KernelAddressSanitizer initialized Core dump limits : soft - 0 hard - NONE Checking that ptrace can change system call numbers...OK Checking syscall emulation patch for ptrace...OK Checking advanced syscall emulation patch for ptrace...OK Checking environment variables for a tempdir...none found Checking if /dev/shm is on tmpfs...OK Checking PROT_EXEC mmap in /dev/shm...OK Linux version 5.5.0-rc6-00009-g09462ab4014b (tester@d7040) (gcc version 9.2.1 20200104 (Debian 9.2.1-22)) #4 Wed Mar 11 11:52:32 IST 2020 On node 0 totalpages: 65536 Normal zone: 896 pages used for memmap Normal zone: 0 pages reserved Normal zone: 65536 pages, LIFO batch:15 pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768 pcpu-alloc: [0] 0 Built 1 zonelists, mobility grouping on. Total pages: 64640 Kernel command line: mem=256M init=/tmp/tmpbymglerh/startup.sh root=none hostfs=/ rootfstype=hostfs rootflags=/ run=/tmp/.host/tmp/tmpbymglerh/ctrl.sh virtio_uml.device=/tmp/tmpbymglerh/net:1 addr=10.0.0.1 drvmods=/home/tester/vlab/driver-install Dentry cache hash table entries: 32768 (order: 6, 262144 bytes, linear) Inode-cache hash table entries: 16384 (order: 5, 131072 bytes, linear) mem auto-init: stack:off, heap alloc:off, heap free:off Memory: 216080K/262144K available (6430K kernel code, 4856K rwdata, 2744K rodata, 332K init, 26805K bss, 46064K reserved, 0K cma-reserved) random: get_random_u64 called from __kmem_cache_create+0x46/0x3aa with crng_init=0 SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1 Running RCU self tests NR_IRQS: 24 Lock dependency validator: Copyright (c) 2006 Red Hat, Inc., Ingo Molnar ... MAX_LOCKDEP_SUBCLASSES: 8 ... MAX_LOCK_DEPTH: 48 ... MAX_LOCKDEP_KEYS: 8192 ... CLASSHASH_SIZE: 4096 ... MAX_LOCKDEP_ENTRIES: 32768 ... MAX_LOCKDEP_CHAINS: 65536 ... CHAINHASH_SIZE: 32768 memory used by lock dependency info: 6749 kB memory used for stack traces: 4224 kB per task-struct memory footprint: 2688 bytes clocksource: timer: mask: 0xffffffffffffffff max_cycles: 0x1cd42e205, max_idle_ns: 881590404426 ns Calibrating delay loop... 6950.09 BogoMIPS (lpj=34750464) pid_max: default: 32768 minimum: 301 Mount-cache hash table entries: 512 (order: 0, 4096 bytes, linear) Mountpoint-cache hash table entries: 512 (order: 0, 4096 bytes, linear) *** VALIDATE tmpfs *** *** VALIDATE proc *** *** VALIDATE cgroup1 *** *** VALIDATE cgroup2 *** Checking that host ptys support output SIGIO...Yes Checking that host ptys support SIGIO on close...No, enabling workaround devtmpfs: initialized umid_file_name : buffer too short clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns futex hash table entries: 256 (order: 2, 24576 bytes, linear) NET: Registered protocol family 16 clocksource: Switched to clocksource timer *** VALIDATE ramfs *** NET: Registered protocol family 2 tcp_listen_portaddr_hash hash table entries: 128 (order: 1, 11264 bytes, linear) TCP established hash table entries: 2048 (order: 2, 16384 bytes, linear) TCP bind hash table entries: 2048 (order: 5, 163840 bytes, linear) TCP: Hash tables configured (established 2048 bind 2048) UDP hash table entries: 256 (order: 3, 49152 bytes, linear) UDP-Lite hash table entries: 256 (order: 3, 49152 bytes, linear) NET: Registered protocol family 1 Registering device virtio-uml.0 id=1 at /tmp/tmpbymglerh/net printk: console [stderr0] disabled mconsole (version 2) initialized on /home/tester/.uml/w6VP09/mconsole Checking host MADV_REMOVE support...OK Mapper v0.1 mmapper_init - find_iomem failed Initialise system trusted keyrings workingset: timestamp_bits=62 max_order=16 bucket_order=0 Key type asymmetric registered Asymmetric key parser 'x509' registered MACsec IEEE 802.1AE NET: Registered protocol family 10 Segment Routing with IPv6 sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver NET: Registered protocol family 17 Bridge firewalling registered 8021q: 802.1Q VLAN Support v1.8 start plist test end plist test Initialized stdio console driver Console initialized on /dev/tty0 printk: console [tty0] enabled Initializing software serial port version 1 printk: console [mc-1] enabled Loading compiled-in X.509 certificates kmemleak: Kernel memory leak detector initialized (mem pool available: 15895) VFS: Mounted root (hostfs filesystem) readonly on device 0:14. devtmpfs: mounted This architecture does not have kernel memory protection. Run /tmp/tmpbymglerh/startup.sh as init process kmemleak: Automatic memory scanning thread started mount: /dev: dev already mounted or mount point busy. random: fast init done /usr/sbin/rngd random: rngd: uninitialized urandom read (16 bytes read) random: crng init done running script /tmp/tmpbymglerh/ctrl.sh *********** WELCOME *********** Type 'exit' or press Ctrl-D to exit and shut down! bash: cannot set terminal process group (-1): Inappropriate ioctl for device bash-5.0# insmod lib/test_kasan.ko kasan test: kmalloc_oob_right out-of-bounds to right ================================================================== BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x94/0xae [test_kasan] Write of size 1 at addr 000000006d0579fb by task insmod/511 CPU: 0 PID: 511 Comm: insmod Not tainted 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 00000007 3bc70d6d 60b74088 600d7e5e 6d0579fb 6ff582d0 00000001 601c2d52 6dfe7960 6065d480 6dfe79c0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70868152>] ? kmalloc_oob_right+0x94/0xae [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<70868152>] ? kmalloc_oob_right+0x94/0xae [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c6f>] __asan_store1+0x38/0x3a [<70868152>] kmalloc_oob_right+0x94/0xae [test_kasan] [<70869e68>] kmalloc_tests_init+0x20/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_oob_right+0x62/0xae [test_kasan] kmalloc_tests_init+0x20/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 load_elf_binary+0x12b6/0x1371 search_binary_handler+0xe0/0x38c load_script+0x32e/0x33d search_binary_handler+0xe0/0x38c exec_binprm+0x107/0x308 __do_execve_file+0xac8/0xd1a do_execve+0x24/0x26 sys_execve+0x33/0x37 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 new_thread_handler+0x131/0x13c The buggy address belongs to the object at 000000006d057980 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 123 bytes inside of 128-byte region [000000006d057980, 000000006d057a00) The buggy address belongs to the page: page:000000006ff582d0 refcount:1 mapcount:0 mapping:000000006f803380 index:0x6d057700 compound_mapcount: 0 raw: 0000000000010200 000000006ffc96f8 000000006f800ad0 000000006f803380 raw: 000000006d057700 00000000000c0006 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d057880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d057900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006d057980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 ^ 000000006d057a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d057a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== Disabling lock debugging due to kernel taint kasan test: kmalloc_oob_left out-of-bounds to left ================================================================== BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x94/0xc0 [test_kasan] Read of size 1 at addr 000000006fbb800f by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7980 00000004 60b74088 600d7e5e 6fbb800f 6fff0040 00000000 601c2d52 6dfe7960 6065d480 6dfe79c0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70868200>] ? kmalloc_oob_left+0x94/0xc0 [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<70868200>] ? kmalloc_oob_left+0x94/0xc0 [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c35>] __asan_load1+0x35/0x37 [<70868200>] kmalloc_oob_left+0x94/0xc0 [test_kasan] [<70869e74>] kmalloc_tests_init+0x2c/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_oob_left+0x62/0xc0 [test_kasan] kmalloc_tests_init+0x2c/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 0x60008d3e do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006fbb8010 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 1 bytes to the left of 16-byte region [000000006fbb8010, 000000006fbb8020) The buggy address belongs to the page: page:000000006fff0040 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6fbb8190 raw: 0000000000000200 000000006ffd1488 000000006f8005d0 000000006f803900 raw: 000000006fbb8190 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006fbb7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006fbb7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006fbb8000: fc fc 00 07 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006fbb8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006fbb8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmalloc_node_oob_right kmalloc_node(): out-of-bounds to right ================================================================== BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x97/0xb4 [test_kasan] Write of size 1 at addr 000000006d9b5000 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7980 00000004 60b74088 600d7e5e 6d9b5000 6ff78e80 00000001 601c2d52 6dfe7960 6065d480 6dfe79c0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<708682c3>] ? kmalloc_node_oob_right+0x97/0xb4 [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<708682c3>] ? kmalloc_node_oob_right+0x97/0xb4 [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c6f>] __asan_store1+0x38/0x3a [<708682c3>] kmalloc_node_oob_right+0x97/0xb4 [test_kasan] [<70869e80>] kmalloc_tests_init+0x38/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_node_oob_right+0x62/0xb4 [test_kasan] kmalloc_tests_init+0x38/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 0: (stack is not available) The buggy address belongs to the object at 000000006d9b4000 which belongs to the cache kmalloc-4k of size 4096 The buggy address is located 0 bytes to the right of 4096-byte region [000000006d9b4000, 000000006d9b5000) The buggy address belongs to the page: page:000000006ff78e80 refcount:1 mapcount:0 mapping:000000006f80c300 index:0x0 compound_mapcount: 0 raw: 0000000000010200 000000006fff03c8 000000006f80fc70 000000006f80c300 raw: 0000000000000000 0000000000020002 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d9b4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000006d9b4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >000000006d9b5000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006d9b5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d9b5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmalloc_pagealloc_oob_right kmalloc pagealloc allocation: out-of-bounds to right ================================================================== BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0x79/0x96 [test_kasan] Write of size 1 at addr 000000006d17e00a by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7980 00000004 60b74088 600d7e5e 6d17e00a 6ff5c320 00000001 601c2d52 6dfe7960 6065d480 6dfe79c0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70869ad4>] ? kmalloc_pagealloc_oob_right+0x79/0x96 [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<70869ad4>] ? kmalloc_pagealloc_oob_right+0x79/0x96 [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c6f>] __asan_store1+0x38/0x3a [<70869ad4>] kmalloc_pagealloc_oob_right+0x79/0x96 [test_kasan] [<70869e8c>] kmalloc_tests_init+0x44/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 The buggy address belongs to the page: page:000000006ff5c320 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0 raw: 0000000000010000 0000000000000100 0000000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d17df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000006d17df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >000000006d17e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe ^ 000000006d17e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe 000000006d17e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ================================================================== kasan test: kmalloc_pagealloc_uaf kmalloc pagealloc allocation: use-after-free ================================================================== BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x86/0x8e [test_kasan] Write of size 1 at addr 000000006d17c000 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7980 00000004 60b74088 600d7e5e 6d17c000 6ff5c320 00000001 601c2d52 6dfe7960 6065d480 6dfe79c0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<708699df>] ? kmalloc_pagealloc_uaf+0x86/0x8e [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<708699df>] ? kmalloc_pagealloc_uaf+0x86/0x8e [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c6f>] __asan_store1+0x38/0x3a [<708699df>] kmalloc_pagealloc_uaf+0x86/0x8e [test_kasan] [<70869e98>] kmalloc_tests_init+0x50/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 The buggy address belongs to the page: page:000000006ff5c320 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 raw: 0000000000000000 0000000060d14f50 0000000060d14f50 0000000000000000 raw: 0000000000000000 0000000000000002 00000000ffffff7f page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d17bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000006d17bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >000000006d17c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ 000000006d17c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 000000006d17c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== kasan test: kmalloc_pagealloc_invalid_free kmalloc pagealloc allocation: invalid-free kmemleak: Found object by alias at 0x6d17c001 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7960 600c8f69 00000000 601c2e45 00000000 6d17c001 6d17c000 6f1ec890 6dfe7940 6065d480 6dfe7990 601c3d82 Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600c8f69>] ? lock_acquired+0x42/0x466 [<601c2e45>] ? __asan_load8+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c3d82>] lookup_object+0xb5/0xd6 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c3e62>] find_and_remove_object+0x3d/0xae [<601c46f6>] delete_object_full+0x12/0x28 [<60677e6e>] kmemleak_free+0x2d/0x30 [<601bf680>] kfree+0x169/0x2b5 [<600d7e5e>] ? printk+0x0/0x94 [<60184a95>] ? kmalloc_order_trace+0x95/0xfc [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869a57>] kmalloc_pagealloc_invalid_free+0x70/0x74 [test_kasan] [<70869ea4>] kmalloc_tests_init+0x5c/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 kmemleak: Object 0x6d17c000 (size 8202): kmemleak: comm "insmod", pid 511, jiffies 4294940834 kmemleak: min_count = 1 kmemleak: count = 0 kmemleak: flags = 0x1 kmemleak: checksum = 0 kmemleak: backtrace: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 create_object+0x43d/0x65c kmemleak_alloc+0x2d/0x30 kmalloc_order+0xc2/0xce kmalloc_order_trace+0x26/0xfc kmalloc_pagealloc_invalid_free+0x43/0x74 [test_kasan] kmalloc_tests_init+0x5c/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 ================================================================== BUG: KASAN: double-free or invalid-free in kmalloc_pagealloc_invalid_free+0x70/0x74 [test_kasan] CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7950 00000004 60b74088 600d7e5e 6d17c001 6ff5c320 601c10f4 601c2d52 6dfe7930 6065d480 6dfe7990 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c2567>] kasan_report_invalid_free+0x7f/0xb5 [<70869a57>] ? kmalloc_pagealloc_invalid_free+0x70/0x74 [test_kasan] [<601c1b77>] kasan_kfree_large+0x54/0x56 [<601bf693>] kfree+0x17c/0x2b5 [<600d7e5e>] ? printk+0x0/0x94 [<60184a95>] ? kmalloc_order_trace+0x95/0xfc [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869a57>] kmalloc_pagealloc_invalid_free+0x70/0x74 [test_kasan] [<70869ea4>] kmalloc_tests_init+0x5c/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 The buggy address belongs to the page: page:000000006ff5c320 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0 raw: 0000000000010000 0000000000000100 0000000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d17bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000006d17bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >000000006d17c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ 000000006d17c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000006d17c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== kasan test: kmalloc_large_oob_right kmalloc large allocation: out-of-bounds to right ================================================================== BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x97/0xb4 [test_kasan] Write of size 1 at addr 000000006ec03f00 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7980 00000004 60b74088 600d7e5e 6ec03f00 6ffb9000 00000001 601c2d52 6dfe7960 6065d480 6dfe79c0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70868377>] ? kmalloc_large_oob_right+0x97/0xb4 [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<70868377>] ? kmalloc_large_oob_right+0x97/0xb4 [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c6f>] __asan_store1+0x38/0x3a [<70868377>] kmalloc_large_oob_right+0x97/0xb4 [test_kasan] [<70869eb0>] kmalloc_tests_init+0x68/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_large_oob_right+0x62/0xb4 [test_kasan] kmalloc_tests_init+0x68/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 0: (stack is not available) The buggy address belongs to the object at 000000006ec02000 which belongs to the cache kmalloc-8k of size 8192 The buggy address is located 7936 bytes inside of 8192-byte region [000000006ec02000, 000000006ec04000) The buggy address belongs to the page: page:000000006ffb9000 refcount:1 mapcount:0 mapping:000000006f80d900 index:0x0 compound_mapcount: 0 raw: 0000000000010200 000000006ff5d748 000000006f80e370 000000006f80d900 raw: 0000000000000000 0000000000010001 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006ec03e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000006ec03e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >000000006ec03f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006ec03f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006ec04000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmalloc_oob_krealloc_more out-of-bounds after krealloc more ================================================================== BUG: KASAN: slab-out-of-bounds in kmalloc_oob_krealloc_more+0xc6/0xdb [test_kasan] Write of size 1 at addr 000000006fb90ed3 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7970 00000004 60b74088 600d7e5e 6fb90ed3 6ffef780 00000001 601c2d52 6dfe7950 6065d480 6dfe79b0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70868897>] ? kmalloc_oob_krealloc_more+0xc6/0xdb [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70868897>] ? kmalloc_oob_krealloc_more+0xc6/0xdb [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<601bf517>] ? kfree+0x0/0x2b5 [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c6f>] __asan_store1+0x38/0x3a [<70868897>] kmalloc_oob_krealloc_more+0xc6/0xdb [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<70869ebc>] kmalloc_tests_init+0x74/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_krealloc+0x62/0x68 krealloc+0x62/0xc7 kmalloc_oob_krealloc_more+0x8c/0xdb [test_kasan] kmalloc_tests_init+0x74/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 469: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 load_elf_binary+0x2bc/0x1371 search_binary_handler+0xe0/0x38c exec_binprm+0x107/0x308 __do_execve_file+0xac8/0xd1a do_execve+0x24/0x26 sys_execve+0x33/0x37 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006fb90ec0 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 19 bytes inside of 32-byte region [000000006fb90ec0, 000000006fb90ee0) The buggy address belongs to the page: page:000000006ffef780 refcount:1 mapcount:0 mapping:000000006f8025c0 index:0x6fb91d60 compound_mapcount: 0 raw: 0000000000010200 000000006ffc88f8 000000006f8019d0 000000006f8025c0 raw: 000000006fb91d60 0000000000130012 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006fb90d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006fb90e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006fb90e80: fc fc fc fc fc fc fc fc 00 00 03 fc fc fc fc fc ^ 000000006fb90f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006fb90f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmalloc_oob_krealloc_less out-of-bounds after krealloc less ================================================================== BUG: KASAN: slab-out-of-bounds in kmalloc_oob_krealloc_less+0xc6/0xdb [test_kasan] Write of size 1 at addr 000000006fb91d6f by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7970 00000004 60b74088 600d7e5e 6fb91d6f 6ffef780 00000001 601c2d52 6dfe7950 6065d480 6dfe79b0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70868972>] ? kmalloc_oob_krealloc_less+0xc6/0xdb [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70868972>] ? kmalloc_oob_krealloc_less+0xc6/0xdb [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<601bf517>] ? kfree+0x0/0x2b5 [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c6f>] __asan_store1+0x38/0x3a [<70868972>] kmalloc_oob_krealloc_less+0xc6/0xdb [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<70869ec8>] kmalloc_tests_init+0x80/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_krealloc+0x62/0x68 krealloc+0x62/0xc7 kmalloc_oob_krealloc_less+0x8c/0xdb [test_kasan] kmalloc_tests_init+0x80/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 480: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 single_release+0x62/0x6e close_pdeo.part.0+0x85/0x15c close_pdeo+0xa4/0xb0 proc_reg_release+0x77/0xa4 __fput+0x12e/0x31b ____fput+0x10/0x12 task_work_run+0xeb/0x107 interrupt_end+0x10c/0x127 userspace+0x4eb/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006fb91d60 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 15 bytes inside of 32-byte region [000000006fb91d60, 000000006fb91d80) The buggy address belongs to the page: page:000000006ffef780 refcount:1 mapcount:0 mapping:000000006f8025c0 index:0x0 compound_mapcount: 0 raw: 0000000000010200 000000006f8019f0 000000006f8019f0 000000006f8025c0 raw: 0000000000000000 0000000000130013 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006fb91c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006fb91c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006fb91d00: fc fc fc fc fc fc fc fc fc fc fc fc 00 07 fc fc ^ 000000006fb91d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006fb91e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmalloc_oob_16 kmalloc out-of-bounds for 16-bytes access ================================================================== BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xc7/0xf6 [test_kasan] Write of size 16 at addr 000000006fbb8190 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7960 00000004 60b74088 600d7e5e 6fbb8190 6fff0040 00000001 608cb080 6dfe7940 6065d480 6dfe79a0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<7086845b>] ? kmalloc_oob_16+0xc7/0xf6 