[LKP] c1d760d87c: BUG:KASAN:slab-out-of-bounds_in_k

FYI, we noticed the following commit (built with gcc-7): commit: c1d760d87ccb86705fbf4c718cee684b938d3b2b ("Kasan test uglyhack") https://git.kernel.org/cgit/linux/kernel/git/linusw/linux-integrator.git kasan in testcase: trinity with following parameters: runtime: 300s test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +---------------------------------------------+------------+------------+ | | b29ea558ab | c1d760d87c | +---------------------------------------------+------------+------------+ | boot_successes | 0 | 0 | | boot_failures | 26 | 26 | | BUG:kernel_hang_in_boot_stage | 26 | | | BUG:KASAN:slab-out-of-bounds_in_k | 0 | 26 | | BUG:KASAN:use-after-free_in_k | 0 | 26 | | BUG:KASAN:double-free_or_invalid-free_in_k | 0 | 26 | | BUG:KASAN:out-of-bounds_in_k | 0 | 26 | | BUG:KASAN:stack-out-of-bounds_in_k | 0 | 26 | | BUG:KASAN:global-out-of-bounds_in_k | 0 | 26 | | BUG:KASAN:null-ptr-deref_in_d | 0 | 26 | | BUG:kernel_NULL_pointer_dereference,address | 0 | 26 | | Oops:#[##] | 0 | 26 | | RIP:down_write_killable | 0 | 26 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 26 | +---------------------------------------------+------------+------------+ If you fix the issue, kindly add following tag Reported-by: kernel test robot <rong.a.chen(a)intel.com&gt; [ 8.013227] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x9a/0xcf [ 8.014230] Write of size 1 at addr ffff8881e3dbcb7b by task swapper/1 [ 8.015176] [ 8.015251] CPU: 0 PID: 1 Comm: swapper Not tainted 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.015251] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.015251] Call Trace: [ 8.015251] print_address_description+0x16/0x310 [ 8.015251] ? kmalloc_oob_right+0x9a/0xcf [ 8.015251] __kasan_report+0xee/0x11b [ 8.015251] ? kmalloc_oob_right+0x9a/0xcf [ 8.015251] kasan_report+0x32/0x50 [ 8.015251] kmalloc_oob_right+0x9a/0xcf [ 8.015251] kmalloc_tests_init+0x23/0x108 [ 8.015251] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.015251] do_one_initcall+0xea/0x2a0 [ 8.015251] ? perf_trace_initcall_level+0x260/0x260 [ 8.015251] ? kasan_poison_shadow+0x30/0x30 [ 8.015251] ? __kasan_kmalloc+0x9f/0xd0 [ 8.015251] ? kasan_unpoison_shadow+0x30/0x40 [ 8.015251] kernel_init_freeable+0x326/0x3f8 [ 8.015251] ? rest_init+0xd0/0xd0 [ 8.015251] kernel_init+0xf/0x180 [ 8.015251] ? calculate_sigpending+0x2a/0x40 [ 8.015251] ? rest_init+0xd0/0xd0 [ 8.015251] ret_from_fork+0x35/0x40 [ 8.015251] [ 8.015251] Allocated by task 1: [ 8.015251] save_stack+0x19/0x80 [ 8.015251] __kasan_kmalloc+0x9f/0xd0 [ 8.015251] kmalloc_oob_right+0x58/0xcf [ 8.015251] kmalloc_tests_init+0x23/0x108 [ 8.015251] do_one_initcall+0xea/0x2a0 [ 8.015251] kernel_init_freeable+0x326/0x3f8 [ 8.015251] kernel_init+0xf/0x180 [ 8.015251] ret_from_fork+0x35/0x40 [ 8.015251] [ 8.015251] Freed by task 0: [ 8.015251] (stack is not available) [ 8.015251] [ 8.015251] The buggy address belongs to the object at ffff8881e3dbcb00 [ 8.015251] which belongs to the cache kmalloc-128 of size 128 [ 8.015251] The buggy address is located 123 bytes inside of [ 8.015251] 128-byte region [ffff8881e3dbcb00, ffff8881e3dbcb80) [ 8.015251] The buggy address belongs to the page: [ 8.015251] page:ffffea00078f6f00 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 8.015251] flags: 0x8000000000000200(slab) [ 8.015251] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f6401640 [ 8.015251] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 8.015251] page dumped because: kasan: bad access detected [ 8.015251] [ 8.015251] Memory state around the buggy address: [ 8.015251] ffff8881e3dbca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 8.015251] ffff8881e3dbca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.015251] >ffff8881e3dbcb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 [ 8.015251] ^ [ 8.015251] ffff8881e3dbcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.015251] ffff8881e3dbcc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.015251] ================================================================== [ 8.015251] Disabling lock debugging due to kernel taint [ 8.055732] kasan test: kmalloc_oob_left out-of-bounds to left [ 8.056604] ================================================================== [ 8.057689] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x9c/0xde [ 8.058670] Read of size 1 at addr ffff8881e3dc21df by task swapper/1 [ 8.059612] [ 8.059703] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.059703] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.059703] Call Trace: [ 8.059703] print_address_description+0x16/0x310 [ 8.059703] ? kmalloc_oob_left+0x9c/0xde [ 8.059703] __kasan_report+0xee/0x11b [ 8.059703] ? kmalloc_oob_left+0x9c/0xde [ 8.059703] kasan_report+0x32/0x50 [ 8.059703] kmalloc_oob_left+0x9c/0xde [ 8.059703] kmalloc_tests_init+0x28/0x108 [ 8.059703] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.059703] do_one_initcall+0xea/0x2a0 [ 8.059703] ? perf_trace_initcall_level+0x260/0x260 [ 8.059703] ? kasan_poison_shadow+0x30/0x30 [ 8.059703] ? __kasan_kmalloc+0x9f/0xd0 [ 8.059703] ? kasan_unpoison_shadow+0x30/0x40 [ 8.059703] kernel_init_freeable+0x326/0x3f8 [ 8.059703] ? rest_init+0xd0/0xd0 [ 8.059703] kernel_init+0xf/0x180 [ 8.059703] ? calculate_sigpending+0x2a/0x40 [ 8.059703] ? rest_init+0xd0/0xd0 [ 8.059703] ret_from_fork+0x35/0x40 [ 8.059703] [ 8.059703] Allocated by task 1: [ 8.059703] save_stack+0x19/0x80 [ 8.059703] __kasan_kmalloc+0x9f/0xd0 [ 8.059703] kobject_get_path+0x84/0x140 [ 8.059703] kobject_uevent_env+0x191/0xa60 [ 8.059703] kset_register+0x55/0x70 [ 8.059703] __class_register+0x13e/0x270 [ 8.059703] __class_create+0x77/0xb0 [ 8.059703] bsg_init+0xd6/0x243 [ 8.059703] do_one_initcall+0xea/0x2a0 [ 8.059703] kernel_init_freeable+0x326/0x3f8 [ 8.059703] kernel_init+0xf/0x180 [ 8.059703] ret_from_fork+0x35/0x40 [ 8.059703] [ 8.059703] Freed by task 1: [ 8.059703] save_stack+0x19/0x80 [ 8.059703] __kasan_slab_free+0x12d/0x180 [ 8.059703] kfree+0x91/0x250 [ 8.059703] kobject_uevent_env+0x2b7/0xa60 [ 8.059703] kset_register+0x55/0x70 [ 8.059703] __class_register+0x13e/0x270 [ 8.059703] __class_create+0x77/0xb0 [ 8.059703] bsg_init+0xd6/0x243 [ 8.059703] do_one_initcall+0xea/0x2a0 [ 8.059703] kernel_init_freeable+0x326/0x3f8 [ 8.059703] kernel_init+0xf/0x180 [ 8.059703] ret_from_fork+0x35/0x40 [ 8.059703] [ 8.059703] The buggy address belongs to the object at ffff8881e3dc21c0 [ 8.059703] which belongs to the cache kmalloc-16 of size 16 [ 8.059703] The buggy address is located 15 bytes to the right of [ 8.059703] 16-byte region [ffff8881e3dc21c0, ffff8881e3dc21d0) [ 8.059703] The buggy address belongs to the page: [ 8.059703] page:ffffea00078f7080 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 8.059703] flags: 0x8000000000000200(slab) [ 8.059703] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f6401b40 [ 8.059703] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 8.059703] page dumped because: kasan: bad access detected [ 8.059703] [ 8.059703] Memory state around the buggy address: [ 8.059703] ffff8881e3dc2080: fb fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 8.059703] ffff8881e3dc2100: 00 00 fc fc fb fb fc fc fb fb fc fc 00 00 fc fc [ 8.059703] >ffff8881e3dc2180: fb fb fc fc fb fb fc fc fb fb fc fc 00 07 fc fc [ 8.059703] ^ [ 8.059703] ffff8881e3dc2200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.059703] ffff8881e3dc2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.059703] ================================================================== [ 8.107662] kasan test: kmalloc_node_oob_right kmalloc_node(): out-of-bounds to right [ 8.108831] ================================================================== [ 8.109895] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x9d/0xd5 [ 8.110952] Write of size 1 at addr ffff8881e3141000 by task swapper/1 [ 8.111630] [ 8.111630] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.111630] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.111630] Call Trace: [ 8.111630] print_address_description+0x16/0x310 [ 8.111630] ? kmalloc_node_oob_right+0x9d/0xd5 [ 8.111630] __kasan_report+0xee/0x11b [ 8.111630] ? kmalloc_node_oob_right+0x9d/0xd5 [ 8.111630] kasan_report+0x32/0x50 [ 8.111630] kmalloc_node_oob_right+0x9d/0xd5 [ 8.111630] kmalloc_tests_init+0x2d/0x108 [ 8.111630] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.111630] do_one_initcall+0xea/0x2a0 [ 8.111630] ? perf_trace_initcall_level+0x260/0x260 [ 8.111630] ? kasan_poison_shadow+0x30/0x30 [ 8.111630] ? __kasan_kmalloc+0x9f/0xd0 [ 8.111630] ? kasan_unpoison_shadow+0x30/0x40 [ 8.111630] kernel_init_freeable+0x326/0x3f8 [ 8.111630] ? rest_init+0xd0/0xd0 [ 8.111630] kernel_init+0xf/0x180 [ 8.111630] ? calculate_sigpending+0x2a/0x40 [ 8.111630] ? rest_init+0xd0/0xd0 [ 8.111630] ret_from_fork+0x35/0x40 [ 8.111630] [ 8.111630] Allocated by task 1: [ 8.111630] save_stack+0x19/0x80 [ 8.111630] __kasan_kmalloc+0x9f/0xd0 [ 