On Thu, Jul 2, 2026 at 8:34 AM Samuel Moelius <[email protected]> wrote: > > dm-era tracks writes in target-relative blocks, but era_map() calculates > the writeset block before applying the target offset. Tables with a > non-zero start sector can therefore pass an absolute mapped-device block > to metadata_current_marked(). > > If the absolute block is beyond the current writeset size, > writeset_marked() tests past the end of the in-core bitset. KASAN reports > this as a vmalloc-out-of-bounds access. > > Apply the target offset before calculating the era block so writeset > lookups use the target-relative block number. > > Assisted-by: Codex:gpt-5.5-cyber-preview > Signed-off-by: Samuel Moelius <[email protected]>
Reviewed-by: Ming-Hung Tsai <[email protected]>

