[Bug 205283] New: BUG: KASAN: global-out-of-bounds in _copy_to_iter+0x3d4/0x5a8

bugzilla-daemon at bugzilla.kernel.org bugzilla-daemon at bugzilla.kernel.org
Tue Oct 22 11:05:27 AEDT 2019 

https://bugzilla.kernel.org/show_bug.cgi?id=205283

            Bug ID: 205283
           Summary: BUG: KASAN: global-out-of-bounds in
                    _copy_to_iter+0x3d4/0x5a8
           Product: File System
           Version: 2.5
    Kernel Version: 5.4-rc4
          Hardware: PPC-32
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: btrfs
          Assignee: fs_btrfs at kernel-bugs.kernel.org
          Reporter: erhard_f at mailbox.org
                CC: platform_ppc-32 at kernel-bugs.osdl.org
        Regression: No

Created attachment 285605
  --> https://bugzilla.kernel.org/attachment.cgi?id=285605&action=edit
dmesg (kernel 5.4.0-rc4, PowerMac G4 DP)

First of all apologies 'cause I am not quite sure under what kernel subsystem
tracker I should file this bug. It was triggered running btrfs filesystem tests
(misc tests) on a PowerMac G4 DP and seems to touch some memcopy routine:

[...]
[  601.897623]
==================================================================
[  601.905117] BUG: KASAN: global-out-of-bounds in _copy_to_iter+0x3d4/0x5a8
[  601.912512] Write of size 4096 at addr f18b8000 by task modprobe/10589

[  601.927287] CPU: 1 PID: 10589 Comm: modprobe Tainted: G        W        
5.4.0-rc4-PowerMacG4+ #20
[  601.934991] Call Trace:
[  601.942534] [eb9cf848] [c0769184] dump_stack+0xb0/0x10c (unreliable)
[  601.950307] [eb9cf878] [c023aea8]
print_address_description.isra.5+0x3c/0x420
[  601.958167] [eb9cf908] [c023b470] __kasan_report+0x140/0x188
[  601.966030] [eb9cf948] [c023bea8] check_memory_region+0x28/0x184
[  601.973925] [eb9cf958] [c0239f30] memcpy+0x48/0x74
[  601.981792] [eb9cf978] [c044ab9c] _copy_to_iter+0x3d4/0x5a8
[  601.989705] [eb9cfaa8] [c044af18] copy_page_to_iter+0x90/0x550
[  601.997585] [eb9cfb08] [c01bcc60] generic_file_read_iter+0x5c8/0x7bc
[  602.005374] [eb9cfb78] [c0251e5c] __vfs_read+0x1b0/0x1f4
[  602.013027] [eb9cfca8] [c0251f5c] vfs_read+0xbc/0x124
[  602.020671] [eb9cfcd8] [c0252018] kernel_read+0x54/0x70
[  602.028302] [eb9cfd08] [c025c7d8] kernel_read_file+0x240/0x358
[  602.035930] [eb9cfdb8] [c025c9dc] kernel_read_file_from_fd+0x54/0x74
[  602.043581] [eb9cfdf8] [c010c494] sys_finit_module+0xd8/0x140
[  602.051183] [eb9cff38] [c001a274] ret_from_syscall+0x0/0x34
[  602.058641] --- interrupt: c01 at 0x7062c4
                   LR = 0x88e7c4


[  602.087858] Memory state around the buggy address:
[  602.095160]  f18b7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  602.102601]  f18b7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  602.109845] >f18b8000: 00 06 fa fa fa fa fa fa 00 00 03 fa fa fa fa fa
[  602.117150]               ^
[  602.124218]  f18b8080: 00 00 04 fa fa fa fa fa 00 03 fa fa fa fa fa fa
[  602.131467]  f18b8100: 00 07 fa fa fa fa fa fa 00 00 03 fa fa fa fa fa
[  602.138638]
==================================================================

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.

More information about the Linuxppc-dev mailing list