aboutsummaryrefslogtreecommitdiffstats
path: root/pkg/report/testdata/linux
diff options
context:
space:
mode:
authorDmitry Vyukov <dvyukov@google.com>2018-04-01 12:23:00 +0200
committerDmitry Vyukov <dvyukov@google.com>2018-04-01 12:23:00 +0200
commit372799e446d39d1f4c804ef19083bb974f4d3039 (patch)
treedc6d0f0d318cd3117e3c412a799f59d06a207bab /pkg/report/testdata/linux
parent1b0214295f148c4543ebf55347784c02cf0b1c4a (diff)
pkg/report: skip list functions during function extraction
List functions are very generic and we see lots of different bug merged into "bug-type in list_function".
Diffstat (limited to 'pkg/report/testdata/linux')
-rw-r--r--pkg/report/testdata/linux/report/222137
-rw-r--r--pkg/report/testdata/linux/report/223136
-rw-r--r--pkg/report/testdata/linux/report/224108
-rw-r--r--pkg/report/testdata/linux/report/225396
-rw-r--r--pkg/report/testdata/linux/report/226121
-rw-r--r--pkg/report/testdata/linux/report/227157
6 files changed, 1055 insertions, 0 deletions
diff --git a/pkg/report/testdata/linux/report/222 b/pkg/report/testdata/linux/report/222
new file mode 100644
index 000000000..1f83ed2c0
--- /dev/null
+++ b/pkg/report/testdata/linux/report/222
@@ -0,0 +1,137 @@
+TITLE: general protection fault in tipc_nametbl_unsubscribe
+
+[ 24.236490] kasan: CONFIG_KASAN_INLINE enabled
+[ 24.241061] kasan: GPF could be caused by NULL-ptr deref or user memory access
+[ 24.248411] general protection fault: 0000 [#1] SMP KASAN
+[ 24.253918] Dumping ftrace buffer:
+[ 24.257426] (ftrace buffer empty)
+[ 24.261110] Modules linked in:
+[ 24.264272] CPU: 0 PID: 4361 Comm: syzkaller865516 Not tainted 4.16.0-rc6+ #288
+[ 24.271683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+[ 24.281013] RIP: 0010:__list_del_entry_valid+0x7e/0x150
+[ 24.286343] RSP: 0018:ffff8801ae29eec8 EFLAGS: 00010206
+[ 24.291674] RAX: dffffc0000000000 RBX: 00000000000001f8 RCX: 0000000000000000
+[ 24.298918] RDX: 000000000000003f RSI: ffff8801c9eb6cd8 RDI: ffff8801c9eb6ce0
+[ 24.306154] RBP: ffff8801ae29eee0 R08: ffffffff86b2cc9f R09: 0000000000000000
+[ 24.313392] R10: ffff8801ae29eda8 R11: ffff8801d08cf710 R12: 0000000000400040
+[ 24.320631] R13: ffff8801ae29f080 R14: ffff8801c9eb6cd8 R15: ffff8801d08cf6c0
+[ 24.327883] FS: 0000000000000000(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
+[ 24.336079] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 24.341928] CR2: 0000000020265000 CR3: 000000000846a004 CR4: 00000000001606f0
+[ 24.349168] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 24.356414] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[ 24.363653] Call Trace:
+[ 24.366212] ? _raw_spin_lock_bh+0x39/0x40
+[ 24.370417] tipc_nametbl_unsubscribe+0x337/0x990
+[ 24.375228] ? release_pages+0xbd3/0x1230
+[ 24.379344] ? tipc_nametbl_subscribe+0xf80/0xf80
+[ 24.384160] ? debug_check_no_locks_freed+0x3c0/0x3c0
+[ 24.389322] ? __radix_tree_lookup+0x435/0x5e0
+[ 24.393874] ? lock_acquire+0x1d5/0x580
+[ 24.397815] ? lock_acquire+0x1d5/0x580
+[ 24.401756] ? tipc_conn_delete_sub+0x237/0x4a0
+[ 24.406390] ? tipc_conn_delete_sub+0x1f0/0x4a0
+[ 24.411027] tipc_sub_unsubscribe+0x6d/0x2e0
+[ 24.415416] ? tipc_conn_lookup+0x78/0x90
+[ 24.419535] ? tipc_sub_subscribe+0x510/0x510
+[ 24.424000] ? tipc_conn_delete_sub+0x237/0x4a0
+[ 24.428637] tipc_conn_delete_sub+0x324/0x4a0
+[ 24.433100] ? tipc_topsrv_accept+0x340/0x340
+[ 24.437564] ? trace_hardirqs_on+0xd/0x10
+[ 24.441684] ? __local_bh_enable_ip+0x121/0x230
+[ 24.446320] ? _raw_spin_unlock_bh+0x30/0x40
+[ 24.450696] tipc_topsrv_kern_unsubscr+0x21d/0x350
+[ 24.455591] ? tipc_dest_del+0x350/0x350
+[ 24.459618] ? tipc_topsrv_kern_subscr+0x9d0/0x9d0
+[ 24.464513] ? debug_check_no_locks_freed+0x3c0/0x3c0
+[ 24.469668] ? debug_check_no_locks_freed+0x3c0/0x3c0
+[ 24.474824] ? tipc_node_distr_xmit+0x212/0x2b0
+[ 24.479459] tipc_group_delete+0x2c0/0x3d0
+[ 24.483660] ? tipc_group_create+0x990/0x990
+[ 24.488034] ? lock_release+0xa40/0xa40
+[ 24.491977] ? __tipc_shutdown+0x916/0xc80
+[ 24.496178] ? do_raw_spin_trylock+0x190/0x190
+[ 24.500727] ? tipc_sk_respond+0x550/0x550
+[ 24.504941] tipc_sk_leave+0x10b/0x200
+[ 24.508795] ? tipc_sk_withdraw+0x6e0/0x6e0
+[ 24.513087] ? lock_sock_nested+0x91/0x110
+[ 24.517289] ? __local_bh_enable_ip+0x121/0x230
+[ 24.521925] tipc_release+0x154/0xff0
+[ 24.525694] ? lock_acquire+0x1d5/0x580
+[ 24.529636] ? mntput_no_expire+0x130/0xa90
+[ 24.533925] ? tipc_sk_backlog_rcv+0x390/0x390
+[ 24.538478] ? lock_release+0xa40/0xa40
+[ 24.542420] ? list_lru_count_node+0x70/0x70
+[ 24.546797] ? do_raw_spin_trylock+0x190/0x190
+[ 24.551351] ? locks_remove_file+0x3fa/0x5a0
+[ 24.555726] ? fcntl_setlk+0x1100/0x1100
+[ 24.559757] ? fsnotify+0x7b3/0x1140
+[ 24.563441] ? fsnotify_first_mark+0x2b0/0x2b0
+[ 24.568001] sock_release+0x8d/0x1e0
+[ 24.571681] ? sock_alloc_file+0x560/0x560
+[ 24.575881] sock_close+0x16/0x20
+[ 24.579303] __fput+0x327/0x7e0
+[ 24.582551] ? fput+0x140/0x140
+[ 24.585799] ? check_same_owner+0x320/0x320
+[ 24.590087] ? lock_release+0xa40/0xa40
+[ 24.594028] ____fput+0x15/0x20
+[ 24.597274] task_work_run+0x199/0x270
+[ 24.601129] ? task_work_cancel+0x210/0x210
+[ 24.605416] ? _raw_spin_unlock+0x22/0x30
+[ 24.609531] ? switch_task_namespaces+0x87/0xc0
+[ 24.614172] do_exit+0x9bb/0x1ad0
+[ 24.617594] ? mm_update_next_owner+0x930/0x930
+[ 24.622234] ? do_raw_spin_trylock+0x190/0x190
+[ 24.626789] ? release_sock+0x1d4/0x2a0
+[ 24.630732] ? lock_downgrade+0x980/0x980
+[ 24.634849] ? lock_downgrade+0x980/0x980
+[ 24.638964] ? lock_release+0xa40/0xa40
+[ 24.642914] ? tipc_nametbl_build_group+0x3a0/0x3a0
+[ 24.647899] ? tipc_nametbl_build_group+0x277/0x3a0
+[ 24.652883] ? __lockdep_init_map+0xe4/0x650
+[ 24.657257] ? lock_downgrade+0x980/0x980
+[ 24.661379] ? do_raw_spin_trylock+0x190/0x190
+[ 24.665929] ? release_sock+0x1d4/0x2a0
+[ 24.669869] ? __local_bh_enable_ip+0x121/0x230
+[ 24.674504] ? _raw_spin_unlock_bh+0x30/0x40
+[ 24.678879] ? release_sock+0x1d4/0x2a0
+[ 24.682821] ? __release_sock+0x360/0x360
+[ 24.686935] ? tipc_nametbl_build_group+0x2a0/0x3a0
+[ 24.691919] ? tipc_setsockopt+0x7b1/0xcf0
+[ 24.696119] ? fsnotify+0x7b3/0x1140
+[ 24.699799] ? tipc_sk_leave+0x200/0x200
+[ 24.703828] ? __fdget+0x18/0x20
+[ 24.707164] ? security_socket_setsockopt+0x89/0xb0
+[ 24.712148] ? SyS_setsockopt+0x215/0x360
+[ 24.716264] do_group_exit+0x149/0x400
+[ 24.720117] ? SyS_recv+0x40/0x40
+[ 24.723536] ? SyS_write+0x184/0x220
+[ 24.727216] ? SyS_exit+0x30/0x30
+[ 24.730637] ? SyS_read+0x220/0x220
+[ 24.734232] ? do_group_exit+0x400/0x400
+[ 24.738259] SyS_exit_group+0x1d/0x20
+[ 24.742028] do_syscall_64+0x281/0x940
+[ 24.745888] ? vmalloc_sync_all+0x30/0x30
+[ 24.750003] ? trace_hardirqs_on_thunk+0x1a/0x1c
+[ 24.754725] ? syscall_return_slowpath+0x550/0x550
+[ 24.759621] ? syscall_return_slowpath+0x2ac/0x550
+[ 24.764518] ? prepare_exit_to_usermode+0x350/0x350
+[ 24.769502] ? prepare_exit_to_usermode+0x227/0x350
+[ 24.774487] ? perf_trace_sys_enter+0xcb0/0xcb0
+[ 24.779125] ? trace_hardirqs_off_thunk+0x1a/0x1c
+[ 24.783938] entry_SYSCALL_64_after_hwframe+0x42/0xb7
+[ 24.789094] RIP: 0033:0x43f0d8
+[ 24.792253] RSP: 002b:00007ffca6e03198 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
+[ 24.799926] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f0d8
+[ 24.807163] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
+[ 24.814409] RBP: 00000000004bf1c8 R08: 00000000000000e7 R09: ffffffffffffffd0
+[ 24.821645] R10: 0000000020265000 R11: 0000000000000246 R12: 0000000000000001
+[ 24.828883] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000
+[ 24.836125] Code: 00 00 00 00 ad de 49 39 c4 74 66 48 b8 00 02 00 00 00 00 ad de 48 89 da 48 39 c3 74 65 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 75 7b 48 8b 13 48 39 f2 75 57 49 8d 7c 24 08 48 b8
+[ 24.855193] RIP: __list_del_entry_valid+0x7e/0x150 RSP: ffff8801ae29eec8
+[ 24.862043] ---[ end trace 31f0221025ea0e3e ]---
+[ 24.866777] Kernel panic - not syncing: Fatal exception in interrupt
+[ 24.873566] Dumping ftrace buffer:
+[ 24.877075] (ftrace buffer empty)
+[ 24.880756] Kernel Offset: disabled
+[ 24.884355] Rebooting in 86400 seconds..
