Re: [syzbot] linux-next boot error: KASAN: slab-out-of-bounds Read in _find_next_bit

From: Andrew Morton
Date: Wed Sep 07 2022 - 01:53:28 EST


On Tue, 6 Sep 2022 17:45:07 -0700 Yury Norov <yury.norov@xxxxxxxxx> wrote:

> > > The buggy address belongs to the object at ffff888017576600
> > > which belongs to the cache kmalloc-192 of size 192
> > > The buggy address is located 184 bytes inside of
> > > 192-byte region [ffff888017576600, ffff8880175766c0)
> >
> > At offset 184 of a 192-byte region.
> >
> > So what's wrong with doing that? Does KASAN have an off-by-one?
>
> Hi Andrew, all,
>
> This is a bug in FIND_NEXT_BIT(). It should be
> if (idx >= sz / BITS_PER_LONG) \
> goto out; \
>
> instead of
> if (idx > sz / BITS_PER_LONG) \
> goto out; \
>
> The fix is in bitmap-for-next, expected to be in -next by tomorrow.
> Sorry for the noise.

OK... but why is KASAN reporting a bad access from an area
which appears to be OK?