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<7086845b>] ? kmalloc_oob_16+0xc7/0xf6 [test_kasan] [<601bf517>] ? kfree+0x0/0x2b5 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c1ca2>] kasan_report+0x13/0x15 [<601c301b>] __asan_store16+0x72/0x74 [<7086845b>] kmalloc_oob_16+0xc7/0xf6 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ed4>] kmalloc_tests_init+0x8c/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_oob_16+0x6b/0xf6 [test_kasan] kmalloc_tests_init+0x8c/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 0x60008d3e do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006fbb8190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006fbb8190, 000000006fbb81a0) The buggy address belongs to the page: page:000000006fff0040 refcount:1 mapcount:0 mapping:000000006f803900 index:0x0 raw: 0000000000000200 000000006ffeff68 000000006f8005f0 000000006f803900 raw: 0000000000000000 00000000000a000a 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006fbb8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006fbb8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006fbb8180: fc fc 00 05 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006fbb8200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006fbb8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmalloc_oob_in_memset out-of-bounds in memset ================================================================== BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x9a/0xae [test_kasan] Write of size 671 at addr 000000006d12b400 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6d12b400 6ff5b0c0 00000001 601c2d52 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70868a21>] ? kmalloc_oob_in_memset+0x9a/0xae [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<600d7e5e>] ? printk+0x0/0x94 [<70868a21>] ? kmalloc_oob_in_memset+0x9a/0xae [test_kasan] [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1262>] memset+0x2e/0x4c [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<70868a21>] kmalloc_oob_in_memset+0x9a/0xae [test_kasan] [<70869ee0>] kmalloc_tests_init+0x98/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_oob_in_memset+0x62/0xae [test_kasan] kmalloc_tests_init+0x98/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 0: (stack is not available) The buggy address belongs to the object at 000000006d12b400 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 0 bytes inside of 1024-byte region [000000006d12b400, 000000006d12b800) The buggy address belongs to the page: page:000000006ff5b0c0 refcount:1 mapcount:0 mapping:000000006f80c040 index:0x6d12cc00 compound_mapcount: 0 raw: 0000000000010200 000000006ffd0688 000000006f800fd0 000000006f80c040 raw: 000000006d12cc00 00000000000a0008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d12b580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000006d12b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >000000006d12b680: 00 00 00 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006d12b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d12b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmalloc_oob_memset_2 out-of-bounds in memset2 ================================================================== BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x9b/0xaf [test_kasan] Write of size 2 at addr 000000006d33d00f by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6d33d00f 6ff62558 00000001 601c2d52 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70868ad0>] ? kmalloc_oob_memset_2+0x9b/0xaf [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<600d7e5e>] ? printk+0x0/0x94 [<70868ad0>] ? kmalloc_oob_memset_2+0x9b/0xaf [test_kasan] [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1262>] memset+0x2e/0x4c [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<70868ad0>] kmalloc_oob_memset_2+0x9b/0xaf [test_kasan] [<70869eec>] kmalloc_tests_init+0xa4/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_oob_memset_2+0x62/0xaf [test_kasan] kmalloc_tests_init+0xa4/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 0: (stack is not available) The buggy address belongs to the object at 000000006d33d008 which belongs to the cache kmalloc-8 of size 8 The buggy address is located 7 bytes inside of 8-byte region [000000006d33d008, 000000006d33d010) The buggy address belongs to the page: page:000000006ff62558 refcount:1 mapcount:0 mapping:000000006f802300 index:0x6d33de18 raw: 0000000000000200 000000006f801c50 000000006f801c50 000000006f802300 raw: 000000006d33de18 00000000000b0001 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d33cf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 000000006d33cf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >000000006d33d000: fc 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006d33d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d33d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmalloc_oob_memset_4 out-of-bounds in memset4 ================================================================== BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x9b/0xaf [test_kasan] Write of size 4 at addr 000000006d33de1d by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6d33de1d 6ff62558 00000001 601c2d52 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70868b7f>] ? kmalloc_oob_memset_4+0x9b/0xaf [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<600d7e5e>] ? printk+0x0/0x94 [<70868b7f>] ? kmalloc_oob_memset_4+0x9b/0xaf [test_kasan] [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1262>] memset+0x2e/0x4c [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<70868b7f>] kmalloc_oob_memset_4+0x9b/0xaf [test_kasan] [<70869ef8>] kmalloc_tests_init+0xb0/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_oob_memset_4+0x62/0xaf [test_kasan] kmalloc_tests_init+0xb0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 0: (stack is not available) The buggy address belongs to the object at 000000006d33de18 which belongs to the cache kmalloc-8 of size 8 The buggy address is located 5 bytes inside of 8-byte region [000000006d33de18, 000000006d33de20) The buggy address belongs to the page: page:000000006ff62558 refcount:1 mapcount:0 mapping:000000006f802300 index:0x6d33d170 raw: 0000000000000200 000000006f801c50 000000006f801c50 000000006f802300 raw: 000000006d33d170 00000000000b0002 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d33dd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d33dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006d33de00: fc fc fc 00 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006d33de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d33df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmalloc_oob_memset_8 out-of-bounds in memset8 ================================================================== BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x9b/0xaf [test_kasan] Write of size 8 at addr 000000006d33d171 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6d33d171 6ff62558 00000001 601c2d52 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70868c2e>] ? kmalloc_oob_memset_8+0x9b/0xaf [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<600d7e5e>] ? printk+0x0/0x94 [<70868c2e>] ? kmalloc_oob_memset_8+0x9b/0xaf [test_kasan] [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1262>] memset+0x2e/0x4c [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<70868c2e>] kmalloc_oob_memset_8+0x9b/0xaf [test_kasan] [<70869f04>] kmalloc_tests_init+0xbc/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_oob_memset_8+0x62/0xaf [test_kasan] kmalloc_tests_init+0xbc/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 0: (stack is not available) The buggy address belongs to the object at 000000006d33d170 which belongs to the cache kmalloc-8 of size 8 The buggy address is located 1 bytes inside of 8-byte region [000000006d33d170, 000000006d33d178) The buggy address belongs to the page: page:000000006ff62558 refcount:1 mapcount:0 mapping:000000006f802300 index:0x6d33dcb0 raw: 0000000000000200 000000006f801c50 000000006f801c50 000000006f802300 raw: 000000006d33dcb0 00000000000b0003 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d33d000: fc fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d33d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006d33d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 fc ^ 000000006d33d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d33d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmalloc_oob_memset_16 out-of-bounds in memset16 ================================================================== BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x9b/0xaf [test_kasan] Write of size 16 at addr 000000006f2f0011 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f2f0011 6ffd1480 00000001 601c2d52 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70868cdd>] ? kmalloc_oob_memset_16+0x9b/0xaf [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<600d7e5e>] ? printk+0x0/0x94 [<70868cdd>] ? kmalloc_oob_memset_16+0x9b/0xaf [test_kasan] [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1262>] memset+0x2e/0x4c [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<70868cdd>] kmalloc_oob_memset_16+0x9b/0xaf [test_kasan] [<70869f10>] kmalloc_tests_init+0xc8/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_oob_memset_16+0x62/0xaf [test_kasan] kmalloc_tests_init+0xc8/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 free_modprobe_argv+0x3e/0x54 call_usermodehelper_freeinfo+0x2f/0x43 call_usermodehelper_exec+0x1f2/0x24c __request_module+0x564/0x5d9 crypto_probing_notify+0x4b/0x65 crypto_wait_for_test+0xc0/0xc2 crypto_register_alg+0x92/0x9b crypto_register_rng+0x76/0x7e crypto_register_rngs+0x3a/0x95 0x6002590e do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f2f0010 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 1 bytes inside of 16-byte region [000000006f2f0010, 000000006f2f0020) The buggy address belongs to the page: page:000000006ffd1480 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f0910 raw: 0000000000000200 000000006ffd1530 000000006f8005d0 000000006f803900 raw: 000000006f2f0910 00000000000a0003 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2eff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2eff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f0000: fc fc 00 00 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmalloc_uaf use-after-free ================================================================== BUG: KASAN: use-after-free in kmalloc_uaf+0xa5/0xae [test_kasan] Write of size 1 at addr 000000006f2f0918 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7980 00000004 60b74088 600d7e5e 6f2f0918 6ffd1480 00000001 601c2d52 6dfe7960 6065d480 6dfe79c0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<7086852f>] ? kmalloc_uaf+0xa5/0xae [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<600c9301>] ? lock_acquired+0x3da/0x466 [<7086852f>] ? kmalloc_uaf+0xa5/0xae [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c6f>] __asan_store1+0x38/0x3a [<7086852f>] kmalloc_uaf+0xa5/0xae [test_kasan] [<70869f1c>] kmalloc_tests_init+0xd4/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_uaf+0x63/0xae [test_kasan] kmalloc_tests_init+0xd4/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kmalloc_uaf+0x95/0xae [test_kasan] kmalloc_tests_init+0xd4/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006f2f0910 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f2f0910, 000000006f2f0920) The buggy address belongs to the page: page:000000006ffd1480 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f0d90 raw: 0000000000000200 000000006ffd1530 000000006f8005d0 000000006f803900 raw: 000000006f2f0d90 00000000000a0004 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2f0800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f0880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f0900: fc fc fb fb fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f0a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmalloc_uaf_memset use-after-free in memset ================================================================== BUG: KASAN: use-after-free in kmalloc_uaf_memset+0xa9/0xae [test_kasan] Write of size 33 at addr 000000006d2caa40 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6d2caa40 6ff60c30 00000001 601c2d52 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70868d9a>] ? kmalloc_uaf_memset+0xa9/0xae [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<70868d9a>] ? kmalloc_uaf_memset+0xa9/0xae [test_kasan] [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1262>] memset+0x2e/0x4c [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<70868d9a>] kmalloc_uaf_memset+0xa9/0xae [test_kasan] [<70869f28>] kmalloc_tests_init+0xe0/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_uaf_memset+0x62/0xae [test_kasan] kmalloc_tests_init+0xe0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kmalloc_uaf_memset+0x93/0xae [test_kasan] kmalloc_tests_init+0xe0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006d2caa40 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 0 bytes inside of 64-byte region [000000006d2caa40, 000000006d2caa80) The buggy address belongs to the page: page:000000006ff60c30 refcount:1 mapcount:0 mapping:000000006f803640 index:0x6d2ca640 raw: 0000000000000200 000000006f800850 000000006f800850 000000006f803640 raw: 000000006d2ca640 0000000000080006 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d2ca900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d2ca980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006d2caa00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ^ 000000006d2caa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d2cab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmalloc_uaf2 use-after-free after another kmalloc ================================================================== BUG: KASAN: use-after-free in kmalloc_uaf2+0xed/0x121 [test_kasan] Write of size 1 at addr 000000006d2ca668 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7960 00000004 60b74088 600d7e5e 6d2ca668 6ff60c30 00000001 601c2e45 6dfe7940 6065d480 6dfe79a0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2e45>] ? __asan_load8+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70868625>] ? kmalloc_uaf2+0xed/0x121 [test_kasan] [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<70868625>] ? kmalloc_uaf2+0xed/0x121 [test_kasan] [<601bf517>] ? kfree+0x0/0x2b5 [<600d7e5e>] ? printk+0x0/0x94 [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c6f>] __asan_store1+0x38/0x3a [<70868625>] kmalloc_uaf2+0xed/0x121 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869f34>] kmalloc_tests_init+0xec/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_uaf2+0x6c/0x121 [test_kasan] kmalloc_tests_init+0xec/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kmalloc_uaf2+0xa4/0x121 [test_kasan] kmalloc_tests_init+0xec/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006d2ca640 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 40 bytes inside of 64-byte region [000000006d2ca640, 000000006d2ca680) The buggy address belongs to the page: page:000000006ff60c30 refcount:1 mapcount:0 mapping:000000006f803640 index:0x0 raw: 0000000000000200 000000006fff00f0 000000006f800870 000000006f803640 raw: 0000000000000000 0000000000080008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d2ca500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d2ca580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006d2ca600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ^ 000000006d2ca680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d2ca700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kfree_via_page invalid-free false positive (via page) kasan test: kfree_via_phys invalid-free false positive (via phys) kasan test: kmem_cache_oob out-of-bounds in kmem_cache_alloc ================================================================== BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0xc7/0x103 [test_kasan] Read of size 1 at addr 000000006d2d80d0 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7970 00000004 60b74088 600d7e5e 6d2d80d0 6ff60f40 00000000 601c2d52 6dfe7950 6065d480 6dfe79b0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70868e66>] ? kmem_cache_oob+0xc7/0x103 [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<70868e66>] ? kmem_cache_oob+0xc7/0x103 [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<60184ecf>] ? kmem_cache_destroy+0x0/0x178 [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c35>] __asan_load1+0x35/0x37 [<70868e66>] kmem_cache_oob+0xc7/0x103 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<70869f58>] kmalloc_tests_init+0x110/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_slab_alloc+0x15/0x17 slab_post_alloc_hook+0x49/0x85 kmem_cache_alloc+0x15e/0x231 kmem_cache_oob+0x88/0x103 [test_kasan] kmalloc_tests_init+0x110/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 0: (stack is not available) The buggy address belongs to the object at 000000006d2d8008 which belongs to the cache test_cache of size 200 The buggy address is located 0 bytes to the right of 200-byte region [000000006d2d8008, 000000006d2d80d0) The buggy address belongs to the page: page:000000006ff60f40 refcount:1 mapcount:0 mapping:000000006e32b900 index:0x6d2d9c10 compound_mapcount: 0 raw: 0000000000010200 000000006e2b99d0 000000006e2b99d0 000000006e32b900 raw: 000000006d2d9c10 00000000000e0001 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d2d7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 000000006d2d8000: fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >000000006d2d8080: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc ^ 000000006d2d8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d2d8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: memcg_accounted_kmem_cache allocate memcg accounted object kasan test: kasan_stack_oob out-of-bounds on stack kasan test: kasan_global_oob out-of-bounds global variable ================================================================== BUG: KASAN: global-out-of-bounds in kasan_global_oob+0x58/0x68 [test_kasan] Read of size 1 at addr 00000000708623ad by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7960 00000004 60b74088 600d7e5e 708623ad 00000000 00000000 601c2d52 6dfe7940 6065d480 6dfe79a0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<708680ae>] ? kasan_global_oob+0x58/0x68 [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<708680ae>] ? kasan_global_oob+0x58/0x68 [test_kasan] [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c35>] __asan_load1+0x35/0x37 [<708680ae>] kasan_global_oob+0x58/0x68 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<70869f7c>] kmalloc_tests_init+0x134/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 The buggy address belongs to the variable: global_array+0xd/0xffffffffffffdd0c [test_kasan] Memory state around the buggy address: 0000000070862280: fa fa fa fa 00 00 00 04 fa fa fa fa 00 00 07 fa 0000000070862300: fa fa fa fa 00 00 01 fa fa fa fa fa 00 00 02 fa >0000000070862380: fa fa fa fa 00 02 fa fa fa fa fa fa 00 00 00 00 ^ 0000000070862400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000000070862480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== kasan test: kasan_alloca_oob_left out-of-bounds to left on alloca kasan test: kasan_alloca_oob_right out-of-bounds to right on alloca kasan test: ksize_unpoisons_memory ksize() unpoisons the whole allocated chunk ================================================================== BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0xba/0xd4 [test_kasan] Write of size 1 at addr 000000006d057780 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7970 00000004 60b74088 600d7e5e 6d057780 6ff582d0 00000001 601c2d52 6dfe7950 6065d480 6dfe79b0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<7086929e>] ? ksize_unpoisons_memory+0xba/0xd4 [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<600c9301>] ? lock_acquired+0x3da/0x466 [<7086929e>] ? ksize_unpoisons_memory+0xba/0xd4 [test_kasan] [<601c2c37>] ? __asan_store1+0x0/0x3a [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c6f>] __asan_store1+0x38/0x3a [<7086929e>] ksize_unpoisons_memory+0xba/0xd4 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<70869fa0>] kmalloc_tests_init+0x158/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 ksize_unpoisons_memory+0x65/0xd4 [test_kasan] kmalloc_tests_init+0x158/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 505: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 load_elf_binary+0x12b6/0x1371 search_binary_handler+0xe0/0x38c load_script+0x32e/0x33d search_binary_handler+0xe0/0x38c exec_binprm+0x107/0x308 __do_execve_file+0xac8/0xd1a do_execve+0x24/0x26 sys_execve+0x33/0x37 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006d057700 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 0 bytes to the right of 128-byte region [000000006d057700, 000000006d057780) The buggy address belongs to the page: page:000000006ff582d0 refcount:1 mapcount:0 mapping:000000006f803380 index:0x6d057200 compound_mapcount: 0 raw: 0000000000010200 000000006ffc96f8 000000006f800ad0 000000006f803380 raw: 000000006d057200 00000000000c0007 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d057680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d057700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >000000006d057780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006d057800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d057880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: copy_user_test out-of-bounds in copy_from_user() ================================================================== BUG: KASAN: slab-out-of-bounds in copy_user_test+0xff/0x33a [test_kasan] Write of size 11 at addr 000000006f2f3d90 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f2f3d90 6ffd1528 00000001 70860000 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<7086971e>] ? copy_user_test+0xff/0x33a [test_kasan] [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600bc9dd>] ? up_write+0x2d9/0x317 [<7086971e>] ? copy_user_test+0xff/0x33a [test_kasan] [<60189b09>] ? __might_fault+0x0/0x38 [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<7086002c>] ? __access_ok+0x2c/0x6a [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<7086971e>] copy_user_test+0xff/0x33a [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869fac>] kmalloc_tests_init+0x164/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 copy_user_test+0x47/0x33a [test_kasan] kmalloc_tests_init+0x164/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 kset_register+0x4d/0x56 __class_register+0x1e7/0x26d 0x600269c6 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f2f3d90 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006f2f3d90, 000000006f2f3da0) The buggy address