diff --git a/pkg/report/testdata/linux/report/223 b/pkg/report/testdata/linux/report/223
new file mode 100644
index 000000000..fc085ffc4
--- /dev/null
+++ b/pkg/report/testdata/linux/report/223
@@ -0,0 +1,136 @@
+TITLE: KASAN: use-after-free Read in binder_release_work
+
+[ 46.527263] ==================================================================
+[ 46.534609] BUG: KASAN: use-after-free in __list_del_entry+0x196/0x1d0
+[ 46.537079] binder: release 3848:3849 transaction 21 out, still active
+[ 46.537083] binder: release 3848:3849 transaction 20 in, still active
+[ 46.537085] binder: undelivered TRANSACTION_COMPLETE
+[ 46.537150] binder: 3848:3849 BC_ACQUIRE_DONE u0000000000000000 node 19 cookie mismatch 0000000000000004 != 0000000000000000
+[ 46.570833] Read of size 8 at addr ffff8801ce6e8e10 by task kworker/1:2/2403
+[ 46.573833] binder: BINDER_SET_CONTEXT_MGR already set
+[ 46.573838] binder: 3851:3852 ioctl 40046207 0 returned -16
+[ 46.574358] binder: 3851:3852 ERROR: BC_REGISTER_LOOPER called without request
+[ 46.595166] binder_alloc: 3848: binder_alloc_buf, no vma
+[ 46.595178] binder: 3851:3853 transaction failed 29189/-3, size 0-0 line 3127
+[ 46.597455] binder: undelivered TRANSACTION_ERROR: 29189
+[ 46.599749] binder: 3851:3853 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 46.621105]
+[ 46.622158] binder_alloc: 3848: binder_alloc_buf, no vma
+executing program
+[ 46.622170] binder: 3851:3854 transaction failed 29189/-3, size 0-0 line 3127
+[ 46.635460] CPU: 1 PID: 2403 Comm: kworker/1:2 Not tainted 4.9.86-gb324a70 #50
+[ 46.637105] binder: BINDER_SET_CONTEXT_MGR already set
+[ 46.637110] binder: 3855:3856 ioctl 40046207 0 returned -16
+[ 46.637681] binder: 3855:3856 ERROR: BC_REGISTER_LOOPER called without request
+[ 46.658434] binder_alloc: 3848: binder_alloc_buf, no vma
+[ 46.658447] binder: 3855:3857 transaction failed 29189/-3, size 0-0 line 3127
+[ 46.660667] binder: undelivered TRANSACTION_ERROR: 29189
+executing program
+[ 46.662940] binder: 3855:3857 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 46.685357] binder_alloc: 3848: binder_alloc_buf, no vma
+[ 46.685378] binder: 3855:3858 transaction failed 29189/-3, size 0-0 line 3127
+[ 46.698558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+[ 46.699904] binder: BINDER_SET_CONTEXT_MGR already set
+[ 46.699909] binder: 3859:3860 ioctl 40046207 0 returned -16
+[ 46.700445] binder: 3859:3860 ERROR: BC_REGISTER_LOOPER called without request
+[ 46.721233] binder_alloc: 3848: binder_alloc_buf, no vma
+executing program
+[ 46.721246] binder: 3859:3861 transaction failed 29189/-3, size 0-0 line 3127
+[ 46.723461] binder: undelivered TRANSACTION_ERROR: 29189
+[ 46.725680] binder: 3859:3861 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 46.748058] binder_alloc: 3848: binder_alloc_buf, no vma
+[ 46.748069] binder: 3859:3862 transaction failed 29189/-3, size 0-0 line 3127
+[ 46.762875] binder: BINDER_SET_CONTEXT_MGR already set
+[ 46.762880] binder: 3863:3864 ioctl 40046207 0 returned -16
+[ 46.763407] binder: 3863:3864 ERROR: BC_REGISTER_LOOPER called without request
+executing program
+[ 46.782446] Workqueue: events binder_deferred_func[ 46.784177] binder_alloc: 3848: binder_alloc_buf, no vma
+[ 46.784188] binder: 3863:3865 transaction failed 29189/-3, size 0-0 line 3127
+[ 46.786405] binder: undelivered TRANSACTION_ERROR: 29189
+[ 46.788623] binder: 3863:3865 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 46.811009] binder_alloc: 3848: binder_alloc_buf, no vma
+[ 46.811020] binder: 3863:3866 transaction failed 29189/-3, size 0-0 line 3127
+[ 46.824712] ffff8801b3877a50[ 46.825890] binder: BINDER_SET_CONTEXT_MGR already set
+[ 46.825895] binder: 3867:3868 ioctl 40046207 0 returned -16
+[ 46.826419] binder: 3867:3868 ERROR: BC_REGISTER_LOOPER called without request
+[ 46.845854] ffffffff81d956f9[ 46.847181] binder_alloc: 3848: binder_alloc_buf, no vma
+[ 46.847192] binder: 3867:3869 transaction failed 29189/-3, size 0-0 line 3127
+[ 46.849406] binder: undelivered TRANSACTION_ERROR: 29189
+[ 46.851647] binder: 3867:3869 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 46.873641] ffffea000739ba00[ 46.874093] binder_alloc: 3848: binder_alloc_buf, no vma
+executing program
+[ 46.874105] binder: 3867:3870 transaction failed 29189/-3, size 0-0 line 3127
+[ 46.889080] binder: BINDER_SET_CONTEXT_MGR already set
+[ 46.889085] binder: 3871:3872 ioctl 40046207 0 returned -16
+[ 46.889637] binder: 3871:3872 ERROR: BC_REGISTER_LOOPER called without request
+[ 46.907451] ffff8801ce6e8e10 0000000000000000
+[ 46.907456] ffff8801ce6e8e10 ffffed00381d0d49 ffff8801b3877a88 ffffffff8153e083
+[ 46.907461] ffff8801ce6e8e10 0000000000000008 0000000000000000Call Trace:
+[ 46.907475] [<ffffffff81d956f9>] dump_stack+0xc1/0x128
+[ 46.907483] [<ffffffff8153e083>] print_address_description+0x73/0x280
+[ 46.907487] [<ffffffff8153e5a5>] kasan_report+0x275/0x360
+[ 46.907493] [<ffffffff81dfd0b6>] ? __list_del_entry+0x196/0x1d0
+[ 46.907498] [<ffffffff8153e704>] __asan_report_load8_noabort+0x14/0x20
+[ 46.907502] [<ffffffff81dfd0b6>] __list_del_entry+0x196/0x1d0
+[ 46.907506] [<ffffffff82d64cbc>] binder_release_work+0x8c/0x260
+[ 46.907510] [<ffffffff82d648da>] ? binder_send_failed_reply+0x18a/0x3a0
+[ 46.907513] [<ffffffff82d652b8>] binder_thread_release+0x428/0x600
+[ 46.907517] [<ffffffff82d658cf>] binder_deferred_func+0x43f/0xd10
+[ 46.907524] [<ffffffff81234d01>] ? __lock_is_held+0xa1/0xf0
+[ 46.907530] [<ffffffff811898a0>] process_one_work+0x7e0/0x1610
+[ 46.907534] [<ffffffff811897ec>] ? process_one_work+0x72c/0x1610
+[ 46.907538] [<ffffffff811890c0>] ? pwq_dec_nr_in_flight+0x2d0/0x2d0
+[ 46.907543] [<ffffffff8118a7b0>] worker_thread+0xe0/0x10d0
+[ 46.907553] [<ffffffff838a4583>] ? __schedule+0x683/0x1ba0
+[ 46.907558] [<ffffffff8119a7bd>] kthread+0x26d/0x300
+[ 46.907562] [<ffffffff8118a6d0>] ? process_one_work+0x1610/0x1610
+[ 46.907565] [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
+[ 46.907570] [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
+[ 46.907573] [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
+[ 46.907577] [<ffffffff838b57ac>] ret_from_fork+0x5c/0x70
+[ 46.907579]
+[ 46.907582] Allocated by task 3827:
+[ 46.907587] save_stack_trace+0x16/0x20
+[ 46.907590] save_stack+0x43/0xd0
+[ 46.907593] kasan_kmalloc+0xad/0xe0
+[ 46.907596] kmem_cache_alloc_trace+0xfb/0x2a0
+[ 46.907599] binder_transaction+0x103c/0x7040
+[ 46.907602] binder_thread_write+0x8d4/0x31f0
+[ 46.907605] binder_ioctl_write_read.isra.55+0x1ed/0x9a0
+[ 46.907607] binder_ioctl+0xaea/0x11b0
+[ 46.907611] do_vfs_ioctl+0x1aa/0x1140
+[ 46.907614] SyS_ioctl+0x8f/0xc0
+[ 46.907618] do_syscall_64+0x1a4/0x490
+[ 46.907621] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
+[ 46.907621]
+[ 46.907623] Freed by task 2403:
+[ 46.907626] save_stack_trace+0x16/0x20
+[ 46.907629] save_stack+0x43/0xd0
+[ 46.907632] kasan_slab_free+0x72/0xc0
+[ 46.907634] kfree+0x103/0x300
+[ 46.907639] binder_free_transaction+0x6a/0x90
+[ 46.907642] binder_send_failed_reply+0x185/0x3a0
+[ 46.907644] binder_thread_release+0x416/0x600
+[ 46.907647] binder_deferred_func+0x43f/0xd10
+[ 46.907650] process_one_work+0x7e0/0x1610
+[ 46.907653] worker_thread+0xe0/0x10d0
+[ 46.907656] kthread+0x26d/0x300
+[ 46.907659] ret_from_fork+0x5c/0x70
+[ 46.907659]
+[ 46.907663] The buggy address belongs to the object at ffff8801ce6e8e00
+[ 46.907663] which belongs to the cache kmalloc-192 of size 192
+[ 46.907666] The buggy address is located 16 bytes inside of
+[ 46.907666] 192-byte region [ffff8801ce6e8e00, ffff8801ce6e8ec0)
+[ 46.907666] The buggy address belongs to the page:
+[ 46.907671] page:ffffea000739ba00 count:1 mapcount:0 mapping: (null) index:0x0
+[ 46.907674] flags: 0x8000000000000080(slab)
+[ 46.907675] page dumped because: kasan: bad access detected
+[ 46.907676]
+[ 46.907677] Memory state around the buggy address:
+[ 46.907681] ffff8801ce6e8d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+[ 46.907684] ffff8801ce6e8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
