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  671.108314] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  671.108518] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  671.108724] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  671.108918] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  671.109085] --- interrupt: c01 at 0xfd6b914
> [  671.109085]     LR = 0x1001364c
> [  671.109132]
> [  671.110452] Allocated by task 340:
> [  671.113886]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  671.114137]  kmalloc_uaf_memset+0x44/0x90 [test_kasan]
> [  671.114374]  kmalloc_tests_init+0x58/0x2d0 [test_kasan]
> [  671.114520]  do_one_initcall+0x40/0x278
> [  671.114689]  do_init_module+0xcc/0x59c
> [  671.114846]  load_module+0x2bc4/0x320c
> [  671.115005]  sys_init_module+0x114/0x138
> [  671.115151]  ret_from_syscall+0x0/0x38
> [  671.115198]
> [  671.116472] Freed by task 340:
> [  671.119559]  __kasan_slab_free+0x120/0x22c
> [  671.119681]  kfree+0x74/0x270
> [  671.119927]  kmalloc_uaf_memset+0x70/0x90 [test_kasan]
> [  671.120167]  kmalloc_tests_init+0x58/0x2d0 [test_kasan]
> [  671.120312]  do_one_initcall+0x40/0x278
> [  671.120481]  do_init_module+0xcc/0x59c
> [  671.120640]  load_module+0x2bc4/0x320c
> [  671.120801]  sys_init_module+0x114/0x138
> [  671.120945]  ret_from_syscall+0x0/0x38
> [  671.120992]
> [  671.122276] The buggy address belongs to the object at c534b0c0
> [  671.122276]  which belongs to the cache kmalloc-64 of size 64
> [  671.133824] The buggy address is located 0 bytes inside of
> [  671.133824]  64-byte region [c534b0c0, c534b100)
> [  671.143741] The buggy address belongs to the page:
> [  671.148527] page:c7fd9a40 count:1 mapcount:0 mapping:c5007c20 index:0x0
> [  671.148637] flags: 0x200(slab)
> [  671.148866] raw: 00000200 00000100 00000200 c5007c20 00000000
> 00aa0155 ffffffff 00000001
> [  671.148935] page dumped because: kasan: bad access detected
> [  671.148975]
> [  671.150277] Memory state around the buggy address:
> [  671.155084]  c534af80: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
> [  671.161538]  c534b000: 00 00 00 00 00 00 fc fc fc fc fc fc fb fb fb fb
> [  671.167993] >c534b080: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
> [  671.174383]                                    ^
> [  671.179007]  c534b100: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
> [  671.185461]  c534b180: 00 00 00 00 04 fc fc fc fc fc fc fc fb fb fb fb
> [  671.191853]
> ==================================================================
> [  671.204460] kasan test: kmalloc_uaf2 use-after-free after another kmalloc
> [  671.204676]
> ==================================================================
> [  671.211859] BUG: KASAN: use-after-free in kmalloc_uaf2+0x9c/0xd4
> [test_kasan]
> [  671.218755] Write of size 1 at addr c534b088 by task exe/340
> [  671.224277]
> [  671.225860] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  671.225910] Call Trace:
> [  671.226085] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  671.226288] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  671.226574] [c5649ce0] [c95d45c4] kmalloc_uaf2+0x9c/0xd4 [test_kasan]
> [  671.226854] [c5649d00] [c95d5554] kmalloc_tests_init+0x5c/0x2d0
> [test_kasan]
> [  671.227044] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  671.227257] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  671.227458] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  671.227659] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  671.227853] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  671.228018] --- interrupt: c01 at 0xfd6b914
> [  671.228018]     LR = 0x1001364c
> [  671.228063]
> [  671.229387] Allocated by task 340:
> [  671.232819]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  671.233065]  kmalloc_uaf2+0x48/0xd4 [test_kasan]
> [  671.233299]  kmalloc_tests_init+0x5c/0x2d0 [test_kasan]
> [  671.233442]  do_one_initcall+0x40/0x278
> [  671.233609]  do_init_module+0xcc/0x59c
> [  671.233765]  load_module+0x2bc4/0x320c
> [  671.233922]  sys_init_module+0x114/0x138
> [  671.234066]  ret_from_syscall+0x0/0x38
> [  671.234111]
> [  671.235407] Freed by task 340:
> [  671.238491]  __kasan_slab_free+0x120/0x22c
> [  671.238609]  kfree+0x74/0x270
> [  671.238851]  kmalloc_uaf2+0x78/0xd4 [test_kasan]
> [  671.239085]  kmalloc_tests_init+0x5c/0x2d0 [test_kasan]
> [  671.239228]  do_one_initcall+0x40/0x278
> [  671.239395]  do_init_module+0xcc/0x59c
> [  671.239550]  load_module+0x2bc4/0x320c
> [  671.239707]  sys_init_module+0x114/0x138
> [  671.239850]  ret_from_syscall+0x0/0x38
> [  671.239897]
> [  671.241211] The buggy address belongs to the object at c534b060
> [  671.241211]  which belongs to the cache kmalloc-64 of size 64
> [  671.252758] The buggy address is located 40 bytes inside of
> [  671.252758]  64-byte region [c534b060, c534b0a0)
> [  671.262761] The buggy address belongs to the page:
> [  671.267547] page:c7fd9a40 count:1 mapcount:0 mapping:c5007c20 index:0x0
> [  671.267657] flags: 0x200(slab)
> [  671.267885] raw: 00000200 00000100 00000200 c5007c20 00000000
> 00aa0155 ffffffff 00000001
> [  671.267953] page dumped because: kasan: bad access detected
> [  671.267993]
> [  671.269296] Memory state around the buggy address:
> [  671.274104]  c534af80: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
> [  671.280561]  c534b000: 00 00 00 00 00 00 fc fc fc fc fc fc fb fb fb fb
> [  671.287012] >c534b080: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
> [  671.293399]               ^
> [  671.296220]  c534b100: fc fc fc fc 00 00 00 00 04 fc fc fc fc fc fc fc
> [  671.302676]  c534b180: 00 00 00 00 04 fc fc fc fc fc fc fc fb fb fb fb
> [  671.309066]
> ==================================================================
> [  671.597554] kasan test: kmem_cache_oob out-of-bounds in kmem_cache_alloc
> [  671.597819]
> ==================================================================
> [  671.604991] BUG: KASAN: slab-out-of-bounds in
> kmem_cache_oob+0x9c/0xd0 [test_kasan]
> [  671.612398] Read of size 1 at addr c5e180c8 by task exe/340
> [  671.617834]
> [  671.619417] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  671.619469] Call Trace:
> [  671.619645] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  671.619848] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  671.620138] [c5649ce0] [c95d4d10] kmem_cache_oob+0x9c/0xd0 [test_kasan]
> [  671.620420] [c5649d00] [c95d5558] kmalloc_tests_init+0x60/0x2d0
> [test_kasan]
> [  671.620611] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  671.620826] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  671.621030] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  671.621234] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  671.621428] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  671.621596] --- interrupt: c01 at 0xfd6b914
> [  671.621596]     LR = 0x1001364c
> [  671.621642]
> [  671.622944] Allocated by task 340:
> [  671.626376]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  671.626504]  kmem_cache_alloc+0xf4/0x210
> [  671.626752]  kmem_cache_oob+0x78/0xd0 [test_kasan]
> [  671.626989]  kmalloc_tests_init+0x60/0x2d0 [test_kasan]
> [  671.627135]  do_one_initcall+0x40/0x278
> [  671.627305]  do_init_module+0xcc/0x59c
> [  671.627463]  load_module+0x2bc4/0x320c
> [  671.627623]  sys_init_module+0x114/0x138
> [  671.627769]  ret_from_syscall+0x0/0x38
> [  671.627816]
> [  671.629132] Freed by task 0:
> [  671.631954] (stack is not available)
> [  671.635476]
> [  671.637007] The buggy address belongs to the object at c5e18000
> [  671.637007]  which belongs to the cache test_cache of size 200
> [  671.648642] The buggy address is located 0 bytes to the right of
> [  671.648642]  200-byte region [c5e18000, c5e180c8)
> [  671.659156] The buggy address belongs to the page:
> [  671.663942] page:c7fdf0c0 count:1 mapcount:0 mapping:c540a560 index:0x0
> [  671.664054] flags: 0x200(slab)
> [  671.664283] raw: 00000200 00000100 00000200 c540a560 00000000
> 003e007d ffffffff 00000001
> [  671.664353] page dumped because: kasan: bad access detected
> [  671.664393]
> [  671.665694] Memory state around the buggy address:
> [  671.670501]  c5e17f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  671.676954]  c5e18000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  671.683409] >c5e18080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
> [  671.689802]                                       ^
> [  671.694680]  c5e18100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  671.701137]  c5e18180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  671.707528]
> ==================================================================
> [  671.758410]
> =============================================================================
> [  671.766368] BUG test_cache (Tainted: G    B            ): Objects
> remaining in test_cache on __kmem_cache_shutdown()
> [  671.776719]
> -----------------------------------------------------------------------------
> [  671.776719]
> [  671.786325] INFO: Slab 0x(ptrval) objects=62 used=1 fp=0x(ptrval)
> flags=0x0200
> [  671.793514] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  671.793563] Call Trace:
> [  671.793752] [c5649bf0] [c016ebe0] slab_err+0x98/0xac (unreliable)
> [  671.793956] [c5649c90] [c01748f4] __kmem_cache_shutdown+0x15c/0x338
> [  671.794160] [c5649cf0] [c013c3b4] kmem_cache_destroy+0x68/0x114
