BUG: KASAN: slab-out-of-bounds in cts_cbc_encrypt+0xec/0x3c0

From: Qian Cai
Date: Thu Nov 08 2018 - 15:26:22 EST

Next message: J. Bruce Fields: "Re: [PATCH 01/12] fs/locks: rename some lists and pointers."
Previous message: Paolo Bonzini: "Re: [PATCH V6 0/8] KVM: X86: Introducing ROE Protection Kernel Hardening"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just booting up the latest git master (b00d209) on an aarch64 server and saw
this.

[ÂÂÂ42.448373] BUG: KASAN: slab-out-of-bounds in cts_cbc_encrypt+0xec/0x3c0
[ÂÂÂ42.455157] Write of size 8 at addr ffff801dd06aaa40 by task
cryptomgr_test/409

[ÂÂÂ42.464065] CPU: 3 PID: 409 Comm: cryptomgr_test Tainted: GÂÂÂÂÂÂÂÂWÂÂÂÂÂÂÂT
4.20.0-rc1+ #6
[ÂÂÂ42.472517] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.50
06/01/2018
[ÂÂÂ42.479826] Call trace:
[ÂÂÂ42.482306]ÂÂdump_backtrace+0x0/0x248
[ÂÂÂ42.486014]ÂÂshow_stack+0x24/0x30
[ÂÂÂ42.489372]ÂÂdump_stack+0xb8/0xf4
[ÂÂÂ42.492730]ÂÂprint_address_description+0x68/0x2b8
[ÂÂÂ42.497492]ÂÂkasan_report+0x22c/0x340
[ÂÂÂ42.501199]ÂÂ__asan_store8+0x90/0xa0
[ÂÂÂ42.504818]ÂÂcts_cbc_encrypt+0xec/0x3c0
[ÂÂÂ42.508703]ÂÂsimd_skcipher_encrypt+0xc4/0x198
[ÂÂÂ42.513115]ÂÂ__test_skcipher+0x6d4/0x1030
[ÂÂÂ42.517173]ÂÂtest_skcipher+0x48/0xf0
[ÂÂÂ42.520793]ÂÂalg_test_skcipher+0x78/0x110
[ÂÂÂ42.524852]ÂÂalg_test.part.6+0x238/0x4e8
[ÂÂÂ42.528823]ÂÂalg_test+0x60/0xa8
[ÂÂÂ42.532002]ÂÂcryptomgr_test+0x5c/0x68
[ÂÂÂ42.535710]ÂÂkthread+0x18c/0x1d0
[ÂÂÂ42.538977]ÂÂret_from_fork+0x10/0x18

[ÂÂÂ42.544102] Allocated by task 409:
[ÂÂÂ42.547547]ÂÂkasan_kmalloc+0xd8/0x188
[ÂÂÂ42.551254]ÂÂ__kmalloc+0x1f8/0x470
[ÂÂÂ42.554698]ÂÂ__test_skcipher+0x18c/0x1030
[ÂÂÂ42.558757]ÂÂtest_skcipher+0x48/0xf0
[ÂÂÂ42.562376]ÂÂalg_test_skcipher+0x78/0x110
[ÂÂÂ42.566435]ÂÂalg_test.part.6+0x238/0x4e8
[ÂÂÂ42.570406]ÂÂalg_test+0x60/0xa8
[ÂÂÂ42.573586]ÂÂcryptomgr_test+0x5c/0x68
[ÂÂÂ42.577293]ÂÂkthread+0x18c/0x1d0
[ÂÂÂ42.580560]ÂÂret_from_fork+0x10/0x18

[ÂÂÂ42.585684] Freed by task 0:
[ÂÂÂ42.588597] (stack is not available)

[ÂÂÂ42.593722] The buggy address belongs to the object at ffff801dd06aa880
Âwhich belongs to the cache kmalloc-512 of size 512
[ÂÂÂ42.606397] The buggy address is located 448 bytes inside of
Â512-byte region [ffff801dd06aa880, ffff801dd06aaa80)
[ÂÂÂ42.618277] The buggy address belongs to the page:
[ÂÂÂ42.623127] page:ffff7fe007741a80 count:1 mapcount:0 mapping:ffff801dc0010880
index:0xffff801dd06a5880
[ÂÂÂ42.632548] flags: 0x1fffff0000000200(slab)
[ÂÂÂ42.636785] raw: 1fffff0000000200 ffff801dc000fac0 ffff801dc000fac0
ffff801dc0010880
[ÂÂÂ42.644625] raw: ffff801dd06a5880 000000000040002c 00000001ffffffff
0000000000000000
[ÂÂÂ42.652461] page dumped because: kasan: bad access detected

[ÂÂÂ42.659606] Memory state around the buggy address:
[ÂÂÂ42.664455]ÂÂffff801dd06aa900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
[ÂÂÂ42.671765]ÂÂffff801dd06aa980: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc
[ÂÂÂ42.679075] >ffff801dd06aaa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc
[ÂÂÂ42.686383]ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ^
[ÂÂÂ42.691759]ÂÂffff801dd06aaa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc
[ÂÂÂ42.699069]ÂÂffff801dd06aab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc
[ÂÂÂ42.706377]
==================================================================

Any idea?

Next message: J. Bruce Fields: "Re: [PATCH 01/12] fs/locks: rename some lists and pointers."
Previous message: Paolo Bonzini: "Re: [PATCH V6 0/8] KVM: X86: Introducing ROE Protection Kernel Hardening"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]