+[ 46.907687] >ffff8801ce6e8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+[ 46.907688] ^
+[ 46.907691] ffff8801ce6e8e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
+[ 46.907693] ffff8801ce6e8f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+[ 46.907694] ==================================================================
diff --git a/pkg/report/testdata/linux/report/224 b/pkg/report/testdata/linux/report/224
new file mode 100644
index 000000000..e7058dabe
--- /dev/null
+++ b/pkg/report/testdata/linux/report/224
@@ -0,0 +1,108 @@
+TITLE: general protection fault in xfrm_state_walk_done
+
+[ 44.866009] kasan: CONFIG_KASAN_INLINE enabled
+[ 44.870467] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
+[ 44.883370] Dumping ftrace buffer:
+[ 44.886892] (ftrace buffer empty)
+[ 44.890589] Modules linked in:
+[ 44.893919] CPU: 0 PID: 6879 Comm: syz-executor3 Not tainted 4.4.118-g239a415 #25
+[ 44.901515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+2018/02/27 11:26:59 executing program 2:
+r0 = socket$inet(0x2, 0x1, 0x0)
+mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x4000008972, 0xffffffffffffffff, 0x0)
+connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)
+connect$inet(r0, &(0x7f00009322c4)={0x2, 0x4e20, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10)
+connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10)
+connect$inet(r0, &(0x7f000096dff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)
+
+2018/02/27 11:26:59 executing program 5:
+r0 = socket$inet(0x2, 0x6, 0x0)
+setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@broute={'broute\x00', 0x20, 0x1, 0x428, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000300], 0x0, &(0x7f0000000000), &(0x7f0000000300)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x0, []}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, []}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x15, 0x0, 0x8100, 'ip6tnl0\x00', 'bcsf0\x00', 'ipddp0\x00', 'sit0\x00', @link_local={0x1, 0x31, 0xc2}, [], @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, [], 0x2d8, 0x360, 0x398, [@bpf0={'bpf\x00', 0x210, {{0x1, [{0x6}]}}}, @vlan={'vlan\x00', 0x8}]}, [@common=@mark={'mark\x00', 0x10, {{0x0, 0xfffffffffffffffc}}}, @common=@LED={'LED\x00', 0x28, {{'syz0\x00'}}}]}, @common=@mark={'mark\x00', 0x10, {{0x0, 0xfffffffffffffffd}}}}]}]}, 0x4a0)
+
+2018/02/27 11:26:59 executing program 4:
+r0 = socket$inet6(0xa, 0x2, 0x0)
+connect$inet6(r0, &(0x7f0000000400)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80}, 0x5}, 0x1c)
+sendmsg(r0, &(0x7f0000014fc8)={&(0x7f0000006ff0)=@in={0x2, 0x4e23, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10, &(0x7f0000000040)=[], 0x0, &(0x7f000001ef80)=[]}, 0x40810)
+
+2018/02/27 11:26:59 executing program 2:
+syz_emit_ethernet(0x2a, &(0x7f0000000040)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback=0x7f000001, @dev={0xac, 0x14, 0x14}, {[]}}, @udp={0x4e20, 0x4e20, 0x8}}}}}, &(0x7f00000002c0))
+
+[ 44.910849] task: ffff8800b94c6000 task.stack: ffff8800b9768000
+[ 44.916891] RIP: 0010:[<ffffffff81d64236>] [<ffffffff81d64236>] __list_del_entry+0x86/0x1d0
+[ 44.925601] RSP: 0018:ffff8800b976f5a8 EFLAGS: 00010246
+[ 44.931033] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff8800b941d190
+[ 44.938291] RDX: 0000000000000000 RSI: ffff8800b94c6920 RDI: ffff8800b941d198
+[ 44.945547] RBP: ffff8800b976f5c0 R08: 0000000000000001 R09: ffffffff850da720
+[ 44.952798] R10: 0000000000000001 R11: 1ffff100172ede84 R12: 0000000000000000
+[ 44.960058] R13: ffff8800b941d139 R14: ffff8800b941d1b8 R15: 00000000ffffffde
+[ 44.967312] FS: 00007f2dfa41e700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
+[ 44.975522] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 44.981384] CR2: 00007f98f7304db8 CR3: 00000000b3d30000 CR4: 0000000000160670
+[ 44.988639] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 44.995891] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[ 45.003139] Stack:
+[ 45.005268] ffff8800b941d1b8 ffff8800b941d190 ffff8800aca8f3c0 ffff8800b976f5d8
+[ 45.013285] ffffffff81d6438d ffff8800b941d190 ffff8800b976f5f8 ffffffff832b05be
+[ 45.021303] ffff8800b9a82200 ffff8800b941d190 ffff8800b976f618 ffffffff832cfb13
+[ 45.029309] Call Trace:
+[ 45.031876] [<ffffffff81d6438d>] list_del+0xd/0x70
+[ 45.036865] [<ffffffff832b05be>] xfrm_state_walk_done+0x6e/0xa0
+[ 45.039511] binder: 6883:6922 got reply transaction with no transaction stack
+[ 45.039518] binder: 6883:6922 transaction failed 29201/-71, size 0-0 line 2921
+[ 45.052233] binder: release 6883:6921 transaction 32 out, still active
+[ 45.052236] binder: undelivered TRANSACTION_COMPLETE
+[ 45.052257] binder: undelivered TRANSACTION_ERROR: 29201
+[ 45.052278] binder: send failed reply for transaction 32, target dead
+[ 45.081202] [<ffffffff832cfb13>] xfrm_dump_sa_done+0x73/0xa0
+[ 45.087057] [<ffffffff832cfaa0>] ? xfrm_dump_policy_start+0x20/0x20
+[ 45.093518] [<ffffffff82f80591>] netlink_dump+0x871/0xb40
+[ 45.099111] [<ffffffff82f84d7e>] __netlink_dump_start+0x52e/0x7c0
+[ 45.105396] [<ffffffff82f7c561>] ? __netlink_ns_capable+0xe1/0x120
+[ 45.111769] [<ffffffff832d00fd>] xfrm_user_rcv_msg+0x5bd/0x6b0
+[ 45.117795] [<ffffffff832d01f0>] ? xfrm_user_rcv_msg+0x6b0/0x6b0
+[ 45.123994] [<ffffffff832cfb40>] ? xfrm_dump_sa_done+0xa0/0xa0
+[ 45.130020] [<ffffffff832d01f0>] ? xfrm_user_rcv_msg+0x6b0/0x6b0
+[ 45.136223] [<ffffffff832cfaa0>] ? xfrm_dump_policy_start+0x20/0x20
+[ 45.142686] [<ffffffff81b4c770>] ? avc_has_perm_noaudit+0x460/0x460
+[ 45.149149] [<ffffffff812367ff>] ? mark_held_locks+0xaf/0x100
+[ 45.155089] [<ffffffff837699a4>] ? mutex_lock_nested+0x5d4/0x850
+[ 45.161292] [<ffffffff81236bdb>] ? trace_hardirqs_on_caller+0x38b/0x590
+[ 45.168428] [<ffffffff83769930>] ? mutex_lock_nested+0x560/0x850
+[ 45.174631] [<ffffffff832cc480>] ? xfrm_netlink_rcv+0x60/0x90
+[ 45.180574] [<ffffffff82f841fe>] ? netlink_lookup+0xee/0x740
+[ 45.186427] [<ffffffff82f8a46e>] netlink_rcv_skb+0x13e/0x370
+[ 45.192283] [<ffffffff832cfb40>] ? xfrm_dump_sa_done+0xa0/0xa0
+[ 45.198309] [<ffffffff832cc48f>] xfrm_netlink_rcv+0x6f/0x90
+[ 45.204075] [<ffffffff82f88ff2>] netlink_unicast+0x522/0x760
+[ 45.209927] [<ffffffff82f88f1f>] ? netlink_unicast+0x44f/0x760
+[ 45.215952] [<ffffffff82f88ad0>] ? netlink_attachskb+0x6c0/0x6c0
+[ 45.222152] [<ffffffff82f89b18>] netlink_sendmsg+0x8e8/0xc50
+[ 45.228004] [<ffffffff82f89230>] ? netlink_unicast+0x760/0x760
+[ 45.234039] [<ffffffff81b68a7f>] ? selinux_socket_sendmsg+0x3f/0x50
+[ 45.240500] [<ffffffff81b46f69>] ? security_socket_sendmsg+0x89/0xb0
+[ 45.247049] [<ffffffff82f89230>] ? netlink_unicast+0x760/0x760
+[ 45.253078] [<ffffffff82deb9ba>] sock_sendmsg+0xca/0x110
+[ 45.258583] [<ffffffff82ded591>] ___sys_sendmsg+0x6c1/0x7c0
+[ 45.264349] [<ffffffff82deced0>] ? copy_msghdr_from_user+0x550/0x550
+[ 45.270900] [<ffffffff81237410>] ? debug_check_no_locks_freed+0x2c0/0x2c0
+[ 45.277883] [<ffffffff81578673>] ? __fget+0x213/0x3b0
+[ 45.283127] [<ffffffff8157869a>] ? __fget+0x23a/0x3b0
+[ 45.288379] [<ffffffff815784a7>] ? __fget+0x47/0x3b0
+[ 45.293536] [<ffffffff815788f3>] ? __fget_light+0xa3/0x1e0
+[ 45.299215] [<ffffffff81578a48>] ? __fdget+0x18/0x20
+[ 45.304374] [<ffffffff82def5e3>] __sys_sendmsg+0xd3/0x190
+[ 45.309966] [<ffffffff82def510>] ? SyS_shutdown+0x1b0/0x1b0
+[ 45.315734] [<ffffffff812e1f80>] ? SyS_futex+0x210/0x2c0
+[ 45.321239] [<ffffffff8157a52d>] ? fd_install+0x4d/0x60
+[ 45.326657] [<ffffffff82dee370>] ? move_addr_to_kernel+0x50/0x50
+[ 45.332857] [<ffffffff82def6cd>] SyS_sendmsg+0x2d/0x50
+[ 45.338189] [<ffffffff83772a5f>] entry_SYSCALL_64_fastpath+0x1c/0x98
+[ 45.344735] Code: c4 0f 84 94 00 00 00 48 b8 00 02 00 00 00 00 ad de 48 39 c3 0f 84 a5 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 e8 00 00 00 4c 8b 03 49 39 c8 0f 85 9b 00 00
+[ 45.371293] RIP [<ffffffff81d64236>] __list_del_entry+0x86/0x1d0
+[ 45.377611] RSP <ffff8800b976f5a8>
+[ 45.381250] ---[ end trace 1f9343a865882dcc ]---