> [  671.794463] [c5649d00] [c95d5558] kmalloc_tests_init+0x60/0x2d0
> [test_kasan]
> [  671.794656] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  671.794868] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  671.795071] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  671.795275] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  671.795468] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  671.795633] --- interrupt: c01 at 0xfd6b914
> [  671.795633]     LR = 0x1001364c
> [  671.795738] INFO: Object 0x(ptrval) @offset=0
> [  671.909762] kmem_cache_destroy test_cache: Slab cache still has objects
> [  671.931546] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  671.931601] Call Trace:
> [  671.931790] [c5649cf0] [c013c45c] kmem_cache_destroy+0x110/0x114
> (unreliable)
> [  671.932116] [c5649d00] [c95d5558] kmalloc_tests_init+0x60/0x2d0
> [test_kasan]
> [  671.932310] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  671.932526] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  671.932730] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  671.932934] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  671.933130] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  671.933300] --- interrupt: c01 at 0xfd6b914
> [  671.933300]     LR = 0x1001364c
> [  671.952750] kasan test: memcg_accounted_kmem_cache allocate memcg
> accounted object
> [  672.556766] kasan test: kasan_stack_oob out-of-bounds on stack
> [  672.556850] kasan test: kasan_global_oob out-of-bounds global variable
> [  672.556922] kasan test: kasan_alloca_oob_left out-of-bounds to left
> on alloca
> [  672.556995] kasan test: kasan_alloca_oob_right out-of-bounds to right
> on alloca
> [  672.557070] kasan test: ksize_unpoisons_memory ksize() unpoisons the
> whole allocated chunk
> [  672.557200]
> ==================================================================
> [  672.564395] BUG: KASAN: slab-out-of-bounds in
> ksize_unpoisons_memory+0x8c/0xac [test_kasan]
> [  672.572578] Write of size 1 at addr c539ab40 by task exe/340
> [  672.578098]
> [  672.579682] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  672.579734] Call Trace:
> [  672.579909] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  672.580114] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  672.580406] [c5649ce0] [c95d5100] ksize_unpoisons_memory+0x8c/0xac
> [test_kasan]
> [  672.580689] [c5649d00] [c95d5570] kmalloc_tests_init+0x78/0x2d0
> [test_kasan]
> [  672.580880] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  672.581096] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  672.581299] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  672.581503] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  672.581697] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  672.581864] --- interrupt: c01 at 0xfd6b914
> [  672.581864]     LR = 0x1001364c
> [  672.581910]
> [  672.583208] Allocated by task 340:
> [  672.586642]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  672.586892]  ksize_unpoisons_memory+0x44/0xac [test_kasan]
> [  672.587129]  kmalloc_tests_init+0x78/0x2d0 [test_kasan]
> [  672.587275]  do_one_initcall+0x40/0x278
> [  672.587445]  do_init_module+0xcc/0x59c
> [  672.587602]  load_module+0x2bc4/0x320c
> [  672.587761]  sys_init_module+0x114/0x138
> [  672.587906]  ret_from_syscall+0x0/0x38
> [  672.587953]
> [  672.589227] Freed by task 338:
> [  672.592316]  __kasan_slab_free+0x120/0x22c
> [  672.592437]  kfree+0x74/0x270
> [  672.592602]  load_elf_binary+0xb0/0x162c
> [  672.592782]  search_binary_handler+0x120/0x374
> [  672.592950]  __do_execve_file+0x834/0xb20
> [  672.593114]  sys_execve+0x40/0x54
> [  672.593259]  ret_from_syscall+0x0/0x38
> [  672.593307]
> [  672.594603] The buggy address belongs to the object at c539aac0
> [  672.594603]  which belongs to the cache kmalloc-128 of size 128
> [  672.606324] The buggy address is located 0 bytes to the right of
> [  672.606324]  128-byte region [c539aac0, c539ab40)
> [  672.616840] The buggy address belongs to the page:
> [  672.621625] page:c7fd9cc0 count:1 mapcount:0 mapping:c5007a80 index:0x0
> [  672.621738] flags: 0x200(slab)
> [  672.621967] raw: 00000200 00000100 00000200 c5007a80 00000000
> 005500ab ffffffff 00000001
> [  672.622038] page dumped because: kasan: bad access detected
> [  672.622077]
> [  672.623375] Memory state around the buggy address:
> [  672.628183]  c539aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  672.634637]  c539aa80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
> [  672.641090] >c539ab00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
> [  672.647483]                                    ^
> [  672.652106]  c539ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> [  672.658562]  c539ac00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
> [  672.664951]
> ==================================================================
> [  672.814421] kasan test: copy_user_test out-of-bounds in copy_from_user()
> [  672.814499]
> ==================================================================
> [  672.821643] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x48/0xc4
> [  672.828089] Write of size 11 at addr c58eb020 by task exe/340
> [  672.833699]
> [  672.835280] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  672.835331] Call Trace:
> [  672.835504] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  672.835708] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  672.835929] [c5649cc0] [c0307be0] _copy_from_user+0x48/0xc4
> [  672.836230] [c5649ce0] [c95d51b4] copy_user_test+0x94/0x1bc [test_kasan]
> [  672.836512] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0
> [test_kasan]
> [  672.836703] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  672.836917] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  672.837121] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  672.837326] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  672.837522] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  672.837687] --- interrupt: c01 at 0xfd6b914
> [  672.837687]     LR = 0x1001364c
> [  672.837733]
> [  672.839067] Allocated by task 340:
> [  672.842500]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  672.842749]  copy_user_test+0x28/0x1bc [test_kasan]
> [  672.842985]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
> [  672.843131]  do_one_initcall+0x40/0x278
> [  672.843301]  do_init_module+0xcc/0x59c
> [  672.843458]  load_module+0x2bc4/0x320c
> [  672.843619]  sys_init_module+0x114/0x138
> [  672.843764]  ret_from_syscall+0x0/0x38
> [  672.843812]
> [  672.845085] Freed by task 276:
> [  672.848173]  __kasan_slab_free+0x120/0x22c
> [  672.848295]  kfree+0x74/0x270
> [  672.848427]  single_release+0x54/0x6c
> [  672.848601]  close_pdeo+0x128/0x224
> [  672.848768]  proc_reg_release+0x110/0x128
> [  672.848903]  __fput+0xec/0x2d4
> [  672.849028]  task_work_run+0x13c/0x15c
> [  672.849197]  do_notify_resume+0x3d8/0x438
> [  672.849346]  do_user_signal+0x2c/0x34
> [  672.849393]
> [  672.850719] The buggy address belongs to the object at c58eb020
> [  672.850719]  which belongs to the cache kmalloc-16 of size 16
> [  672.862264] The buggy address is located 0 bytes inside of
> [  672.862264]  16-byte region [c58eb020, c58eb030)
> [  672.872182] The buggy address belongs to the page:
> [  672.876968] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  672.877079] flags: 0x200(slab)
> [  672.877309] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  672.877377] page dumped because: kasan: bad access detected
> [  672.877418]
> [  672.878717] Memory state around the buggy address:
> [  672.883527]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
> [  672.889979]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  672.896433] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
> [  672.902824]                           ^
> [  672.906673]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  672.913129]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  672.919520]
> ==================================================================
> [  672.932289] kasan test: copy_user_test out-of-bounds in copy_to_user()
> [  672.932363]
> ==================================================================
> [  672.939457] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x9c/0xbc
> [  672.945733] Read of size 11 at addr c58eb020 by task exe/340
> [  672.951255]
> [  672.952840] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  672.952890] Call Trace:
> [  672.953061] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  672.953264] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  672.953480] [c5649cc0] [c0307cf8] _copy_to_user+0x9c/0xbc
> [  672.953781] [c5649ce0] [c95d51d4] copy_user_test+0xb4/0x1bc [test_kasan]
> [  672.954060] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0
> [test_kasan]
> [  672.954249] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  672.954461] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  672.954662] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  672.954866] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  672.955058] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  672.955224] --- interrupt: c01 at 0xfd6b914
> [  672.955224]     LR = 0x1001364c
> [  672.955269]
> [  672.956538] Allocated by task 340:
> [  672.959969]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  672.960219]  copy_user_test+0x28/0x1bc [test_kasan]
> [  672.960454]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
> [  672.960597]  do_one_initcall+0x40/0x278
> [  672.960766]  do_init_module+0xcc/0x59c
> [  672.960924]  load_module+0x2bc4/0x320c
> [  672.961081]  sys_init_module+0x114/0x138
> [  672.961226]  ret_from_syscall+0x0/0x38
> [  672.961272]
> [  672.962558] Freed by task 276:
> [  672.965645]  __kasan_slab_free+0x120/0x22c
> [  672.965764]  kfree+0x74/0x270
> [  672.965896]  single_release+0x54/0x6c
> [  672.966070]  close_pdeo+0x128/0x224
> [  672.966236]  proc_reg_release+0x110/0x128
> [  672.966369]  __fput+0xec/0x2d4
> [  672.966493]  task_work_run+0x13c/0x15c
> [  672.966660]  do_notify_resume+0x3d8/0x438
> [  672.966809]  do_user_signal+0x2c/0x34
> [  672.966855]
> [  672.968190] The buggy address belongs to the object at c58eb020
> [  672.968190]  which belongs to the cache kmalloc-16 of size 16
> [  672.979735] The buggy address is located 0 bytes inside of
> [  672.979735]  16-byte region [c58eb020, c58eb030)
> [  672.989653] The buggy address belongs to the page:
> [  672.994439] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  672.994550] flags: 0x200(slab)
> [  672.994778] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  672.994845] page dumped because: kasan: bad access detected
> [  672.994885]
> [  672.996188] Memory state around the buggy address:
> [  673.000996]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
> [  673.007450]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.013904] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
> [  673.020295]                           ^
> [  673.024144]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.030600]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.036990]
> ==================================================================
> [  673.327457] kasan test: copy_user_test out-of-bounds in
> __copy_from_user()
> [  673.327537]
> ==================================================================
> [  673.334723] BUG: KASAN: slab-out-of-bounds in
> copy_user_test+0xd0/0x1bc [test_kasan]
> [  673.342217] Write of size 11 at addr c58eb020 by task exe/340
> [  673.347825]
> [  673.349408] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  673.349459] Call Trace:
> [  673.349637] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  673.349842] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  673.350130] [c5649ce0] [c95d51f0] copy_user_test+0xd0/0x1bc [test_kasan]
> [  673.350412] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0
> [test_kasan]
> [  673.350605] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  673.350821] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  673.351025] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  673.351231] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  673.351426] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  673.351592] --- interrupt: c01 at 0xfd6b914
> [  673.351592]     LR = 0x1001364c
> [  673.351638]
> [  673.352936] Allocated by task 340:
> [  673.356367]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  673.356619]  copy_user_test+0x28/0x1bc [test_kasan]
> [  673.356855]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
> [  673.357000]  do_one_initcall+0x40/0x278
> [  673.357168]  do_init_module+0xcc/0x59c
> [  673.357324]  load_module+0x2bc4/0x320c
> [  673.357483]  sys_init_module+0x114/0x138
> [  673.357626]  ret_from_syscall+0x0/0x38
> [  673.357673]
> [  673.358954] Freed by task 276:
> [  673.362040]  __kasan_slab_free+0x120/0x22c
> [  673.362161]  kfree+0x74/0x270
> [  673.362293]  single_release+0x54/0x6c
> [  673.362465]  close_pdeo+0x128/0x224
> [  673.362632]  proc_reg_release+0x110/0x128
> [  673.362764]  __fput+0xec/0x2d4
> [  673.362888]  task_work_run+0x13c/0x15c
> [  673.363057]  do_notify_resume+0x3d8/0x438
> [  673.363208]  do_user_signal+0x2c/0x34
> [  673.363256]
> [  673.364587] The buggy address belongs to the object at c58eb020
> [  673.364587]  which belongs to the cache kmalloc-16 of size 16
> [  673.376132] The buggy address is located 0 bytes inside of
> [  673.376132]  16-byte region [c58eb020, c58eb030)
> [  673.386050] The buggy address belongs to the page:
> [  673.390836] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  673.390947] flags: 0x200(slab)
> [  673.391175] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  673.391245] page dumped because: kasan: bad access detected
> [  673.391285]
> [  673.392585] Memory state around the buggy address:
> [  673.397393]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
> [  673.403847]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.410301] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
> [  673.416691]                           ^
> [  673.420541]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.426997]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.433387]
> ==================================================================
> [  673.446960] kasan test: copy_user_test out-of-bounds in __copy_to_user()
> [  673.447031]
> ==================================================================
> [  673.454258] BUG: KASAN: slab-out-of-bounds in
> copy_user_test+0xfc/0x1bc [test_kasan]
> [  673.461753] Read of size 11 at addr c58eb020 by task exe/340
> [  673.467275]
> [  673.468858] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  673.468909] Call Trace:
> [  673.469084] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  673.469286] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  673.469573] [c5649ce0] [c95d521c] copy_user_test+0xfc/0x1bc [test_kasan]
> [  673.469851] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0
> [test_kasan]
> [  673.470042] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  673.470256] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  673.470457] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  673.470660] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  673.470853] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  673.471019] --- interrupt: c01 at 0xfd6b914
> [  673.471019]     LR = 0x1001364c
> [  673.471064]
> [  673.472385] Allocated by task 340:
> [  673.475818]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  673.476065]  copy_user_test+0x28/0x1bc [test_kasan]
> [  673.476301]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
> [  673.476444]  do_one_initcall+0x40/0x278
> [  673.476612]  do_init_module+0xcc/0x59c
> [  673.476768]  load_module+0x2bc4/0x320c
> [  673.476925]  sys_init_module+0x114/0x138
> [  673.477067]  ret_from_syscall+0x0/0x38
> [  673.477113]
> [  673.478403] Freed by task 276:
> [  673.481490]  __kasan_slab_free+0x120/0x22c
> [  673.481610]  kfree+0x74/0x270
> [  673.481740]  single_release+0x54/0x6c
> [  673.481911]  close_pdeo+0x128/0x224
> [  673.482077]  proc_reg_release+0x110/0x128
> [  673.482209]  __fput+0xec/0x2d4
> [  673.482331]  task_work_run+0x13c/0x15c
> [  673.482500]  do_notify_resume+0x3d8/0x438
> [  673.482648]  do_user_signal+0x2c/0x34
> [  673.482694]
> [  673.484036] The buggy address belongs to the object at c58eb020
> [  673.484036]  which belongs to the cache kmalloc-16 of size 16
> [  673.495583] The buggy address is located 0 bytes inside of
> [  673.495583]  16-byte region [c58eb020, c58eb030)
> [  673.505500] The buggy address belongs to the page:
> [  673.510287] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  673.510396] flags: 0x200(slab)
> [  673.510622] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  673.510690] page dumped because: kasan: bad access detected
> [  673.510729]
> [  673.512037] Memory state around the buggy address:
> [  673.516842]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
> [  673.523297]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.529751] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
> [  673.536142]                           ^
> [  673.539991]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.546447]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.552838]
> ==================================================================
> [  673.835827] kasan test: copy_user_test out-of-bounds in
> __copy_from_user_inatomic()
> [  673.835905]
> ==================================================================
> [  673.843082] BUG: KASAN: slab-out-of-bounds in
> copy_user_test+0x128/0x1bc [test_kasan]
> [  673.850662] Write of size 11 at addr c58eb020 by task exe/340
> [  673.856272]
> [  673.857853] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  673.857905] Call Trace:
> [  673.858080] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  673.858285] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  673.858574] [c5649ce0] [c95d5248] copy_user_test+0x128/0x1bc [test_kasan]
> [  673.858855] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0
> [test_kasan]
> [  673.859046] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  673.859261] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  673.859463] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  673.859668] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  673.859863] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  673.860029] --- interrupt: c01 at 0xfd6b914
> [  673.860029]     LR = 0x1001364c
> [  673.860075]
> [  673.861380] Allocated by task 340:
> [  673.864812]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  673.865062]  copy_user_test+0x28/0x1bc [test_kasan]
> [  673.865299]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
> [  673.865444]  do_one_initcall+0x40/0x278
> [  673.865615]  do_init_module+0xcc/0x59c
> [  673.865773]  load_module+0x2bc4/0x320c
> [  673.865932]  sys_init_module+0x114/0x138
> [  673.866077]  ret_from_syscall+0x0/0x38
> [  673.866123]
> [  673.867399] Freed by task 276:
> [  673.870488]  __kasan_slab_free+0x120/0x22c
> [  673.870609]  kfree+0x74/0x270
> [  673.870741]  single_release+0x54/0x6c
> [  673.870913]  close_pdeo+0x128/0x224
> [  673.871080]  proc_reg_release+0x110/0x128
> [  673.871213]  __fput+0xec/0x2d4
> [  673.871337]  task_work_run+0x13c/0x15c
> [  673.871506]  do_notify_resume+0x3d8/0x438
> [  673.871655]  do_user_signal+0x2c/0x34
> [  673.871702]
> [  673.873032] The buggy address belongs to the object at c58eb020
> [  673.873032]  which belongs to the cache kmalloc-16 of size 16
> [  673.884578] The buggy address is located 0 bytes inside of
> [  673.884578]  16-byte region [c58eb020, c58eb030)
> [  673.894494] The buggy address belongs to the page:
> [  673.899282] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  673.899395] flags: 0x200(slab)
> [  673.899625] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  673.899694] page dumped because: kasan: bad access detected
> [  673.899734]
> [  673.901033] Memory state around the buggy address:
> [  673.905838]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
> [  673.912293]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.918748] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
> [  673.925136]                           ^
> [  673.928987]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.935442]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  673.941833]
> ==================================================================
> [  673.954463] kasan test: copy_user_test out-of-bounds in
> __copy_to_user_inatomic()
> [  673.954535]
> ==================================================================
> [  673.961759] BUG: KASAN: slab-out-of-bounds in
> copy_user_test+0x154/0x1bc [test_kasan]
> [  673.969339] Read of size 11 at addr c58eb020 by task exe/340
> [  673.974860]
> [  673.976444] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  673.976494] Call Trace:
> [  673.976668] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  673.976870] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  673.977160] [c5649ce0] [c95d5274] copy_user_test+0x154/0x1bc [test_kasan]
> [  673.977439] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0
> [test_kasan]
> [  673.977630] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  673.977843] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  673.978045] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  673.978249] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  673.978441] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  673.978607] --- interrupt: c01 at 0xfd6b914
> [  673.978607]     LR = 0x1001364c
> [  673.978651]
> [  673.979971] Allocated by task 340:
> [  673.983401]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  673.983650]  copy_user_test+0x28/0x1bc [test_kasan]
> [  673.983885]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
> [  673.984030]  do_one_initcall+0x40/0x278
> [  673.984198]  do_init_module+0xcc/0x59c
> [  673.984354]  load_module+0x2bc4/0x320c
> [  673.984512]  sys_init_module+0x114/0x138
> [  673.984655]  ret_from_syscall+0x0/0x38
> [  673.984701]
> [  673.985990] Freed by task 276:
> [  673.989077]  __kasan_slab_free+0x120/0x22c
> [  673.989197]  kfree+0x74/0x270
> [  673.989327]  single_release+0x54/0x6c
> [  673.989499]  close_pdeo+0x128/0x224
> [  673.989664]  proc_reg_release+0x110/0x128
> [  673.989796]  __fput+0xec/0x2d4
> [  673.989918]  task_work_run+0x13c/0x15c
> [  673.990086]  do_notify_resume+0x3d8/0x438
> [  673.990235]  do_user_signal+0x2c/0x34
> [  673.990281]
> [  673.991622] The buggy address belongs to the object at c58eb020
> [  673.991622]  which belongs to the cache kmalloc-16 of size 16
> [  674.003168] The buggy address is located 0 bytes inside of
> [  674.003168]  16-byte region [c58eb020, c58eb030)
> [  674.013086] The buggy address belongs to the page:
> [  674.017872] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  674.017982] flags: 0x200(slab)
> [  674.018210] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  674.018277] page dumped because: kasan: bad access detected
> [  674.018316]
> [  674.019622] Memory state around the buggy address:
> [  674.024429]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
> [  674.030883]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  674.037338] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
> [  674.043727]                           ^
> [  674.047578]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  674.054034]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  674.060424]
> ==================================================================
> [  674.346609] kasan test: copy_user_test out-of-bounds in
> strncpy_from_user()
> [  674.346689]
> ==================================================================
> [  674.353778] BUG: KASAN: slab-out-of-bounds in
> strncpy_from_user+0x48/0x240
> [  674.360487] Write of size 11 at addr c58eb020 by task exe/340
> [  674.366094]
> [  674.367678] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  674.367731] Call Trace:
> [  674.367904] [c5649c40] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  674.368108] [c5649c70] [c0176d34] kasan_report+0xe4/0x168
> [  674.368323] [c5649cb0] [c03202f8] strncpy_from_user+0x48/0x240
> [  674.368627] [c5649ce0] [c95d52a4] copy_user_test+0x184/0x1bc [test_kasan]
> [  674.368908] [c5649d00] [c95d5574] kmalloc_tests_init+0x7c/0x2d0
> [test_kasan]
> [  674.369100] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  674.369315] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  674.369518] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  674.369724] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  674.369919] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  674.370086] --- interrupt: c01 at 0xfd6b914
> [  674.370086]     LR = 0x1001364c
> [  674.370132]
> [  674.371463] Allocated by task 340:
> [  674.374894]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  674.375146]  copy_user_test+0x28/0x1bc [test_kasan]
> [  674.375383]  kmalloc_tests_init+0x7c/0x2d0 [test_kasan]
> [  674.375527]  do_one_initcall+0x40/0x278
> [  674.375697]  do_init_module+0xcc/0x59c
> [  674.375854]  load_module+0x2bc4/0x320c
> [  674.376015]  sys_init_module+0x114/0x138
> [  674.376162]  ret_from_syscall+0x0/0x38
> [  674.376209]
> [  674.377481] Freed by task 276:
> [  674.380568]  __kasan_slab_free+0x120/0x22c
> [  674.380691]  kfree+0x74/0x270
> [  674.380824]  single_release+0x54/0x6c
> [  674.380998]  close_pdeo+0x128/0x224
> [  674.381165]  proc_reg_release+0x110/0x128
> [  674.381299]  __fput+0xec/0x2d4
> [  674.381424]  task_work_run+0x13c/0x15c
> [  674.381592]  do_notify_resume+0x3d8/0x438
> [  674.381743]  do_user_signal+0x2c/0x34
> [  674.381792]
> [  674.383113] The buggy address belongs to the object at c58eb020
> [  674.383113]  which belongs to the cache kmalloc-16 of size 16
> [  674.394659] The buggy address is located 0 bytes inside of
> [  674.394659]  16-byte region [c58eb020, c58eb030)
> [  674.404577] The buggy address belongs to the page:
> [  674.409363] page:c7fdc740 count:1 mapcount:0 mapping:c5007dc0 index:0x0
> [  674.409474] flags: 0x200(slab)
> [  674.409703] raw: 00000200 00000100 00000200 c5007dc0 00000000
> 02000401 ffffffff 00000001
> [  674.409772] page dumped because: kasan: bad access detected
> [  674.409812]
> [  674.411112] Memory state around the buggy address:
> [  674.415920]  c58eaf00: 00 00 fc fc 00 00 fc fc 00 00 fc fc fb fb fc fc
> [  674.422374]  c58eaf80: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  674.428827] >c58eb000: fb fb fc fc 00 02 fc fc fb fb fc fc fb fb fc fc
> [  674.435218]                           ^
> [  674.439067]  c58eb080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  674.445524]  c58eb100: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
> [  674.451914]
> ==================================================================
> [  674.466513] kasan test: use_after_scope_test use-after-scope on int
> [  674.466592] kasan test: use_after_scope_test use-after-scope on array
> [  674.470775] kasan test: kmem_cache_double_free double-free on heap object
> [  674.471059]
> ==================================================================
> [  674.478286] BUG: KASAN: double-free or invalid-free in
> kmem_cache_double_free+0xac/0xc4 [test_kasan]
> [  674.487095]
> [  674.488679] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  674.488730] Call Trace:
> [  674.488906] [c5649b30] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  674.489118] [c5649b60] [c0176c24] kasan_report_invalid_free+0x48/0x74
> [  674.489296] [c5649b90] [c0175620] __kasan_slab_free+0x198/0x22c
> [  674.489467] [c5649cc0] [c0173838] kmem_cache_free+0x64/0x228
> [  674.489754] [c5649ce0] [c95d4df0] kmem_cache_double_free+0xac/0xc4
> [test_kasan]
> [  674.490029] [c5649d00] [c95d557c] kmalloc_tests_init+0x84/0x2d0
> [test_kasan]