belongs to the page: page:000000006ffd1528 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f3490 raw: 0000000000000200 000000006ffb46f8 000000006f8005d0 000000006f803900 raw: 000000006f2f3490 00000000000a0008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2f3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f3d80: fc fc 00 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== ================================================================== BUG: KASAN: slab-out-of-bounds in copy_chunk_from_user+0x39/0x4d Write of size 11 at addr 000000006f2f3d90 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe77d0 00000004 60b74088 600d7e5e 6f2f3d90 6ffd1528 00000001 6dfe79f8 6dfe77b0 6065d480 6dfe7810 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<60047391>] ? copy_chunk_from_user+0x39/0x4d [<601c26fe>] __kasan_report+0x161/0x19c [<60047391>] ? copy_chunk_from_user+0x39/0x4d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<601c317a>] ? check_memory_region+0x0/0x13f [<601c1318>] memcpy+0x3d/0x5b [<601c2e45>] ? __asan_load8+0x0/0x78 [<60047391>] copy_chunk_from_user+0x39/0x4d [<601c2e45>] ? __asan_load8+0x0/0x78 [<60047743>] do_op_one_page+0x1b8/0x1fd [<60047358>] ? copy_chunk_from_user+0x0/0x4d [<601c294f>] ? end_report+0x83/0x87 [<60047358>] ? copy_chunk_from_user+0x0/0x4d [<60047852>] buffer_op+0xca/0xe0 [<60189b09>] ? __might_fault+0x0/0x38 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<600478df>] raw_copy_from_user+0x77/0x82 [<7086002c>] ? __access_ok+0x2c/0x6a [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<600d7e5e>] ? printk+0x0/0x94 [<70869735>] copy_user_test+0x116/0x33a [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869fac>] kmalloc_tests_init+0x164/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 copy_user_test+0x47/0x33a [test_kasan] kmalloc_tests_init+0x164/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 kset_register+0x4d/0x56 __class_register+0x1e7/0x26d 0x600269c6 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f2f3d90 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006f2f3d90, 000000006f2f3da0) The buggy address belongs to the page: page:000000006ffd1528 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f3490 raw: 0000000000000200 000000006ffb46f8 000000006f8005d0 000000006f803900 raw: 000000006f2f3490 00000000000a0008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2f3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f3d80: fc fc 00 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: copy_user_test out-of-bounds in copy_to_user() ================================================================== BUG: KASAN: slab-out-of-bounds in copy_user_test+0x18a/0x33a [test_kasan] Read of size 11 at addr 000000006f2f3d90 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f2f3d90 6ffd1528 00000000 70860000 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<708697a9>] ? copy_user_test+0x18a/0x33a [test_kasan] [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<708697a9>] ? copy_user_test+0x18a/0x33a [test_kasan] [<60189b09>] ? __might_fault+0x0/0x38 [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<7086002c>] ? __access_ok+0x2c/0x6a [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<601c110c>] __kasan_check_read+0x18/0x1a [<708697a9>] copy_user_test+0x18a/0x33a [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869fac>] kmalloc_tests_init+0x164/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 copy_user_test+0x47/0x33a [test_kasan] kmalloc_tests_init+0x164/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 kset_register+0x4d/0x56 __class_register+0x1e7/0x26d 0x600269c6 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f2f3d90 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006f2f3d90, 000000006f2f3da0) The buggy address belongs to the page: page:000000006ffd1528 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f3490 raw: 0000000000000200 000000006ffb46f8 000000006f8005d0 000000006f803900 raw: 000000006f2f3490 00000000000a0008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2f3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f3d80: fc fc 00 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== ================================================================== BUG: KASAN: slab-out-of-bounds in copy_chunk_to_user+0x39/0x4d Read of size 11 at addr 000000006f2f3d90 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe77d0 00000004 60b74088 600d7e5e 6f2f3d90 6ffd1528 00000000 6dfe79f8 6dfe77b0 6065d480 6dfe7810 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<600473de>] ? copy_chunk_to_user+0x39/0x4d [<601c26fe>] __kasan_report+0x161/0x19c [<600473de>] ? copy_chunk_to_user+0x39/0x4d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600473c9>] ? copy_chunk_to_user+0x24/0x4d [<601c317a>] ? check_memory_region+0x0/0x13f [<601c1307>] memcpy+0x2c/0x5b [<601c2e45>] ? __asan_load8+0x0/0x78 [<600473de>] copy_chunk_to_user+0x39/0x4d [<601c2e45>] ? __asan_load8+0x0/0x78 [<60047743>] do_op_one_page+0x1b8/0x1fd [<600473a5>] ? copy_chunk_to_user+0x0/0x4d [<601c294f>] ? end_report+0x83/0x87 [<600473a5>] ? copy_chunk_to_user+0x0/0x4d [<60047852>] buffer_op+0xca/0xe0 [<60189b09>] ? __might_fault+0x0/0x38 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<60047964>] raw_copy_to_user+0x7a/0x85 [<7086002c>] ? __access_ok+0x2c/0x6a [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<600d7e5e>] ? printk+0x0/0x94 [<708697c0>] copy_user_test+0x1a1/0x33a [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869fac>] kmalloc_tests_init+0x164/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 copy_user_test+0x47/0x33a [test_kasan] kmalloc_tests_init+0x164/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 kset_register+0x4d/0x56 __class_register+0x1e7/0x26d 0x600269c6 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f2f3d90 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006f2f3d90, 000000006f2f3da0) The buggy address belongs to the page: page:000000006ffd1528 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f3490 raw: 0000000000000200 000000006ffb46f8 000000006f8005d0 000000006f803900 raw: 000000006f2f3490 00000000000a0008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2f3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f3d80: fc fc 00 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: copy_user_test out-of-bounds in __copy_from_user() ================================================================== BUG: KASAN: slab-out-of-bounds in copy_user_test+0x1e0/0x33a [test_kasan] Write of size 11 at addr 000000006f2f3d90 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f2f3d90 6ffd1528 00000001 70860000 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<708697ff>] ? copy_user_test+0x1e0/0x33a [test_kasan] [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<708697ff>] ? copy_user_test+0x1e0/0x33a [test_kasan] [<60189b09>] ? __might_fault+0x0/0x38 [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<60189b2f>] ? __might_fault+0x26/0x38 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<708697ff>] copy_user_test+0x1e0/0x33a [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869fac>] kmalloc_tests_init+0x164/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 copy_user_test+0x47/0x33a [test_kasan] kmalloc_tests_init+0x164/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 kset_register+0x4d/0x56 __class_register+0x1e7/0x26d 0x600269c6 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f2f3d90 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006f2f3d90, 000000006f2f3da0) The buggy address belongs to the page: page:000000006ffd1528 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f3490 raw: 0000000000000200 000000006ffb46f8 000000006f8005d0 000000006f803900 raw: 000000006f2f3490 00000000000a0008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2f3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f3d80: fc fc 00 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== ================================================================== BUG: KASAN: slab-out-of-bounds in copy_chunk_from_user+0x39/0x4d Write of size 11 at addr 000000006f2f3d90 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe77d0 00000004 60b74088 600d7e5e 6f2f3d90 6ffd1528 00000001 6dfe79f8 6dfe77b0 6065d480 6dfe7810 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<60047391>] ? copy_chunk_from_user+0x39/0x4d [<601c26fe>] __kasan_report+0x161/0x19c [<60042d14>] ? um_trace_signals_on+0x20/0x22 [<60047391>] ? copy_chunk_from_user+0x39/0x4d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<601c317a>] ? check_memory_region+0x0/0x13f [<601c1318>] memcpy+0x3d/0x5b [<601c2e45>] ? __asan_load8+0x0/0x78 [<60047391>] copy_chunk_from_user+0x39/0x4d [<601c2e45>] ? __asan_load8+0x0/0x78 [<60047743>] do_op_one_page+0x1b8/0x1fd [<60047358>] ? copy_chunk_from_user+0x0/0x4d [<601c294f>] ? end_report+0x83/0x87 [<60047358>] ? copy_chunk_from_user+0x0/0x4d [<60047852>] buffer_op+0xca/0xe0 [<60189b09>] ? __might_fault+0x0/0x38 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<600478df>] raw_copy_from_user+0x77/0x82 [<60189b2f>] ? __might_fault+0x26/0x38 [<600d7e5e>] ? printk+0x0/0x94 [<600d7e5e>] ? printk+0x0/0x94 [<70869817>] copy_user_test+0x1f8/0x33a [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869fac>] kmalloc_tests_init+0x164/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 copy_user_test+0x47/0x33a [test_kasan] kmalloc_tests_init+0x164/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 kset_register+0x4d/0x56 __class_register+0x1e7/0x26d 0x600269c6 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f2f3d90 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006f2f3d90, 000000006f2f3da0) The buggy address belongs to the page: page:000000006ffd1528 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f3490 raw: 0000000000000200 000000006ffb46f8 000000006f8005d0 000000006f803900 raw: 000000006f2f3490 00000000000a0008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2f3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f3d80: fc fc 00 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: copy_user_test out-of-bounds in __copy_to_user() ================================================================== BUG: KASAN: slab-out-of-bounds in copy_user_test+0x240/0x33a [test_kasan] Read of size 11 at addr 000000006f2f3d90 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f2f3d90 6ffd1528 00000000 70860000 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<7086985f>] ? copy_user_test+0x240/0x33a [test_kasan] [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<7086985f>] ? copy_user_test+0x240/0x33a [test_kasan] [<600478ea>] ? raw_copy_to_user+0x0/0x85 [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<60189b2f>] ? __might_fault+0x26/0x38 [<600d7e5e>] ? printk+0x0/0x94 [<601c110c>] __kasan_check_read+0x18/0x1a [<7086985f>] copy_user_test+0x240/0x33a [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869fac>] kmalloc_tests_init+0x164/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 copy_user_test+0x47/0x33a [test_kasan] kmalloc_tests_init+0x164/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 kset_register+0x4d/0x56 __class_register+0x1e7/0x26d 0x600269c6 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f2f3d90 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006f2f3d90, 000000006f2f3da0) The buggy address belongs to the page: page:000000006ffd1528 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f3490 raw: 0000000000000200 000000006ffb46f8 000000006f8005d0 000000006f803900 raw: 000000006f2f3490 00000000000a0008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2f3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f3d80: fc fc 00 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== ================================================================== BUG: KASAN: slab-out-of-bounds in copy_chunk_to_user+0x39/0x4d Read of size 11 at addr 000000006f2f3d90 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe77d0 00000004 60b74088 600d7e5e 6f2f3d90 6ffd1528 00000000 6dfe79f8 6dfe77b0 6065d480 6dfe7810 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<600473de>] ? copy_chunk_to_user+0x39/0x4d [<601c26fe>] __kasan_report+0x161/0x19c [<60042d14>] ? um_trace_signals_on+0x20/0x22 [<600473de>] ? copy_chunk_to_user+0x39/0x4d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600473c9>] ? copy_chunk_to_user+0x24/0x4d [<601c317a>] ? check_memory_region+0x0/0x13f [<601c1307>] memcpy+0x2c/0x5b [<601c2e45>] ? __asan_load8+0x0/0x78 [<600473de>] copy_chunk_to_user+0x39/0x4d [<601c2e45>] ? __asan_load8+0x0/0x78 [<60047743>] do_op_one_page+0x1b8/0x1fd [<600473a5>] ? copy_chunk_to_user+0x0/0x4d [<601c294f>] ? end_report+0x83/0x87 [<600473a5>] ? copy_chunk_to_user+0x0/0x4d [<60047852>] buffer_op+0xca/0xe0 [<600478ea>] ? raw_copy_to_user+0x0/0x85 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<60047964>] raw_copy_to_user+0x7a/0x85 [<60189b2f>] ? __might_fault+0x26/0x38 [<600d7e5e>] ? printk+0x0/0x94 [<600d7e5e>] ? printk+0x0/0x94 [<7086986d>] copy_user_test+0x24e/0x33a [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869fac>] kmalloc_tests_init+0x164/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 copy_user_test+0x47/0x33a [test_kasan] kmalloc_tests_init+0x164/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 kset_register+0x4d/0x56 __class_register+0x1e7/0x26d 0x600269c6 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f2f3d90 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006f2f3d90, 000000006f2f3da0) The buggy address belongs to the page: page:000000006ffd1528 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f3490 raw: 0000000000000200 000000006ffb46f8 000000006f8005d0 000000006f803900 raw: 000000006f2f3490 00000000000a0008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2f3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f3d80: fc fc 00 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: copy_user_test out-of-bounds in __copy_from_user_inatomic() ================================================================== BUG: KASAN: slab-out-of-bounds in copy_user_test+0x27b/0x33a [test_kasan] Write of size 11 at addr 000000006f2f3d90 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f2f3d90 6ffd1528 00000001 70860000 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<7086989a>] ? copy_user_test+0x27b/0x33a [test_kasan] [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<7086989a>] ? copy_user_test+0x27b/0x33a [test_kasan] [<600478ea>] ? raw_copy_to_user+0x0/0x85 [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<7086989a>] copy_user_test+0x27b/0x33a [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869fac>] kmalloc_tests_init+0x164/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 copy_user_test+0x47/0x33a [test_kasan] kmalloc_tests_init+0x164/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 kset_register+0x4d/0x56 __class_register+0x1e7/0x26d 0x600269c6 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f2f3d90 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006f2f3d90, 000000006f2f3da0) The buggy address belongs to the page: page:000000006ffd1528 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f3490 raw: 0000000000000200 000000006ffb46f8 000000006f8005d0 000000006f803900 raw: 000000006f2f3490 00000000000a0008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2f3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f3d80: fc fc 00 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== ================================================================== BUG: KASAN: slab-out-of-bounds in copy_chunk_from_user+0x39/0x4d Write of size 11 at addr 000000006f2f3d90 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe77d0 00000004 60b74088 600d7e5e 6f2f3d90 6ffd1528 00000001 6dfe79f8 6dfe77b0 6065d480 6dfe7810 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<60047391>] ? copy_chunk_from_user+0x39/0x4d [<601c26fe>] __kasan_report+0x161/0x19c [<60042d14>] ? um_trace_signals_on+0x20/0x22 [<60047391>] ? copy_chunk_from_user+0x39/0x4d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<601c317a>] ? check_memory_region+0x0/0x13f [<601c1318>] memcpy+0x3d/0x5b [<601c2e45>] ? __asan_load8+0x0/0x78 [<60047391>] copy_chunk_from_user+0x39/0x4d [<601c2e45>] ? __asan_load8+0x0/0x78 [<60047743>] do_op_one_page+0x1b8/0x1fd [<60047358>] ? copy_chunk_from_user+0x0/0x4d [<601c294f>] ? end_report+0x83/0x87 [<60047358>] ? copy_chunk_from_user+0x0/0x4d [<60047852>] buffer_op+0xca/0xe0 [<600478ea>] ? raw_copy_to_user+0x0/0x85 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<600478df>] raw_copy_from_user+0x77/0x82 [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<600d7e5e>] ? printk+0x0/0x94 [<708698b2>] copy_user_test+0x293/0x33a [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869fac>] kmalloc_tests_init+0x164/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 copy_user_test+0x47/0x33a [test_kasan] kmalloc_tests_init+0x164/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 kset_register+0x4d/0x56 __class_register+0x1e7/0x26d 0x600269c6 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f2f3d90 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006f2f3d90, 000000006f2f3da0) The buggy address belongs to the page: page:000000006ffd1528 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f3490 raw: 0000000000000200 000000006ffb46f8 000000006f8005d0 000000006f803900 raw: 000000006f2f3490 00000000000a0008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2f3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f3d80: fc fc 00 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: copy_user_test out-of-bounds in __copy_to_user_inatomic() ================================================================== BUG: KASAN: slab-out-of-bounds in copy_user_test+0x2bf/0x33a [test_kasan] Read of size 11 at addr 000000006f2f3d90 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f2f3d90 6ffd1528 00000000 70860000 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<708698de>] ? copy_user_test+0x2bf/0x33a [test_kasan] [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<708698de>] ? copy_user_test+0x2bf/0x33a [test_kasan] [<600478ea>] ? raw_copy_to_user+0x0/0x85 [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c110c>] __kasan_check_read+0x18/0x1a [<708698de>] copy_user_test+0x2bf/0x33a [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869fac>] kmalloc_tests_init+0x164/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 copy_user_test+0x47/0x33a [test_kasan] kmalloc_tests_init+0x164/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 kset_register+0x4d/0x56 __class_register+0x1e7/0x26d 0x600269c6 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f2f3d90 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006f2f3d90, 000000006f2f3da0) The buggy address belongs to the page: page:000000006ffd1528 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f3490 raw: 0000000000000200 000000006ffb46f8 000000006f8005d0 000000006f803900 raw: 000000006f2f3490 00000000000a0008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2f3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f3d80: fc fc 00 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== ================================================================== BUG: KASAN: slab-out-of-bounds in copy_chunk_to_user+0x39/0x4d Read of size 11 at addr 000000006f2f3d90 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe77d0 00000004 60b74088 600d7e5e 6f2f3d90 6ffd1528 00000000 6dfe79f8 6dfe77b0 6065d480 6dfe7810 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<600473de>] ? copy_chunk_to_user+0x39/0x4d [<601c26fe>] __kasan_report+0x161/0x19c [<60042d14>] ? um_trace_signals_on+0x20/0x22 [<600473de>] ? copy_chunk_to_user+0x39/0x4d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600473c9>] ? copy_chunk_to_user+0x24/0x4d [<601c317a>] ? check_memory_region+0x0/0x13f [<601c1307>] memcpy+0x2c/0x5b [<601c2e45>] ? __asan_load8+0x0/0x78 [<600473de>] copy_chunk_to_user+0x39/0x4d [<601c2e45>] ? __asan_load8+0x0/0x78 [<60047743>] do_op_one_page+0x1b8/0x1fd [<600473a5>] ? copy_chunk_to_user+0x0/0x4d [<601c294f>] ? end_report+0x83/0x87 [<600473a5>] ? copy_chunk_to_user+0x0/0x4d [<60047852>] buffer_op+0xca/0xe0 [<600478ea>] ? raw_copy_to_user+0x0/0x85 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<60047964>] raw_copy_to_user+0x7a/0x85 [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<600d7e5e>] ? printk+0x0/0x94 [<708698ec>] copy_user_test+0x2cd/0x33a [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869fac>] kmalloc_tests_init+0x164/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 copy_user_test+0x47/0x33a [test_kasan] kmalloc_tests_init+0x164/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 kset_register+0x4d/0x56 __class_register+0x1e7/0x26d 0x600269c6 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f2f3d90 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006f2f3d90, 000000006f2f3da0) The buggy address belongs to the page: page:000000006ffd1528 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f3490 raw: 0000000000000200 000000006ffb46f8 000000006f8005d0 000000006f803900 raw: 000000006f2f3490 00000000000a0008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2f3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f3d80: fc fc 00 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: copy_user_test out-of-bounds in strncpy_from_user() ================================================================== BUG: KASAN: slab-out-of-bounds in strncpy+0x4a/0x6d Write of size 1 at addr 000000006f2f3d9a by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe77c0 00000004 60b74088 600d7e5e 6f2f3d9a 6ffd1528 00000001 6f2f3d00 6dfe77a0 6065d480 6dfe7800 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<6066b8ed>] ? strncpy+0x4a/0x6d [<601c26fe>] __kasan_report+0x161/0x19c [<6067e066>] ? _raw_spin_lock+0x0/0x85 [<6066b8ed>] ? strncpy+0x4a/0x6d [<601c2c00>] ? __asan_load1+0x0/0x37 [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c6f>] __asan_store1+0x38/0x3a [<6066b8ed>] strncpy+0x4a/0x6d [<6067e50d>] ? _raw_spin_unlock+0x0/0x32 [<601c2e45>] ? __asan_load8+0x0/0x78 [<6004743b>] strncpy_chunk_from_user+0x49/0x85 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60047743>] do_op_one_page+0x1b8/0x1fd [<600473a5>] ? copy_chunk_to_user+0x0/0x4d [<600473f2>] ? strncpy_chunk_from_user+0x0/0x85 [<600473f2>] ? strncpy_chunk_from_user+0x0/0x85 [<60047852>] buffer_op+0xca/0xe0 [<70860000>] ? __access_ok+0x0/0x6a [test_kasan] [<600479e8>] __strncpy_from_user+0x79/0xa5 [<7086002c>] ? __access_ok+0x2c/0x6a [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<600478ea>] ? raw_copy_to_user+0x0/0x85 [<7086992a>] copy_user_test+0x30b/0x33a [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869fac>] kmalloc_tests_init+0x164/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 