+[ 45.385990] Kernel panic - not syncing: Fatal exception in interrupt
+[ 45.392878] Dumping ftrace buffer:
+[ 45.396390] (ftrace buffer empty)
+[ 45.400067] Kernel Offset: disabled
+[ 45.403659] Rebooting in 86400 seconds..
diff --git a/pkg/report/testdata/linux/report/225 b/pkg/report/testdata/linux/report/225
new file mode 100644
index 000000000..d5866f33a
--- /dev/null
+++ b/pkg/report/testdata/linux/report/225
@@ -0,0 +1,396 @@
+TITLE: KASAN: use-after-free Read in binder_release_work
+
+[ 32.347901] ==================================================================
+[ 32.355262] BUG: KASAN: use-after-free in __list_del_entry+0x196/0x1d0
+[ 32.355327] binder: 3798:3799 ERROR: BC_REGISTER_LOOPER called without request
+[ 32.369233] Read of size 8 at addr ffff8801d4933c10 by task kworker/u4:1/19
+[ 32.376302]
+[ 32.376363] binder: release 3798:3799 transaction 15 out, still active
+[ 32.376368] binder: release 3798:3799 transaction 14 in, still active
+[ 32.376371] binder: undelivered TRANSACTION_COMPLETE
+executing program
+[ 32.376497] binder: 3798:3799 BC_ACQUIRE_DONE u0000000000000000 node 13 cookie mismatch 0000000000000004 != 0000000000000000
+[ 32.407488] CPU: 0 PID: 19 Comm: kworker/u4:1 Not tainted 4.4.119-g855ea74 #27
+[ 32.414827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+[ 32.417543] binder: BINDER_SET_CONTEXT_MGR already set
+[ 32.417549] binder: 3801:3802 ioctl 40046207 0 returned -16
+[ 32.418220] binder: 3801:3802 ERROR: BC_REGISTER_LOOPER called without request
+[ 32.438969] binder_alloc: 3798: binder_alloc_buf, no vma
+executing program
+[ 32.439006] binder: 3801:3803 transaction failed 29189/-3, size 0-0 line 3128
+[ 32.441263] binder: undelivered TRANSACTION_ERROR: 29189
+[ 32.443545] binder: 3801:3803 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 32.466020] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 32.466056] binder: 3801:3804 transaction failed 29189/-3, size 0-0 line 3128
+[ 32.479954] Workqueue: binder binder_deferred_func[ 32.484559] binder: BINDER_SET_CONTEXT_MGR already set
+[ 32.484565] binder: 3805:3806 ioctl 40046207 0 returned -16
+[ 32.485214] binder: 3805:3806 ERROR: BC_REGISTER_LOOPER called without request
+
+[ 32.502946]
+[ 32.504848] 0000000000000000[ 32.506005] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 32.506042] binder: 3805:3807 transaction failed 29189/-3, size 0-0 line 3128
+[ 32.508305] binder: undelivered TRANSACTION_ERROR: 29189
+[ 32.510587] binder: 3805:3807 BC_ACQUIRE_DONE u0000000000000000 no match
+
+[ 32.532616] b6dc3e4a89cbf741[ 32.533103] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 32.533138] binder: 3805:3808 transaction failed 29189/-3, size 0-0 line 3128
+executing program
+[ 32.548469] ffff8801d94a7a58 ffffffff81d0402d[ 32.551666] binder: BINDER_SET_CONTEXT_MGR already set
+[ 32.551672] binder: 3809:3810 ioctl 40046207 0 returned -16
+[ 32.552349] binder: 3809:3810 ERROR: BC_REGISTER_LOOPER called without request
+
+[ 32.571228]
+[ 32.573088] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 32.573126] binder: 3809:3811 transaction failed 29189/-3, size 0-0 line 3128
+[ 32.575383] binder: undelivered TRANSACTION_ERROR: 29189
+[ 32.577664] binder: 3809:3811 BC_ACQUIRE_DONE u0000000000000000 no match
+executing program
+[ 32.598000] ffffea0007524cc0[ 32.600171] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 32.600206] binder: 3809:3812 transaction failed 29189/-3, size 0-0 line 3128
+
+[ 32.613558] ffff8801d4933c10 0000000000000000 ffff8801d4933c10[ 32.618735] binder: BINDER_SET_CONTEXT_MGR already set
+[ 32.618741] binder: 3813:3814 ioctl 40046207 0 returned -16
+[ 32.619416] binder: 3813:3814 ERROR: BC_REGISTER_LOOPER called without request
+
+[ 32.638207]
+[ 32.640100] ffffed0039617cf9[ 32.640170] binder_alloc: 3798: binder_alloc_buf, no vma
+executing program
+[ 32.640208] binder: 3813:3815 transaction failed 29189/-3, size 0-0 line 3128
+[ 32.642466] binder: undelivered TRANSACTION_ERROR: 29189
+[ 32.644748] binder: 3813:3815 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 32.667277] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 32.667319] binder: 3813:3816 transaction failed 29189/-3, size 0-0 line 3128
+
+[ 32.680537] ffff8801d94a7a90 ffffffff814fe103 ffff8801d4933c10
+[ 32.686957] binder: BINDER_SET_CONTEXT_MGR already set
+[ 32.686963] binder: 3817:3818 ioctl 40046207 0 returned -16
+[ 32.687638] binder: 3817:3818 ERROR: BC_REGISTER_LOOPER called without request
+[ 32.705494] Call Trace:
+[ 32.708053] [<ffffffff81d0402d>] dump_stack+0xc1/0x124
+[ 32.708401] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 32.708439] binder: 3817:3819 transaction failed 29189/-3, size 0-0 line 3128
+[ 32.710693] binder: undelivered TRANSACTION_ERROR: 29189
+[ 32.712975] binder: 3817:3819 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 32.735499] binder_alloc: 3798: binder_alloc_buf, no vma
+executing program
+[ 32.735535] binder: 3817:3820 transaction failed 29189/-3, size 0-0 line 3128
+[ 32.750958] [<ffffffff814fe103>] print_address_description+0x73/0x260
+[ 32.755102] binder: BINDER_SET_CONTEXT_MGR already set
+[ 32.755108] binder: 3821:3822 ioctl 40046207 0 returned -16
+[ 32.755770] binder: 3821:3822 ERROR: BC_REGISTER_LOOPER called without request
+[ 32.775846] [<ffffffff814fe615>] kasan_report+0x285/0x370
+[ 32.776559] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 32.776595] binder: 3821:3823 transaction failed 29189/-3, size 0-0 line 3128
+[ 32.778850] binder: undelivered TRANSACTION_ERROR: 29189
+executing program
+[ 32.781132] binder: 3821:3823 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 32.803668] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 32.803704] binder: 3821:3824 transaction failed 29189/-3, size 0-0 line 3128
+[ 32.819007] [<ffffffff81d64346>] ? __list_del_entry+0x196/0x1d0
+[ 32.823424] binder: BINDER_SET_CONTEXT_MGR already set
+[ 32.823430] binder: 3825:3826 ioctl 40046207 0 returned -16
+[ 32.824108] binder: 3825:3826 ERROR: BC_REGISTER_LOOPER called without request
+[ 32.843396] [<ffffffff814fe774>] __asan_report_load8_noabort+0x14/0x20
+executing program
+[ 32.844866] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 32.844903] binder: 3825:3827 transaction failed 29189/-3, size 0-0 line 3128
+[ 32.847157] binder: undelivered TRANSACTION_ERROR: 29189
+[ 32.849442] binder: 3825:3827 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 32.871975] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 32.872010] binder: 3825:3828 transaction failed 29189/-3, size 0-0 line 3128
+[ 32.887652] [<ffffffff81d64346>] __list_del_entry+0x196/0x1d0
+[ 32.891773] binder: BINDER_SET_CONTEXT_MGR already set
+[ 32.891779] binder: 3829:3830 ioctl 40046207 0 returned -16
+[ 32.892457] binder: 3829:3830 ERROR: BC_REGISTER_LOOPER called without request
+[ 32.911844] [<ffffffff82c7676e>] binder_release_work+0x6e/0x260
+[ 32.913217] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 32.913254] binder: 3829:3831 transaction failed 29189/-3, size 0-0 line 3128
+[ 32.915514] binder: undelivered TRANSACTION_ERROR: 29189
+[ 32.917795] binder: 3829:3831 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 32.940326] binder_alloc: 3798: binder_alloc_buf, no vma
+executing program
+[ 32.940362] binder: 3829:3832 transaction failed 29189/-3, size 0-0 line 3128
+[ 32.955491] [<ffffffff82c763aa>] ? binder_send_failed_reply+0x18a/0x3a0
+[ 32.960137] binder: BINDER_SET_CONTEXT_MGR already set
+[ 32.960143] binder: 3833:3834 ioctl 40046207 0 returned -16
+[ 32.960817] binder: 3833:3834 ERROR: BC_REGISTER_LOOPER called without request
+[ 32.980577] [<ffffffff82c76d85>] binder_thread_release+0x425/0x600
+[ 32.981583] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 32.981620] binder: 3833:3835 transaction failed 29189/-3, size 0-0 line 3128
+[ 32.983878] binder: undelivered TRANSACTION_ERROR: 29189