8.111630] kmalloc_node_oob_right+0x58/0xd5 [ 8.111630] kmalloc_tests_init+0x2d/0x108 [ 8.111630] do_one_initcall+0xea/0x2a0 [ 8.111630] kernel_init_freeable+0x326/0x3f8 [ 8.111630] kernel_init+0xf/0x180 [ 8.111630] ret_from_fork+0x35/0x40 [ 8.111630] [ 8.111630] Freed by task 0: [ 8.111630] (stack is not available) [ 8.111630] [ 8.111630] The buggy address belongs to the object at ffff8881e3140000 [ 8.111630] which belongs to the cache kmalloc-4k of size 4096 [ 8.111630] The buggy address is located 0 bytes to the right of [ 8.111630] 4096-byte region [ffff8881e3140000, ffff8881e3141000) [ 8.111630] The buggy address belongs to the page: [ 8.111630] page:ffffea00078c5000 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 head:ffffea00078c5000 order:3 compound_mapcount:0 compound_pincount:0 [ 8.111630] flags: 0x8000000000010200(slab|head) [ 8.111630] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f6402140 [ 8.111630] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000 [ 8.111630] page dumped because: kasan: bad access detected [ 8.111630] [ 8.111630] Memory state around the buggy address: [ 8.111630] ffff8881e3140f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 8.111630] ffff8881e3140f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 8.111630] >ffff8881e3141000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.111630] ^ [ 8.111630] ffff8881e3141080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.111630] ffff8881e3141100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.111630] ================================================================== [ 8.153097] kasan test: kmalloc_pagealloc_oob_right kmalloc pagealloc allocation: out-of-bounds to right [ 8.154481] ================================================================== [ 8.155539] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0x8e/0xc6 [ 8.156642] Write of size 1 at addr ffff8881e313e00a by task swapper/1 [ 8.157067] [ 8.157067] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.157067] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.157067] Call Trace: [ 8.157067] print_address_description+0x16/0x310 [ 8.157067] ? kmalloc_pagealloc_oob_right+0x8e/0xc6 [ 8.157067] __kasan_report+0xee/0x11b [ 8.157067] ? kasan_kmalloc_large+0x71/0xe0 [ 8.157067] ? kmalloc_pagealloc_oob_right+0x8e/0xc6 [ 8.157067] kasan_report+0x32/0x50 [ 8.157067] kmalloc_pagealloc_oob_right+0x8e/0xc6 [ 8.157067] kmalloc_tests_init+0x32/0x108 [ 8.157067] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.157067] do_one_initcall+0xea/0x2a0 [ 8.157067] ? perf_trace_initcall_level+0x260/0x260 [ 8.157067] ? kasan_poison_shadow+0x30/0x30 [ 8.157067] ? __kasan_kmalloc+0x9f/0xd0 [ 8.157067] ? kasan_unpoison_shadow+0x30/0x40 [ 8.157067] kernel_init_freeable+0x326/0x3f8 [ 8.157067] ? rest_init+0xd0/0xd0 [ 8.157067] kernel_init+0xf/0x180 [ 8.157067] ? calculate_sigpending+0x2a/0x40 [ 8.157067] ? rest_init+0xd0/0xd0 [ 8.157067] ret_from_fork+0x35/0x40 [ 8.157067] [ 8.157067] The buggy address belongs to the page: [ 8.157067] page:ffffea00078c4f00 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 head:ffffea00078c4f00 order:2 compound_mapcount:0 compound_pincount:0 [ 8.157067] flags: 0x8000000000010000(head) [ 8.157067] raw: 8000000000010000 dead000000000100 dead000000000122 0000000000000000 [ 8.157067] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 8.157067] page dumped because: kasan: bad access detected [ 8.157067] [ 8.157067] Memory state around the buggy address: [ 8.157067] ffff8881e313df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 8.157067] ffff8881e313df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 8.157067] >ffff8881e313e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 8.157067] ^ [ 8.157067] ffff8881e313e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 8.157067] ffff8881e313e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 8.157067] ================================================================== [ 8.189511] kasan test: kmalloc_pagealloc_uaf kmalloc pagealloc allocation: use-after-free [ 8.190725] ================================================================== [ 8.191793] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x92/0xbe [ 8.192793] Write of size 1 at addr ffff8881e313c000 by task swapper/1 [ 8.193494] [ 8.193494] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.193494] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.193494] Call Trace: [ 8.193494] print_address_description+0x16/0x310 [ 8.193494] ? kmalloc_pagealloc_uaf+0x92/0xbe [ 8.193494] __kasan_report+0xee/0x11b [ 8.193494] ? kmalloc_pagealloc_uaf+0x92/0xbe [ 8.193494] kasan_report+0x32/0x50 [ 8.193494] kmalloc_pagealloc_uaf+0x92/0xbe [ 8.193494] kmalloc_tests_init+0x37/0x108 [ 8.193494] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.193494] do_one_initcall+0xea/0x2a0 [ 8.193494] ? perf_trace_initcall_level+0x260/0x260 [ 8.193494] ? kasan_poison_shadow+0x30/0x30 [ 8.193494] ? __kasan_kmalloc+0x9f/0xd0 [ 8.193494] ? kasan_unpoison_shadow+0x30/0x40 [ 8.193494] kernel_init_freeable+0x326/0x3f8 [ 8.193494] ? rest_init+0xd0/0xd0 [ 8.193494] kernel_init+0xf/0x180 [ 8.193494] ? calculate_sigpending+0x2a/0x40 [ 8.193494] ? rest_init+0xd0/0xd0 [ 8.193494] ret_from_fork+0x35/0x40 [ 8.193494] [ 8.193494] The buggy address belongs to the page: [ 8.193494] page:ffffea00078c4f00 refcount:0 mapcount:-128 mapping:(____ptrval____) index:0x0 [ 8.193494] flags: 0x8000000000000000() [ 8.193494] raw: 8000000000000000 ffffffff84ff1808 ffffffff84ff1808 0000000000000000 [ 8.193494] raw: 0000000000000000 0000000000000002 00000000ffffff7f 0000000000000000 [ 8.193494] page dumped because: kasan: bad access detected [ 8.193494] [ 8.193494] Memory state around the buggy address: [ 8.193494] ffff8881e313bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 8.193494] ffff8881e313bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 8.193494] >ffff8881e313c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 8.193494] ^ [ 8.193494] ffff8881e313c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 8.193494] ffff8881e313c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 8.193494] ================================================================== [ 8.223140] kasan test: kmalloc_pagealloc_invalid_free kmalloc pagealloc allocation: invalid-free [ 8.224429] ================================================================== [ 8.225511] BUG: KASAN: double-free or invalid-free in kmalloc_pagealloc_invalid_free+0x8c/0xb3 [ 8.226762] [ 8.227005] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.228291] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.228414] Call Trace: [ 8.228414] print_address_description+0x16/0x310 [ 8.228414] ? kmalloc_pagealloc_invalid_free+0x8c/0xb3 [ 8.228414] kasan_report_invalid_free+0x37/0x60 [ 8.228414] kfree+0x1fa/0x250 [ 8.228414] kmalloc_pagealloc_invalid_free+0x8c/0xb3 [ 8.228414] kmalloc_tests_init+0x3c/0x108 [ 8.228414] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.228414] do_one_initcall+0xea/0x2a0 [ 8.228414] ? perf_trace_initcall_level+0x260/0x260 [ 8.228414] ? kasan_poison_shadow+0x30/0x30 [ 8.228414] ? __kasan_kmalloc+0x9f/0xd0 [ 8.228414] ? kasan_unpoison_shadow+0x30/0x40 [ 8.228414] kernel_init_freeable+0x326/0x3f8 [ 8.228414] ? rest_init+0xd0/0xd0 [ 8.228414] kernel_init+0xf/0x180 [ 8.228414] ? calculate_sigpending+0x2a/0x40 [ 8.228414] ? rest_init+0xd0/0xd0 [ 8.228414] ret_from_fork+0x35/0x40 [ 8.228414] [ 8.228414] The buggy address belongs to the page: [ 8.228414] page:ffffea00078c4f00 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 head:ffffea00078c4f00 order:2 compound_mapcount:0 compound_pincount:0 [ 8.228414] flags: 0x8000000000010000(head) [ 8.228414] raw: 8000000000010000 dead000000000100 dead000000000122 0000000000000000 [ 8.228414] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 8.228414] page dumped because: kasan: bad access detected [ 8.228414] [ 8.228414] Memory state around the buggy address: [ 8.228414] ffff8881e313bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 8.228414] ffff8881e313bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 8.228414] >ffff8881e313c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 8.228414] ^ [ 8.228414] ffff8881e313c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 8.228414] ffff8881e313c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 8.228414] ================================================================== [ 8.256223] kasan test: kmalloc_large_oob_right kmalloc large allocation: out-of-bounds to right [ 8.257551] ================================================================== [ 8.258607] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x9d/0xd5 [ 8.259667] Write of size 1 at addr ffff8881e3149f00 by task swapper/1 [ 8.260208] [ 8.260208] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.260208] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.260208] Call Trace: [ 8.260208] print_address_description+0x16/0x310 [ 8.260208] ? kmalloc_large_oob_right+0x9d/0xd5 [ 8.260208] __kasan_report+0xee/0x11b [ 8.260208] ? kmalloc_large_oob_right+0x9d/0xd5 [ 8.260208] kasan_report+0x32/0x50 [ 8.260208] kmalloc_large_oob_right+0x9d/0xd5 [ 8.260208] kmalloc_tests_init+0x41/0x108 [ 8.260208] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.260208] do_one_initcall+0xea/0x2a0 [ 8.260208] ? perf_trace_initcall_level+0x260/0x260 [ 8.260208] ? kasan_poison_shadow+0x30/0x30 [ 8.260208] ? __kasan_kmalloc+0x9f/0xd0 [ 8.260208] ? kasan_unpoison_shadow+0x30/0x40 [ 8.260208] kernel_init_freeable+0x326/0x3f8 [ 8.260208] ? rest_init+0xd0/0xd0 [ 8.260208] kernel_init+0xf/0x180 [ 8.260208] ? calculate_sigpending+0x2a/0x40 [ 8.260208] ? rest_init+0xd0/0xd0 [ 8.260208] ret_from_fork+0x35/0x40 [ 8.260208] [ 8.260208] Allocated by task 1: [ 8.260208] save_stack+0x19/0x80 [ 8.260208] __kasan_kmalloc+0x9f/0xd0 [ 8.260208] kmalloc_large_oob_right+0x58/0xd5 [ 8.260208] kmalloc_tests_init+0x41/0x108 [ 8.260208] do_one_initcall+0xea/0x2a0 [ 8.260208] kernel_init_freeable+0x326/0x3f8 [ 8.260208] kernel_init+0xf/0x180 [ 8.260208] ret_from_fork+0x35/0x40 [ 8.260208] [ 8.260208] Freed by task 0: [ 8.260208] (stack is not available) [ 8.260208] [ 8.260208] The buggy address belongs to the object at ffff8881e3148000 [ 8.260208] which belongs to the cache kmalloc-8k of size 8192 [ 8.260208] The buggy address is located 7936 bytes inside of [ 8.260208] 8192-byte region [ffff8881e3148000, ffff8881e314a000) [ 8.260208] The buggy address belongs to the page: [ 8.260208] page:ffffea00078c5200 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 head:ffffea00078c5200 order:3 compound_mapcount:0 compound_pincount:0 [ 8.260208] flags: 0x8000000000010200(slab|head) [ 8.260208] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f6402280 [ 8.260208] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 8.260208] page dumped because: kasan: bad access detected [ 8.260208] [ 8.260208] Memory state around the buggy address: [ 8.260208] ffff8881e3149e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 8.260208] ffff8881e3149e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 8.260208] >ffff8881e3149f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.260208] ^ [ 8.260208] ffff8881e3149f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.260208] ffff8881e314a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.260208] ================================================================== [ 8.304155] kasan test: kmalloc_oob_krealloc_more out-of-bounds after krealloc more [ 8.305320] ================================================================== [ 8.306380] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_krealloc_more+0xc6/0xfd [ 8.307466] Write of size 1 at addr ffff8881e30317d3 by task swapper/1 [ 8.307588] [ 8.307588] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.307588] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.307588] Call Trace: [ 8.307588] print_address_description+0x16/0x310 [ 8.307588] ? kmalloc_oob_krealloc_more+0xc6/0xfd [ 8.307588] __kasan_report+0xee/0x11b [ 8.307588] ? kasan_unpoison_shadow+0x1/0x40 [ 8.307588] ? kmalloc_oob_krealloc_more+0xc6/0xfd [ 8.307588] kasan_report+0x32/0x50 [ 8.307588] kmalloc_oob_krealloc_more+0xc6/0xfd [ 8.307588] kmalloc_tests_init+0x46/0x108 [ 8.307588] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.307588] do_one_initcall+0xea/0x2a0 [ 8.307588] ? perf_trace_initcall_level+0x260/0x260 [ 8.307588] ? kasan_poison_shadow+0x30/0x30 [ 8.307588] ? __kasan_kmalloc+0x9f/0xd0 [ 8.307588] ? kasan_unpoison_shadow+0x30/0x40 [ 8.307588] kernel_init_freeable+0x326/0x3f8 [ 8.307588] ? rest_init+0xd0/0xd0 [ 8.307588] kernel_init+0xf/0x180 [ 8.307588] ? calculate_sigpending+0x2a/0x40 [ 8.307588] ? rest_init+0xd0/0xd0 [ 8.307588] ret_from_fork+0x35/0x40 [ 8.307588] [ 8.307588] Allocated by task 1: [ 8.307588] save_stack+0x19/0x80 [ 8.307588] __kasan_kmalloc+0x9f/0xd0 [ 8.307588] krealloc+0x9b/0xc0 [ 8.307588] kmalloc_oob_krealloc_more+0x6f/0xfd [ 8.307588] kmalloc_tests_init+0x46/0x108 [ 8.307588] do_one_initcall+0xea/0x2a0 [ 8.307588] kernel_init_freeable+0x326/0x3f8 [ 8.307588] kernel_init+0xf/0x180 [ 8.307588] ret_from_fork+0x35/0x40 [ 8.307588] [ 8.307588] Freed by task 0: [ 8.307588] (stack is not available) [ 8.307588] [ 8.307588] The buggy address belongs to the object at ffff8881e30317c0 [ 8.307588] which belongs to the cache kmalloc-32 of size 32 [ 8.307588] The buggy address is located 19 bytes inside of [ 8.307588] 32-byte region [ffff8881e30317c0, ffff8881e30317e0) [ 8.307588] The buggy address belongs to the page: [ 8.307588] page:ffffea00078c0c40 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 8.307588] flags: 0x8000000000000200(slab) [ 8.307588] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f6401a00 [ 8.307588] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 8.307588] page dumped because: kasan: bad access detected [ 8.307588] [ 8.307588] Memory state around the buggy address: [ 8.307588] ffff8881e3031680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 8.307588] ffff8881e3031700: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 8.307588] >ffff8881e3031780: 00 00 00 00 fc fc fc fc 00 00 03 fc fc fc fc fc [ 8.307588] ^ [ 8.307588] ffff8881e3031800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.307588] ffff8881e3031880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.307588] ================================================================== [ 8.360514] kasan test: kmalloc_oob_krealloc_less out-of-bounds after krealloc less [ 8.373575] ================================================================== [ 8.374775] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_krealloc_less+0xbe/0xf5 [ 8.376134] Write of size 1 at addr ffff8881e303180f by task swapper/1 [ 8.377354] [ 8.377527] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.377527] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.377527] Call Trace: [ 8.377527] print_address_description+0x16/0x310 [ 8.377527] ? kmalloc_oob_krealloc_less+0xbe/0xf5 [ 8.377527] __kasan_report+0xee/0x11b [ 8.377527] ? kasan_unpoison_shadow+0x1/0x40 [ 8.377527] ? kmalloc_oob_krealloc_less+0xbe/0xf5 [ 8.377527] kasan_report+0x32/0x50 [ 8.377527] kmalloc_oob_krealloc_less+0xbe/0xf5 [ 8.377527] kmalloc_tests_init+0x4b/0x108 [ 8.377527] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.377527] do_one_initcall+0xea/0x2a0 [ 8.377527] ? perf_trace_initcall_level+0x260/0x260 [ 8.377527] ? kasan_poison_shadow+0x30/0x30 [ 8.377527] ? __kasan_kmalloc+0x9f/0xd0 [ 8.377527] ? kasan_unpoison_shadow+0x30/0x40 [ 8.377527] kernel_init_freeable+0x326/0x3f8 [ 8.377527] ? rest_init+0xd0/0xd0 [ 8.377527] kernel_init+0xf/0x180 [ 8.377527] ? calculate_sigpending+0x2a/0x40 [ 8.377527] ? rest_init+0xd0/0xd0 [ 8.377527] ret_from_fork+0x35/0x40 [ 8.377527] [ 8.377527] Allocated by task 1: [ 8.377527] save_stack+0x19/0x80 [ 8.377527] __kasan_kmalloc+0x9f/0xd0 [ 8.377527] krealloc+0x9b/0xc0 [ 8.377527] kmalloc_oob_krealloc_less+0x6f/0xf5 [ 8.377527] kmalloc_tests_init+0x4b/0x108 [ 8.377527] do_one_initcall+0xea/0x2a0 [ 8.377527] kernel_init_freeable+0x326/0x3f8 [ 8.377527] kernel_init+0xf/0x180 [ 8.377527] ret_from_fork+0x35/0x40 [ 8.377527] [ 8.377527] Freed by task 0: [ 8.377527] (stack is not available) [ 8.377527] [ 8.377527] The buggy address belongs to the object at ffff8881e3031800 [ 8.377527] which belongs to the cache kmalloc-32 of size 32 [ 8.377527] The buggy address is located 15 bytes inside of [ 8.377527] 32-byte region [ffff8881e3031800, ffff8881e3031820) [ 8.377527] The buggy address belongs to the page: [ 8.377527] page:ffffea00078c0c40 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 8.377527] flags: 0x8000000000000200(slab) [ 8.377527] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f6401a00 [ 8.377527] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 8.377527] page dumped because: kasan: bad access detected [ 8.377527] [ 8.377527] Memory state around the buggy address: [ 8.377527] ffff8881e3031700: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 8.377527] ffff8881e3031780: 00 00 00 00 fc fc fc fc fb fb fb fb fc fc fc fc [ 8.377527] >ffff8881e3031800: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.377527] ^ [ 8.377527] ffff8881e3031880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.377527] ffff8881e3031900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.377527] ================================================================== [ 8.427867] kasan test: kmalloc_oob_16 kmalloc out-of-bounds for 16-bytes access [ 8.429714] ================================================================== [ 8.430943] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xd4/0x126 [ 8.431836] Write of size 16 at addr ffff8881e3dc2200 by task swapper/1 [ 8.431836] [ 8.431836] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.431836] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.431836] Call Trace: [ 8.431836] print_address_description+0x16/0x310 [ 