> [  674.490219] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  674.490432] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  674.490633] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  674.490837] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  674.491031] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  674.491194] --- interrupt: c01 at 0xfd6b914
> [  674.491194]     LR = 0x1001364c
> [  674.491239]
> [  674.492547] Allocated by task 340:
> [  674.495981]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  674.496108]  kmem_cache_alloc+0xf4/0x210
> [  674.496355]  kmem_cache_double_free+0x78/0xc4 [test_kasan]
> [  674.496584]  kmalloc_tests_init+0x84/0x2d0 [test_kasan]
> [  674.496727]  do_one_initcall+0x40/0x278
> [  674.496893]  do_init_module+0xcc/0x59c
> [  674.497050]  load_module+0x2bc4/0x320c
> [  674.497208]  sys_init_module+0x114/0x138
> [  674.497354]  ret_from_syscall+0x0/0x38
> [  674.497400]
> [  674.498652] Freed by task 340:
> [  674.501739]  __kasan_slab_free+0x120/0x22c
> [  674.501866]  kmem_cache_free+0x64/0x228
> [  674.502112]  kmem_cache_double_free+0xa0/0xc4 [test_kasan]
> [  674.502340]  kmalloc_tests_init+0x84/0x2d0 [test_kasan]
> [  674.502483]  do_one_initcall+0x40/0x278
> [  674.502650]  do_init_module+0xcc/0x59c
> [  674.502807]  load_module+0x2bc4/0x320c
> [  674.502966]  sys_init_module+0x114/0x138
> [  674.503112]  ret_from_syscall+0x0/0x38
> [  674.503158]
> [  674.504460] The buggy address belongs to the object at c5528000
> [  674.504460]  which belongs to the cache test_cache of size 200
> [  674.516091] The buggy address is located 0 bytes inside of
> [  674.516091]  200-byte region [c5528000, c55280c8)
> [  674.526092] The buggy address belongs to the page:
> [  674.530877] page:c7fda940 count:1 mapcount:0 mapping:c540a700 index:0x0
> [  674.530988] flags: 0x200(slab)
> [  674.531216] raw: 00000200 00000100 00000200 c540a700 00000000
> 003e007d ffffffff 00000001
> [  674.531284] page dumped because: kasan: bad access detected
> [  674.531323]
> [  674.532630] Memory state around the buggy address:
> [  674.537436]  c5527f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  674.543890]  c5527f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  674.550345] >c5528000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> [  674.556731]            ^
> [  674.559293]  c5528080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
> [  674.565750]  c5528100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  674.572138]
> ==================================================================
> [  674.880790] kasan test: kmem_cache_invalid_free invalid-free of heap
> object
> [  674.881044]
> ==================================================================
> [  674.888197] BUG: KASAN: double-free or invalid-free in
> kmem_cache_invalid_free+0xa0/0xc4 [test_kasan]
> [  674.897089]
> [  674.898670] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  674.898722] Call Trace:
> [  674.898899] [c5649b30] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  674.899113] [c5649b60] [c0176c24] kasan_report_invalid_free+0x48/0x74
> [  674.899293] [c5649b90] [c0175620] __kasan_slab_free+0x198/0x22c
> [  674.899467] [c5649cc0] [c0173838] kmem_cache_free+0x64/0x228
> [  674.899756] [c5649ce0] [c95d4ea8] kmem_cache_invalid_free+0xa0/0xc4
> [test_kasan]
> [  674.900031] [c5649d00] [c95d5580] kmalloc_tests_init+0x88/0x2d0
> [test_kasan]
> [  674.900222] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  674.900437] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  674.900639] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  674.900845] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  674.901040] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  674.901206] --- interrupt: c01 at 0xfd6b914
> [  674.901206]     LR = 0x1001364c
> [  674.901251]
> [  674.902542] Allocated by task 340:
> [  674.905975]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  674.906103]  kmem_cache_alloc+0xf4/0x210
> [  674.906351]  kmem_cache_invalid_free+0x78/0xc4 [test_kasan]
> [  674.906584]  kmalloc_tests_init+0x88/0x2d0 [test_kasan]
> [  674.906730]  do_one_initcall+0x40/0x278
> [  674.906899]  do_init_module+0xcc/0x59c
> [  674.907056]  load_module+0x2bc4/0x320c
> [  674.907217]  sys_init_module+0x114/0x138
> [  674.907364]  ret_from_syscall+0x0/0x38
> [  674.907411]
> [  674.908731] Freed by task 0:
> [  674.911551] (stack is not available)
> [  674.915074]
> [  674.916605] The buggy address belongs to the object at c5528000
> [  674.916605]  which belongs to the cache test_cache of size 200
> [  674.928237] The buggy address is located 1 bytes inside of
> [  674.928237]  200-byte region [c5528000, c55280c8)
> [  674.938237] The buggy address belongs to the page:
> [  674.943024] page:c7fda940 count:1 mapcount:0 mapping:c540a7d0 index:0x0
> [  674.943136] flags: 0x200(slab)
> [  674.943365] raw: 00000200 00000100 00000200 c540a7d0 00000000
> 003e007d ffffffff 00000001
> [  674.943434] page dumped because: kasan: bad access detected
> [  674.943475]
> [  674.944775] Memory state around the buggy address:
> [  674.949581]  c5527f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  674.956036]  c5527f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  674.962491] >c5528000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [  674.968876]            ^
> [  674.971438]  c5528080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
> [  674.977895]  c5528100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  674.984285]
> ==================================================================
> [  675.126818] kasan test: kasan_memchr out-of-bounds in memchr
> [  675.126994] kasan test: kasan_memcmp out-of-bounds in memcmp
> [  675.127158] kasan test: kasan_strings use-after-free in strchr
> [  675.127309]
> ==================================================================
> [  675.134382] BUG: KASAN: use-after-free in strchr+0x1c/0x80
> [  675.139762] Read of size 1 at addr c53e8e20 by task exe/340
> [  675.145200]
> [  675.146784] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  675.146836] Call Trace:
> [  675.147010] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  675.147215] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  675.147385] [c5649cc0] [c072ec4c] strchr+0x1c/0x80
> [  675.147684] [c5649ce0] [c95d5440] kasan_strings+0x60/0x118 [test_kasan]
> [  675.147966] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0
> [test_kasan]
> [  675.148157] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  675.148372] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  675.148577] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  675.148781] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  675.148976] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  675.149143] --- interrupt: c01 at 0xfd6b914
> [  675.149143]     LR = 0x1001364c
> [  675.149189]
> [  675.150483] Allocated by task 340:
> [  675.153915]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  675.154163]  kasan_strings+0x44/0x118 [test_kasan]
> [  675.154400]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.154545]  do_one_initcall+0x40/0x278
> [  675.154714]  do_init_module+0xcc/0x59c
> [  675.154872]  load_module+0x2bc4/0x320c
> [  675.155033]  sys_init_module+0x114/0x138
> [  675.155179]  ret_from_syscall+0x0/0x38
> [  675.155225]
> [  675.156501] Freed by task 340:
> [  675.159587]  __kasan_slab_free+0x120/0x22c
> [  675.159709]  kfree+0x74/0x270
> [  675.159954]  kasan_strings+0x54/0x118 [test_kasan]
> [  675.160191]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.160337]  do_one_initcall+0x40/0x278
> [  675.160508]  do_init_module+0xcc/0x59c
> [  675.160667]  load_module+0x2bc4/0x320c
> [  675.160828]  sys_init_module+0x114/0x138
> [  675.160973]  ret_from_syscall+0x0/0x38
> [  675.161019]
> [  675.162306] The buggy address belongs to the object at c53e8e10
> [  675.162306]  which belongs to the cache kmalloc-32 of size 32
> [  675.173853] The buggy address is located 16 bytes inside of
> [  675.173853]  32-byte region [c53e8e10, c53e8e30)
> [  675.183856] The buggy address belongs to the page:
> [  675.188642] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
> [  675.188753] flags: 0x200(slab)
> [  675.188982] raw: 00000200 00000100 00000200 c5007cf0 00000000
> 015502ab ffffffff 00000001
> [  675.189051] page dumped because: kasan: bad access detected
> [  675.189091]
> [  675.190392] Memory state around the buggy address:
> [  675.195199]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
> [  675.201653]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
> [  675.208108] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
> [  675.214497]                        ^
> [  675.218089]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
> [  675.224544]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
> [  675.230935]
> ==================================================================
> [  675.383353] kasan test: kasan_strings use-after-free in strrchr
> [  675.383430]
> ==================================================================
> [  675.390498] BUG: KASAN: use-after-free in strrchr+0x30/0x64
> [  675.395964] Read of size 1 at addr c53e8e20 by task exe/340
> [  675.401403]
> [  675.402986] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  675.403038] Call Trace:
> [  675.403212] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  675.403415] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  675.403587] [c5649cc0] [c072ed48] strrchr+0x30/0x64