+[ 32.986160] binder: 3833:3835 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 33.008687] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.008723] binder: 3833:3836 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.024480] [<ffffffff82c7b9f8>] binder_deferred_func+0x438/0xd10
+[ 33.028304] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.028310] binder: 3837:3838 ioctl 40046207 0 returned -16
+[ 33.028987] binder: 3837:3838 ERROR: BC_REGISTER_LOOPER called without request
+[ 33.049042] [<ffffffff81230151>] ? __lock_is_held+0xa1/0xf0
+[ 33.049752] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.049788] binder: 3837:3839 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.052044] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.054326] binder: 3837:3839 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 33.076848] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.076885] binder: 3837:3840 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.092382] [<ffffffff8117fd37>] process_one_work+0x7d7/0x16e0
+[ 33.095715] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.095721] binder: 3841:3842 ioctl 40046207 0 returned -16
+[ 33.096423] binder: 3841:3842 ERROR: BC_REGISTER_LOOPER called without request
+[ 33.116657] [<ffffffff8117fc57>] ? process_one_work+0x6f7/0x16e0
+[ 33.117165] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.117203] binder: 3841:3843 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.119459] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.121741] binder: 3841:3843 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 33.144289] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.144326] binder: 3841:3844 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.160408] [<ffffffff8117f560>] ? pwq_dec_nr_in_flight+0x280/0x280
+[ 33.163483] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.163489] binder: 3845:3846 ioctl 40046207 0 returned -16
+[ 33.164162] binder: 3845:3846 ERROR: BC_REGISTER_LOOPER called without request
+[ 33.184929] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.184966] binder: 3845:3847 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.187222] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.189508] binder: 3845:3847 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 33.210450] [<ffffffff81180ec8>] ? worker_thread+0x288/0xfc0
+[ 33.212014] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.212050] binder: 3845:3848 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.228977] [<ffffffff81180d19>] worker_thread+0xd9/0xfc0
+[ 33.230979] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.230985] binder: 3849:3850 ioctl 40046207 0 returned -16
+[ 33.231661] binder: 3849:3850 ERROR: BC_REGISTER_LOOPER called without request
+[ 33.252423] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.252460] binder: 3849:3851 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.254716] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.256999] binder: 3849:3851 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 33.277690] [<ffffffff81003058>] ? ___preempt_schedule+0x12/0x14
+[ 33.279484] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.279521] binder: 3849:3852 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.296557] [<ffffffff81190788>] kthread+0x268/0x300
+[ 33.298379] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.298385] binder: 3853:3854 ioctl 40046207 0 returned -16
+[ 33.299037] binder: 3853:3854 ERROR: BC_REGISTER_LOOPER called without request
+[ 33.319829] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.319867] binder: 3853:3855 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.322124] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.324412] binder: 3853:3855 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 33.345194] [<ffffffff81180c40>] ? process_one_work+0x16e0/0x16e0
+[ 33.346946] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.346982] binder: 3853:3856 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.364144] [<ffffffff81190520>] ? kthread_create_on_node+0x400/0x400
+[ 33.365781] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.365787] binder: 3857:3858 ioctl 40046207 0 returned -16
+[ 33.366488] binder: 3857:3858 ERROR: BC_REGISTER_LOOPER called without request
+[ 33.387224] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.387270] binder: 3857:3859 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.389527] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.391807] binder: 3857:3859 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 33.413919] [<ffffffff81190520>] ? kthread_create_on_node+0x400/0x400
+[ 33.414305] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.414341] binder: 3857:3860 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.433148] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.433154] binder: 3861:3862 ioctl 40046207 0 returned -16
+[ 33.433808] binder: 3861:3862 ERROR: BC_REGISTER_LOOPER called without request
+[ 33.451475] [<ffffffff83773a85>] ret_from_fork+0x55/0x80
+[ 33.454590] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.454626] binder: 3861:3863 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.456883] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.459164] binder: 3861:3863 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 33.481664] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.481700] binder: 3861:3864 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.494501] [<ffffffff81190520>] ? kthread_create_on_node+0x400/0x400
+[ 33.500572] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.500578] binder: 3865:3866 ioctl 40046207 0 returned -16
+[ 33.501257] binder: 3865:3866 ERROR: BC_REGISTER_LOOPER called without request
+[ 33.519394]
+[ 33.520997] Allocated by task 3789:
+[ 33.522011] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.522047] binder: 3865:3867 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.524302] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.526583] binder: 3865:3867 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 33.549066] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.549102] binder: 3865:3868 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.562109] [<ffffffff81035d96>] save_stack_trace+0x26/0x50
+[ 33.567964] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.567970] binder: 3869:3870 ioctl 40046207 0 returned -16
+[ 33.568624] binder: 3869:3870 ERROR: BC_REGISTER_LOOPER called without request
+[ 33.586288] [<ffffffff814fd173>] save_stack+0x43/0xd0
+[ 33.589408] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.589445] binder: 3869:3871 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.591702] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.593984] binder: 3869:3871 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 33.616476] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.616511] binder: 3869:3872 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.629215] [<ffffffff814fd43d>] kasan_kmalloc+0xad/0xe0
+[ 33.634860] [ 33.635331] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.635336] binder: 3873:3874 ioctl 40046207 0 returned -16
+[ 33.636032] binder: 3873:3874 ERROR: BC_REGISTER_LOOPER called without request
+
+[ 33.654621] [<ffffffff814f93c0>] kmem_cache_alloc_trace+0x100/0x2b0
+[ 33.656779] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.656816] binder: 3873:3875 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.659072] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.661359] binder: 3873:3875 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 33.683844] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.683880] binder: 3873:3876 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.698823] [<ffffffff82c86b4c>] binder_transaction+0x103c/0x7290
+[ 33.702738] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.702744] binder: 3877:3878 ioctl 40046207 0 returned -16
+[ 33.703423] binder: 3877:3878 ERROR: BC_REGISTER_LOOPER called without request