8.431836] ? kmalloc_oob_16+0xd4/0x126 [ 8.431836] __kasan_report+0xee/0x11b [ 8.431836] ? kmalloc_oob_16+0xd4/0x126 [ 8.431836] kasan_report+0x32/0x50 [ 8.431836] kmalloc_oob_16+0xd4/0x126 [ 8.431836] kmalloc_tests_init+0x50/0x108 [ 8.431836] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.431836] do_one_initcall+0xea/0x2a0 [ 8.431836] ? perf_trace_initcall_level+0x260/0x260 [ 8.431836] ? kasan_poison_shadow+0x30/0x30 [ 8.431836] ? __kasan_kmalloc+0x9f/0xd0 [ 8.431836] ? kasan_unpoison_shadow+0x30/0x40 [ 8.431836] kernel_init_freeable+0x326/0x3f8 [ 8.431836] ? rest_init+0xd0/0xd0 [ 8.431836] kernel_init+0xf/0x180 [ 8.431836] ? calculate_sigpending+0x2a/0x40 [ 8.431836] ? rest_init+0xd0/0xd0 [ 8.431836] ret_from_fork+0x35/0x40 [ 8.431836] [ 8.431836] Allocated by task 1: [ 8.431836] save_stack+0x19/0x80 [ 8.431836] __kasan_kmalloc+0x9f/0xd0 [ 8.431836] kmalloc_oob_16+0x5a/0x126 [ 8.431836] kmalloc_tests_init+0x50/0x108 [ 8.431836] do_one_initcall+0xea/0x2a0 [ 8.431836] kernel_init_freeable+0x326/0x3f8 [ 8.431836] kernel_init+0xf/0x180 [ 8.431836] ret_from_fork+0x35/0x40 [ 8.431836] [ 8.431836] Freed by task 0: [ 8.431836] (stack is not available) [ 8.431836] [ 8.431836] The buggy address belongs to the object at ffff8881e3dc2200 [ 8.431836] which belongs to the cache kmalloc-16 of size 16 [ 8.431836] The buggy address is located 0 bytes inside of [ 8.431836] 16-byte region [ffff8881e3dc2200, ffff8881e3dc2210) [ 8.431836] The buggy address belongs to the page: [ 8.431836] page:ffffea00078f7080 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 8.431836] flags: 0x8000000000000200(slab) [ 8.431836] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f6401b40 [ 8.431836] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 8.431836] page dumped because: kasan: bad access detected [ 8.431836] [ 8.431836] Memory state around the buggy address: [ 8.431836] ffff8881e3dc2100: 00 00 fc fc fb fb fc fc fb fb fc fc 00 00 fc fc [ 8.431836] ffff8881e3dc2180: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 8.431836] >ffff8881e3dc2200: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 8.431836] ^ [ 8.431836] ffff8881e3dc2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.431836] ffff8881e3dc2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.431836] ================================================================== [ 8.483783] kasan test: kmalloc_oob_in_memset out-of-bounds in memset [ 8.484918] ================================================================== [ 8.486195] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x9f/0xce [ 8.487369] Write of size 671 at addr ffff8881e30f9000 by task swapper/1 [ 8.487745] [ 8.487745] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.487745] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.487745] Call Trace: [ 8.487745] print_address_description+0x16/0x310 [ 8.487745] ? kmalloc_oob_in_memset+0x9f/0xce [ 8.487745] __kasan_report+0xee/0x11b [ 8.487745] ? kmalloc_oob_in_memset+0x9f/0xce [ 8.487745] kasan_report+0x32/0x50 [ 8.487745] check_memory_region+0x155/0x1b0 [ 8.487745] memset+0x1f/0x40 [ 8.487745] kmalloc_oob_in_memset+0x9f/0xce [ 8.487745] kmalloc_tests_init+0x55/0x108 [ 8.487745] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.487745] do_one_initcall+0xea/0x2a0 [ 8.487745] ? perf_trace_initcall_level+0x260/0x260 [ 8.487745] ? kasan_poison_shadow+0x30/0x30 [ 8.487745] ? __kasan_kmalloc+0x9f/0xd0 [ 8.487745] ? kasan_unpoison_shadow+0x30/0x40 [ 8.487745] kernel_init_freeable+0x326/0x3f8 [ 8.487745] ? rest_init+0xd0/0xd0 [ 8.487745] kernel_init+0xf/0x180 [ 8.487745] ? calculate_sigpending+0x2a/0x40 [ 8.487745] ? rest_init+0xd0/0xd0 [ 8.487745] ret_from_fork+0x35/0x40 [ 8.487745] [ 8.487745] Allocated by task 1: [ 8.487745] save_stack+0x19/0x80 [ 8.487745] __kasan_kmalloc+0x9f/0xd0 [ 8.487745] kmalloc_oob_in_memset+0x58/0xce [ 8.487745] kmalloc_tests_init+0x55/0x108 [ 8.487745] do_one_initcall+0xea/0x2a0 [ 8.487745] kernel_init_freeable+0x326/0x3f8 [ 8.487745] kernel_init+0xf/0x180 [ 8.487745] ret_from_fork+0x35/0x40 [ 8.487745] [ 8.487745] Freed by task 0: [ 8.487745] (stack is not available) [ 8.487745] [ 8.487745] The buggy address belongs to the object at ffff8881e30f9000 [ 8.487745] which belongs to the cache kmalloc-1k of size 1024 [ 8.487745] The buggy address is located 0 bytes inside of [ 8.487745] 1024-byte region [ffff8881e30f9000, ffff8881e30f9400) [ 8.487745] The buggy address belongs to the page: [ 8.487745] page:ffffea00078c3e00 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 head:ffffea00078c3e00 order:2 compound_mapcount:0 compound_pincount:0 [ 8.487745] flags: 0x8000000000010200(slab|head) [ 8.487745] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f6401140 [ 8.487745] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 8.487745] page dumped because: kasan: bad access detected [ 8.487745] [ 8.487745] Memory state around the buggy address: [ 8.487745] ffff8881e30f9180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 8.487745] ffff8881e30f9200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 8.487745] >ffff8881e30f9280: 00 00 00 02 fc fc fc fc fc fc fc fc fc fc fc fc [ 8.487745] ^ [ 8.487745] ffff8881e30f9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.487745] ffff8881e30f9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.487745] ================================================================== [ 8.538421] kasan test: kmalloc_oob_memset_2 out-of-bounds in memset2 [ 8.539577] ================================================================== [ 8.540824] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0xa1/0xd0 [ 8.542061] Write of size 2 at addr ffff8881f46366df by task swapper/1 [ 8.543186] [ 8.543495] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.543538] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.543538] Call Trace: [ 8.543538] print_address_description+0x16/0x310 [ 8.543538] ? kmalloc_oob_memset_2+0xa1/0xd0 [ 8.543538] __kasan_report+0xee/0x11b [ 8.543538] ? kmalloc_oob_memset_2+0xa1/0xd0 [ 8.543538] kasan_report+0x32/0x50 [ 8.543538] check_memory_region+0x155/0x1b0 [ 8.543538] memset+0x1f/0x40 [ 8.543538] kmalloc_oob_memset_2+0xa1/0xd0 [ 8.543538] kmalloc_tests_init+0x5a/0x108 [ 8.543538] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.543538] do_one_initcall+0xea/0x2a0 [ 8.543538] ? perf_trace_initcall_level+0x260/0x260 [ 8.543538] ? kasan_poison_shadow+0x30/0x30 [ 8.543538] ? __kasan_kmalloc+0x9f/0xd0 [ 8.543538] ? kasan_unpoison_shadow+0x30/0x40 [ 8.543538] kernel_init_freeable+0x326/0x3f8 [ 8.543538] ? rest_init+0xd0/0xd0 [ 8.543538] kernel_init+0xf/0x180 [ 8.543538] ? calculate_sigpending+0x2a/0x40 [ 8.543538] ? rest_init+0xd0/0xd0 [ 8.543538] ret_from_fork+0x35/0x40 [ 8.543538] [ 8.543538] Allocated by task 1: [ 8.543538] save_stack+0x19/0x80 [ 8.543538] __kasan_kmalloc+0x9f/0xd0 [ 8.543538] kmalloc_oob_memset_2+0x58/0xd0 [ 8.543538] kmalloc_tests_init+0x5a/0x108 [ 8.543538] do_one_initcall+0xea/0x2a0 [ 8.543538] kernel_init_freeable+0x326/0x3f8 [ 8.543538] kernel_init+0xf/0x180 [ 8.543538] ret_from_fork+0x35/0x40 [ 8.543538] [ 8.543538] Freed by task 0: [ 8.543538] (stack is not available) [ 8.543538] [ 8.543538] The buggy address belongs to the object at ffff8881f46366d8 [ 8.543538] which belongs to the cache kmalloc-8 of size 8 [ 8.543538] The buggy address is located 7 bytes inside of [ 8.543538] 8-byte region [ffff8881f46366d8, ffff8881f46366e0) [ 8.543538] The buggy address belongs to the page: [ 8.543538] page:ffffea0007d18d80 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 8.543538] flags: 0x8000000000000200(slab) [ 8.543538] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f6401c80 [ 8.543538] raw: 0000000000000000 0000000080aa00aa 00000001ffffffff 0000000000000000 [ 8.543538] page dumped because: kasan: bad access detected [ 8.543538] [ 8.543538] Memory state around the buggy address: [ 8.543538] ffff8881f4636580: fc 00 fc fc 00 fc fc 00 fc fc 00 fc fc 00 fc fc [ 8.543538] ffff8881f4636600: fb fc fc 00 fc fc 00 fc fc 00 fc fc 00 fc fc 00 [ 8.543538] >ffff8881f4636680: fc fc 00 fc fc 00 fc fc 00 fc fc 00 fc fc fc fc [ 8.543538] ^ [ 8.543538] ffff8881f4636700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.543538] ffff8881f4636780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.543538] ================================================================== [ 8.596083] kasan test: kmalloc_oob_memset_4 out-of-bounds in memset4 [ 8.597296] ================================================================== [ 8.598684] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0xa1/0xd0 [ 8.600027] Write of size 4 at addr ffff8881f46366f5 by task swapper/1 [ 8.600053] [ 8.600053] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.600053] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.600053] Call Trace: [ 8.600053] print_address_description+0x16/0x310 [ 8.600053] ? kmalloc_oob_memset_4+0xa1/0xd0 [ 8.600053] __kasan_report+0xee/0x11b [ 8.600053] ? kmalloc_oob_memset_4+0xa1/0xd0 [ 