copy_user_test+0x47/0x33a [test_kasan] kmalloc_tests_init+0x164/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 kset_register+0x4d/0x56 __class_register+0x1e7/0x26d 0x600269c6 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f2f3d90 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 10 bytes inside of 16-byte region [000000006f2f3d90, 000000006f2f3da0) The buggy address belongs to the page: page:000000006ffd1528 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f2f3490 raw: 0000000000000200 000000006ffb46f8 000000006f8005d0 000000006f803900 raw: 000000006f2f3490 00000000000a0008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f2f3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f2f3d80: fc fc 00 02 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f2f3e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f2f3e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmem_cache_double_free double-free on heap object ================================================================== BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x69/0x1d7 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe78a0 00000004 60b74088 600d7e5e 6d296008 6ff600d0 00000001 601bf37a 6dfe7880 6065d480 6dfe78e0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601bf37a>] ? kmem_cache_free+0x69/0x1d7 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601bf37a>] ? kmem_cache_free+0x69/0x1d7 [<600d7e5e>] ? printk+0x0/0x94 [<601bf37a>] ? kmem_cache_free+0x69/0x1d7 [<601c2567>] kasan_report_invalid_free+0x7f/0xb5 [<601bf37a>] ? kmem_cache_free+0x69/0x1d7 [<601c1426>] __kasan_slab_free+0xbe/0x16d [<601c1930>] kasan_slab_free+0x15/0x17 [<601bb6ba>] slab_free_freelist_hook+0x150/0x1a7 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601bf37a>] kmem_cache_free+0x69/0x1d7 [<601be297>] ? kmem_cache_alloc+0x1ca/0x231 [<70868f6d>] ? kmem_cache_double_free+0xcb/0xda [test_kasan] [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601bf311>] ? kmem_cache_free+0x0/0x1d7 [<60184ecf>] ? kmem_cache_destroy+0x0/0x178 [<601c2d52>] ? __asan_load4+0x0/0x78 [<70868f6d>] kmem_cache_double_free+0xcb/0xda [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<70869fb8>] kmalloc_tests_init+0x170/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_slab_alloc+0x15/0x17 slab_post_alloc_hook+0x49/0x85 kmem_cache_alloc+0x15e/0x231 kmem_cache_double_free+0x85/0xda [test_kasan] kmalloc_tests_init+0x170/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kmem_cache_free+0x69/0x1d7 kmem_cache_double_free+0xc3/0xda [test_kasan] kmalloc_tests_init+0x170/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006d296008 which belongs to the cache test_cache of size 200 The buggy address is located 0 bytes inside of 200-byte region [000000006d296008, 000000006d2960d0) The buggy address belongs to the page: page:000000006ff600d0 refcount:1 mapcount:0 mapping:000000006e32b640 index:0x6d297c10 compound_mapcount: 0 raw: 0000000000010200 000000006e2b9750 000000006e2b9750 000000006e32b640 raw: 000000006d297c10 00000000000e0001 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d295f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d295f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006d296000: fc fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ 000000006d296080: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc 000000006d296100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmem_cache_invalid_free invalid-free of heap object kmemleak: Found object by alias at 0x6d2b2009 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7900 600c8f69 00000000 601c2e45 00000000 6d2b2009 6d2b2008 6d2b4008 6dfe78e0 6065d480 6dfe7930 601c3d82 Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600c8f69>] ? lock_acquired+0x42/0x466 [<601c2e45>] ? __asan_load8+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c3d82>] lookup_object+0xb5/0xd6 [<601c3e62>] find_and_remove_object+0x3d/0xae [<60140ab3>] ? trace_hardirqs_off+0x0/0x96 [<601c46f6>] delete_object_full+0x12/0x28 [<60677e6e>] kmemleak_free+0x2d/0x30 [<601bb620>] slab_free_freelist_hook+0xb6/0x1a7 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601bf37a>] kmem_cache_free+0x69/0x1d7 [<601be297>] ? kmem_cache_alloc+0x1ca/0x231 [<60184ecf>] ? kmem_cache_destroy+0x0/0x178 [<70869043>] ? kmem_cache_invalid_free+0xc7/0xde [test_kasan] [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601bf311>] ? kmem_cache_free+0x0/0x1d7 [<60184ecf>] ? kmem_cache_destroy+0x0/0x178 [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869043>] kmem_cache_invalid_free+0xc7/0xde [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<70869fc4>] kmalloc_tests_init+0x17c/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 kmemleak: Object 0x6d2b2008 (size 200): kmemleak: comm "insmod", pid 511, jiffies 4294940900 kmemleak: min_count = 1 kmemleak: count = 0 kmemleak: flags = 0x1 kmemleak: checksum = 0 kmemleak: backtrace: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 create_object+0x43d/0x65c kmemleak_alloc+0x2d/0x30 slab_post_alloc_hook+0x71/0x85 kmem_cache_alloc+0x15e/0x231 kmem_cache_invalid_free+0x88/0xde [test_kasan] kmalloc_tests_init+0x17c/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 ================================================================== BUG: KASAN: double-free or invalid-free in kmem_cache_free+0x69/0x1d7 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe78a0 00000004 60b74088 600d7e5e 6d2b2009 6ff606f0 00000001 601bf37a 6dfe7880 6065d480 6dfe78e0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601bf37a>] ? kmem_cache_free+0x69/0x1d7 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601bf37a>] ? kmem_cache_free+0x69/0x1d7 [<600d7e5e>] ? printk+0x0/0x94 [<601bf37a>] ? kmem_cache_free+0x69/0x1d7 [<601c2567>] kasan_report_invalid_free+0x7f/0xb5 [<601bf37a>] ? kmem_cache_free+0x69/0x1d7 [<601c1426>] __kasan_slab_free+0xbe/0x16d [<601c1930>] kasan_slab_free+0x15/0x17 [<601bb6ba>] slab_free_freelist_hook+0x150/0x1a7 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601bf37a>] kmem_cache_free+0x69/0x1d7 [<601be297>] ? kmem_cache_alloc+0x1ca/0x231 [<60184ecf>] ? kmem_cache_destroy+0x0/0x178 [<70869043>] ? kmem_cache_invalid_free+0xc7/0xde [test_kasan] [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601bf311>] ? kmem_cache_free+0x0/0x1d7 [<60184ecf>] ? kmem_cache_destroy+0x0/0x178 [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869043>] kmem_cache_invalid_free+0xc7/0xde [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<70869fc4>] kmalloc_tests_init+0x17c/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_slab_alloc+0x15/0x17 slab_post_alloc_hook+0x49/0x85 kmem_cache_alloc+0x15e/0x231 kmem_cache_invalid_free+0x88/0xde [test_kasan] kmalloc_tests_init+0x17c/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 0: (stack is not available) The buggy address belongs to the object at 000000006d2b2008 which belongs to the cache test_cache of size 200 The buggy address is located 1 bytes inside of 200-byte region [000000006d2b2008, 000000006d2b20d0) The buggy address belongs to the page: page:000000006ff606f0 refcount:1 mapcount:0 mapping:000000006e32a880 index:0x6d2b3c78 compound_mapcount: 0 raw: 0000000000010200 000000006e2b8850 000000006e2b8850 000000006e32a880 raw: 000000006d2b3c78 00000000000e0001 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006d2b1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006d2b1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006d2b2000: fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ 000000006d2b2080: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc 000000006d2b2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_memchr out-of-bounds in memchr ================================================================== BUG: KASAN: slab-out-of-bounds in memchr+0x32/0x4f Read of size 1 at addr 000000006f072518 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7940 00000004 60b74088 600d7e5e 6f072518 6ffc88f0 00000000 601c2c00 6dfe7920 6065d480 6dfe7980 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2c00>] ? __asan_load1+0x0/0x37 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2c00>] ? __asan_load1+0x0/0x37 [<600d7e5e>] ? printk+0x0/0x94 [<6066c1b2>] ? memchr+0x32/0x4f [<601c2c00>] ? __asan_load1+0x0/0x37 [<601c26fe>] __kasan_report+0x161/0x19c [<6066c1b2>] ? memchr+0x32/0x4f [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c35>] __asan_load1+0x35/0x37 [<6066c1b2>] memchr+0x32/0x4f [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<7086933b>] kasan_memchr+0x83/0x97 [test_kasan] [<6067a1c8>] ? __mutex_unlock_slowpath+0xa2/0x427 [<70869fd0>] kmalloc_tests_init+0x188/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_memchr+0x62/0x97 [test_kasan] kmalloc_tests_init+0x188/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 tty_register_device_attr+0x357/0x38a tty_register_device+0x15/0x17 tty_register_driver+0x25c/0x31f 0x60027855 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f072500 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 24 bytes inside of 32-byte region [000000006f072500, 000000006f072520) The buggy address belongs to the page: page:000000006ffc88f0 refcount:1 mapcount:0 mapping:000000006f8025c0 index:0x6f072b80 compound_mapcount: 0 raw: 0000000000010200 000000006ffd3018 000000006f8019d0 000000006f8025c0 raw: 000000006f072b80 0000000000130008 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f072400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f072480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f072500: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f072580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f072600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_memcmp out-of-bounds in memcmp ================================================================== BUG: KASAN: slab-out-of-bounds in memcmp+0x38/0x6e Read of size 1 at addr 000000006f072b98 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7900 00000004 60b74088 600d7e5e 6f072b98 6ffc88f0 00000000 601c2c00 6dfe78e0 6065d480 6dfe7940 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2c00>] ? __asan_load1+0x0/0x37 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2c00>] ? __asan_load1+0x0/0x37 [<600d7e5e>] ? printk+0x0/0x94 [<6066bff6>] ? memcmp+0x38/0x6e [<601c2c00>] ? __asan_load1+0x0/0x37 [<601c26fe>] __kasan_report+0x161/0x19c [<6066bff6>] ? memcmp+0x38/0x6e [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c35>] __asan_load1+0x35/0x37 [<6066bff6>] memcmp+0x38/0x6e [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<708693eb>] kasan_memcmp+0x9c/0xb3 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<6067a1c8>] ? __mutex_unlock_slowpath+0xa2/0x427 [<70869fdc>] kmalloc_tests_init+0x194/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_memcmp+0x65/0xb3 [test_kasan] kmalloc_tests_init+0x194/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kobject_uevent_env+0x997/0x9d6 kobject_uevent+0x12/0x14 tty_register_device_attr+0x357/0x38a tty_register_device+0x15/0x17 tty_register_driver+0x25c/0x31f 0x60027855 do_one_initcall+0x13e/0x34d 0x6000236f kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f072b80 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 24 bytes inside of 32-byte region [000000006f072b80, 000000006f072ba0) The buggy address belongs to the page: page:000000006ffc88f0 refcount:1 mapcount:0 mapping:000000006f8025c0 index:0x6f073880 compound_mapcount: 0 raw: 0000000000010200 000000006ffd3018 000000006f8019d0 000000006f8025c0 raw: 000000006f073880 0000000000130009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f072a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f072b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f072b80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f072c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f072c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_strings use-after-free in strchr ================================================================== BUG: KASAN: use-after-free in strchr+0x1f/0x3e Read of size 1 at addr 000000006f073890 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7950 00000004 60b74088 600d7e5e 6f073890 6ffc88f0 00000000 601c2d52 6dfe7930 6065d480 6dfe7990 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<6066ba6e>] ? strchr+0x1f/0x3e [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<601c1000>] ? slab_err+0x6a/0x10f [<6066ba6e>] ? strchr+0x1f/0x3e [<601c2c00>] ? __asan_load1+0x0/0x37 [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c35>] __asan_load1+0x35/0x37 [<6066ba6e>] strchr+0x1f/0x3e [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<70869497>] kasan_strings+0x95/0x180 [test_kasan] [<70869fe8>] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_strings+0x62/0x180 [test_kasan] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kasan_strings+0x7d/0x180 [test_kasan] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006f073880 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 16 bytes inside of 32-byte region [000000006f073880, 000000006f0738a0) The buggy address belongs to the page: page:000000006ffc88f0 refcount:1 mapcount:0 mapping:000000006f8025c0 index:0x6f073d60 compound_mapcount: 0 raw: 0000000000010200 000000006ffd3018 000000006f8019d0 000000006f8025c0 raw: 000000006f073d60 000000000013000a 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f073780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f073800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f073880: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f073900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f073980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_strings use-after-free in strrchr ================================================================== BUG: KASAN: use-after-free in kernel_strrchr+0x24/0x40 Read of size 1 at addr 000000006f073890 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7950 00000004 60b74088 600d7e5e 6f073890 6ffc88f0 00000000 601c2d52 6dfe7930 6065d480 6dfe7990 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<6066baec>] ? kernel_strrchr+0x24/0x40 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<601c1000>] ? slab_err+0x6a/0x10f [<6066baec>] ? kernel_strrchr+0x24/0x40 [<601c2c00>] ? __asan_load1+0x0/0x37 [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c35>] __asan_load1+0x35/0x37 [<6066baec>] kernel_strrchr+0x24/0x40 [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<708694c3>] kasan_strings+0xc1/0x180 [test_kasan] [<70869fe8>] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_strings+0x62/0x180 [test_kasan] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kasan_strings+0x7d/0x180 [test_kasan] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006f073880 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 16 bytes inside of 32-byte region [000000006f073880, 000000006f0738a0) The buggy address belongs to the page: page:000000006ffc88f0 refcount:1 mapcount:0 mapping:000000006f8025c0 index:0x6f073d60 compound_mapcount: 0 raw: 0000000000010200 000000006ffd3018 000000006f8019d0 000000006f8025c0 raw: 000000006f073d60 000000000013000a 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f073780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f073800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f073880: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f073900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f073980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_strings use-after-free in strcmp ================================================================== BUG: KASAN: use-after-free in strcmp+0x24/0x4f Read of size 1 at addr 000000006f073890 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7950 00000004 60b74088 600d7e5e 6f073890 6ffc88f0 00000000 601c2d52 6dfe7930 6065d480 6dfe7990 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<6066b9b5>] ? strcmp+0x24/0x4f [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<601c1000>] ? slab_err+0x6a/0x10f [<6066b9b5>] ? strcmp+0x24/0x4f [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c2c00>] ? __asan_load1+0x0/0x37 [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c35>] __asan_load1+0x35/0x37 [<6066b9b5>] strcmp+0x24/0x4f [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<708694f4>] kasan_strings+0xf2/0x180 [test_kasan] [<70869fe8>] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_strings+0x62/0x180 [test_kasan] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kasan_strings+0x7d/0x180 [test_kasan] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006f073880 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 16 bytes inside of 32-byte region [000000006f073880, 000000006f0738a0) The buggy address belongs to the page: page:000000006ffc88f0 refcount:1 mapcount:0 mapping:000000006f8025c0 index:0x6f073d60 compound_mapcount: 0 raw: 0000000000010200 000000006ffd3018 000000006f8019d0 000000006f8025c0 raw: 000000006f073d60 000000000013000a 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f073780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f073800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f073880: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f073900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f073980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_strings use-after-free in strncmp ================================================================== BUG: KASAN: use-after-free in strncmp+0x39/0x6f Read of size 1 at addr 000000006f073890 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f073890 6ffc88f0 00000000 601c2c00 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2c00>] ? __asan_load1+0x0/0x37 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2c00>] ? __asan_load1+0x0/0x37 [<600d7e5e>] ? printk+0x0/0x94 [<6066ba19>] ? strncmp+0x39/0x6f [<601c2c00>] ? __asan_load1+0x0/0x37 [<601c26fe>] __kasan_report+0x161/0x19c [<6066ba19>] ? strncmp+0x39/0x6f [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c35>] __asan_load1+0x35/0x37 [<6066ba19>] strncmp+0x39/0x6f [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<7086952a>] kasan_strings+0x128/0x180 [test_kasan] [<70869fe8>] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_strings+0x62/0x180 [test_kasan] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kasan_strings+0x7d/0x180 [test_kasan] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006f073880 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 16 bytes inside of 32-byte region [000000006f073880, 000000006f0738a0) The buggy address belongs to the page: page:000000006ffc88f0 refcount:1 mapcount:0 mapping:000000006f8025c0 index:0x6f073d60 compound_mapcount: 0 raw: 0000000000010200 000000006ffd3018 000000006f8019d0 000000006f8025c0 raw: 000000006f073d60 000000000013000a 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f073780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f073800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f073880: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f073900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f073980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_strings use-after-free in strlen ================================================================== BUG: KASAN: use-after-free in strlen+0x20/0x38 Read of size 1 at addr 000000006f073890 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7950 00000004 60b74088 600d7e5e 6f073890 6ffc88f0 00000000 601c2d52 6dfe7930 6065d480 6dfe7990 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<6066bbbe>] ? strlen+0x20/0x38 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<6066bbbe>] ? strlen+0x20/0x38 [<601c2c00>] ? __asan_load1+0x0/0x37 [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c35>] __asan_load1+0x35/0x37 [<6066bbbe>] strlen+0x20/0x38 [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<70869551>] kasan_strings+0x14f/0x180 [test_kasan] [<70869fe8>] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_strings+0x62/0x180 [test_kasan] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kasan_strings+0x7d/0x180 [test_kasan] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006f073880 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 16 bytes inside of 32-byte region [000000006f073880, 000000006f0738a0) The buggy address belongs to the page: page:000000006ffc88f0 refcount:1 mapcount:0 mapping:000000006f8025c0 index:0x6f073d60 compound_mapcount: 0 raw: 0000000000010200 000000006ffd3018 000000006f8019d0 000000006f8025c0 raw: 000000006f073d60 000000000013000a 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f073780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f073800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f073880: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f073900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f073980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_strings use-after-free in strnlen ================================================================== BUG: KASAN: use-after-free in strnlen+0x39/0x43 Read of size 1 at addr 000000006f073890 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7950 00000004 60b74088 600d7e5e 6f073890 6ffc88f0 00000000 601c2d52 6dfe7930 6065d480 6dfe7990 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<6066bca4>] ? strnlen+0x39/0x43 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<6066bca4>] ? strnlen+0x39/0x43 [<601c2c00>] ? __asan_load1+0x0/0x37 [<601c1ca2>] kasan_report+0x13/0x15 [<601c2c35>] __asan_load1+0x35/0x37 [<6066bca4>] strnlen+0x39/0x43 [<600d7e5e>] ? printk+0x0/0x94 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<7086957d>] kasan_strings+0x17b/0x180 [test_kasan] [<70869fe8>] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_strings+0x62/0x180 [test_kasan] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kasan_strings+0x7d/0x180 [test_kasan] kmalloc_tests_init+0x1a0/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006f073880 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 16 bytes inside of 32-byte region [000000006f073880, 000000006f0738a0) The buggy address belongs to the page: page:000000006ffc88f0 refcount:1 mapcount:0 mapping:000000006f8025c0 index:0x6f073d60 compound_mapcount: 0 raw: 0000000000010200 000000006ffd3018 000000006f8019d0 000000006f8025c0 raw: 000000006f073d60 000000000013000a 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f073780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f073800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f073880: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f073900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f073980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in set_bit ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x8f/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 601c2d52 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<70869b80>] ? kasan_bitops+0x8f/0x357 [test_kasan] [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<70869b80>] ? kasan_bitops+0x8f/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869b80>] kasan_bitops+0x8f/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in __set_bit ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0xbe/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000040 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869baf>] ? kasan_bitops+0xbe/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869baf>] ? kasan_bitops+0xbe/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869baf>] kasan_bitops+0xbe/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in clear_bit ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0xe6/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000040 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869bd7>] ? kasan_bitops+0xe6/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869bd7>] ? kasan_bitops+0xe6/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869bd7>] kasan_bitops+0xe6/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in __clear_bit ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x10f/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000040 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869c00>] ? kasan_bitops+0x10f/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869c00>] ? kasan_bitops+0x10f/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869c00>] kasan_bitops+0x10f/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in clear_bit_unlock ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x137/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000040 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869c28>] ? kasan_bitops+0x137/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869c28>] ? kasan_bitops+0x137/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869c28>] kasan_bitops+0x137/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in __clear_bit_unlock ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x160/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000040 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869c51>] ? kasan_bitops+0x160/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869c51>] ? kasan_bitops+0x160/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869c51>] kasan_bitops+0x160/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in change_bit ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x188/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000040 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869c79>] ? kasan_bitops+0x188/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869c79>] ? kasan_bitops+0x188/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869c79>] kasan_bitops+0x188/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in __change_bit ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x1b1/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000040 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869ca2>] ? kasan_bitops+0x1b1/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869ca2>] ? kasan_bitops+0x1b1/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869ca2>] kasan_bitops+0x1b1/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in test_and_set_bit ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x1df/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000048 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869cd0>] ? kasan_bitops+0x1df/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869cd0>] ? kasan_bitops+0x1df/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869cd0>] kasan_bitops+0x1df/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in __test_and_set_bit ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x207/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000048 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869cf8>] ? kasan_bitops+0x207/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869cf8>] ? kasan_bitops+0x207/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869cf8>] kasan_bitops+0x207/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in test_and_set_bit_lock ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x22f/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000048 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869d20>] ? kasan_bitops+0x22f/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869d20>] ? kasan_bitops+0x22f/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869d20>] kasan_bitops+0x22f/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in test_and_clear_bit ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x257/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000048 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869d48>] ? kasan_bitops+0x257/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869d48>] ? kasan_bitops+0x257/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869d48>] kasan_bitops+0x257/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in __test_and_clear_bit ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x27f/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000048 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869d70>] ? kasan_bitops+0x27f/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869d70>] ? kasan_bitops+0x27f/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869d70>] kasan_bitops+0x27f/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in test_and_change_bit ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x2a7/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000048 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869d98>] ? kasan_bitops+0x2a7/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869d98>] ? kasan_bitops+0x2a7/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869d98>] kasan_bitops+0x2a7/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in __test_and_change_bit ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x2cf/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000048 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869dc0>] ? kasan_bitops+0x2cf/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869dc0>] ? kasan_bitops+0x2cf/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869dc0>] kasan_bitops+0x2cf/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in test_bit ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x300/0x357 [test_kasan] Read of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000000 00000048 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869df1>] ? kasan_bitops+0x300/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<70869df1>] ? kasan_bitops+0x300/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c110c>] __kasan_check_read+0x18/0x1a [<70869df1>] kasan_bitops+0x300/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x30f/0x357 [test_kasan] Read of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7960 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000000 00000048 6dfe7940 6065d480 6dfe79a0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869e00>] ? kasan_bitops+0x30f/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<70869e00>] ? kasan_bitops+0x30f/0x357 [test_kasan] [<600d7e5e>] ? printk+0x0/0x94 [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c2ebb>] __asan_load8+0x76/0x78 [<70869e00>] kasan_bitops+0x30f/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kasan_bitops out-of-bounds in clear_bit_unlock_is_negative_byte ================================================================== BUG: KASAN: slab-out-of-bounds in kasan_bitops+0x337/0x357 [test_kasan] Write of size 8 at addr 000000006f989198 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7930 00000004 60b74088 600d7e5e 6f989198 6ffe85f8 00000001 00000048 6dfe7910 6065d480 6dfe7970 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<600d7e5e>] ? printk+0x0/0x94 [<70869e28>] ? kasan_bitops+0x337/0x357 [test_kasan] [<601c26fe>] __kasan_report+0x161/0x19c [<70869e28>] ? kasan_bitops+0x337/0x357 [test_kasan] [<601c110e>] ? __kasan_check_write+0x0/0x1d [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<600d7e5e>] ? printk+0x0/0x94 [<601c1129>] __kasan_check_write+0x1b/0x1d [<70869e28>] kasan_bitops+0x337/0x357 [test_kasan] [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<70869ff4>] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kasan_bitops+0x47/0x357 [test_kasan] kmalloc_tests_init+0x1ac/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 1: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 put_fs_context+0x23d/0x251 do_mount+0x806/0xaae devtmpfs_mount+0x57/0x91 0x60002d5b 0x600023e7 kernel_init+0x2a/0x15f new_thread_handler+0xf9/0x13c The buggy address belongs to the object at 000000006f989190 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 8 bytes inside of 16-byte region [000000006f989190, 000000006f9891a0) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x6f989910 raw: 0000000000000200 000000006f8005d0 000000006f8005d0 000000006f803900 raw: 000000006f989910 00000000000a0009 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989180: fc fc 00 01 fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kasan test: kmalloc_double_kzfree double-free (kzfree) ================================================================== BUG: KASAN: use-after-free in ksize+0x70/0xa1 Read of size 1 at addr 000000006f989910 by task insmod/511 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7910 00000004 60b74088 600d7e5e 6f989910 6ffe85f8 00000000 601c2d52 6dfe78f0 6065d480 6dfe7950 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601c2d52>] ? __asan_load4+0x0/0x78 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601c2d52>] ? __asan_load4+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60184756>] ? ksize+0x70/0xa1 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c26fe>] __kasan_report+0x161/0x19c [<60184756>] ? ksize+0x70/0xa1 [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c1ca2>] kasan_report+0x13/0x15 [<601c32ae>] check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<601848ed>] ? kzfree+0x0/0x45 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c110c>] __kasan_check_read+0x18/0x1a [<60184756>] ksize+0x70/0xa1 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<60184909>] kzfree+0x1c/0x45 [<7086961a>] kmalloc_double_kzfree+0x98/0x9d [test_kasan] [<7086a000>] kmalloc_tests_init+0x1b8/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_double_kzfree+0x62/0x9d [test_kasan] kmalloc_tests_init+0x1b8/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kzfree+0x3f/0x45 kmalloc_double_kzfree+0x93/0x9d [test_kasan] kmalloc_tests_init+0x1b8/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006f989910 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006f989910, 000000006f989920) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x0 raw: 0000000000000200 000000006ffe50d8 000000006f8005f0 000000006f803900 raw: 0000000000000000 00000000000a000a 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989900: fc fc fb fb fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== ================================================================== BUG: KASAN: double-free or invalid-free in kfree+0x1eb/0x2b5 CPU: 0 PID: 511 Comm: insmod Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6dfe7890 00000004 60b74088 600d7e5e 6f989910 6ffe85f8 00000001 601bf702 6dfe7870 6065d480 6dfe78d0 601c216e Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<600d7e5e>] ? printk+0x0/0x94 [<601bf702>] ? kfree+0x1eb/0x2b5 [<6065d480>] dump_stack+0x2a/0x2c [<601c216e>] print_address_description.constprop.0+0x39/0x3b3 [<601bf702>] ? kfree+0x1eb/0x2b5 [<600d7e5e>] ? printk+0x0/0x94 [<601bf702>] ? kfree+0x1eb/0x2b5 [<601c2567>] kasan_report_invalid_free+0x7f/0xb5 [<601bf702>] ? kfree+0x1eb/0x2b5 [<601c1426>] __kasan_slab_free+0xbe/0x16d [<601c1930>] kasan_slab_free+0x15/0x17 [<601bb6ba>] slab_free_freelist_hook+0x150/0x1a7 [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<601bf702>] kfree+0x1eb/0x2b5 [<601c32ae>] ? check_memory_region+0x134/0x13f [<600c93b9>] ? lockdep_hardirqs_on+0x2c/0x413 [<6018492c>] ? kzfree+0x3f/0x45 [<601848ed>] ? kzfree+0x0/0x45 [<600e0ebb>] ? debug_lockdep_rcu_enabled+0x0/0x8d [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<601c2d52>] ? __asan_load4+0x0/0x78 [<6018492c>] kzfree+0x3f/0x45 [<7086961a>] kmalloc_double_kzfree+0x98/0x9d [test_kasan] [<7086a000>] kmalloc_tests_init+0x1b8/0x1d0 [test_kasan] [<70869e48>] ? kmalloc_tests_init+0x0/0x1d0 [test_kasan] [<6003ed5c>] do_one_initcall+0x13e/0x34d [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c14f0>] ? kasan_unpoison_shadow+0x1b/0x35 [<601c1366>] ? kasan_poison_shadow+0x30/0x32 [<601c2bef>] ? __asan_register_globals+0x6b/0x7c [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2d52>] ? __asan_load4+0x0/0x78 [<601051f0>] do_init_module+0x132/0x44a [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<60287bf1>] ? sysfs_create_bin_file+0x0/0xd6 [<60108ad5>] load_module+0x3513/0x4159 [<601d6f07>] ? kernel_read_file_from_fd+0x59/0x7d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6010994c>] __do_sys_finit_module+0xab/0xbc [<6010996f>] ? sys_finit_module+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<6010997f>] sys_finit_module+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 Allocated by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_kmalloc.constprop.0+0xb1/0xc6 kasan_kmalloc+0x10/0x12 kmem_cache_alloc_trace+0x196/0x1a5 kmalloc_double_kzfree+0x62/0x9d [test_kasan] kmalloc_tests_init+0x1b8/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 Freed by task 511: save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 save_stack+0x2a/0xa1 __kasan_slab_free+0x13f/0x16d kasan_slab_free+0x15/0x17 slab_free_freelist_hook+0x150/0x1a7 kfree+0x1eb/0x2b5 kzfree+0x3f/0x45 kmalloc_double_kzfree+0x93/0x9d [test_kasan] kmalloc_tests_init+0x1b8/0x1d0 [test_kasan] do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 fork_handler+0xe5/0xf0 The buggy address belongs to the object at 000000006f989910 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes inside of 16-byte region [000000006f989910, 000000006f989920) The buggy address belongs to the page: page:000000006ffe85f8 refcount:1 mapcount:0 mapping:000000006f803900 index:0x0 raw: 0000000000000200 000000006ffe50d8 000000006f8005f0 000000006f803900 raw: 0000000000000000 00000000000a000a 00000001ffffffff page dumped because: kasan: bad access detected Memory state around the buggy address: 000000006f989800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >000000006f989900: fc fc fb fb fc fc fc fc fc fc fc fc fc fc fc fc ^ 000000006f989980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 000000006f989a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== insmod: ERROR: could not insert module lib/test_kasan.ko: Resource temporarily unavailable bash-5.0# bash-5.0# exit /tmp/.host/tmp/tmpbymglerh/ctrl.sh: 12: cannot create : Directory nonexistent ============================================================================= BUG kmalloc-4k (Tainted: G B ): Redzone overwritten ----------------------------------------------------------------------------- INFO: 0x000000001e053b13-0x000000001e053b13 @offset=20480. First byte 0x0 instead of 0xcc INFO: Allocated in 0x7086828e age=396 cpu=0 pid=511 save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 set_track+0x62/0xde alloc_debug_processing+0xf2/0x163 ___slab_alloc.constprop.0+0x1dc/0x39f __slab_alloc.constprop.0+0x5f/0x92 kmem_cache_alloc_trace+0x66/0x1a5 0x7086828e 0x70869e80 do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 INFO: Slab 0x0000000011e094b6 objects=2 used=2 fp=0x00000000c070f63a flags=0x10201 INFO: Object 0x000000002d0cc27f @offset=16384 fp=0x00000000c070f63a Redzone 000000001d302de3: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000058083b0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000bcc4ddff: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000ed4d3f1b: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000027065271: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000007817ce9c: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000fb484e08: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000000161ef35: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000146b980b: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000003d7be1d: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000f0271761: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000073256e00: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000003593d0b0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000003f8aace4: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000005f6bc425: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000000db6fab6: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000dff49111: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000060157324: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000033094e5b: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000f3b9188a: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000ec0a50be: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000021979a48: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000089f0eb01: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000008832f543: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000541e9208: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000c08c08a8: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000f88c2833: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000000eb83b3d: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000045c07627: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000003b453c59: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000eb407935: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000e1ee9576: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000701df628: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000018649836: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000059dbad68: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000b7fc8b98: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000edbbb576: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000050a081e2: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000d658fa33: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000078834dac: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000e851c2cd: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000000e26dd70: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000096906a0f: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000026608f1b: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000030088c90: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000cbae4eed: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000ab94f975: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000004e5d7b43: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000075a41942: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000009fb3850e: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000000df5249c: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000000bb013e3: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000098ec7ea1: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000ba777e84: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000079a76dd7: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000003f02ea52: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000059bd02d5: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000084ad268d: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000bff7ef12: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000593fba3c: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000029ced023: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000db17c62d: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000098be63de: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000007af59ecd: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000cd1d2a1f: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000b2d45683: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000013a912b4: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000dcbb0162: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000000c5b297d: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000008f466471: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000001c35287e: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000000ba5f8c4: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000446bd327: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000006a52022f: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000001f146a0c: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000005f59ed50: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000008e71fb1b: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000ded70031: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000012113969: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000ec7b82da: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000004b63670c: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000d5f2cdcd: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000066e13d54: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000000590db80: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000709d5d2a: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000002627ba1d: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000001bc6f1dc: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000f99d20b2: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000007ed2d9fb: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000d89493a9: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000bf272216: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000009f00125: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000009bac7eb6: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000bc46f2e5: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000009e41e2a3: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000002aef4d86: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000cf06db55: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000001fadf26d: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000f634c244: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000041cb608f: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000855760f4: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000fdb67d1d: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000dba58dfb: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000a3e6a6a8: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000ec8328e1: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000001cea4ad6: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000bd9d9b79: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000005c3bacc6: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000ebdcf6a7: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000a47b531b: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000854e6532: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000c0f7c053: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000b449ff95: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000004234f9fb: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000005cd25657: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000d28cb9d0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000007fa61671: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000d8746125: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000cadf7114: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000f4543066: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000004d8c861a: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000081e767d0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000ff9b626e: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000bbe6ebba: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000047292133: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000009ecba66a: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000007b9bd877: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000612fbd96: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000003a17d9bb: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000a54aef4c: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000081ca56f7: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000368ef579: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000298d8de4: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000cb4fa609: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000007a72b430: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000145093f2: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000007cade831: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000f4326a5e: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000023b5e768: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000612cb37c: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000050a43ff4: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000054e3b8e8: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000b1c5d688: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000002cc14ab: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000022346200: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000d7ff7727: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000bd621d43: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000043e3db74: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000073f8ac87: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000108681c9: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000c5b187e1: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000be847ec7: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000039ccfbbb: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000af21f1e2: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000358a1ea5: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000000d0fd04d: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000006dcf4eb3: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000001e785bac: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000066d090ee: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000ae11cf5c: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000076bf775e: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000026a1958f: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000045f959f: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000b6780bb7: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000003041de10: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000685c8a20: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000040ab5c4e: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000005f60397: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000fb331a91: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000072b30e96: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000008ee57014: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000e7a6e278: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000007599b256: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000e05d6688: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000077bb87c8: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000004b1c3753: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000a2b6fc43: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000005c8d02de: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000b2380fba: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000b6188216: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000f87519b8: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000073363d3d: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000002dda5cdb: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000059610161: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000097986ac4: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000084e6ee98: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000015262114: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000a9bbdbec: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000ed743c48: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000a5210ac8: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000e9747597: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000e25f1f98: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000fd2464c6: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000cc1151a7: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000008f987c70: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000e3c4ab63: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000002186955f: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000023d0f645: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000005eacebbb: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000ca77b0de: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000007e5d2d68: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000023a9115b: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000001842db59: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000082dc22c9: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000d56fb0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000080486b7d: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000001ba891c8: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000005e5327d6: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000e3d76657: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000552428fe: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000c2c3ea77: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000b3e69250: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000e17acab3: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000002bcbe308: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000c5f68857: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000008fe8914a: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000096859179: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000003d5f293c: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000007c6a43a2: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000325a69ca: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000f41aadab: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000003cea2fe0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000009964752c: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000087437b98: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000017b56ba7: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000001b14253: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000002e9634b5: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000001b2e4a1d: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000b416d730: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000022c3fb55: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000c9e210ef: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000cf1f47a1: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000005dea92fb: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000018704dd4: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000909ba97c: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000009dc4e95a: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000066ca276a: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000009461e826: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000003db09381: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000009814cf15: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000003f153cc3: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000032e54bdf: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000d155da7c: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000003e7118a5: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000130ede6b: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000cd865eae: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000f8dbc3ed: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000003633805a: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000000083dafc: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000053902d51: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000faa581d0: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000088ee2d21: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000a5c03447: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000008641daed: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000025d1a805: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000e1d2842e: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Object 000000002d0cc27f: 00 20 c0 6e 00 00 00 00 6b 6b 6b 6b 6b 6b 6b 6b . .n....kkkkkkkk Object 000000000fdd2313: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000002446c146: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000013f8fd48: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000005a354f8a: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000038dae28a: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000895d8606: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000008cacb929: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000023ac5c98: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000004883858d: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000c9d8a5f8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000007e3ad1ef: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000d0400a2a: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000516224f1: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000025280b19: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000023552b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000513282c2: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000ce0bafd1: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000009e8ee2b4: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000006b72199f: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000007acf9f21: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000004a5c7ec8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000006232d8aa: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000c3efcc0e: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000ed96145b: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000004ce85b29: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000099ebecd8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000085f51a41: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000f3b11922: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000008bdb6272: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000304590f7: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000cea1274c: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000289258f4: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000e6ba8617: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000070782298: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000f2c43600: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000001eaee34d: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000416c439e: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000096fd48ff: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000005089e0fb: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000005ba4f984: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000034df8b3d: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000e4f49294: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000ae72372f: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000009910b7b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000014137eb0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000001dc8ed09: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000e4d6d122: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000004c5edd34: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000007bc073ce: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000d40b8c28: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000008881cf3e: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000c64e41f1: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000062327bd3: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000e43ce3d9: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000090391f73: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000010d1ea97: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000000747725d: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000080da8a40: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000e8c8d1e9: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000c6422863: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000003433d826: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000084bf4e57: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000b14dddc5: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000e926d411: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000073ed0354: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000805c4f82: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000e9dabe3c: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000500f435f: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000b9e42db0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000069847fd: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000000e429975: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000065462b77: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000039f6e99c: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000710345b5: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000e45102c3: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000097060b12: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000009c62408a: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000929971c4: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000006d706157: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000008cb8404a: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000d4466519: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000077b28570: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000096f38903: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000a57f9e03: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000bbeeb53b: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000cfadb27b: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000cd07e8e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000004958b940: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000079b5a2c1: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000000e9be4d5: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000c180db6f: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000d384573e: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000ba91fddb: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000059405707: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000050ab7acf: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000bc3501de: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000066dff5ea: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000fdcf2826: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000001bdc9ebf: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000ba555b98: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000006b2367f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000095dd15ac: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000d36a22e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000c336c88d: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000467d039e: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000305077d0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000b9b25e62: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000e4678c62: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000b3320d8b: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000c6c92dbc: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000007120797f: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000070c1c5b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000baf67afc: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000b3f2bb5e: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000000b5e2a9f: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000053f58c51: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000024673e52: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000662747b7: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000ae499ccf: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000029610f69: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000910d6b0e: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000139cf081: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000080018c0b: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000bf71b1c6: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000af324de9: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000006ddd487f: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000058ca1eb1: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000c3fa1afb: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000009ac346a9: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000003f9070d2: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000015821f7: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000b0781344: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000027994caa: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000656cf2a0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000008acc1327: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000041d06915: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000f73543c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000001f3edc8d: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000f2326d93: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000005fab16fe: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000007a1b32c3: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000e2153713: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000024c6edf1: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000b1286c37: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000006274a317: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000008de9946b: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000d45d6aa6: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000001cdc5e74: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000abf2f49e: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000026489868: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000002959dbcf: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000001c6a3687: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000002d4e80c7: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000015e814e5: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000197443e0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000001d0b66b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000073748cf5: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000123b989f: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000902c03cc: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000d05e3750: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000c50f41f9: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000006b06f28a: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000d27a136e: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000000ec8405: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000022bfcb75: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000001a999568: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000a6aecd79: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000005f24e760: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000c97e3219: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000b52d0e05: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000262a4217: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000007a5b4890: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000f36a3cfe: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000eadbe772: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000039a39500: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000fffc8e61: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000005a014fd8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000099b73ff8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000054a76d91: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000003114e048: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000009e789100: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000aa8caa6d: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000002b8b1136: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000001fbefe2d: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000084133dfd: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000a64691ab: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000030188523: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000002c153768: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000d8464e91: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000e917b306: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000011f8bcde: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000794c08f1: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000de1d08b0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000aeb6c8f3: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000009a4c0abc: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000674f189f: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000ebebc7f1: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000006f622950: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000c569cdfb: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000000852490e: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000004fc011f7: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000002c42344a: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000001e9634f2: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000935acea8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000e9127c6b: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000045442401: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000f4673ad5: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000cf25ad30: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000b625b45f: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000009869131f: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000072220343: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000b0fd5085: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000815c5d7e: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000015729ddc: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000002995c342: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000ae43a395: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000005c25fe8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000d300d06a: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000341ca3c1: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000ce93b659: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000009668f3b: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000000dcc4352: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000892565b4: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000b8410c0a: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000f3eb81a3: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000005b248702: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000b5f620f0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000004148e537: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000d1471667: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000a086acf7: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000003a02acf5: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000027cd22d7: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000007e604c8f: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000000c97521: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000003c5da011: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000d749ff74: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000001badb07a: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000007833a5ea: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000227875dd: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000205cc841: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000002d5712b2: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000d1c3fbf0: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000000ca2490d: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000004cdf281f: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000006d03adba: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000006623ac60: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000009c59bea6: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000be28a790: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000955cf5be: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000007a639733: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000007912c03: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000005540297a: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000648e87b2: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000734dcdea: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000087448fdb: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk. Redzone 000000001e053b13: 00 cc cc cc cc cc cc cc ........ Padding 0000000051675dcd: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000003764a78d: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000007546c40c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000628b6a2d: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000084f7ccdc: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000073f3b2f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000001f93c9e: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000c94db502: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000a18a01d5: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000cf62ef24: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000b970409a: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000e8e5c1f5: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000c5625ce7: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000009e45c947: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000050cb9845: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000eb7f62e5: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000009b7dc361: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000f2c77ae9: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000962d8ffb: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ee82203f: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000046b2f9fa: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000004afee259: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000051840bd7: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000009f6b8c4f: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000449b2fd2: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000a201aedc: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000001578b00a: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ab845b3e: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000016815132: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000004475d2e1: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000084bf150c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000005a2804c1: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000008c019e1b: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000114eebfe: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000cd01de82: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000003c030fce: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000079665d84: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000f92f62a2: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000076850dcd: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000f687bb07: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000dbe0eded: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000005ef81cc9: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000758bbe77: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000006cea0ad9: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000f0ef157f: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000003c212481: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000018f5e0d9: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000048a77ecc: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000007b0f5d0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000012f578d8: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ef9bcee8: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000d88a3538: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000d8a700b0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000cf279d1f: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000004df570cf: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000633e4b7b: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000009cdbbf3f: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000e7484194: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000d1d55593: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000007800f24e: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000fbcccbb3: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ca4e8bbf: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000afb3a3a1: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000007e922aea: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000c0edc1ae: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000007af8d10: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000006de00466: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000cd0bc0f6: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000d27667ed: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000005197a7c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000091dc7f99: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000005a88f567: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000007f80f8d9: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000d3eec548: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000067e2f4b1: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000b0caf0e2: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000a4ce006d: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000e2ef9a3a: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000039a3cbd7: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000e64be4ad: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000e6377d9a: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000074ee6bc1: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ee58c93c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000eb424908: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000087bfde3c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000956d6340: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000001d3515b6: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000db6ac1fd: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000e2851d85: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000004dedae45: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000073069dc9: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000065f49801: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000002d76bcbd: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000071ea9f6c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000003de793c6: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000030dcc3e6: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000000414c650: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000006c9dbbd7: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000e9712776: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000000cbe4bff: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000f1b71009: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000b38d298c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000087e0f56b: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000006f7924c3: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ceeb4d75: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000d5b8440d: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000601c64a2: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000f2db8e8f: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000002d58c585: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000005b66d2d: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000f04bc3c7: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000525aeca2: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000008632bd5e: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000003a9f409b: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000f125aedc: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000935ffe21: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000fc1df373: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000047a4ab90: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000a8890d40: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000047da2f51: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000036b6bed4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000fadba7db: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000f8bf35e8: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ee98c55f: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000b9c26830: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000da1d1af2: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000009176e49b: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000005c796699: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000638633c0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000058d377aa: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000035f46ccc: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000009b78ff8c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000002a66e8b0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000001c8548a0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000f347f8f3: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000003fc703ed: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000034d86cfd: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000f56988ee: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000006a79ce49: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000660f3ead: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000085e62805: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000008ca5db9c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000001d77771e: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000003ae7b817: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000007881f66: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000d4b15292: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000064d48e78: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000010d3cd63: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000d1809364: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000003317d00c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000dbc6a4f1: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000005d5e59: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000006c566203: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000012d38b39: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000037700bf4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ee724911: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000076ca075c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000b793ee1a: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000003499e1a8: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000002c83ba4e: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000f32e28ba: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000006f5abb3e: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000008df9f1c3: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000000d925ce7: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000bcc1d89f: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000009b024fc8: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000016f6f535: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000e72aa995: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000052c53435: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000fa864a5a: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000086f432cb: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000081e88f61: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000002d48b024: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ea9d93c6: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ee056703: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000d36d53d1: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000006f1e6479: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000006ea7a3d3: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000c3093c03: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000036d1a61d: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000005c80161c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000017864b67: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000003f1605b3: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000000c82944: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000182a5c90: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000592b0799: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000f319e809: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000cfc971a7: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ff5004b3: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000a0fabbea: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000c7b1ffb0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000e9bd4df6: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ade96995: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000fceb99cd: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000009712c42d: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ac69a9ab: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000fc81c2c3: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000630a6a35: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000009b442437: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000559df7c5: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000aac2d66a: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000e0fbb250: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000933cb2cf: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000002a09d729: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000808bd64d: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000bb67a97c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000c7c89c03: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ca0c96f9: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000007643505e: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ac65f9ef: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000b033aa82: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000096e6fafb: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000003299ded7: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000032532d69: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000002e3284fa: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000b7775657: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000a080c9ee: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000495dfd29: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000c33995de: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000006adea151: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000006de69d43: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000003312f797: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000e5d85f8a: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000040ea7a01: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ac723566: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000f311df17: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000ce9e291f: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000a6a0ff08: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000000ff5637: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000d06331d3: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000227cb92b: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 000000001e2976b4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000448cd7d2: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000e7d8ef5a: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000475b3814: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ CPU: 0 PID: 524 Comm: poweroff Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6d65f5b0 601ba994 00000eb0 6f80c300 6d9b4000 00001150 601ba93a 6d9b5000 6d65f5b0 6065d480 6d65f5e0 601c0f8d Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<601ba994>] ? print_section+0x5a/0x62 [<601ba93a>] ? print_section+0x0/0x62 [<6065d480>] dump_stack+0x2a/0x2c [<601c0f8d>] print_trailer+0x1c4/0x1cd [<601bc198>] check_bytes_and_report+0x12a/0x175 [<601bceee>] check_object+0x9e/0x279 [<601beaa0>] free_debug_processing+0x9c/0x309 [<601c35ce>] ? qlist_free_all+0x35/0x82 [<601c35ce>] ? qlist_free_all+0x35/0x82 [<601bb04b>] ? set_freepointer+0x0/0x67 [<601bed55>] __slab_free+0x48/0x2d5 [<60140d97>] ? trace_hardirqs_on+0x33/0x96 [<6067e5e4>] ? _raw_spin_unlock_irqrestore+0x5e/0x68 [<601c3a85>] ? quarantine_reduce+0x184/0x21b [<601c110c>] ? __kasan_check_read+0x18/0x1a [<601c35ce>] ? qlist_free_all+0x35/0x82 [<601bb04b>] ? set_freepointer+0x0/0x67 [<601bfe7b>] ___cache_free+0xcf/0xde [<601c3563>] ? virt_to_head_page+0x0/0x36 [<601c1932>] ? kasan_slab_alloc+0x0/0x17 [<601c35f1>] qlist_free_all+0x58/0x82 [<601c3a97>] quarantine_reduce+0x196/0x21b [<601bdc6c>] ? __slab_alloc.constprop.0+0x7d/0x92 [<601c153d>] __kasan_kmalloc.constprop.0+0x33/0xc6 [<60140c11>] ? trace_irq_enable_rcuidle+0x32/0x185 [<60140ab3>] ? trace_hardirqs_off+0x0/0x96 [<6005fdfa>] ? set_signals+0x0/0x3f [<601c1932>] ? kasan_slab_alloc+0x0/0x17 [<601c1947>] kasan_slab_alloc+0x15/0x17 [<601bb3e3>] slab_post_alloc_hook+0x49/0x85 [<6032c2ca>] ? dentry_name+0x49/0x19d [<601ba64d>] ? get_freepointer+0x0/0x11 [<601be22b>] kmem_cache_alloc+0x15e/0x231 [<6032c2ca>] ? dentry_name+0x49/0x19d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6032c2ca>] dentry_name+0x49/0x19d [<6067e066>] ? _raw_spin_lock+0x0/0x85 [<6032c932>] hostfs_permission+0x55/0x130 [<601c2c71>] ? __asan_load2+0x0/0x6f [<601dde7b>] inode_permission+0x11b/0x1ef [<601c2e45>] ? __asan_load8+0x0/0x78 [<601e18c6>] link_path_walk.part.0+0x98/0x6ae [<6066bca4>] ? strnlen+0x39/0x43 [<601e182e>] ? link_path_walk.part.0+0x0/0x6ae [<601e26ea>] path_lookupat.isra.0+0x17d/0x2fa [<601e256d>] ? path_lookupat.isra.0+0x0/0x2fa [<601e3a9a>] filename_lookup+0x88/0xec [<60047a09>] ? __strncpy_from_user+0x9a/0xa5 [<601dd965>] ? __access_ok+0x2c/0x6a [<601c2e45>] ? __asan_load8+0x0/0x78 [<601e3b8d>] ? user_path_at_empty+0x0/0x4f [<601e3bd4>] user_path_at_empty+0x47/0x4f [<6005fdfa>] ? set_signals+0x0/0x3f [<601d45ce>] vfs_statx+0x6d/0xbe [<601c110c>] ? __kasan_check_read+0x18/0x1a [<601c2e45>] ? __asan_load8+0x0/0x78 [<601d4ad4>] ? sys_newstat+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601d49c5>] __do_sys_newstat+0x36/0x5d [<60140df3>] ? trace_hardirqs_on+0x8f/0x96 [<6004725e>] ? handle_syscall+0x88/0x182 [<601c110c>] ? __kasan_check_read+0x18/0x1a [<60042631>] ? syscall_trace_enter+0x3f/0x64 [<601d4ae4>] sys_newstat+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 FIX kmalloc-4k: Restoring 0x000000001e053b13-0x000000001e053b13=0xcc FIX kmalloc-4k: Object at 0x000000002d0cc27f not freed ============================================================================= BUG kmalloc-8 (Tainted: G B ): Redzone overwritten ----------------------------------------------------------------------------- INFO: 0x000000007345e270-0x000000007345e270 @offset=16. First byte 0x0 instead of 0xcc INFO: Allocated in 0x70868a97 age=396 cpu=0 pid=511 save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 set_track+0x62/0xde alloc_debug_processing+0xf2/0x163 ___slab_alloc.constprop.0+0x1dc/0x39f __slab_alloc.constprop.0+0x5f/0x92 kmem_cache_alloc_trace+0x66/0x1a5 0x70868a97 0x70869eec do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 INFO: Slab 0x00000000a6487ce7 objects=11 used=5 fp=0x0000000006febe72 flags=0x0201 INFO: Object 0x000000001081a04e @offset=8 fp=0x00000000aa9b094e Redzone 000000004c1599a5: cc cc cc cc cc cc cc cc ........ Object 000000001081a04e: 18 de 33 6d 00 00 00 00 ..3m.... Redzone 000000007345e270: 00 cc cc cc cc cc cc cc ........ Padding 0000000029702088: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ CPU: 0 PID: 524 Comm: poweroff Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6d65f5b0 601ba994 00000008 6f802300 6d33d008 00000158 601ba93a 6d33d010 6d65f5b0 6065d480 6d65f5e0 601c0f8d Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<601ba994>] ? print_section+0x5a/0x62 [<601ba93a>] ? print_section+0x0/0x62 [<6065d480>] dump_stack+0x2a/0x2c [<601c0f8d>] print_trailer+0x1c4/0x1cd [<601bc198>] check_bytes_and_report+0x12a/0x175 [<601bceee>] check_object+0x9e/0x279 [<601beaa0>] free_debug_processing+0x9c/0x309 [<60140c11>] ? trace_irq_enable_rcuidle+0x32/0x185 [<601c35ce>] ? qlist_free_all+0x35/0x82 [<6005fdfa>] ? set_signals+0x0/0x3f [<601c35ce>] ? qlist_free_all+0x35/0x82 [<601bb04b>] ? set_freepointer+0x0/0x67 [<601bed55>] __slab_free+0x48/0x2d5 [<60140d97>] ? trace_hardirqs_on+0x33/0x96 [<6067e5e4>] ? _raw_spin_unlock_irqrestore+0x5e/0x68 [<601c3a85>] ? quarantine_reduce+0x184/0x21b [<601c110c>] ? __kasan_check_read+0x18/0x1a [<601c35ce>] ? qlist_free_all+0x35/0x82 [<601bb04b>] ? set_freepointer+0x0/0x67 [<601bfe7b>] ___cache_free+0xcf/0xde [<601c3563>] ? virt_to_head_page+0x0/0x36 [<601c1932>] ? kasan_slab_alloc+0x0/0x17 [<601c35f1>] qlist_free_all+0x58/0x82 [<601c3a97>] quarantine_reduce+0x196/0x21b [<601bdc6c>] ? __slab_alloc.constprop.0+0x7d/0x92 [<601c153d>] __kasan_kmalloc.constprop.0+0x33/0xc6 [<60140c11>] ? trace_irq_enable_rcuidle+0x32/0x185 [<60140ab3>] ? trace_hardirqs_off+0x0/0x96 [<6005fdfa>] ? set_signals+0x0/0x3f [<601c1932>] ? kasan_slab_alloc+0x0/0x17 [<601c1947>] kasan_slab_alloc+0x15/0x17 [<601bb3e3>] slab_post_alloc_hook+0x49/0x85 [<6032c2ca>] ? dentry_name+0x49/0x19d [<601ba64d>] ? get_freepointer+0x0/0x11 [<601be22b>] kmem_cache_alloc+0x15e/0x231 [<6032c2ca>] ? dentry_name+0x49/0x19d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6032c2ca>] dentry_name+0x49/0x19d [<6067e066>] ? _raw_spin_lock+0x0/0x85 [<6032c932>] hostfs_permission+0x55/0x130 [<601c2c71>] ? __asan_load2+0x0/0x6f [<601dde7b>] inode_permission+0x11b/0x1ef [<601c2e45>] ? __asan_load8+0x0/0x78 [<601e18c6>] link_path_walk.part.0+0x98/0x6ae [<6066bca4>] ? strnlen+0x39/0x43 [<601e182e>] ? link_path_walk.part.0+0x0/0x6ae [<601e26ea>] path_lookupat.isra.0+0x17d/0x2fa [<601e256d>] ? path_lookupat.isra.0+0x0/0x2fa [<601e3a9a>] filename_lookup+0x88/0xec [<60047a09>] ? __strncpy_from_user+0x9a/0xa5 [<601dd965>] ? __access_ok+0x2c/0x6a [<601c2e45>] ? __asan_load8+0x0/0x78 [<601e3b8d>] ? user_path_at_empty+0x0/0x4f [<601e3bd4>] user_path_at_empty+0x47/0x4f [<6005fdfa>] ? set_signals+0x0/0x3f [<601d45ce>] vfs_statx+0x6d/0xbe [<601c110c>] ? __kasan_check_read+0x18/0x1a [<601c2e45>] ? __asan_load8+0x0/0x78 [<601d4ad4>] ? sys_newstat+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601d49c5>] __do_sys_newstat+0x36/0x5d [<60140df3>] ? trace_hardirqs_on+0x8f/0x96 [<6004725e>] ? handle_syscall+0x88/0x182 [<601c110c>] ? __kasan_check_read+0x18/0x1a [<60042631>] ? syscall_trace_enter+0x3f/0x64 [<601d4ae4>] sys_newstat+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 FIX kmalloc-8: Restoring 0x000000007345e270-0x000000007345e270=0xcc FIX kmalloc-8: Object at 0x000000001081a04e not freed ============================================================================= BUG kmalloc-8 (Tainted: G B ): Redzone overwritten ----------------------------------------------------------------------------- INFO: 0x000000002f5faf15-0x000000002f5faf15 @offset=3616. First byte 0x0 instead of 0xcc INFO: Allocated in 0x70868b46 age=396 cpu=0 pid=511 save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 set_track+0x62/0xde alloc_debug_processing+0xf2/0x163 ___slab_alloc.constprop.0+0x1dc/0x39f __slab_alloc.constprop.0+0x5f/0x92 kmem_cache_alloc_trace+0x66/0x1a5 0x70868b46 0x70869ef8 do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 INFO: Slab 0x00000000a6487ce7 objects=11 used=5 fp=0x0000000006febe72 flags=0x0201 INFO: Object 0x00000000e66ced74 @offset=3608 fp=0x00000000fa414c81 Redzone 0000000025ac6f5f: cc cc cc cc cc cc cc cc ........ Object 00000000e66ced74: 70 d1 33 6d 00 00 00 00 p.3m.... Redzone 000000002f5faf15: 00 cc cc cc cc cc cc cc ........ Padding 00000000cbab17c2: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ CPU: 0 PID: 524 Comm: poweroff Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6d65f5b0 601ba994 00000008 6f802300 6d33de18 00000158 601ba93a 6d33de20 6d65f5b0 6065d480 6d65f5e0 601c0f8d Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<601ba994>] ? print_section+0x5a/0x62 [<601ba93a>] ? print_section+0x0/0x62 [<6065d480>] dump_stack+0x2a/0x2c [<601c0f8d>] print_trailer+0x1c4/0x1cd [<601bc198>] check_bytes_and_report+0x12a/0x175 [<601bceee>] check_object+0x9e/0x279 [<601beaa0>] free_debug_processing+0x9c/0x309 [<60140c11>] ? trace_irq_enable_rcuidle+0x32/0x185 [<601c35ce>] ? qlist_free_all+0x35/0x82 [<6005fdfa>] ? set_signals+0x0/0x3f [<601c35ce>] ? qlist_free_all+0x35/0x82 [<601bb04b>] ? set_freepointer+0x0/0x67 [<601bed55>] __slab_free+0x48/0x2d5 [<60140d97>] ? trace_hardirqs_on+0x33/0x96 [<6067e5e4>] ? _raw_spin_unlock_irqrestore+0x5e/0x68 [<601c3a85>] ? quarantine_reduce+0x184/0x21b [<601c110c>] ? __kasan_check_read+0x18/0x1a [<601c35ce>] ? qlist_free_all+0x35/0x82 [<601bb04b>] ? set_freepointer+0x0/0x67 [<601bfe7b>] ___cache_free+0xcf/0xde [<601c3563>] ? virt_to_head_page+0x0/0x36 [<601c1932>] ? kasan_slab_alloc+0x0/0x17 [<601c35f1>] qlist_free_all+0x58/0x82 [<601c3a97>] quarantine_reduce+0x196/0x21b [<601bdc6c>] ? __slab_alloc.constprop.0+0x7d/0x92 [<601c153d>] __kasan_kmalloc.constprop.0+0x33/0xc6 [<60140c11>] ? trace_irq_enable_rcuidle+0x32/0x185 [<60140ab3>] ? trace_hardirqs_off+0x0/0x96 [<6005fdfa>] ? set_signals+0x0/0x3f [<601c1932>] ? kasan_slab_alloc+0x0/0x17 [<601c1947>] kasan_slab_alloc+0x15/0x17 [<601bb3e3>] slab_post_alloc_hook+0x49/0x85 [<6032c2ca>] ? dentry_name+0x49/0x19d [<601ba64d>] ? get_freepointer+0x0/0x11 [<601be22b>] kmem_cache_alloc+0x15e/0x231 [<6032c2ca>] ? dentry_name+0x49/0x19d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6032c2ca>] dentry_name+0x49/0x19d [<6067e066>] ? _raw_spin_lock+0x0/0x85 [<6032c932>] hostfs_permission+0x55/0x130 [<601c2c71>] ? __asan_load2+0x0/0x6f [<601dde7b>] inode_permission+0x11b/0x1ef [<601c2e45>] ? __asan_load8+0x0/0x78 [<601e18c6>] link_path_walk.part.0+0x98/0x6ae [<6066bca4>] ? strnlen+0x39/0x43 [<601e182e>] ? link_path_walk.part.0+0x0/0x6ae [<601e26ea>] path_lookupat.isra.0+0x17d/0x2fa [<601e256d>] ? path_lookupat.isra.0+0x0/0x2fa [<601e3a9a>] filename_lookup+0x88/0xec [<60047a09>] ? __strncpy_from_user+0x9a/0xa5 [<601dd965>] ? __access_ok+0x2c/0x6a [<601c2e45>] ? __asan_load8+0x0/0x78 [<601e3b8d>] ? user_path_at_empty+0x0/0x4f [<601e3bd4>] user_path_at_empty+0x47/0x4f [<6005fdfa>] ? set_signals+0x0/0x3f [<601d45ce>] vfs_statx+0x6d/0xbe [<601c110c>] ? __kasan_check_read+0x18/0x1a [<601c2e45>] ? __asan_load8+0x0/0x78 [<601d4ad4>] ? sys_newstat+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601d49c5>] __do_sys_newstat+0x36/0x5d [<60140df3>] ? trace_hardirqs_on+0x8f/0x96 [<6004725e>] ? handle_syscall+0x88/0x182 [<601c110c>] ? __kasan_check_read+0x18/0x1a [<60042631>] ? syscall_trace_enter+0x3f/0x64 [<601d4ae4>] sys_newstat+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 FIX kmalloc-8: Restoring 0x000000002f5faf15-0x000000002f5faf15=0xcc FIX kmalloc-8: Object at 0x00000000e66ced74 not freed ============================================================================= BUG kmalloc-8 (Tainted: G B ): Redzone overwritten ----------------------------------------------------------------------------- INFO: 0x00000000c5f50c1d-0x00000000c5f50c1d @offset=376. First byte 0x0 instead of 0xcc INFO: Allocated in 0x70868bf5 age=396 cpu=0 pid=511 save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 set_track+0x62/0xde alloc_debug_processing+0xf2/0x163 ___slab_alloc.constprop.0+0x1dc/0x39f __slab_alloc.constprop.0+0x5f/0x92 kmem_cache_alloc_trace+0x66/0x1a5 0x70868bf5 0x70869f04 do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 INFO: Slab 0x00000000a6487ce7 objects=11 used=5 fp=0x0000000006febe72 flags=0x0201 INFO: Object 0x00000000aa9b094e @offset=368 fp=0x000000008aee1370 Redzone 000000002007488c: cc cc cc cc cc cc cc cc ........ Object 00000000aa9b094e: 10 00 2f 6f 00 00 00 00 ../o.... Redzone 00000000c5f50c1d: 00 cc cc cc cc cc cc cc ........ Padding 00000000d6ab720a: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ CPU: 0 PID: 524 Comm: poweroff Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6d65f5b0 601ba994 00000008 6f802300 6d33d170 00000158 601ba93a 6d33d178 6d65f5b0 6065d480 6d65f5e0 601c0f8d Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<601ba994>] ? print_section+0x5a/0x62 [<601ba93a>] ? print_section+0x0/0x62 [<6065d480>] dump_stack+0x2a/0x2c [<601c0f8d>] print_trailer+0x1c4/0x1cd [<601bc198>] check_bytes_and_report+0x12a/0x175 [<601bceee>] check_object+0x9e/0x279 [<601beaa0>] free_debug_processing+0x9c/0x309 [<60140c11>] ? trace_irq_enable_rcuidle+0x32/0x185 [<601c35ce>] ? qlist_free_all+0x35/0x82 [<6005fdfa>] ? set_signals+0x0/0x3f [<601c35ce>] ? qlist_free_all+0x35/0x82 [<601bb04b>] ? set_freepointer+0x0/0x67 [<601bed55>] __slab_free+0x48/0x2d5 [<60140d97>] ? trace_hardirqs_on+0x33/0x96 [<6067e5e4>] ? _raw_spin_unlock_irqrestore+0x5e/0x68 [<601c3a85>] ? quarantine_reduce+0x184/0x21b [<601c110c>] ? __kasan_check_read+0x18/0x1a [<601c35ce>] ? qlist_free_all+0x35/0x82 [<601bb04b>] ? set_freepointer+0x0/0x67 [<601bfe7b>] ___cache_free+0xcf/0xde [<601c3563>] ? virt_to_head_page+0x0/0x36 [<601c1932>] ? kasan_slab_alloc+0x0/0x17 [<601c35f1>] qlist_free_all+0x58/0x82 [<601c3a97>] quarantine_reduce+0x196/0x21b [<601bdc6c>] ? __slab_alloc.constprop.0+0x7d/0x92 [<601c153d>] __kasan_kmalloc.constprop.0+0x33/0xc6 [<60140c11>] ? trace_irq_enable_rcuidle+0x32/0x185 [<60140ab3>] ? trace_hardirqs_off+0x0/0x96 [<6005fdfa>] ? set_signals+0x0/0x3f [<601c1932>] ? kasan_slab_alloc+0x0/0x17 [<601c1947>] kasan_slab_alloc+0x15/0x17 [<601bb3e3>] slab_post_alloc_hook+0x49/0x85 [<6032c2ca>] ? dentry_name+0x49/0x19d [<601ba64d>] ? get_freepointer+0x0/0x11 [<601be22b>] kmem_cache_alloc+0x15e/0x231 [<6032c2ca>] ? dentry_name+0x49/0x19d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6032c2ca>] dentry_name+0x49/0x19d [<6067e066>] ? _raw_spin_lock+0x0/0x85 [<6032c932>] hostfs_permission+0x55/0x130 [<601c2c71>] ? __asan_load2+0x0/0x6f [<601dde7b>] inode_permission+0x11b/0x1ef [<601c2e45>] ? __asan_load8+0x0/0x78 [<601e18c6>] link_path_walk.part.0+0x98/0x6ae [<6066bca4>] ? strnlen+0x39/0x43 [<601e182e>] ? link_path_walk.part.0+0x0/0x6ae [<601e26ea>] path_lookupat.isra.0+0x17d/0x2fa [<601e256d>] ? path_lookupat.isra.0+0x0/0x2fa [<601e3a9a>] filename_lookup+0x88/0xec [<60047a09>] ? __strncpy_from_user+0x9a/0xa5 [<601dd965>] ? __access_ok+0x2c/0x6a [<601c2e45>] ? __asan_load8+0x0/0x78 [<601e3b8d>] ? user_path_at_empty+0x0/0x4f [<601e3bd4>] user_path_at_empty+0x47/0x4f [<6005fdfa>] ? set_signals+0x0/0x3f [<601d45ce>] vfs_statx+0x6d/0xbe [<601c110c>] ? __kasan_check_read+0x18/0x1a [<601c2e45>] ? __asan_load8+0x0/0x78 [<601d4ad4>] ? sys_newstat+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601d49c5>] __do_sys_newstat+0x36/0x5d [<60140df3>] ? trace_hardirqs_on+0x8f/0x96 [<6004725e>] ? handle_syscall+0x88/0x182 [<601c110c>] ? __kasan_check_read+0x18/0x1a [<60042631>] ? syscall_trace_enter+0x3f/0x64 [<601d4ae4>] sys_newstat+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 FIX kmalloc-8: Restoring 0x00000000c5f50c1d-0x00000000c5f50c1d=0xcc FIX kmalloc-8: Object at 0x00000000aa9b094e not freed ============================================================================= BUG kmalloc-16 (Tainted: G B ): Redzone overwritten ----------------------------------------------------------------------------- INFO: 0x00000000ce442029-0x00000000ce442029 @offset=32. First byte 0x0 instead of 0xcc INFO: Allocated in 0x70868ca4 age=396 cpu=0 pid=511 save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 set_track+0x62/0xde alloc_debug_processing+0xf2/0x163 ___slab_alloc.constprop.0+0x1dc/0x39f __slab_alloc.constprop.0+0x5f/0x92 kmem_cache_alloc_trace+0x66/0x1a5 0x70868ca4 0x70869f10 do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 INFO: Freed in qlist_free_all+0x35/0x82 age=3844 cpu=0 pid=226 save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 set_track+0x62/0xde free_debug_processing+0xd1/0x309 __slab_free+0x48/0x2d5 ___cache_free+0xcf/0xde qlist_free_all+0x58/0x82 quarantine_reduce+0x196/0x21b __kasan_kmalloc.constprop.0+0x33/0xc6 kasan_slab_alloc+0x15/0x17 slab_post_alloc_hook+0x49/0x85 kmem_cache_alloc+0x15e/0x231 prepare_kernel_cred+0x2f/0x210 call_usermodehelper_exec_async+0xf6/0x383 new_thread_handler+0xf9/0x13c INFO: Slab 0x00000000e11d1a20 objects=10 used=9 fp=0x000000004600d0df flags=0x0201 INFO: Object 0x000000002659d2b1 @offset=16 fp=0x000000002c6ccde3 Redzone 00000000170f302b: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Object 000000002659d2b1: 10 09 2f 6f 00 00 00 00 00 00 00 00 00 00 00 00 ../o............ Redzone 00000000ce442029: 00 cc cc cc cc cc cc cc ........ Padding 00000000dabbe949: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ CPU: 0 PID: 524 Comm: poweroff Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6d65f5b0 601ba994 00000010 6f803900 6f2f0010 00000160 601ba93a 6f2f0020 6d65f5b0 6065d480 6d65f5e0 601c0f8d Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<601ba994>] ? print_section+0x5a/0x62 [<601ba93a>] ? print_section+0x0/0x62 [<6065d480>] dump_stack+0x2a/0x2c [<601c0f8d>] print_trailer+0x1c4/0x1cd [<601bc198>] check_bytes_and_report+0x12a/0x175 [<601bceee>] check_object+0x9e/0x279 [<601beaa0>] free_debug_processing+0x9c/0x309 [<60140c11>] ? trace_irq_enable_rcuidle+0x32/0x185 [<601c35ce>] ? qlist_free_all+0x35/0x82 [<6005fdfa>] ? set_signals+0x0/0x3f [<601c35ce>] ? qlist_free_all+0x35/0x82 [<601bb04b>] ? set_freepointer+0x0/0x67 [<601bed55>] __slab_free+0x48/0x2d5 [<60140d97>] ? trace_hardirqs_on+0x33/0x96 [<6067e5e4>] ? _raw_spin_unlock_irqrestore+0x5e/0x68 [<601c3a85>] ? quarantine_reduce+0x184/0x21b [<601c110c>] ? __kasan_check_read+0x18/0x1a [<601c35ce>] ? qlist_free_all+0x35/0x82 [<601bb04b>] ? set_freepointer+0x0/0x67 [<601bfe7b>] ___cache_free+0xcf/0xde [<601c3563>] ? virt_to_head_page+0x0/0x36 [<601c1932>] ? kasan_slab_alloc+0x0/0x17 [<601c35f1>] qlist_free_all+0x58/0x82 [<601c3a97>] quarantine_reduce+0x196/0x21b [<601bdc6c>] ? __slab_alloc.constprop.0+0x7d/0x92 [<601c153d>] __kasan_kmalloc.constprop.0+0x33/0xc6 [<60140c11>] ? trace_irq_enable_rcuidle+0x32/0x185 [<60140ab3>] ? trace_hardirqs_off+0x0/0x96 [<6005fdfa>] ? set_signals+0x0/0x3f [<601c1932>] ? kasan_slab_alloc+0x0/0x17 [<601c1947>] kasan_slab_alloc+0x15/0x17 [<601bb3e3>] slab_post_alloc_hook+0x49/0x85 [<6032c2ca>] ? dentry_name+0x49/0x19d [<601ba64d>] ? get_freepointer+0x0/0x11 [<601be22b>] kmem_cache_alloc+0x15e/0x231 [<6032c2ca>] ? dentry_name+0x49/0x19d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6032c2ca>] dentry_name+0x49/0x19d [<6067e066>] ? _raw_spin_lock+0x0/0x85 [<6032c932>] hostfs_permission+0x55/0x130 [<601c2c71>] ? __asan_load2+0x0/0x6f [<601dde7b>] inode_permission+0x11b/0x1ef [<601c2e45>] ? __asan_load8+0x0/0x78 [<601e18c6>] link_path_walk.part.0+0x98/0x6ae [<6066bca4>] ? strnlen+0x39/0x43 [<601e182e>] ? link_path_walk.part.0+0x0/0x6ae [<601e26ea>] path_lookupat.isra.0+0x17d/0x2fa [<601e256d>] ? path_lookupat.isra.0+0x0/0x2fa [<601e3a9a>] filename_lookup+0x88/0xec [<60047a09>] ? __strncpy_from_user+0x9a/0xa5 [<601dd965>] ? __access_ok+0x2c/0x6a [<601c2e45>] ? __asan_load8+0x0/0x78 [<601e3b8d>] ? user_path_at_empty+0x0/0x4f [<601e3bd4>] user_path_at_empty+0x47/0x4f [<6005fdfa>] ? set_signals+0x0/0x3f [<601d45ce>] vfs_statx+0x6d/0xbe [<601c110c>] ? __kasan_check_read+0x18/0x1a [<601c2e45>] ? __asan_load8+0x0/0x78 [<601d4ad4>] ? sys_newstat+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601d49c5>] __do_sys_newstat+0x36/0x5d [<60140df3>] ? trace_hardirqs_on+0x8f/0x96 [<6004725e>] ? handle_syscall+0x88/0x182 [<601c110c>] ? __kasan_check_read+0x18/0x1a [<60042631>] ? syscall_trace_enter+0x3f/0x64 [<601d4ae4>] sys_newstat+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 FIX kmalloc-16: Restoring 0x00000000ce442029-0x00000000ce442029=0xcc FIX kmalloc-16: Object at 0x000000002659d2b1 not freed ============================================================================= BUG kmalloc-128 (Tainted: G B ): Redzone overwritten ----------------------------------------------------------------------------- INFO: 0x00000000f0ffdabf-0x00000000f0ffdabf @offset=6016. First byte 0x79 instead of 0xcc INFO: Allocated in 0x70869249 age=335 cpu=0 pid=511 save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 set_track+0x62/0xde alloc_debug_processing+0xf2/0x163 ___slab_alloc.constprop.0+0x1dc/0x39f __slab_alloc.constprop.0+0x5f/0x92 kmem_cache_alloc_trace+0x66/0x1a5 0x70869249 0x70869fa0 do_one_initcall+0x13e/0x34d do_init_module+0x132/0x44a load_module+0x3513/0x4159 __do_sys_finit_module+0xab/0xbc sys_finit_module+0x10/0x12 handle_syscall+0x156/0x182 userspace+0x46d/0x4f8 INFO: Freed in qlist_free_all+0x35/0x82 age=3388 cpu=0 pid=508 save_stack_trace+0x46/0x4d stack_trace_save+0x34/0x39 set_track+0x62/0xde free_debug_processing+0xd1/0x309 __slab_free+0x48/0x2d5 ___cache_free+0xcf/0xde qlist_free_all+0x58/0x82 quarantine_reduce+0x196/0x21b __kasan_kmalloc.constprop.0+0x33/0xc6 kasan_slab_alloc+0x15/0x17 slab_post_alloc_hook+0x49/0x85 kmem_cache_alloc+0x15e/0x231 getname_flags+0x4f/0x2ba user_path_at_empty+0x2b/0x4f vfs_statx+0x6d/0xbe __do_sys_newstat+0x36/0x5d INFO: Slab 0x0000000005116700 objects=12 used=6 fp=0x0000000073d18205 flags=0x10201 INFO: Object 0x00000000386b5aec @offset=5888 fp=0x000000001ce74662 Redzone 000000006ceec910: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 000000002f5ba905: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000af53200f: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000bea35a3f: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000011b0eb20: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000922479d7: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000261620df: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 00000000b5390058: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Object 00000000386b5aec: 90 34 2f 6f 00 00 00 00 6b 6b 6b 6b 6b 6b 6b 6b .4/o....kkkkkkkk Object 000000002df876b5: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000008d3093b6: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 000000005f4d83d7: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 0000000095dba2d1: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000048e7826: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000b9ec5a5b: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object 00000000f5477909: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 78 6b 6b 6b a5 kkkkkkkkkkkxkkk. Redzone 00000000f0ffdabf: 79 cc cc cc cc cc cc cc y....... Padding 0000000086efb3ef: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 0000000022697203: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000b6dea266: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ CPU: 0 PID: 524 Comm: poweroff Tainted: G B 5.5.0-rc6-00009-g09462ab4014b #4 Stack: 6d65f5b0 601ba994 00000030 6f803380 6d057700 000001d0 601ba93a 6d057780 6d65f5b0 6065d480 6d65f5e0 601c0f8d Call Trace: [<601c2e45>] ? __asan_load8+0x0/0x78 [<600d7e5e>] ? printk+0x0/0x94 [<60043094>] show_stack+0x17c/0x19a [<601ba994>] ? print_section+0x5a/0x62 [<601ba93a>] ? print_section+0x0/0x62 [<6065d480>] dump_stack+0x2a/0x2c [<601c0f8d>] print_trailer+0x1c4/0x1cd [<601bc198>] check_bytes_and_report+0x12a/0x175 [<601bceee>] check_object+0x9e/0x279 [<601beaa0>] free_debug_processing+0x9c/0x309 [<601c35ce>] ? qlist_free_all+0x35/0x82 [<601c35ce>] ? qlist_free_all+0x35/0x82 [<601bb04b>] ? set_freepointer+0x0/0x67 [<601bed55>] __slab_free+0x48/0x2d5 [<60140d97>] ? trace_hardirqs_on+0x33/0x96 [<6067e5e4>] ? _raw_spin_unlock_irqrestore+0x5e/0x68 [<601c3a85>] ? quarantine_reduce+0x184/0x21b [<601c110c>] ? __kasan_check_read+0x18/0x1a [<601c35ce>] ? qlist_free_all+0x35/0x82 [<601bb04b>] ? set_freepointer+0x0/0x67 [<601bfe7b>] ___cache_free+0xcf/0xde [<601c3563>] ? virt_to_head_page+0x0/0x36 [<601c1932>] ? kasan_slab_alloc+0x0/0x17 [<601c35f1>] qlist_free_all+0x58/0x82 [<601c3a97>] quarantine_reduce+0x196/0x21b [<601bdc6c>] ? __slab_alloc.constprop.0+0x7d/0x92 [<601c153d>] __kasan_kmalloc.constprop.0+0x33/0xc6 [<60140c11>] ? trace_irq_enable_rcuidle+0x32/0x185 [<60140ab3>] ? trace_hardirqs_off+0x0/0x96 [<6005fdfa>] ? set_signals+0x0/0x3f [<601c1932>] ? kasan_slab_alloc+0x0/0x17 [<601c1947>] kasan_slab_alloc+0x15/0x17 [<601bb3e3>] slab_post_alloc_hook+0x49/0x85 [<6032c2ca>] ? dentry_name+0x49/0x19d [<601ba64d>] ? get_freepointer+0x0/0x11 [<601be22b>] kmem_cache_alloc+0x15e/0x231 [<6032c2ca>] ? dentry_name+0x49/0x19d [<601c2e45>] ? __asan_load8+0x0/0x78 [<6032c2ca>] dentry_name+0x49/0x19d [<6067e066>] ? _raw_spin_lock+0x0/0x85 [<6032c932>] hostfs_permission+0x55/0x130 [<601c2c71>] ? __asan_load2+0x0/0x6f [<601dde7b>] inode_permission+0x11b/0x1ef [<601c2e45>] ? __asan_load8+0x0/0x78 [<601e18c6>] link_path_walk.part.0+0x98/0x6ae [<6066bca4>] ? strnlen+0x39/0x43 [<601e182e>] ? link_path_walk.part.0+0x0/0x6ae [<601e26ea>] path_lookupat.isra.0+0x17d/0x2fa [<601e256d>] ? path_lookupat.isra.0+0x0/0x2fa [<601e3a9a>] filename_lookup+0x88/0xec [<60047a09>] ? __strncpy_from_user+0x9a/0xa5 [<601dd965>] ? __access_ok+0x2c/0x6a [<601c2e45>] ? __asan_load8+0x0/0x78 [<601e3b8d>] ? user_path_at_empty+0x0/0x4f [<601e3bd4>] user_path_at_empty+0x47/0x4f [<6005fdfa>] ? set_signals+0x0/0x3f [<601d45ce>] vfs_statx+0x6d/0xbe [<601c110c>] ? __kasan_check_read+0x18/0x1a [<601c2e45>] ? __asan_load8+0x0/0x78 [<601d4ad4>] ? sys_newstat+0x0/0x12 [<601c2ebd>] ? __asan_store8+0x0/0x7b [<601d49c5>] __do_sys_newstat+0x36/0x5d [<60140df3>] ? trace_hardirqs_on+0x8f/0x96 [<6004725e>] ? handle_syscall+0x88/0x182 [<601c110c>] ? __kasan_check_read+0x18/0x1a [<60042631>] ? syscall_trace_enter+0x3f/0x64 [<601d4ae4>] sys_newstat+0x10/0x12 [<6004732c>] handle_syscall+0x156/0x182 [<601c10f4>] ? __kasan_check_read+0x0/0x1a [<60062579>] userspace+0x46d/0x4f8 [<6005ecb4>] ? save_registers+0x1f/0x3b [<60065ebf>] ? arch_prctl+0x168/0x1dd [<6007f432>] ? calculate_sigpending+0xbd/0xc4 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<601c2e45>] ? __asan_load8+0x0/0x78 [<600413de>] fork_handler+0xe5/0xf0 FIX kmalloc-128: Restoring 0x00000000f0ffdabf-0x00000000f0ffdabf=0xcc FIX kmalloc-128: Object at 0x00000000386b5aec not freed Powering off. reboot: System halted