+[ 33.723503] [ 33.724195] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.724239] binder: 3877:3879 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.726496] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.728779] binder: 3877:3879 BC_ACQUIRE_DONE u0000000000000000 no match
+
+[ 33.749908] [<ffffffff82c8d5bf>] binder_thread_write+0x81f/0x33e0
+[ 33.751281] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.751318] binder: 3877:3880 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.769069] [ 33.770164] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.770169] binder: 3881:3882 ioctl 40046207 0 returned -16
+[ 33.770848] binder: 3881:3882 ERROR: BC_REGISTER_LOOPER called without request
+
+[ 33.788858] [<ffffffff82c9034f>] binder_ioctl_write_read.isra.55+0x1cf/0xbc0
+[ 33.791609] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.791646] binder: 3881:3883 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.793903] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.796185] binder: 3881:3883 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 33.818664] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.818700] binder: 3881:3884 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.833817] [<ffffffff82c91990>] binder_ioctl+0xc50/0x12e0
+[ 33.837591] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.837597] binder: 3885:3886 ioctl 40046207 0 returned -16
+[ 33.838259] binder: 3885:3886 ERROR: BC_REGISTER_LOOPER called without request
+[ 33.857871] [ 33.859031] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.859068] binder: 3885:3887 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.861330] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.863612] binder: 3885:3887 BC_ACQUIRE_DONE u0000000000000000 no match
+
+[ 33.884252] [<ffffffff81559d4a>] do_vfs_ioctl+0x7aa/0xee0
+[ 33.886127] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.886164] binder: 3885:3888 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.902713] [<ffffffff8155a50f>] SyS_ioctl+0x8f/0xc0
+[ 33.904972] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.904978] binder: 3889:3890 ioctl 40046207 0 returned -16
+[ 33.905653] binder: 3889:3890 ERROR: BC_REGISTER_LOOPER called without request
+[ 33.926264] [ 33.926427] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.926465] binder: 3889:3891 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.928721] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.931002] binder: 3889:3891 BC_ACQUIRE_DONE u0000000000000000 no match
+
+[ 33.952652] [<ffffffff8377365f>] entry_SYSCALL_64_fastpath+0x1c/0x98
+[ 33.953544] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.953580] binder: 3889:3892 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.972061]
+[ 33.972476] binder: BINDER_SET_CONTEXT_MGR already set
+[ 33.972482] binder: 3893:3894 ioctl 40046207 0 returned -16
+[ 33.973159] binder: 3893:3894 ERROR: BC_REGISTER_LOOPER called without request
+[ 33.991910] Freed by task 19:
+[ 33.993926] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 33.993963] binder: 3893:3895 transaction failed 29189/-3, size 0-0 line 3128
+[ 33.996224] binder: undelivered TRANSACTION_ERROR: 29189
+[ 33.998505] binder: 3893:3895 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 34.019865] [ 34.021007] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.021043] binder: 3893:3896 transaction failed 29189/-3, size 0-0 line 3128
+
+[ 34.034045] [<ffffffff81035d96>] save_stack_trace+0x26/0x50
+[ 34.039952] binder: BINDER_SET_CONTEXT_MGR already set
+[ 34.039958] binder: 3897:3898 ioctl 40046207 0 returned -16
+[ 34.040638] binder: 3897:3898 ERROR: BC_REGISTER_LOOPER called without request
+[ 34.058288] [<ffffffff814fd173>] save_stack+0x43/0xd0
+[ 34.061396] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.061433] binder: 3897:3899 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.063690] binder: undelivered TRANSACTION_ERROR: 29189
+[ 34.065964] binder: 3897:3899 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 34.088470] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.088504] binder: 3897:3900 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.101193] [<ffffffff814fda92>] kasan_slab_free+0x72/0xc0
+[ 34.107019] [ 34.107353] binder: BINDER_SET_CONTEXT_MGR already set
+[ 34.107359] binder: 3901:3902 ioctl 40046207 0 returned -16
+[ 34.108007] binder: 3901:3902 ERROR: BC_REGISTER_LOOPER called without request
+
+[ 34.126788] [<ffffffff814fa52c>] kfree+0xfc/0x300
+[ 34.128804] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.128839] binder: 3901:3903 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.131095] binder: undelivered TRANSACTION_ERROR: 29189
+[ 34.133377] binder: 3901:3903 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 34.155938] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.155975] binder: 3901:3904 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.169429] [<ffffffff82c6beca>] binder_free_transaction+0x6a/0x90
+[ 34.175078] binder: BINDER_SET_CONTEXT_MGR already set
+[ 34.175084] binder: 3905:3906 ioctl 40046207 0 returned -16
+[ 34.175761] binder: 3905:3906 ERROR: BC_REGISTER_LOOPER called without request
+[ 34.194188] [<ffffffff82c763a5>] binder_send_failed_reply+0x185/0x3a0
+[ 34.196530] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.196567] binder: 3905:3907 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.198823] binder: undelivered TRANSACTION_ERROR: 29189
+[ 34.201106] binder: 3905:3907 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 34.223647] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.223684] binder: 3905:3908 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.238490] [<ffffffff82c76d73>] binder_thread_release+0x413/0x600
+[ 34.242474] binder: BINDER_SET_CONTEXT_MGR already set
+[ 34.242480] binder: 3909:3910 ioctl 40046207 0 returned -16
+[ 34.243161] binder: 3909:3910 ERROR: BC_REGISTER_LOOPER called without request
+[ 34.263251] [ 34.263918] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.263955] binder: 3909:3911 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.266211] binder: undelivered TRANSACTION_ERROR: 29189
+[ 34.268492] binder: 3909:3911 BC_ACQUIRE_DONE u0000000000000000 no match
+
+[ 34.289639] [<ffffffff82c7b9f8>] binder_deferred_func+0x438/0xd10
+[ 34.291028] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.291064] binder: 3909:3912 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.308806] [ 34.309979] binder: BINDER_SET_CONTEXT_MGR already set
+[ 34.309984] binder: 3913:3914 ioctl 40046207 0 returned -16
+[ 34.310664] binder: 3913:3914 ERROR: BC_REGISTER_LOOPER called without request
+
+[ 34.328591] [<ffffffff8117fd37>] process_one_work+0x7d7/0x16e0
+[ 34.331422] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.331460] binder: 3913:3915 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.333716] binder: undelivered TRANSACTION_ERROR: 29189
+[ 34.335964] binder: 3913:3915 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 34.358495] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.358532] binder: 3913:3916 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.372354] [<ffffffff81180d19>] worker_thread+0xd9/0xfc0
+[ 34.377343] binder: BINDER_SET_CONTEXT_MGR already set
+[ 34.377348] binder: 3917:3918 ioctl 40046207 0 returned -16
+[ 34.378021] binder: 3917:3918 ERROR: BC_REGISTER_LOOPER called without request
+[ 34.396323] [<ffffffff81190788>] kthread+0x268/0x300
+[ 34.398785] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.398821] binder: 3917:3919 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.401078] binder: undelivered TRANSACTION_ERROR: 29189
+[ 34.403358] binder: 3917:3919 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 34.425886] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.425943] binder: 3917:3920 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.439119] [<ffffffff83773a85>] ret_from_fork+0x55/0x80
+[ 34.444718] binder: BINDER_SET_CONTEXT_MGR already set
+[ 34.444724] binder: 3921:3922 ioctl 40046207 0 returned -16
+[ 34.445400] binder: 3921:3922 ERROR: BC_REGISTER_LOOPER called without request