8.600053] kasan_report+0x32/0x50 [ 8.600053] check_memory_region+0x155/0x1b0 [ 8.600053] memset+0x1f/0x40 [ 8.600053] kmalloc_oob_memset_4+0xa1/0xd0 [ 8.600053] kmalloc_tests_init+0x5f/0x108 [ 8.600053] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.600053] do_one_initcall+0xea/0x2a0 [ 8.600053] ? perf_trace_initcall_level+0x260/0x260 [ 8.600053] ? kasan_poison_shadow+0x30/0x30 [ 8.600053] ? __kasan_kmalloc+0x9f/0xd0 [ 8.600053] ? kasan_unpoison_shadow+0x30/0x40 [ 8.600053] kernel_init_freeable+0x326/0x3f8 [ 8.600053] ? rest_init+0xd0/0xd0 [ 8.600053] kernel_init+0xf/0x180 [ 8.600053] ? calculate_sigpending+0x2a/0x40 [ 8.600053] ? rest_init+0xd0/0xd0 [ 8.600053] ret_from_fork+0x35/0x40 [ 8.600053] [ 8.600053] Allocated by task 1: [ 8.600053] save_stack+0x19/0x80 [ 8.600053] __kasan_kmalloc+0x9f/0xd0 [ 8.600053] kmalloc_oob_memset_4+0x58/0xd0 [ 8.600053] kmalloc_tests_init+0x5f/0x108 [ 8.600053] do_one_initcall+0xea/0x2a0 [ 8.600053] kernel_init_freeable+0x326/0x3f8 [ 8.600053] kernel_init+0xf/0x180 [ 8.600053] ret_from_fork+0x35/0x40 [ 8.600053] [ 8.600053] Freed by task 0: [ 8.600053] (stack is not available) [ 8.600053] [ 8.600053] The buggy address belongs to the object at ffff8881f46366f0 [ 8.600053] which belongs to the cache kmalloc-8 of size 8 [ 8.600053] The buggy address is located 5 bytes inside of [ 8.600053] 8-byte region [ffff8881f46366f0, ffff8881f46366f8) [ 8.600053] The buggy address belongs to the page: [ 8.600053] page:ffffea0007d18d80 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 8.600053] flags: 0x8000000000000200(slab) [ 8.600053] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f6401c80 [ 8.600053] raw: 0000000000000000 0000000080aa00aa 00000001ffffffff 0000000000000000 [ 8.600053] page dumped because: kasan: bad access detected [ 8.600053] [ 8.600053] Memory state around the buggy address: [ 8.600053] ffff8881f4636580: fc 00 fc fc 00 fc fc 00 fc fc 00 fc fc 00 fc fc [ 8.600053] ffff8881f4636600: fb fc fc 00 fc fc 00 fc fc 00 fc fc 00 fc fc 00 [ 8.600053] >ffff8881f4636680: fc fc 00 fc fc 00 fc fc 00 fc fc fb fc fc 00 fc [ 8.600053] ^ [ 8.600053] ffff8881f4636700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.600053] ffff8881f4636780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.600053] ================================================================== [ 8.654304] kasan test: kmalloc_oob_memset_8 out-of-bounds in memset8 [ 8.655547] ================================================================== [ 8.656929] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0xa0/0xcf [ 8.658150] Write of size 8 at addr ffff8881f4636709 by task swapper/1 [ 8.659216] [ 8.659488] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.659526] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.659526] Call Trace: [ 8.659526] print_address_description+0x16/0x310 [ 8.659526] ? kmalloc_oob_memset_8+0xa0/0xcf [ 8.659526] __kasan_report+0xee/0x11b [ 8.659526] ? kmalloc_oob_memset_8+0xa0/0xcf [ 8.659526] kasan_report+0x32/0x50 [ 8.659526] check_memory_region+0x155/0x1b0 [ 8.659526] memset+0x1f/0x40 [ 8.659526] kmalloc_oob_memset_8+0xa0/0xcf [ 8.659526] kmalloc_tests_init+0x64/0x108 [ 8.659526] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.659526] do_one_initcall+0xea/0x2a0 [ 8.659526] ? perf_trace_initcall_level+0x260/0x260 [ 8.659526] ? kasan_poison_shadow+0x30/0x30 [ 8.659526] ? __kasan_kmalloc+0x9f/0xd0 [ 8.659526] ? kasan_unpoison_shadow+0x30/0x40 [ 8.659526] kernel_init_freeable+0x326/0x3f8 [ 8.659526] ? rest_init+0xd0/0xd0 [ 8.659526] kernel_init+0xf/0x180 [ 8.659526] ? calculate_sigpending+0x2a/0x40 [ 8.659526] ? rest_init+0xd0/0xd0 [ 8.659526] ret_from_fork+0x35/0x40 [ 8.659526] [ 8.659526] Allocated by task 1: [ 8.659526] save_stack+0x19/0x80 [ 8.659526] __kasan_kmalloc+0x9f/0xd0 [ 8.659526] kmalloc_oob_memset_8+0x58/0xcf [ 8.659526] kmalloc_tests_init+0x64/0x108 [ 8.659526] do_one_initcall+0xea/0x2a0 [ 8.659526] kernel_init_freeable+0x326/0x3f8 [ 8.659526] kernel_init+0xf/0x180 [ 8.659526] ret_from_fork+0x35/0x40 [ 8.659526] [ 8.659526] Freed by task 0: [ 8.659526] (stack is not available) [ 8.659526] [ 8.659526] The buggy address belongs to the object at ffff8881f4636708 [ 8.659526] which belongs to the cache kmalloc-8 of size 8 [ 8.659526] The buggy address is located 1 bytes inside of [ 8.659526] 8-byte region [ffff8881f4636708, ffff8881f4636710) [ 8.659526] The buggy address belongs to the page: [ 8.659526] page:ffffea0007d18d80 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 8.659526] flags: 0x8000000000000200(slab) [ 8.659526] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f6401c80 [ 8.659526] raw: 0000000000000000 0000000080aa00aa 00000001ffffffff 0000000000000000 [ 8.659526] page dumped because: kasan: bad access detected [ 8.659526] [ 8.659526] Memory state around the buggy address: [ 8.659526] ffff8881f4636600: fb fc fc 00 fc fc 00 fc fc 00 fc fc 00 fc fc 00 [ 8.659526] ffff8881f4636680: fc fc 00 fc fc 00 fc fc 00 fc fc fb fc fc fb fc [ 8.659526] >ffff8881f4636700: fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.659526] ^ [ 8.659526] ffff8881f4636780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.659526] ffff8881f4636800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.659526] ================================================================== [ 8.710059] kasan test: kmalloc_oob_memset_16 out-of-bounds in memset16 [ 8.711111] ================================================================== [ 8.712460] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0xa1/0xd0 [ 8.713771] Write of size 16 at addr ffff8881e3dc2241 by task swapper/1 [ 8.714034] [ 8.714034] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.714034] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.714034] Call Trace: [ 8.714034] print_address_description+0x16/0x310 [ 8.714034] ? kmalloc_oob_memset_16+0xa1/0xd0 [ 8.714034] __kasan_report+0xee/0x11b [ 8.714034] ? kmalloc_oob_memset_16+0xa1/0xd0 [ 8.714034] kasan_report+0x32/0x50 [ 8.714034] check_memory_region+0x155/0x1b0 [ 8.714034] memset+0x1f/0x40 [ 8.714034] kmalloc_oob_memset_16+0xa1/0xd0 [ 8.714034] kmalloc_tests_init+0x69/0x108 [ 8.714034] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.714034] do_one_initcall+0xea/0x2a0 [ 8.714034] ? perf_trace_initcall_level+0x260/0x260 [ 8.714034] ? kasan_poison_shadow+0x30/0x30 [ 8.714034] ? __kasan_kmalloc+0x9f/0xd0 [ 8.714034] ? kasan_unpoison_shadow+0x30/0x40 [ 8.714034] kernel_init_freeable+0x326/0x3f8 [ 8.714034] ? rest_init+0xd0/0xd0 [ 8.714034] kernel_init+0xf/0x180 [ 8.714034] ? calculate_sigpending+0x2a/0x40 [ 8.714034] ? rest_init+0xd0/0xd0 [ 8.714034] ret_from_fork+0x35/0x40 [ 8.714034] [ 8.714034] Allocated by task 1: [ 8.714034] save_stack+0x19/0x80 [ 8.714034] __kasan_kmalloc+0x9f/0xd0 [ 8.714034] kmalloc_oob_memset_16+0x58/0xd0 [ 8.714034] kmalloc_tests_init+0x69/0x108 [ 8.714034] do_one_initcall+0xea/0x2a0 [ 8.714034] kernel_init_freeable+0x326/0x3f8 [ 8.714034] kernel_init+0xf/0x180 [ 8.714034] ret_from_fork+0x35/0x40 [ 8.714034] [ 8.714034] Freed by task 0: [ 8.714034] (stack is not available) [ 8.714034] [ 8.714034] The buggy address belongs to the object at ffff8881e3dc2240 [ 8.714034] which belongs to the cache kmalloc-16 of size 16 [ 8.714034] The buggy address is located 1 bytes inside of [ 8.714034] 16-byte region [ffff8881e3dc2240, ffff8881e3dc2250) [ 8.714034] The buggy address belongs to the page: [ 8.714034] page:ffffea00078f7080 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 8.714034] flags: 0x8000000000000200(slab) [ 8.714034] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f6401b40 [ 8.714034] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 8.714034] page dumped because: kasan: bad access detected [ 8.714034] [ 8.714034] Memory state around the buggy address: [ 8.714034] ffff8881e3dc2100: 00 00 fc fc fb fb fc fc fb fb fc fc 00 00 fc fc [ 8.714034] ffff8881e3dc2180: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 8.714034] >ffff8881e3dc2200: fb fb fc fc fb fb fc fc 00 00 fc fc fc fc fc fc [ 8.714034] ^ [ 8.714034] ffff8881e3dc2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.714034] ffff8881e3dc2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.714034] ================================================================== [ 8.768240] kasan test: kmalloc_memmove_invalid_size invalid size in memmove [ 8.769582] ================================================================== [ 8.770910] BUG: KASAN: out-of-bounds in kmalloc_memmove_invalid_size+0xfe/0x14d [ 8.772212] Read of size 18446744073709551614 at addr ffff8881e30af504 by task swapper/1 [ 8.772212] [ 8.772212] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.772212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.772212] Call Trace: [ 8.772212] print_address_description+0x16/0x310 [ 8.772212] ? kmalloc_memmove_invalid_size+0xfe/0x14d [ 8.772212] __kasan_report+0xee/0x11b [ 8.772212] ? kmalloc_memmove_invalid_size+0xfe/0x14d [ 8.772212] kasan_report+0x32/0x50 [ 