> [  675.403888] [c5649ce0] [c95d545c] kasan_strings+0x7c/0x118 [test_kasan]
> [  675.404170] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0
> [test_kasan]
> [  675.404362] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  675.404576] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  675.404779] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  675.404983] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  675.405177] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  675.405344] --- interrupt: c01 at 0xfd6b914
> [  675.405344]     LR = 0x1001364c
> [  675.405390]
> [  675.406684] Allocated by task 340:
> [  675.410118]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  675.410366]  kasan_strings+0x44/0x118 [test_kasan]
> [  675.410603]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.410750]  do_one_initcall+0x40/0x278
> [  675.410919]  do_init_module+0xcc/0x59c
> [  675.411078]  load_module+0x2bc4/0x320c
> [  675.411238]  sys_init_module+0x114/0x138
> [  675.411384]  ret_from_syscall+0x0/0x38
> [  675.411430]
> [  675.412704] Freed by task 340:
> [  675.415789]  __kasan_slab_free+0x120/0x22c
> [  675.415910]  kfree+0x74/0x270
> [  675.416155]  kasan_strings+0x54/0x118 [test_kasan]
> [  675.416391]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.416537]  do_one_initcall+0x40/0x278
> [  675.416706]  do_init_module+0xcc/0x59c
> [  675.416865]  load_module+0x2bc4/0x320c
> [  675.417024]  sys_init_module+0x114/0x138
> [  675.417169]  ret_from_syscall+0x0/0x38
> [  675.417215]
> [  675.418509] The buggy address belongs to the object at c53e8e10
> [  675.418509]  which belongs to the cache kmalloc-32 of size 32
> [  675.430055] The buggy address is located 16 bytes inside of
> [  675.430055]  32-byte region [c53e8e10, c53e8e30)
> [  675.440057] The buggy address belongs to the page:
> [  675.444844] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
> [  675.444955] flags: 0x200(slab)
> [  675.445184] raw: 00000200 00000100 00000200 c5007cf0 00000000
> 015502ab ffffffff 00000001
> [  675.445253] page dumped because: kasan: bad access detected
> [  675.445293]
> [  675.446595] Memory state around the buggy address:
> [  675.451401]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
> [  675.457856]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
> [  675.464310] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
> [  675.470698]                        ^
> [  675.474291]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
> [  675.480747]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
> [  675.487138]
> ==================================================================
> [  675.500419] kasan test: kasan_strings use-after-free in strcmp
> [  675.500491]
> ==================================================================
> [  675.507536] BUG: KASAN: use-after-free in strcmp+0x30/0x90
> [  675.512918] Read of size 1 at addr c53e8e20 by task exe/340
> [  675.518358]
> [  675.519942] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  675.519994] Call Trace:
> [  675.520167] [c5649c50] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  675.520369] [c5649c80] [c0176d34] kasan_report+0xe4/0x168
> [  675.520536] [c5649cc0] [c072ebd0] strcmp+0x30/0x90
> [  675.520833] [c5649ce0] [c95d5480] kasan_strings+0xa0/0x118 [test_kasan]
> [  675.521113] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0
> [test_kasan]
> [  675.521303] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  675.521514] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  675.521716] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  675.521919] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  675.522111] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  675.522275] --- interrupt: c01 at 0xfd6b914
> [  675.522275]     LR = 0x1001364c
> [  675.522320]
> [  675.523640] Allocated by task 340:
> [  675.527073]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  675.527321]  kasan_strings+0x44/0x118 [test_kasan]
> [  675.527556]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.527699]  do_one_initcall+0x40/0x278
> [  675.527867]  do_init_module+0xcc/0x59c
> [  675.528024]  load_module+0x2bc4/0x320c
> [  675.528182]  sys_init_module+0x114/0x138
> [  675.528327]  ret_from_syscall+0x0/0x38
> [  675.528373]
> [  675.529658] Freed by task 340:
> [  675.532745]  __kasan_slab_free+0x120/0x22c
> [  675.532865]  kfree+0x74/0x270
> [  675.533109]  kasan_strings+0x54/0x118 [test_kasan]
> [  675.533343]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.533486]  do_one_initcall+0x40/0x278
> [  675.533654]  do_init_module+0xcc/0x59c
> [  675.533810]  load_module+0x2bc4/0x320c
> [  675.533967]  sys_init_module+0x114/0x138
> [  675.534112]  ret_from_syscall+0x0/0x38
> [  675.534157]
> [  675.535463] The buggy address belongs to the object at c53e8e10
> [  675.535463]  which belongs to the cache kmalloc-32 of size 32
> [  675.547010] The buggy address is located 16 bytes inside of
> [  675.547010]  32-byte region [c53e8e10, c53e8e30)
> [  675.557012] The buggy address belongs to the page:
> [  675.561799] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
> [  675.561909] flags: 0x200(slab)
> [  675.562137] raw: 00000200 00000100 00000200 c5007cf0 00000000
> 015502ab ffffffff 00000001
> [  675.562204] page dumped because: kasan: bad access detected
> [  675.562243]
> [  675.563549] Memory state around the buggy address:
> [  675.568356]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
> [  675.574809]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
> [  675.581265] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
> [  675.587653]                        ^
> [  675.591247]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
> [  675.597702]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
> [  675.604091]
> ==================================================================
> [  675.894391] kasan test: kasan_strings use-after-free in strncmp
> [  675.894468] kasan test: kasan_strings use-after-free in strlen
> [  675.894536] kasan test: kasan_strings use-after-free in strnlen
> [  675.894600]
> ==================================================================
> [  675.901698] BUG: KASAN: use-after-free in strnlen+0x24/0x88
> [  675.907165] Read of size 1 at addr c53e8e20 by task exe/340
> [  675.912603]
> [  675.914186] CPU: 0 PID: 340 Comm: exe Tainted: G    B
> 5.0.0-rc2-s3k-dev-00559-g88aa407c4bce-dirty #778
> [  675.914237] Call Trace:
> [  675.914412] [c5649c70] [c0176998]
> print_address_description+0x6c/0x2b0 (unreliable)
> [  675.914617] [c5649ca0] [c0176d34] kasan_report+0xe4/0x168
> [  675.914788] [c5649ce0] [c072eeb4] strnlen+0x24/0x88
> [  675.915091] [c5649d00] [c95d558c] kmalloc_tests_init+0x94/0x2d0
> [test_kasan]
> [  675.915283] [c5649d10] [c0003a44] do_one_initcall+0x40/0x278
> [  675.915497] [c5649d80] [c00b2bc0] do_init_module+0xcc/0x59c
> [  675.915700] [c5649db0] [c00b1384] load_module+0x2bc4/0x320c
> [  675.915904] [c5649ec0] [c00b1ae0] sys_init_module+0x114/0x138
> [  675.916099] [c5649f40] [c001211c] ret_from_syscall+0x0/0x38
> [  675.916267] --- interrupt: c01 at 0xfd6b914
> [  675.916267]     LR = 0x1001364c
> [  675.916312]
> [  675.917626] Allocated by task 340:
> [  675.921059]  __kasan_kmalloc.isra.0+0xc8/0x1b0
> [  675.921309]  kasan_strings+0x44/0x118 [test_kasan]
> [  675.921546]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.921690]  do_one_initcall+0x40/0x278
> [  675.921858]  do_init_module+0xcc/0x59c
> [  675.922016]  load_module+0x2bc4/0x320c
> [  675.922174]  sys_init_module+0x114/0x138
> [  675.922318]  ret_from_syscall+0x0/0x38
> [  675.922365]
> [  675.923645] Freed by task 340:
> [  675.926731]  __kasan_slab_free+0x120/0x22c
> [  675.926851]  kfree+0x74/0x270
> [  675.927097]  kasan_strings+0x54/0x118 [test_kasan]
> [  675.927334]  kmalloc_tests_init+0x94/0x2d0 [test_kasan]
> [  675.927479]  do_one_initcall+0x40/0x278
> [  675.927647]  do_init_module+0xcc/0x59c
> [  675.927804]  load_module+0x2bc4/0x320c
> [  675.927962]  sys_init_module+0x114/0x138
> [  675.928107]  ret_from_syscall+0x0/0x38
> [  675.928154]
> [  675.929450] The buggy address belongs to the object at c53e8e10
> [  675.929450]  which belongs to the cache kmalloc-32 of size 32
> [  675.940997] The buggy address is located 16 bytes inside of
> [  675.940997]  32-byte region [c53e8e10, c53e8e30)
> [  675.950999] The buggy address belongs to the page:
> [  675.955786] page:c7fd9f40 count:1 mapcount:0 mapping:c5007cf0 index:0x0
> [  675.955897] flags: 0x200(slab)
> [  675.956127] raw: 00000200 00000100 00000200 c5007cf0 00000000
> 015502ab ffffffff 00000001
> [  675.956196] page dumped because: kasan: bad access detected
> [  675.956236]
> [  675.957536] Memory state around the buggy address:
> [  675.962343]  c53e8d00: 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00 fc fc
> [  675.968796]  c53e8d80: 00 00 00 00 fc fc 00 00 00 00 fc fc 00 00 00 00
> [  675.975251] >c53e8e00: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc fb fb
> [  675.981640]                        ^
> [  675.985233]  c53e8e80: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
> [  675.991688]  c53e8f00: 00 00 00 04 fc fc fb fb fb fb fc fc fb fb fb fb
> [  675.998080]
> ==================================================================
> [  721.624809] random: crng init done