+[ 34.463041]
+[ 34.464642] The buggy address belongs to the object at ffff8801d4933c00
+[ 34.464642] which belongs to the cache kmalloc-192 of size 192
+[ 34.466184] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.466220] binder: 3921:3923 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.468477] binder: undelivered TRANSACTION_ERROR: 29189
+[ 34.470758] binder: 3921:3923 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 34.493298] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.493334] binder: 3921:3924 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.512226] binder: BINDER_SET_CONTEXT_MGR already set
+[ 34.512232] binder: 3925:3926 ioctl 40046207 0 returned -16
+[ 34.512904] binder: 3925:3926 ERROR: BC_REGISTER_LOOPER called without request
+[ 34.533045] The buggy address is located 16 bytes inside of
+[ 34.533045] 192-byte region [ffff8801d4933c00, ffff8801d4933cc0)
+[ 34.533677] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.533714] binder: 3925:3927 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.535960] binder: undelivered TRANSACTION_ERROR: 29189
+[ 34.538246] binder: 3925:3927 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 34.560747] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.560782] binder: 3925:3928 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.579694] binder: BINDER_SET_CONTEXT_MGR already set
+[ 34.579700] binder: 3929:3930 ioctl 40046207 0 returned -16
+[ 34.580378] binder: 3929:3930 ERROR: BC_REGISTER_LOOPER called without request
+[ 34.600766] The buggy address belongs to the page:
+[ 34.601138] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.601174] binder: 3929:3931 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.603429] binder: undelivered TRANSACTION_ERROR: 29189
+[ 34.605711] binder: 3929:3931 BC_ACQUIRE_DONE u0000000000000000 no match
+[ 34.628216] binder_alloc: 3798: binder_alloc_buf, no vma
+[ 34.628252] binder: 3929:3932 transaction failed 29189/-3, size 0-0 line 3128
+[ 34.645729] ------------[ cut here ]------------
diff --git a/pkg/report/testdata/linux/report/226 b/pkg/report/testdata/linux/report/226
new file mode 100644
index 000000000..d41d53d6e
--- /dev/null
+++ b/pkg/report/testdata/linux/report/226
@@ -0,0 +1,121 @@
+TITLE: KASAN: use-after-free Read in rdma_listen
+
+[ 353.728146] ==================================================================
+[ 353.735888] BUG: KASAN: use-after-free in __list_add_valid+0xc6/0xd0
+[ 353.742378] Read of size 8 at addr ffff8801d0d16658 by task syz-executor1/23896
+[ 353.749812]
+[ 353.751441] CPU: 0 PID: 23896 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #374
+[ 353.758792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+[ 353.769453] Call Trace:
+[ 353.769474] dump_stack+0x194/0x24d
+[ 353.769488] ? arch_local_irq_restore+0x53/0x53
+[ 353.769499] ? show_regs_print_info+0x18/0x18
+[ 353.769516] ? __list_add_valid+0xc6/0xd0
+[ 353.769529] print_address_description+0x73/0x250
+[ 353.769540] ? __list_add_valid+0xc6/0xd0
+[ 353.769550] kasan_report+0x23c/0x360
+[ 353.769564] __asan_report_load8_noabort+0x14/0x20
+[ 353.769573] __list_add_valid+0xc6/0xd0
+[ 353.769585] rdma_listen+0x581/0x8e0
+[ 353.769595] ? rdma_resolve_addr+0x26c0/0x26c0
+[ 353.769614] ucma_listen+0x172/0x1f0
+[ 353.769624] ? ucma_accept+0x970/0x970
+[ 353.769636] ? kasan_check_write+0x14/0x20
+[ 353.769644] ? _copy_from_user+0x99/0x110
+[ 353.769656] ucma_write+0x2d6/0x3d0
+[ 353.769665] ? ucma_accept+0x970/0x970
+[ 353.769675] ? ucma_close_id+0x60/0x60
+[ 353.769690] ? ucma_close_id+0x60/0x60
+[ 353.769699] __vfs_write+0xef/0x970
+[ 353.769713] ? kernel_read+0x120/0x120
+[ 353.769728] ? schedule+0xf5/0x430
+[ 353.769739] ? __schedule+0x1ec0/0x1ec0
+[ 353.769750] ? security_file_permission+0x89/0x1e0
+[ 353.769762] ? rw_verify_area+0xe5/0x2b0
+[ 353.769771] ? __fdget_raw+0x20/0x20
+[ 353.769783] vfs_write+0x189/0x510
+[ 353.769796] SyS_write+0xef/0x220
+[ 353.769806] ? exit_to_usermode_loop+0x198/0x2f0
+[ 353.769818] ? SyS_read+0x220/0x220
+[ 353.769828] ? do_syscall_64+0xb7/0x940
+[ 353.769840] ? SyS_read+0x220/0x220
+[ 353.769850] do_syscall_64+0x281/0x940
+[ 353.769860] ? vmalloc_sync_all+0x30/0x30
+[ 353.769869] ? _raw_spin_unlock_irq+0x27/0x70
+[ 353.769879] ? finish_task_switch+0x1c1/0x7e0
+[ 353.769889] ? syscall_return_slowpath+0x550/0x550
+[ 353.769900] ? syscall_return_slowpath+0x2ac/0x550
+[ 353.769910] ? prepare_exit_to_usermode+0x350/0x350
+[ 353.769922] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
+[ 353.769936] ? trace_hardirqs_off_thunk+0x1a/0x1c
+[ 353.769951] entry_SYSCALL_64_after_hwframe+0x42/0xb7
+[ 353.769958] RIP: 0033:0x454e79
+[ 353.769962] RSP: 002b:00007f72f952ec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
+[ 353.769972] RAX: ffffffffffffffda RBX: 00007f72f952f6d4 RCX: 0000000000454e79
+[ 353.769978] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000016
+[ 353.769984] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
+[ 353.769991] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
+[ 353.769996] R13: 00000000000006b7 R14: 00000000006fc1c8 R15: 0000000000000000
+[ 353.770012]
+[ 353.770018] Allocated by task 23659:
+[ 353.770029] save_stack+0x43/0xd0
+[ 353.770038] kasan_kmalloc+0xad/0xe0
+[ 353.770047] __kmalloc_node_track_caller+0x47/0x70
+[ 353.770059] __kmalloc_reserve.isra.39+0x41/0xd0
+[ 353.770067] __alloc_skb+0x13b/0x780
+[ 353.770076] tcp_v6_send_response+0x215/0x1c30
+[ 353.770083] tcp_v6_send_reset+0x6fe/0xff0
+[ 353.770090] tcp_v6_rcv+0x1c56/0x2d70
+[ 353.770097] ip6_input_finish+0x37e/0x17a0
+[ 353.770103] ip6_input+0xdb/0x560
+[ 353.770111] ip6_rcv_finish+0x297/0x8c0
+[ 353.770117] ipv6_rcv+0xf38/0x1fb0
+[ 353.770126] __netif_receive_skb_core+0x1a41/0x3460
+[ 353.770133] __netif_receive_skb+0x2c/0x1b0
+[ 353.770140] process_backlog+0x203/0x740
+[ 353.770147] net_rx_action+0x792/0x1910
+[ 353.770155] __do_softirq+0x2d7/0xb85
+[ 353.770158]
+[ 353.770162] Freed by task 23659:
+[ 353.770169] save_stack+0x43/0xd0
+[ 353.770177] __kasan_slab_free+0x11a/0x170
+[ 353.770184] kasan_slab_free+0xe/0x10
+[ 353.770191] kfree+0xd9/0x260
+[ 353.770199] skb_free_head+0x74/0xb0
+[ 353.770206] skb_release_data+0x58c/0x790
+[ 353.770213] skb_release_all+0x4a/0x60
+[ 353.770219] __kfree_skb+0x15/0x20
+[ 353.770227] tcp_drop+0xcf/0x100
+[ 353.770237] tcp_rcv_state_process+0xb86/0x4920
+[ 353.770244] tcp_v6_do_rcv+0x739/0x1250
+[ 353.770259] __release_sock+0x124/0x360
+[ 353.770270] release_sock+0xa4/0x2a0
+[ 353.770280] __inet_stream_connect+0x651/0xf00
+[ 353.770290] tcp_sendmsg_locked+0x264e/0x3c70
+[ 353.770299] tcp_sendmsg+0x2f/0x50
+[ 353.770307] inet_sendmsg+0x11f/0x5e0
+[ 353.770314] sock_sendmsg+0xca/0x110
+[ 353.770322] SYSC_sendto+0x361/0x5c0
+[ 353.770328] SyS_sendto+0x40/0x50
+[ 353.770337] do_syscall_64+0x281/0x940
+[ 353.770346] entry_SYSCALL_64_after_hwframe+0x42/0xb7
+[ 353.770349]
+[ 353.770356] The buggy address belongs to the object at ffff8801d0d16480
+[ 353.770356] which belongs to the cache kmalloc-1024 of size 1024
+[ 353.770364] The buggy address is located 472 bytes inside of
+[ 353.770364] 1024-byte region [ffff8801d0d16480, ffff8801d0d16880)
+[ 353.770367] The buggy address belongs to the page:
+[ 353.770375] page:ffffea0007434580 count:1 mapcount:0 mapping:ffff8801d0d16000 index:0x0 compound_mapcount: 0
+[ 353.770388] flags: 0x2fffc0000008100(slab|head)
+[ 353.770400] raw: 02fffc0000008100 ffff8801d0d16000 0000000000000000 0000000100000007
+[ 353.770411] raw: ffffea0006b2d5a0 ffffea00070c3920 ffff8801dac00ac0 0000000000000000
+[ 353.770415] page dumped because: kasan: bad access detected
+[ 353.770418]
+[ 353.770421] Memory state around the buggy address:
+[ 353.770428] ffff8801d0d16500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+[ 353.770435] ffff8801d0d16580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+[ 353.770441] >ffff8801d0d16600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+[ 353.770446] ^