8.772212] check_memory_region+0x155/0x1b0 [ 8.772212] memmove+0x1f/0x60 [ 8.772212] kmalloc_memmove_invalid_size+0xfe/0x14d [ 8.772212] ? kmalloc_uaf_memset+0xce/0xce [ 8.772212] ? kmalloc_oob_memset_16+0xa9/0xd0 [ 8.772212] ? kfree+0x91/0x250 [ 8.772212] kmalloc_tests_init+0x6e/0x108 [ 8.772212] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.772212] do_one_initcall+0xea/0x2a0 [ 8.772212] ? perf_trace_initcall_level+0x260/0x260 [ 8.772212] ? kasan_poison_shadow+0x30/0x30 [ 8.772212] ? __kasan_kmalloc+0x9f/0xd0 [ 8.772212] ? kasan_unpoison_shadow+0x30/0x40 [ 8.772212] kernel_init_freeable+0x326/0x3f8 [ 8.772212] ? rest_init+0xd0/0xd0 [ 8.772212] kernel_init+0xf/0x180 [ 8.772212] ? calculate_sigpending+0x2a/0x40 [ 8.772212] ? rest_init+0xd0/0xd0 [ 8.772212] ret_from_fork+0x35/0x40 [ 8.772212] [ 8.772212] Allocated by task 1: [ 8.772212] save_stack+0x19/0x80 [ 8.772212] __kasan_kmalloc+0x9f/0xd0 [ 8.772212] kmalloc_memmove_invalid_size+0xa7/0x14d [ 8.772212] kmalloc_tests_init+0x6e/0x108 [ 8.772212] do_one_initcall+0xea/0x2a0 [ 8.772212] kernel_init_freeable+0x326/0x3f8 [ 8.772212] kernel_init+0xf/0x180 [ 8.772212] ret_from_fork+0x35/0x40 [ 8.772212] [ 8.772212] Freed by task 0: [ 8.772212] (stack is not available) [ 8.772212] [ 8.772212] The buggy address belongs to the object at ffff8881e30af500 [ 8.772212] which belongs to the cache kmalloc-64 of size 64 [ 8.772212] The buggy address is located 4 bytes inside of [ 8.772212] 64-byte region [ffff8881e30af500, ffff8881e30af540) [ 8.772212] The buggy address belongs to the page: [ 8.772212] page:ffffea00078c2bc0 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 8.772212] flags: 0x8000000000000200(slab) [ 8.772212] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f64018c0 [ 8.772212] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 8.772212] page dumped because: kasan: bad access detected [ 8.772212] [ 8.772212] Memory state around the buggy address: [ 8.772212] ffff8881e30af400: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 8.772212] ffff8881e30af480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 8.772212] >ffff8881e30af500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 8.772212] ^ [ 8.772212] ffff8881e30af580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.772212] ffff8881e30af600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.772212] ================================================================== [ 8.827611] kasan test: kmalloc_uaf use-after-free [ 8.828520] ================================================================== [ 8.829790] BUG: KASAN: use-after-free in kmalloc_uaf+0xa2/0xcf [ 8.830890] Write of size 1 at addr ffff8881e3dc2268 by task swapper/1 [ 8.831584] [ 8.831584] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.831584] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.831584] Call Trace: [ 8.831584] print_address_description+0x16/0x310 [ 8.831584] ? kmalloc_uaf+0xa2/0xcf [ 8.831584] __kasan_report+0xee/0x11b [ 8.831584] ? kmalloc_uaf+0xa2/0xcf [ 8.831584] kasan_report+0x32/0x50 [ 8.831584] kmalloc_uaf+0xa2/0xcf [ 8.831584] kmalloc_tests_init+0x73/0x108 [ 8.831584] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.831584] do_one_initcall+0xea/0x2a0 [ 8.831584] ? perf_trace_initcall_level+0x260/0x260 [ 8.831584] ? kasan_poison_shadow+0x30/0x30 [ 8.831584] ? __kasan_kmalloc+0x9f/0xd0 [ 8.831584] ? kasan_unpoison_shadow+0x30/0x40 [ 8.831584] kernel_init_freeable+0x326/0x3f8 [ 8.831584] ? rest_init+0xd0/0xd0 [ 8.831584] kernel_init+0xf/0x180 [ 8.831584] ? calculate_sigpending+0x2a/0x40 [ 8.831584] ? rest_init+0xd0/0xd0 [ 8.831584] ret_from_fork+0x35/0x40 [ 8.831584] [ 8.831584] Allocated by task 1: [ 8.831584] save_stack+0x19/0x80 [ 8.831584] __kasan_kmalloc+0x9f/0xd0 [ 8.831584] kmalloc_uaf+0x58/0xcf [ 8.831584] kmalloc_tests_init+0x73/0x108 [ 8.831584] do_one_initcall+0xea/0x2a0 [ 8.831584] kernel_init_freeable+0x326/0x3f8 [ 8.831584] kernel_init+0xf/0x180 [ 8.831584] ret_from_fork+0x35/0x40 [ 8.831584] [ 8.831584] Freed by task 1: [ 8.831584] save_stack+0x19/0x80 [ 8.831584] __kasan_slab_free+0x12d/0x180 [ 8.831584] kfree+0x91/0x250 [ 8.831584] kmalloc_uaf+0x98/0xcf [ 8.831584] kmalloc_tests_init+0x73/0x108 [ 8.831584] do_one_initcall+0xea/0x2a0 [ 8.831584] kernel_init_freeable+0x326/0x3f8 [ 8.831584] kernel_init+0xf/0x180 [ 8.831584] ret_from_fork+0x35/0x40 [ 8.831584] [ 8.831584] The buggy address belongs to the object at ffff8881e3dc2260 [ 8.831584] which belongs to the cache kmalloc-16 of size 16 [ 8.831584] The buggy address is located 8 bytes inside of [ 8.831584] 16-byte region [ffff8881e3dc2260, ffff8881e3dc2270) [ 8.831584] The buggy address belongs to the page: [ 8.831584] page:ffffea00078f7080 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 8.831584] flags: 0x8000000000000200(slab) [ 8.831584] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f6401b40 [ 8.831584] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 8.831584] page dumped because: kasan: bad access detected [ 8.831584] [ 8.831584] Memory state around the buggy address: [ 8.831584] ffff8881e3dc2100: 00 00 fc fc fb fb fc fc fb fb fc fc 00 00 fc fc [ 8.831584] ffff8881e3dc2180: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 8.831584] >ffff8881e3dc2200: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc [ 8.831584] ^ [ 8.831584] ffff8881e3dc2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.831584] ffff8881e3dc2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.831584] ================================================================== [ 8.887272] kasan test: kmalloc_uaf_memset use-after-free in memset [ 8.888462] ================================================================== [ 8.889846] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0xa7/0xce [ 8.891054] Write of size 33 at addr ffff8881e30af580 by task swapper/1 [ 8.891260] [ 8.891260] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.891260] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.891260] Call Trace: [ 8.891260] print_address_description+0x16/0x310 [ 8.891260] ? kmalloc_uaf_memset+0xa7/0xce [ 8.891260] __kasan_report+0xee/0x11b [ 8.891260] ? kmalloc_uaf_memset+0xa7/0xce [ 8.891260] kasan_report+0x32/0x50 [ 8.891260] check_memory_region+0x155/0x1b0 [ 8.891260] memset+0x1f/0x40 [ 8.891260] kmalloc_uaf_memset+0xa7/0xce [ 8.891260] kmalloc_tests_init+0x78/0x108 [ 8.891260] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.891260] do_one_initcall+0xea/0x2a0 [ 8.891260] ? perf_trace_initcall_level+0x260/0x260 [ 8.891260] ? kasan_poison_shadow+0x30/0x30 [ 8.891260] ? __kasan_kmalloc+0x9f/0xd0 [ 8.891260] ? kasan_unpoison_shadow+0x30/0x40 [ 8.891260] kernel_init_freeable+0x326/0x3f8 [ 8.891260] ? rest_init+0xd0/0xd0 [ 8.891260] kernel_init+0xf/0x180 [ 8.891260] ? calculate_sigpending+0x2a/0x40 [ 8.891260] ? rest_init+0xd0/0xd0 [ 8.891260] ret_from_fork+0x35/0x40 [ 8.891260] [ 8.891260] Allocated by task 1: [ 8.891260] save_stack+0x19/0x80 [ 8.891260] __kasan_kmalloc+0x9f/0xd0 [ 8.891260] kmalloc_uaf_memset+0x58/0xce [ 8.891260] kmalloc_tests_init+0x78/0x108 [ 8.891260] do_one_initcall+0xea/0x2a0 [ 8.891260] kernel_init_freeable+0x326/0x3f8 [ 8.891260] kernel_init+0xf/0x180 [ 8.891260] ret_from_fork+0x35/0x40 [ 8.891260] [ 8.891260] Freed by task 1: [ 8.891260] save_stack+0x19/0x80 [ 8.891260] __kasan_slab_free+0x12d/0x180 [ 8.891260] kfree+0x91/0x250 [ 8.891260] kmalloc_uaf_memset+0x98/0xce [ 8.891260] kmalloc_tests_init+0x78/0x108 [ 8.891260] do_one_initcall+0xea/0x2a0 [ 8.891260] kernel_init_freeable+0x326/0x3f8 [ 8.891260] kernel_init+0xf/0x180 [ 8.891260] ret_from_fork+0x35/0x40 [ 8.891260] [ 8.891260] The buggy address belongs to the object at ffff8881e30af580 [ 8.891260] which belongs to the cache kmalloc-64 of size 64 [ 8.891260] The buggy address is located 0 bytes inside of [ 8.891260] 64-byte region [ffff8881e30af580, ffff8881e30af5c0) [ 8.891260] The buggy address belongs to the page: [ 8.891260] page:ffffea00078c2bc0 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 8.891260] flags: 0x8000000000000200(slab) [ 8.891260] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f64018c0 [ 8.891260] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 8.891260] page dumped because: kasan: bad access detected [ 8.891260] [ 8.891260] Memory state around the buggy address: [ 8.891260] ffff8881e30af480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 8.891260] ffff8881e30af500: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 8.891260] >ffff8881e30af580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 8.891260] ^ [ 8.891260] ffff8881e30af600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.891260] ffff8881e30af680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.891260] ================================================================== [ 8.949538] kasan test: kmalloc_uaf2 use-after-free after another kmalloc [ 8.950761] ================================================================== [ 8.952003] BUG: KASAN: use-after-free