On Thu, Jul 2, 2026 at 8:34 AM Samuel Moelius
<[email protected]> wrote:
>
> dm-era tracks writes in target-relative blocks, but era_map() calculates
> the writeset block before applying the target offset.  Tables with a
> non-zero start sector can therefore pass an absolute mapped-device block
> to metadata_current_marked().
>
> If the absolute block is beyond the current writeset size,
> writeset_marked() tests past the end of the in-core bitset.  KASAN reports
> this as a vmalloc-out-of-bounds access.
>
> Apply the target offset before calculating the era block so writeset
> lookups use the target-relative block number.
>
> Assisted-by: Codex:gpt-5.5-cyber-preview
> Signed-off-by: Samuel Moelius <[email protected]>

Reviewed-by: Ming-Hung Tsai <[email protected]>


Reply via email to