+[ 353.770452] ffff8801d0d16680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+[ 353.770459] ffff8801d0d16700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+[ 353.770463] ==================================================================
diff --git a/pkg/report/testdata/linux/report/227 b/pkg/report/testdata/linux/report/227
new file mode 100644
index 000000000..d127ed616
--- /dev/null
+++ b/pkg/report/testdata/linux/report/227
@@ -0,0 +1,157 @@
+TITLE: KASAN: use-after-free Read in cma_cancel_operation
+
+syzkaller login: [ 23.820987] ==================================================================
+[ 23.828498] BUG: KASAN: use-after-free in __list_del_entry_valid+0x144/0x150
+[ 23.835671] Read of size 8 at addr ffff8801b94cef60 by task syzkaller058671/4231
+[ 23.843174]
+[ 23.844778] CPU: 0 PID: 4231 Comm: syzkaller058671 Not tainted 4.16.0-rc6+ #366
+[ 23.852196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+[ 23.861534] Call Trace:
+[ 23.864208] dump_stack+0x194/0x24d
+[ 23.867823] ? arch_local_irq_restore+0x53/0x53
+[ 23.872471] ? show_regs_print_info+0x18/0x18
+[ 23.876944] ? rcu_note_context_switch+0x710/0x710
+[ 23.881852] ? __list_del_entry_valid+0x144/0x150
+[ 23.886673] print_address_description+0x73/0x250
+[ 23.891488] ? __list_del_entry_valid+0x144/0x150
+[ 23.896312] kasan_report+0x23c/0x360
+[ 23.900093] __asan_report_load8_noabort+0x14/0x20
+[ 23.904998] __list_del_entry_valid+0x144/0x150
+[ 23.909648] cma_cancel_operation+0x455/0xd60
+[ 23.914117] ? finish_task_switch+0x182/0x7e0
+[ 23.918594] ? find_held_lock+0x35/0x1d0
+[ 23.922632] ? rdma_destroy_id+0xda0/0xda0
+[ 23.926843] ? rdma_destroy_id+0xf4/0xda0
+[ 23.930970] ? lock_downgrade+0x980/0x980
+[ 23.935097] ? lock_release+0xa40/0xa40
+[ 23.939055] ? do_raw_spin_trylock+0x190/0x190
+[ 23.943704] ? _raw_spin_unlock_irqrestore+0x31/0xc0
+[ 23.948788] ? trace_hardirqs_on_caller+0x421/0x5c0
+[ 23.953784] rdma_destroy_id+0xff/0xda0
+[ 23.957731] ? lock_release+0xa40/0xa40
+[ 23.961681] ? lock_downgrade+0x980/0x980
+[ 23.965811] ? cma_release_dev+0x350/0x350
+[ 23.970033] ? radix_tree_delete_item+0x146/0x280
+[ 23.974873] ucma_close+0x100/0x2f0
+[ 23.978475] ? ucma_free_ctx+0xd90/0xd90
+[ 23.982521] __fput+0x327/0x7e0
+[ 23.985783] ? fput+0x140/0x140
+[ 23.989046] ? check_same_owner+0x320/0x320
+[ 23.993341] ? _raw_spin_unlock_irq+0x27/0x70
+[ 23.997814] ____fput+0x15/0x20
+[ 24.001074] task_work_run+0x199/0x270
+[ 24.004938] ? task_work_cancel+0x210/0x210
+[ 24.009235] ? _raw_spin_unlock+0x22/0x30
+[ 24.013357] ? switch_task_namespaces+0x87/0xc0
+[ 24.018007] do_exit+0x9bb/0x1ad0
+[ 24.021448] ? find_held_lock+0x35/0x1d0
+[ 24.025486] ? mm_update_next_owner+0x930/0x930
+[ 24.030145] ? debug_check_no_locks_freed+0x3c0/0x3c0
+[ 24.035315] ? lock_downgrade+0x980/0x980
+[ 24.039438] ? __unqueue_futex+0x1c0/0x290
+[ 24.043650] ? lock_release+0xa40/0xa40
+[ 24.047599] ? fault_in_user_writeable+0x90/0x90
+[ 24.052329] ? do_raw_spin_trylock+0x190/0x190
+[ 24.056885] ? futex_wake+0x680/0x680
+[ 24.060666] ? drop_futex_key_refs.isra.13+0x63/0xb0
+[ 24.065745] ? futex_wait+0x6a9/0x9a0
+[ 24.069550] ? trace_hardirqs_off+0x10/0x10
+[ 24.073845] ? drop_futex_key_refs.isra.13+0x63/0xb0
+[ 24.078922] ? futex_wake+0x2ca/0x680
+[ 24.082700] ? memset+0x31/0x40
+[ 24.085961] ? find_held_lock+0x35/0x1d0
+[ 24.090650] ? get_signal+0x7a9/0x16d0
+[ 24.094516] ? lock_downgrade+0x980/0x980
+[ 24.098662] do_group_exit+0x149/0x400
+[ 24.102531] ? do_raw_spin_trylock+0x190/0x190
+[ 24.107087] ? SyS_exit+0x30/0x30
+[ 24.110517] ? _raw_spin_unlock_irq+0x27/0x70
+[ 24.114988] ? trace_hardirqs_on_caller+0x421/0x5c0
+[ 24.119999] get_signal+0x73a/0x16d0
+[ 24.123704] ? ptrace_notify+0x130/0x130
+[ 24.127742] ? ucma_put_ctx+0x26/0x30
+[ 24.131517] ? ucma_listen+0x182/0x1f0
+[ 24.135390] ? ucma_accept+0x970/0x970
+[ 24.139266] ? kasan_check_write+0x14/0x20
+[ 24.143474] ? _copy_from_user+0x99/0x110
+[ 24.147600] ? ucma_write+0x11f/0x3d0
+[ 24.151376] ? ucma_accept+0x970/0x970
+[ 24.155240] ? ucma_close_id+0x60/0x60
+[ 24.159108] do_signal+0x90/0x1e90
+[ 24.162643] ? ucma_close_id+0x60/0x60
+[ 24.166504] ? __vfs_write+0xf7/0x970
+[ 24.170280] ? setup_sigcontext+0x7d0/0x7d0
+[ 24.174573] ? kernel_read+0x120/0x120
+[ 24.178443] ? trace_hardirqs_off+0x10/0x10
+[ 24.182756] ? fsnotify+0x7b3/0x1140
+[ 24.186474] ? exit_to_usermode_loop+0x8c/0x2f0
+[ 24.191141] exit_to_usermode_loop+0x258/0x2f0
+[ 24.195710] ? trace_event_raw_event_sys_exit+0x260/0x260
+[ 24.201229] ? do_syscall_64+0xb7/0x940
+[ 24.205184] do_syscall_64+0x6ec/0x940
+[ 24.209051] ? _raw_spin_unlock_irq+0x27/0x70
+[ 24.213523] ? finish_task_switch+0x1c1/0x7e0
+[ 24.217992] ? syscall_return_slowpath+0x550/0x550
+[ 24.222910] ? syscall_return_slowpath+0x2ac/0x550
+[ 24.227821] ? prepare_exit_to_usermode+0x350/0x350
+[ 24.232813] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
+[ 24.238154] ? trace_hardirqs_off_thunk+0x1a/0x1c
+[ 24.243581] entry_SYSCALL_64_after_hwframe+0x42/0xb7
+[ 24.248746] RIP: 0033:0x446a49
+[ 24.251909] RSP: 002b:00007fb425dffda8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
+[ 24.259591] RAX: fffffffffffffe00 RBX: 00000000006e29fc RCX: 0000000000446a49
+[ 24.266837] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000006e29fc
+[ 24.274081] RBP: 00000000006e29f8 R08: 0000000000000000 R09: 0000000000000000
+[ 24.281323] R10: 0000000000000000 R11: 0000000000000246 R12: 006d635f616d6472
+[ 24.288563] R13: 2f646e6162696e69 R14: 666e692f7665642f R15: 0000000000000005
+[ 24.295820]
+[ 24.297425] Allocated by task 4228:
+[ 24.301034] save_stack+0x43/0xd0
+[ 24.304464] kasan_kmalloc+0xad/0xe0
+[ 24.308160] kmem_cache_alloc_trace+0x136/0x740
+[ 24.312806] rdma_create_id+0xd0/0x630
+[ 24.316665] ucma_create_id+0x35f/0x920
+[ 24.320611] ucma_write+0x2d6/0x3d0
+[ 24.324208] __vfs_write+0xef/0x970
+[ 24.327804] vfs_write+0x189/0x510
+[ 24.331316] SyS_write+0xef/0x220
+[ 24.334742] do_syscall_64+0x281/0x940
+[ 24.338605] entry_SYSCALL_64_after_hwframe+0x42/0xb7
+[ 24.343764]
+[ 24.345363] Freed by task 4231:
+[ 24.348617] save_stack+0x43/0xd0
+[ 24.352048] __kasan_slab_free+0x11a/0x170
+[ 24.356360] kasan_slab_free+0xe/0x10
+[ 24.360134] kfree+0xd9/0x260
+[ 24.363210] rdma_destroy_id+0x821/0xda0
+[ 24.367243] ucma_close+0x100/0x2f0
+[ 24.370842] __fput+0x327/0x7e0
+[ 24.374092] ____fput+0x15/0x20
+[ 24.377343] task_work_run+0x199/0x270
+[ 24.381205] do_exit+0x9bb/0x1ad0
+[ 24.384631] do_group_exit+0x149/0x400
+[ 24.388492] get_signal+0x73a/0x16d0
+[ 24.392175] do_signal+0x90/0x1e90
+[ 24.395690] exit_to_usermode_loop+0x258/0x2f0
+[ 24.400242] do_syscall_64+0x6ec/0x940
+[ 24.404102] entry_SYSCALL_64_after_hwframe+0x42/0xb7
+[ 24.409260]
+[ 24.410860] The buggy address belongs to the object at ffff8801b94ced80
+[ 24.410860] which belongs to the cache kmalloc-1024 of size 1024
+[ 24.423658] The buggy address is located 480 bytes inside of
+[ 24.423658] 1024-byte region [ffff8801b94ced80, ffff8801b94cf180)
+[ 24.435589] The buggy address belongs to the page:
+[ 24.440494] page:ffffea0006e53380 count:1 mapcount:0 mapping:ffff8801b94ce000 index:0x0 compound_mapcount: 0
+[ 24.450434] flags: 0x2fffc0000008100(slab|head)
+[ 24.455077] raw: 02fffc0000008100 ffff8801b94ce000 0000000000000000 0000000100000007
+[ 24.462944] raw: ffffea0006e8ad20 ffff8801dac01848 ffff8801dac00ac0 0000000000000000
+[ 24.470793] page dumped because: kasan: bad access detected
+[ 24.476484]
+[ 24.478084] Memory state around the buggy address:
+[ 24.482985] ffff8801b94cee00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+[ 24.490316] ffff8801b94cee80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+[ 24.497649] >ffff8801b94cef00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+[ 24.504991] ^
+[ 24.511460] ffff8801b94cef80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+[ 24.518793] ffff8801b94cf000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+[ 24.526121] ==================================================================
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-12 15:21:00 +0000