in kmalloc_uaf2+0xf5/0x16d [ 8.953074] Write of size 1 at addr ffff8881e30af628 by task swapper/1 [ 8.953527] [ 8.953527] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 8.953527] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 8.953527] Call Trace: [ 8.953527] print_address_description+0x16/0x310 [ 8.953527] ? kmalloc_uaf2+0xf5/0x16d [ 8.953527] __kasan_report+0xee/0x11b [ 8.953527] ? kmalloc_uaf2+0xf5/0x16d [ 8.953527] kasan_report+0x32/0x50 [ 8.953527] kmalloc_uaf2+0xf5/0x16d [ 8.953527] kmalloc_tests_init+0x7d/0x108 [ 8.953527] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 8.953527] do_one_initcall+0xea/0x2a0 [ 8.953527] ? perf_trace_initcall_level+0x260/0x260 [ 8.953527] ? kasan_poison_shadow+0x30/0x30 [ 8.953527] ? __kasan_kmalloc+0x9f/0xd0 [ 8.953527] ? kasan_unpoison_shadow+0x30/0x40 [ 8.953527] kernel_init_freeable+0x326/0x3f8 [ 8.953527] ? rest_init+0xd0/0xd0 [ 8.953527] kernel_init+0xf/0x180 [ 8.953527] ? calculate_sigpending+0x2a/0x40 [ 8.953527] ? rest_init+0xd0/0xd0 [ 8.953527] ret_from_fork+0x35/0x40 [ 8.953527] [ 8.953527] Allocated by task 1: [ 8.953527] save_stack+0x19/0x80 [ 8.953527] __kasan_kmalloc+0x9f/0xd0 [ 8.953527] kmalloc_uaf2+0x5a/0x16d [ 8.953527] kmalloc_tests_init+0x7d/0x108 [ 8.953527] do_one_initcall+0xea/0x2a0 [ 8.953527] kernel_init_freeable+0x326/0x3f8 [ 8.953527] kernel_init+0xf/0x180 [ 8.953527] ret_from_fork+0x35/0x40 [ 8.953527] [ 8.953527] Freed by task 1: [ 8.953527] save_stack+0x19/0x80 [ 8.953527] __kasan_slab_free+0x12d/0x180 [ 8.953527] kfree+0x91/0x250 [ 8.953527] kmalloc_uaf2+0xaa/0x16d [ 8.953527] kmalloc_tests_init+0x7d/0x108 [ 8.953527] do_one_initcall+0xea/0x2a0 [ 8.953527] kernel_init_freeable+0x326/0x3f8 [ 8.953527] kernel_init+0xf/0x180 [ 8.953527] ret_from_fork+0x35/0x40 [ 8.953527] [ 8.953527] The buggy address belongs to the object at ffff8881e30af600 [ 8.953527] which belongs to the cache kmalloc-64 of size 64 [ 8.953527] The buggy address is located 40 bytes inside of [ 8.953527] 64-byte region [ffff8881e30af600, ffff8881e30af640) [ 8.953527] The buggy address belongs to the page: [ 8.953527] page:ffffea00078c2bc0 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 8.953527] flags: 0x8000000000000200(slab) [ 8.953527] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f64018c0 [ 8.953527] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 8.953527] page dumped because: kasan: bad access detected [ 8.953527] [ 8.953527] Memory state around the buggy address: [ 8.953527] ffff8881e30af500: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 8.953527] ffff8881e30af580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 8.953527] >ffff8881e30af600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 8.953527] ^ [ 8.953527] ffff8881e30af680: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 8.953527] ffff8881e30af700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 8.953527] ================================================================== [ 9.005678] kasan test: kfree_via_page invalid-free false positive (via page) [ 9.006991] kasan test: kfree_via_phys invalid-free false positive (via phys) [ 9.009067] kasan test: kmem_cache_oob out-of-bounds in kmem_cache_alloc [ 9.010286] ================================================================== [ 9.011605] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0xf0/0x139 [ 9.012289] Read of size 1 at addr ffff8881e30fe0c8 by task swapper/1 [ 9.012289] [ 9.012289] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 9.012289] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 9.012289] Call Trace: [ 9.012289] print_address_description+0x16/0x310 [ 9.012289] ? kmem_cache_oob+0xf0/0x139 [ 9.012289] __kasan_report+0xee/0x11b [ 9.012289] ? kmem_cache_oob+0xf0/0x139 [ 9.012289] kasan_report+0x32/0x50 [ 9.012289] kmem_cache_oob+0xf0/0x139 [ 9.012289] kmalloc_tests_init+0x8c/0x108 [ 9.012289] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 9.012289] do_one_initcall+0xea/0x2a0 [ 9.012289] ? perf_trace_initcall_level+0x260/0x260 [ 9.012289] ? kasan_poison_shadow+0x30/0x30 [ 9.012289] ? __kasan_kmalloc+0x9f/0xd0 [ 9.012289] ? kasan_unpoison_shadow+0x30/0x40 [ 9.012289] kernel_init_freeable+0x326/0x3f8 [ 9.012289] ? rest_init+0xd0/0xd0 [ 9.012289] kernel_init+0xf/0x180 [ 9.012289] ? calculate_sigpending+0x2a/0x40 [ 9.012289] ? rest_init+0xd0/0xd0 [ 9.012289] ret_from_fork+0x35/0x40 [ 9.012289] [ 9.012289] Allocated by task 1: [ 9.012289] save_stack+0x19/0x80 [ 9.012289] __kasan_kmalloc+0x9f/0xd0 [ 9.012289] kmem_cache_alloc+0xc6/0x210 [ 9.012289] kmem_cache_oob+0x9a/0x139 [ 9.012289] kmalloc_tests_init+0x8c/0x108 [ 9.012289] do_one_initcall+0xea/0x2a0 [ 9.012289] kernel_init_freeable+0x326/0x3f8 [ 9.012289] kernel_init+0xf/0x180 [ 9.012289] ret_from_fork+0x35/0x40 [ 9.012289] [ 9.012289] Freed by task 0: [ 9.012289] (stack is not available) [ 9.012289] [ 9.012289] The buggy address belongs to the object at ffff8881e30fe000 [ 9.012289] which belongs to the cache test_cache of size 200 [ 9.012289] The buggy address is located 0 bytes to the right of [ 9.012289] 200-byte region [ffff8881e30fe000, ffff8881e30fe0c8) [ 9.012289] The buggy address belongs to the page: [ 9.012289] page:ffffea00078c3f80 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 9.012289] flags: 0x8000000000000200(slab) [ 9.012289] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881e30a03c0 [ 9.012289] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 9.012289] page dumped because: kasan: bad access detected [ 9.012289] [ 9.012289] Memory state around the buggy address: [ 9.012289] ffff8881e30fdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 9.012289] ffff8881e30fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.012289] >ffff8881e30fe080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 9.012289] ^ [ 9.012289] ffff8881e30fe100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 9.012289] ffff8881e30fe180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 9.012289] ================================================================== [ 9.070123] kasan test: memcg_accounted_kmem_cache allocate memcg accounted object [ 9.616179] kasan test: kasan_stack_oob out-of-bounds on stack [ 9.617328] ================================================================== [ 9.618755] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0xaf/0xec [ 9.619184] Read of size 1 at addr ffffc9000001fdc2 by task swapper/1 [ 9.619184] [ 9.619184] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 9.619184] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 9.619184] Call Trace: [ 9.619184] print_address_description+0x16/0x310 [ 9.619184] ? kasan_stack_oob+0xaf/0xec [ 9.619184] __kasan_report+0xee/0x11b [ 9.619184] ? kasan_stack_oob+0xaf/0xec [ 9.619184] kasan_report+0x32/0x50 [ 9.619184] kasan_stack_oob+0xaf/0xec [ 9.619184] ? test_firmware_init+0x141/0x141 [ 9.619184] ? kobject_put+0x62/0x310 [ 9.619184] ? mutex_unlock+0x17/0x40 [ 9.619184] ? kmem_cache_destroy+0x31/0xf0 [ 9.619184] ? put_online_mems+0x28/0x50 [ 9.619184] ? memcg_accounted_kmem_cache+0x121/0x14f [ 9.619184] kmalloc_tests_init+0x96/0x108 [ 9.619184] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 9.619184] do_one_initcall+0xea/0x2a0 [ 9.619184] ? perf_trace_initcall_level+0x260/0x260 [ 9.619184] ? kasan_poison_shadow+0x30/0x30 [ 9.619184] ? __kasan_kmalloc+0x9f/0xd0 [ 9.619184] ? kasan_unpoison_shadow+0x30/0x40 [ 9.619184] kernel_init_freeable+0x326/0x3f8 [ 9.619184] ? rest_init+0xd0/0xd0 [ 9.619184] kernel_init+0xf/0x180 [ 9.619184] ? calculate_sigpending+0x2a/0x40 [ 9.619184] ? rest_init+0xd0/0xd0 [ 9.619184] ret_from_fork+0x35/0x40 [ 9.619184] [ 9.619184] addr ffffc9000001fdc2 is located in stack of task swapper/1 at offset 106 in frame: [ 9.619184] kasan_stack_oob+0x0/0xec [ 9.619184] [ 9.619184] this frame has 2 objects: [ 9.619184] [32, 36) 'i' [ 9.619184] [96, 106) 'stack_array' [ 9.619184] [ 9.619184] Memory state around the buggy address: [ 9.619184] ffffc9000001fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.619184] ffffc9000001fd00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 [ 9.619184] >ffffc9000001fd80: f2 f2 f2 f2 f2 f2 f2 00 02 f2 f2 f3 f3 f3 f3 00 [ 9.619184] ^ [ 9.619184] ffffc9000001fe00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 [ 9.619184] ffffc9000001fe80: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 9.619184] ================================================================== [ 9.672311] kasan test: kasan_global_oob out-of-bounds global variable [ 9.673469] ================================================================== [ 9.674728] BUG: KASAN: global-out-of-bounds in kasan_global_oob+0x89/0xc7 [ 9.675923] Read of size 1 at addr ffffffff85cfb48d by task swapper/1 [ 9.676299] [ 9.676299] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 9.676299] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 9.676299] Call Trace: [ 9.676299] print_address_description+0x16/0x310 [ 9.676299] ? kasan_global_oob+0x89/0xc7 [ 