BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8 (v6.13-rc6, PowerMac G4)
Erhard Furtner
erhard_f at mailbox.org
Tue Jan 21 09:42:57 AEDT 2025
On Sun, 19 Jan 2025 22:06:42 +0530
Madhavan Srinivasan <maddy at linux.ibm.com> wrote:
> On 1/12/25 6:28 PM, Erhard Furtner wrote:
> > Greetings!
> >
> > I am getting this at bootup on my PowerMac G4 with a KASAN-enabled kernel 6.13-rc6:
>
> Sorry for the delayed response,
>
> Are you seeing this only in this kernel or this is the recent
> kernel you tried to boot?
I think I didn't run a KASAN enabled 6.11 or 6.12 kernel but the reported KASAN hit is still in currently released 6.13:
[...]
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8
Write of size 8 at addr f1014000 by task chronyd/1301
CPU: 1 UID: 123 PID: 1301 Comm: chronyd Tainted: G W 6.13.0-PMacG4 #3
Tainted: [W]=WARN
Hardware name: PowerMac3,6 7455 0x80010303 PowerMac
Call Trace:
[c7bdf690] [c16327c8] dump_stack_lvl+0x70/0x8c (unreliable)
[c7bdf6b0] [c0504b78] print_report+0xdc/0x504
[c7bdf710] [c050493c] kasan_report+0xf8/0x108
[c7bdf790] [c0505c1c] kasan_check_range+0x24/0x18c
[c7bdf7a0] [c03fb668] copy_to_kernel_nofault+0xd8/0x1c8
[c7bdf7c0] [c004c014] patch_instructions+0x15c/0x16c
[c7bdf810] [c00731a8] bpf_arch_text_copy+0x60/0x7c
[c7bdf830] [c02811f4] bpf_jit_binary_pack_finalize+0x50/0xac
[c7bdf850] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec
[c7bdf980] [c0280420] bpf_prog_select_runtime+0x15c/0x478
[c7bdf9d0] [c1264100] bpf_prepare_filter+0xbf8/0xc14
[c7bdfa90] [c12684c4] bpf_prog_create_from_user+0x258/0x2b4
[c7bdfad0] [c02711a8] do_seccomp+0x3dc/0x1890
[c7bdfbc0] [c001d8e0] system_call_exception+0x2dc/0x420
[c7bdff30] [c00281ac] ret_from_syscall+0x0/0x2c
--- interrupt: c00 at 0x591274
NIP: 00591274 LR: 00693b3c CTR: 005196c8
REGS: c7bdff40 TRAP: 0c00 Tainted: G W (6.13.0-PMacG4)
MSR: 0200f932 <VEC,EE,PR,FP,ME,IR,DR,RI> CR: 24004422 XER: 00000000
GPR00: 00000166 aff4aad0 a77fb540 00000001 00000000 01fe2500 00595858 0200f932
GPR08: 00000000 00001fe9 02001fc8 005196c8 2822244c 00b1fcd8 00000000 aff4bb57
GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002
GPR24: 00aedbb0 00000000 00000000 00000000 006d0004 01ffa060 006d7c1c 00000001
NIP [00591274] 0x591274
LR [00693b3c] 0x693b3c
--- interrupt: c00
The buggy address belongs to the virtual mapping at
[f1014000, f1016000) created by:
text_area_cpu_up+0x20/0x190
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x77116
flags: 0x80000000(zone=2)
raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001
raw: 00000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
f1013f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
f1013f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>f1014000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
^
f1014080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
f1014100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================
Disabling lock debugging due to kernel taint
Regards,
Erhard
More information about the Linuxppc-dev
mailing list