Patch

diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 2890d36eb531..11dcaa80d3ff 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -175,6 +175,7 @@  config PPC
 	select GENERIC_TIME_VSYSCALL
 	select HAVE_ARCH_AUDITSYSCALL
 	select HAVE_ARCH_JUMP_LABEL
+	select HAVE_ARCH_KASAN			if PPC32
 	select HAVE_ARCH_KGDB
 	select HAVE_ARCH_MMAP_RND_BITS
 	select HAVE_ARCH_MMAP_RND_COMPAT_BITS	if COMPAT
diff --git a/arch/powerpc/include/asm/book3s/32/pgtable.h b/arch/powerpc/include/asm/book3s/32/pgtable.h
index 49d76adb9bc5..4543016f80ca 100644
--- a/arch/powerpc/include/asm/book3s/32/pgtable.h
+++ b/arch/powerpc/include/asm/book3s/32/pgtable.h
@@ -141,6 +141,8 @@  static inline bool pte_user(pte_t pte)
  */
 #ifdef CONFIG_HIGHMEM
 #define KVIRT_TOP	PKMAP_BASE
+#elif defined(CONFIG_KASAN)
+#define KVIRT_TOP	KASAN_SHADOW_START
 #else
 #define KVIRT_TOP	(0xfe000000UL)	/* for now, could be FIXMAP_BASE ? */
 #endif
diff --git a/arch/powerpc/include/asm/kasan.h b/arch/powerpc/include/asm/kasan.h
new file mode 100644
index 000000000000..5d0088429b62
--- /dev/null
+++ b/arch/powerpc/include/asm/kasan.h
@@ -0,0 +1,24 @@ 
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __ASM_KASAN_H
+#define __ASM_KASAN_H
+
+#ifndef __ASSEMBLY__
+
+#include <asm/page.h>
+#include <asm/pgtable-types.h>
+#include <asm/fixmap.h>
+
+#define KASAN_SHADOW_SCALE_SHIFT	3
+#define KASAN_SHADOW_SIZE	((~0UL - PAGE_OFFSET + 1) >> KASAN_SHADOW_SCALE_SHIFT)
+
+#define KASAN_SHADOW_START	(ALIGN_DOWN(FIXADDR_START - KASAN_SHADOW_SIZE, \
+					    PGDIR_SIZE))
+#define KASAN_SHADOW_END	(KASAN_SHADOW_START + KASAN_SHADOW_SIZE)
+#define KASAN_SHADOW_OFFSET	(KASAN_SHADOW_START - \
+				 (PAGE_OFFSET >> KASAN_SHADOW_SCALE_SHIFT))
+
+void kasan_early_init(void);
+void kasan_init(void);
+
+#endif
+#endif
diff --git a/arch/powerpc/include/asm/nohash/32/pgtable.h b/arch/powerpc/include/asm/nohash/32/pgtable.h
index bed433358260..b3b52f02be1a 100644
--- a/arch/powerpc/include/asm/nohash/32/pgtable.h
+++ b/arch/powerpc/include/asm/nohash/32/pgtable.h
@@ -71,6 +71,8 @@  extern int icache_44x_need_flush;
  */
 #ifdef CONFIG_HIGHMEM
 #define KVIRT_TOP	PKMAP_BASE
+#elif defined(CONFIG_KASAN)
+#define KVIRT_TOP	KASAN_SHADOW_START
 #else
 #define KVIRT_TOP	(0xfe000000UL)	/* for now, could be FIXMAP_BASE ? */
 #endif
diff --git a/arch/powerpc/include/asm/ppc_asm.h b/arch/powerpc/include/asm/ppc_asm.h
index e0637730a8e7..8d5291c721fa 100644
--- a/arch/powerpc/include/asm/ppc_asm.h
+++ b/arch/powerpc/include/asm/ppc_asm.h
@@ -251,6 +251,11 @@  GLUE(.,name):
 
 #define _GLOBAL_TOC(name) _GLOBAL(name)
 
+#define KASAN_OVERRIDE(x, y) \
+	.weak x;	     \
+	.set x, y
+
+
 #endif
 
 /*
diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h
index 65676e2325b8..da7768aa996a 100644
--- a/arch/powerpc/include/asm/setup.h
+++ b/arch/powerpc/include/asm/setup.h
@@ -74,6 +74,11 @@  static inline void setup_spectre_v2(void) {};
 #endif
 void do_btb_flush_fixups(void);
 
+#ifndef CONFIG_KASAN
+static inline void kasan_early_init(void) { }
+static inline void kasan_init(void) { }
+#endif
+
 #endif /* !__ASSEMBLY__ */
 
 #endif	/* _ASM_POWERPC_SETUP_H */
diff --git a/arch/powerpc/include/asm/string.h b/arch/powerpc/include/asm/string.h
index 1647de15a31e..64d44d4836b4 100644
--- a/arch/powerpc/include/asm/string.h
+++ b/arch/powerpc/include/asm/string.h
@@ -27,6 +27,20 @@  extern int memcmp(const void *,const void *,__kernel_size_t);
 extern void * memchr(const void *,int,__kernel_size_t);
 extern void * memcpy_flushcache(void *,const void *,__kernel_size_t);
 
+void *__memset(void *s, int c, __kernel_size_t count);
+void *__memcpy(void *to, const void *from, __kernel_size_t n);
+void *__memmove(void *to, const void *from, __kernel_size_t n);
+
+#if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
+/*
+ * For files that are not instrumented (e.g. mm/slub.c) we
+ * should use not instrumented version of mem* functions.
+ */
+#define memcpy(dst, src, len) __memcpy(dst, src, len)
+#define memmove(dst, src, len) __memmove(dst, src, len)
+#define memset(s, c, n) __memset(s, c, n)
+#endif
+
 #ifdef CONFIG_PPC64
 #define __HAVE_ARCH_MEMSET32
 #define __HAVE_ARCH_MEMSET64
diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
index 879b36602748..7556000e1d0f 100644
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -31,6 +31,10 @@  CFLAGS_REMOVE_btext.o = $(CC_FLAGS_FTRACE)
 CFLAGS_REMOVE_prom.o = $(CC_FLAGS_FTRACE)
 endif
 
+KASAN_SANITIZE_early_32.o := n
+KASAN_SANITIZE_cputable.o := n
+KASAN_SANITIZE_prom_init.o := n
+
 obj-y				:= cputable.o ptrace.o syscalls.o \
 				   irq.o align.o signal_32.o pmc.o vdso.o \
 				   process.o systbl.o idle.o \
diff --git a/arch/powerpc/kernel/early_32.c b/arch/powerpc/kernel/early_32.c
index b3e40d6d651c..3482118ffe76 100644
--- a/arch/powerpc/kernel/early_32.c
+++ b/arch/powerpc/kernel/early_32.c
@@ -8,6 +8,7 @@ 
 #include <linux/kernel.h>
 #include <asm/setup.h>
 #include <asm/sections.h>
+#include <asm/asm-prototypes.h>
 
 /*
  * We're called here very early in the boot.
diff --git a/arch/powerpc/kernel/prom_init_check.sh b/arch/powerpc/kernel/prom_init_check.sh
index 667df97d2595..9282730661ed 100644
--- a/arch/powerpc/kernel/prom_init_check.sh
+++ b/arch/powerpc/kernel/prom_init_check.sh
@@ -18,6 +18,7 @@ 
 
 WHITELIST="add_reloc_offset __bss_start __bss_stop copy_and_flush
 _end enter_prom memcpy memset reloc_offset __secondary_hold
+__memcpy __memset
 __secondary_hold_acknowledge __secondary_hold_spinloop __start
 strcmp strcpy strlcpy strlen strncmp strstr kstrtobool logo_linux_clut224
 reloc_got2 kernstart_addr memstart_addr linux_banner _stext
diff --git a/arch/powerpc/kernel/setup-common.c b/arch/powerpc/kernel/setup-common.c
index ca00fbb97cf8..16ff1ea66805 100644
--- a/arch/powerpc/kernel/setup-common.c
+++ b/arch/powerpc/kernel/setup-common.c
@@ -978,6 +978,8 @@  void __init setup_arch(char **cmdline_p)
 
 	paging_init();
 
+	kasan_init();
+
 	/* Initialize the MMU context management stuff. */
 	mmu_context_init();
 
diff --git a/arch/powerpc/kernel/setup_32.c b/arch/powerpc/kernel/setup_32.c
index b46a9a33225b..fe6990dec6fc 100644
--- a/arch/powerpc/kernel/setup_32.c
+++ b/arch/powerpc/kernel/setup_32.c
@@ -17,6 +17,7 @@ 
 #include <linux/console.h>
 #include <linux/memblock.h>
 #include <linux/export.h>
+#include <linux/kasan.h>
 
 #include <asm/io.h>
 #include <asm/prom.h>
@@ -75,6 +76,8 @@  notrace void __init machine_init(u64 dt_ptr)
 	unsigned int *addr = (unsigned int *)patch_site_addr(&patch__memset_nocache);
 	unsigned long insn;
 