9.676299] __kasan_report+0xee/0x11b [ 9.676299] ? kasan_global_oob+0x89/0xc7 [ 9.676299] kasan_report+0x32/0x50 [ 9.676299] kasan_global_oob+0x89/0xc7 [ 9.676299] ? kasan_stack_oob+0xec/0xec [ 9.676299] ? mutex_unlock+0x17/0x40 [ 9.676299] ? kmem_cache_destroy+0x31/0xf0 [ 9.676299] ? put_online_mems+0x28/0x50 [ 9.676299] ? memcg_accounted_kmem_cache+0x121/0x14f [ 9.676299] kmalloc_tests_init+0x9b/0x108 [ 9.676299] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 9.676299] do_one_initcall+0xea/0x2a0 [ 9.676299] ? perf_trace_initcall_level+0x260/0x260 [ 9.676299] ? kasan_poison_shadow+0x30/0x30 [ 9.676299] ? __kasan_kmalloc+0x9f/0xd0 [ 9.676299] ? kasan_unpoison_shadow+0x30/0x40 [ 9.676299] kernel_init_freeable+0x326/0x3f8 [ 9.676299] ? rest_init+0xd0/0xd0 [ 9.676299] kernel_init+0xf/0x180 [ 9.676299] ? calculate_sigpending+0x2a/0x40 [ 9.676299] ? rest_init+0xd0/0xd0 [ 9.676299] ret_from_fork+0x35/0x40 [ 9.676299] [ 9.676299] The buggy address belongs to the variable: [ 9.676299] global_array+0xd/0x40 [ 9.676299] [ 9.676299] Memory state around the buggy address: [ 9.676299] ffffffff85cfb380: 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa [ 9.676299] ffffffff85cfb400: 00 fa fa fa fa fa fa fa 00 fa fa fa fa fa fa fa [ 9.676299] >ffffffff85cfb480: 00 02 fa fa fa fa fa fa 00 fa fa fa fa fa fa fa [ 9.676299] ^ [ 9.676299] ffffffff85cfb500: 00 fa fa fa fa fa fa fa 00 fa fa fa fa fa fa fa [ 9.676299] ffffffff85cfb580: 00 fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 [ 9.676299] ================================================================== [ 9.724190] kasan test: kasan_alloca_oob_left out-of-bounds to left on alloca [ 9.725512] kasan test: kasan_alloca_oob_right out-of-bounds to right on alloca [ 9.726695] kasan test: ksize_unpoisons_memory ksize() unpoisons the whole allocated chunk [ 9.728091] ================================================================== [ 9.729255] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0xb8/0xee [ 9.730605] Write of size 1 at addr ffff8881e3dbcc80 by task swapper/1 [ 9.731864] [ 9.732057] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 9.732057] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 9.732057] Call Trace: [ 9.732057] print_address_description+0x16/0x310 [ 9.732057] ? ksize_unpoisons_memory+0xb8/0xee [ 9.732057] __kasan_report+0xee/0x11b [ 9.732057] ? ksize_unpoisons_memory+0xb8/0xee [ 9.732057] kasan_report+0x32/0x50 [ 9.732057] ksize_unpoisons_memory+0xb8/0xee [ 9.732057] kmalloc_tests_init+0xaa/0x108 [ 9.732057] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 9.732057] do_one_initcall+0xea/0x2a0 [ 9.732057] ? perf_trace_initcall_level+0x260/0x260 [ 9.732057] ? kasan_poison_shadow+0x30/0x30 [ 9.732057] ? __kasan_kmalloc+0x9f/0xd0 [ 9.732057] ? kasan_unpoison_shadow+0x30/0x40 [ 9.732057] kernel_init_freeable+0x326/0x3f8 [ 9.732057] ? rest_init+0xd0/0xd0 [ 9.732057] kernel_init+0xf/0x180 [ 9.732057] ? calculate_sigpending+0x2a/0x40 [ 9.732057] ? rest_init+0xd0/0xd0 [ 9.732057] ret_from_fork+0x35/0x40 [ 9.732057] [ 9.732057] Allocated by task 1: [ 9.732057] save_stack+0x19/0x80 [ 9.732057] __kasan_kmalloc+0x9f/0xd0 [ 9.732057] ksize_unpoisons_memory+0x5a/0xee [ 9.732057] kmalloc_tests_init+0xaa/0x108 [ 9.732057] do_one_initcall+0xea/0x2a0 [ 9.732057] kernel_init_freeable+0x326/0x3f8 [ 9.732057] kernel_init+0xf/0x180 [ 9.732057] ret_from_fork+0x35/0x40 [ 9.732057] [ 9.732057] Freed by task 0: [ 9.732057] (stack is not available) [ 9.732057] [ 9.732057] The buggy address belongs to the object at ffff8881e3dbcc00 [ 9.732057] which belongs to the cache kmalloc-128 of size 128 [ 9.732057] The buggy address is located 0 bytes to the right of [ 9.732057] 128-byte region [ffff8881e3dbcc00, ffff8881e3dbcc80) [ 9.732057] The buggy address belongs to the page: [ 9.732057] page:ffffea00078f6f00 refcount:1 mapcount:0 mapping:(____ptrval____) index:0x0 [ 9.732057] flags: 0x8000000000000200(slab) [ 9.732057] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f6401640 [ 9.732057] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 9.732057] page dumped because: kasan: bad access detected [ 9.732057] [ 9.732057] Memory state around the buggy address: [ 9.732057] ffff8881e3dbcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 9.732057] ffff8881e3dbcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.732057] >ffff8881e3dbcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 9.732057] ^ [ 9.732057] ffff8881e3dbcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 9.732057] ffff8881e3dbcd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 9.732057] ================================================================== [ 9.784778] ================================================================== [ 9.786041] BUG: KASAN: null-ptr-deref in down_write_killable+0x78/0x110 [ 9.787237] Write of size 8 at addr 0000000000000078 by task swapper/1 [ 9.788339] [ 9.788610] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 9.788740] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 9.788740] Call Trace: [ 9.788740] ? down_write_killable+0x78/0x110 [ 9.788740] __kasan_report+0xd3/0x11b [ 9.788740] ? kasan_unpoison_shadow+0x1/0x40 [ 9.788740] ? down_write_killable+0x78/0x110 [ 9.788740] kasan_report+0x32/0x50 [ 9.788740] check_memory_region+0x155/0x1b0 [ 9.788740] down_write_killable+0x78/0x110 [ 9.788740] ? down_write+0x100/0x100 [ 9.788740] ? ksize_unpoisons_memory+0xb8/0xee [ 9.788740] ? vprintk_func+0x56/0xe0 [ 9.788740] vm_mmap_pgoff+0xca/0x180 [ 9.788740] ? randomize_stack_top+0x90/0x90 [ 9.788740] ? add_taint+0x2e/0x70 [ 9.788740] ? end_report+0x22/0x50 [ 9.788740] ? kasan_unpoison_shadow+0x30/0x40 [ 9.788740] ? __kasan_kmalloc+0x9f/0xd0 [ 9.788740] vm_mmap+0x60/0x80 [ 9.788740] copy_user_test+0x88/0x257 [ 9.788740] kmalloc_tests_init+0xaf/0x108 [ 9.788740] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 9.788740] do_one_initcall+0xea/0x2a0 [ 9.788740] ? perf_trace_initcall_level+0x260/0x260 [ 9.788740] ? kasan_poison_shadow+0x30/0x30 [ 9.788740] ? __kasan_kmalloc+0x9f/0xd0 [ 9.788740] ? kasan_unpoison_shadow+0x30/0x40 [ 9.788740] kernel_init_freeable+0x326/0x3f8 [ 9.788740] ? rest_init+0xd0/0xd0 [ 9.788740] kernel_init+0xf/0x180 [ 9.788740] ? calculate_sigpending+0x2a/0x40 [ 9.788740] ? rest_init+0xd0/0xd0 [ 9.788740] ret_from_fork+0x35/0x40 [ 9.788740] ================================================================== [ 9.817046] BUG: kernel NULL pointer dereference, address: 0000000000000078 [ 9.818325] #PF: supervisor write access in kernel mode [ 9.819336] #PF: error_code(0x0002) - not-present page [ 9.820402] PGD 0 P4D 0 [ 9.820925] Oops: 0002 [#1] KASAN [ 9.821026] CPU: 0 PID: 1 Comm: swapper Tainted: G B 5.6.0-11455-gc1d760d87ccb8 #1 [ 9.821026] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 9.821026] RIP: 0010:down_write_killable+0x91/0x110 [ 9.821026] Code: 00 00 00 48 c7 44 24 20 00 00 00 00 e8 08 05 51 fe 48 8d 7c 24 20 be 08 00 00 00 e8 f9 04 51 fe ba 01 00 00 00 48 8b 44 24 20 <48> 0f b1 13 75 4d 4c 8d 63 08 be 08 00 00 00 4c 8b 2c 25 40 c0 68 [ 9.821026] RSP: 0000:ffffc9000001fc30 EFLAGS: 00010246 [ 9.821026] RAX: 0000000000000000 RBX: 0000000000000078 RCX: ffffffff82ea9f47 [ 9.821026] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000001fc50 [ 9.821026] RBP: 1ffff92000003f86 R08: fffff52000003f8b R09: fffff52000003f8b [ 9.821026] R10: ffffc9000001fc57 R11: 0000000000000001 R12: fffffffffffffffc [ 9.821026] R13: 0000000000000000 R14: 0000000000000078 R15: 0000000000000000 [ 9.821026] FS: 0000000000000000(0000) GS:ffffffff8468c000(0000) knlGS:0000000000000000 [ 9.821026] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9.821026] CR2: 0000000000000078 CR3: 000000000462c000 CR4: 00000000000406f0 [ 9.821026] Call Trace: [ 9.821026] ? down_write+0x100/0x100 [ 9.821026] ? ksize_unpoisons_memory+0xb8/0xee [ 9.821026] ? vprintk_func+0x56/0xe0 [ 9.821026] vm_mmap_pgoff+0xca/0x180 [ 9.821026] ? randomize_stack_top+0x90/0x90 [ 9.821026] ? add_taint+0x2e/0x70 [ 9.821026] ? end_report+0x22/0x50 [ 9.821026] ? kasan_unpoison_shadow+0x30/0x40 [ 9.821026] ? __kasan_kmalloc+0x9f/0xd0 [ 9.821026] vm_mmap+0x60/0x80 [ 9.821026] copy_user_test+0x88/0x257 [ 9.821026] kmalloc_tests_init+0xaf/0x108 [ 9.821026] ? kmalloc_pagealloc_oob_right+0xc6/0xc6 [ 9.821026] do_one_initcall+0xea/0x2a0 [ 9.821026] ? perf_trace_initcall_level+0x260/0x260 [ 9.821026] ? kasan_poison_shadow+0x30/0x30 [ 9.821026] ? __kasan_kmalloc+0x9f/0xd0 [ 9.821026] ? kasan_unpoison_shadow+0x30/0x40 [ 9.821026] kernel_init_freeable+0x326/0x3f8 [ 9.821026] ? rest_init+0xd0/0xd0 [ 9.821026] kernel_init+0xf/0x180 [ 9.821026] ? calculate_sigpending+0x2a/0x40 [ 9.821026] ? rest_init+0xd0/0xd0 [ 9.821026] ret_from_fork+0x35/0x40 [ 9.821026] Modules linked in: [ 9.821026] CR2: 0000000000000078 [ 9.821026] ---[ end trace 9fffd2eca2c49228 ]--- To reproduce: # build kernel cd linux cp config-5.6.0-11455-gc1d760d87ccb8 .config make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email Thanks, Rong Chen