From: Erhard Furtner <erhard_f@mailbox.org>
To: Madhavan Srinivasan <maddy@linux.ibm.com>
Cc: linuxppc-dev@lists.ozlabs.org
Subject: Re: BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8 (v6.13-rc6, PowerMac G4)
Date: Mon, 20 Jan 2025 23:42:57 +0100 [thread overview]
Message-ID: <20250120234257.712498c4@yea> (raw)
In-Reply-To: <af04e91f-0f44-457e-9550-d1d49789158e@linux.ibm.com>
On Sun, 19 Jan 2025 22:06:42 +0530
Madhavan Srinivasan <maddy@linux.ibm.com> wrote:
> On 1/12/25 6:28 PM, Erhard Furtner wrote:
> > Greetings!
> >
> > I am getting this at bootup on my PowerMac G4 with a KASAN-enabled kernel 6.13-rc6:
>
> Sorry for the delayed response,
>
> Are you seeing this only in this kernel or this is the recent
> kernel you tried to boot?
I think I didn't run a KASAN enabled 6.11 or 6.12 kernel but the reported KASAN hit is still in currently released 6.13:
[...]
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8
Write of size 8 at addr f1014000 by task chronyd/1301
CPU: 1 UID: 123 PID: 1301 Comm: chronyd Tainted: G W 6.13.0-PMacG4 #3
Tainted: [W]=WARN
Hardware name: PowerMac3,6 7455 0x80010303 PowerMac
Call Trace:
[c7bdf690] [c16327c8] dump_stack_lvl+0x70/0x8c (unreliable)
[c7bdf6b0] [c0504b78] print_report+0xdc/0x504
[c7bdf710] [c050493c] kasan_report+0xf8/0x108
[c7bdf790] [c0505c1c] kasan_check_range+0x24/0x18c
[c7bdf7a0] [c03fb668] copy_to_kernel_nofault+0xd8/0x1c8
[c7bdf7c0] [c004c014] patch_instructions+0x15c/0x16c
[c7bdf810] [c00731a8] bpf_arch_text_copy+0x60/0x7c
[c7bdf830] [c02811f4] bpf_jit_binary_pack_finalize+0x50/0xac
[c7bdf850] [c0073cf4] bpf_int_jit_compile+0xb30/0xdec
[c7bdf980] [c0280420] bpf_prog_select_runtime+0x15c/0x478
[c7bdf9d0] [c1264100] bpf_prepare_filter+0xbf8/0xc14
[c7bdfa90] [c12684c4] bpf_prog_create_from_user+0x258/0x2b4
[c7bdfad0] [c02711a8] do_seccomp+0x3dc/0x1890
[c7bdfbc0] [c001d8e0] system_call_exception+0x2dc/0x420
[c7bdff30] [c00281ac] ret_from_syscall+0x0/0x2c
--- interrupt: c00 at 0x591274
NIP: 00591274 LR: 00693b3c CTR: 005196c8
REGS: c7bdff40 TRAP: 0c00 Tainted: G W (6.13.0-PMacG4)
MSR: 0200f932 <VEC,EE,PR,FP,ME,IR,DR,RI> CR: 24004422 XER: 00000000
GPR00: 00000166 aff4aad0 a77fb540 00000001 00000000 01fe2500 00595858 0200f932
GPR08: 00000000 00001fe9 02001fc8 005196c8 2822244c 00b1fcd8 00000000 aff4bb57
GPR16: 00000000 00000001 00000000 00000000 00000000 00000001 00000000 00000002
GPR24: 00aedbb0 00000000 00000000 00000000 006d0004 01ffa060 006d7c1c 00000001
NIP [00591274] 0x591274
LR [00693b3c] 0x693b3c
--- interrupt: c00
The buggy address belongs to the virtual mapping at
[f1014000, f1016000) created by:
text_area_cpu_up+0x20/0x190
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x77116
flags: 0x80000000(zone=2)
raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001
raw: 00000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
f1013f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
f1013f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>f1014000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
^
f1014080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
f1014100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================
Disabling lock debugging due to kernel taint
Regards,
Erhard
next prev parent reply other threads:[~2025-01-20 22:43 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-12 12:58 BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8 (v6.13-rc6, PowerMac G4) Erhard Furtner
2025-01-19 16:36 ` Madhavan Srinivasan
2025-01-20 22:42 ` Erhard Furtner [this message]
2025-01-21 21:00 ` Erhard Furtner
2025-01-21 22:07 ` Christophe Leroy
2025-01-21 23:21 ` Erhard Furtner
2025-01-22 15:32 ` Christophe Leroy
2025-01-22 18:23 ` Christophe Leroy
2025-01-23 10:00 ` Erhard Furtner
2025-02-01 14:14 ` Erhard Furtner
2025-02-01 15:14 ` Christophe Leroy
[not found] ` <20250201165416.71e00c43@yea>
2025-02-02 8:44 ` Christophe Leroy
2025-02-02 13:25 ` Erhard Furtner
2025-01-22 0:34 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250120234257.712498c4@yea \
--to=erhard_f@mailbox.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maddy@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.