+	kasan_early_init();
+
 	/* Configure static keys first, now that we're relocated. */
 	setup_feature_keys();
 
diff --git a/arch/powerpc/lib/Makefile b/arch/powerpc/lib/Makefile
index 3bf9fc6fd36c..31ca9d4ac92e 100644
--- a/arch/powerpc/lib/Makefile
+++ b/arch/powerpc/lib/Makefile
@@ -8,6 +8,9 @@  ccflags-$(CONFIG_PPC64)	:= $(NO_MINIMAL_TOC)
 CFLAGS_REMOVE_code-patching.o = $(CC_FLAGS_FTRACE)
 CFLAGS_REMOVE_feature-fixups.o = $(CC_FLAGS_FTRACE)
 
+KASAN_SANITIZE_code-patching.o := n
+KASAN_SANITIZE_feature-fixups.o := n
+
 obj-y += string.o alloc.o code-patching.o feature-fixups.o
 
 obj-$(CONFIG_PPC32)	+= div64.o copy_32.o crtsavres.o strlen_32.o
diff --git a/arch/powerpc/lib/copy_32.S b/arch/powerpc/lib/copy_32.S
index ba66846fe973..4d8a1c73b4cf 100644
--- a/arch/powerpc/lib/copy_32.S
+++ b/arch/powerpc/lib/copy_32.S
@@ -91,7 +91,8 @@  EXPORT_SYMBOL(memset16)
  * We therefore skip the optimised bloc that uses dcbz. This jump is
  * replaced by a nop once cache is active. This is done in machine_init()
  */
-_GLOBAL(memset)
+_GLOBAL(__memset)
+KASAN_OVERRIDE(memset, __memset)
 	cmplwi	0,r5,4
 	blt	7f
 
@@ -163,12 +164,14 @@  EXPORT_SYMBOL(memset)
  * We therefore jump to generic_memcpy which doesn't use dcbz. This jump is
  * replaced by a nop once cache is active. This is done in machine_init()
  */
-_GLOBAL(memmove)
+_GLOBAL(__memmove)
+KASAN_OVERRIDE(memmove, __memmove)
 	cmplw	0,r3,r4
 	bgt	backwards_memcpy
 	/* fall through */
 
-_GLOBAL(memcpy)
+_GLOBAL(__memcpy)
+KASAN_OVERRIDE(memcpy, __memcpy)
 1:	b	generic_memcpy
 	patch_site	1b, patch__memcpy_nocache
 
diff --git a/arch/powerpc/mm/Makefile b/arch/powerpc/mm/Makefile
index f965fc33a8b7..d6b76f25f6de 100644
--- a/arch/powerpc/mm/Makefile
+++ b/arch/powerpc/mm/Makefile
@@ -7,6 +7,8 @@  ccflags-$(CONFIG_PPC64)	:= $(NO_MINIMAL_TOC)
 
 CFLAGS_REMOVE_slb.o = $(CC_FLAGS_FTRACE)
 
+KASAN_SANITIZE_kasan_init.o := n
+
 obj-y				:= fault.o mem.o pgtable.o mmap.o \
 				   init_$(BITS).o pgtable_$(BITS).o \
 				   init-common.o mmu_context.o drmem.o
@@ -55,3 +57,4 @@  obj-$(CONFIG_PPC_BOOK3S_64)	+= dump_linuxpagetables-book3s64.o
 endif
 obj-$(CONFIG_PPC_HTDUMP)	+= dump_hashpagetable.o
 obj-$(CONFIG_PPC_MEM_KEYS)	+= pkeys.o
+obj-$(CONFIG_KASAN)		+= kasan_init.o
diff --git a/arch/powerpc/mm/dump_linuxpagetables.c b/arch/powerpc/mm/dump_linuxpagetables.c
index 6aa41669ac1a..c862b48118f1 100644
--- a/arch/powerpc/mm/dump_linuxpagetables.c
+++ b/arch/powerpc/mm/dump_linuxpagetables.c
@@ -94,6 +94,10 @@  static struct addr_marker address_markers[] = {
 	{ 0,	"Consistent mem start" },
 	{ 0,	"Consistent mem end" },
 #endif
+#ifdef CONFIG_KASAN
+	{ 0,	"kasan shadow mem start" },
+	{ 0,	"kasan shadow mem end" },
+#endif
 #ifdef CONFIG_HIGHMEM
 	{ 0,	"Highmem PTEs start" },
 	{ 0,	"Highmem PTEs end" },
@@ -310,6 +314,10 @@  static void populate_markers(void)
 	address_markers[i++].start_address = IOREMAP_TOP +
 					     CONFIG_CONSISTENT_SIZE;
 #endif
+#ifdef CONFIG_KASAN
+	address_markers[i++].start_address = KASAN_SHADOW_START;
+	address_markers[i++].start_address = KASAN_SHADOW_END;
+#endif
 #ifdef CONFIG_HIGHMEM
 	address_markers[i++].start_address = PKMAP_BASE;
 	address_markers[i++].start_address = PKMAP_ADDR(LAST_PKMAP);
diff --git a/arch/powerpc/mm/kasan_init.c b/arch/powerpc/mm/kasan_init.c
new file mode 100644
index 000000000000..3edc9c2d2f3e
--- /dev/null
+++ b/arch/powerpc/mm/kasan_init.c
@@ -0,0 +1,72 @@ 
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/kasan.h>
+#include <linux/printk.h>
+#include <linux/memblock.h>
+#include <asm/pgalloc.h>
+
+void __init kasan_early_init(void)
+{
+	unsigned long addr = KASAN_SHADOW_START & PGDIR_MASK;
+	unsigned long end = KASAN_SHADOW_END;
+	unsigned long next;
+	pmd_t *pmd = pmd_offset(pud_offset(pgd_offset_k(addr), addr), addr);
+	int i;
+	phys_addr_t pa = __pa(kasan_early_shadow_page);
+
+	for (i = 0; i < PTRS_PER_PTE; i++)
+		__set_pte_at(&init_mm, (unsigned long)kasan_early_shadow_page,
+			     kasan_early_shadow_pte + i,
+			     pfn_pte(PHYS_PFN(pa), PAGE_KERNEL_RO), 0);
+
+	do {
+		next = pgd_addr_end(addr, end);
+		pmd_populate_kernel(&init_mm, pmd, kasan_early_shadow_pte);
+	} while (pmd++, addr = next, addr != end);
+}
+
+static void __init kasan_init_region(struct memblock_region *reg)
+{
+	void *start = __va(reg->base);
+	void *end = __va(reg->base + reg->size);
+	unsigned long k_start, k_end, k_cur, k_next;
+	pmd_t *pmd;
+
+	if (start >= end)
+		return;
+
+	k_start = (unsigned long)kasan_mem_to_shadow(start);
+	k_end = (unsigned long)kasan_mem_to_shadow(end);
+	pmd = pmd_offset(pud_offset(pgd_offset_k(k_start), k_start), k_start);
+
+	for (k_cur = k_start; k_cur != k_end; k_cur = k_next, pmd++) {
+		k_next = pgd_addr_end(k_cur, k_end);
+		if ((void *)pmd_page_vaddr(*pmd) == kasan_early_shadow_pte) {
+			pte_t *new = pte_alloc_one_kernel(&init_mm);
+
+			if (!new)
+				panic("kasan: pte_alloc_one_kernel() failed");
+			memcpy(new, kasan_early_shadow_pte, PTE_TABLE_SIZE);
+			pmd_populate_kernel(&init_mm, pmd, new);
+		}
+	};
+
+	for (k_cur = k_start; k_cur < k_end; k_cur += PAGE_SIZE) {
+		phys_addr_t pa = memblock_phys_alloc(PAGE_SIZE, PAGE_SIZE);
+		pte_t pte = pfn_pte(PHYS_PFN(pa), PAGE_KERNEL);
+
+		pmd = pmd_offset(pud_offset(pgd_offset_k(k_cur), k_cur), k_cur);
+		pte_update(pte_offset_kernel(pmd, k_cur), ~0, pte_val(pte));
+	}
+	flush_tlb_kernel_range(k_start, k_end);
+}
+
+void __init kasan_init(void)
+{
+	struct memblock_region *reg;
+
+	for_each_memblock(memory, reg)
+		kasan_init_region(reg);
+
+	pr_info("KASAN init done\n");
+}
diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c
index 33cc6f676fa6..ae7db88b72d6 100644
--- a/arch/powerpc/mm/mem.c
+++ b/arch/powerpc/mm/mem.c
@@ -369,6 +369,10 @@  void __init mem_init(void)
 	pr_info("  * 0x%08lx..0x%08lx  : highmem PTEs\n",
 		PKMAP_BASE, PKMAP_ADDR(LAST_PKMAP));
 #endif /* CONFIG_HIGHMEM */
+#ifdef CONFIG_KASAN
+	pr_info("  * 0x%08lx..0x%08lx  : kasan shadow mem\n",
+		KASAN_SHADOW_START, KASAN_SHADOW_END);
+#endif
 #ifdef CONFIG_NOT_COHERENT_CACHE
 	pr_info("  * 0x%08lx..0x%08lx  : consistent mem\n",
 		IOREMAP_TOP, IOREMAP_TOP + CONFIG_CONSISTENT_SIZE);