Date
June 24, 2025, 11:37 a.m.
| Environment | |
|---|---|
| dragonboard-845c |
[ 210.183881] ================================================================== [ 210.183888] BUG: KASAN: slab-out-of-bounds in __nvmem_cell_read.part.0+0x518/0x650 [ 210.183904] Read of size 1 at addr ffff000091646f24 by task kworker/u32:2/67 [ 210.183910] [ 210.183917] CPU: 7 UID: 0 PID: 67 Comm: kworker/u32:2 Tainted: G B D W N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 210.183929] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 210.183931] Hardware name: Thundercomm Dragonboard 845c (DT) [ 210.183936] Workqueue: events_unbound deferred_probe_work_func [ 210.183947] Call trace: [ 210.183951] show_stack+0x20/0x38 (C) [ 210.183959] dump_stack_lvl+0x8c/0xd0 [ 210.183967] print_report+0x118/0x608 [ 210.183976] kasan_report+0xdc/0x128 [ 210.183981] __asan_report_load1_noabort+0x20/0x30 [ 210.183986] __nvmem_cell_read.part.0+0x518/0x650 [ 210.183991] nvmem_cell_read+0x18c/0x248 [ 210.183995] qusb2_phy_init+0x6a4/0x1748 [ 210.184003] phy_init+0x120/0x2f8 [ 210.184010] dwc3_core_init+0x298/0x5290 [ 210.184016] dwc3_core_probe+0x1d1c/0x4bf8 [ 210.184021] dwc3_probe+0xd4/0x158 [ 210.184025] platform_probe+0xcc/0x198 [ 210.184032] really_probe+0x188/0x7f0 [ 210.184036] __driver_probe_device+0x164/0x378 [ 210.184041] driver_probe_device+0x64/0x180 [ 210.184046] __device_attach_driver+0x174/0x280 [ 210.184050] bus_for_each_drv+0x118/0x1b0 [ 210.184056] __device_attach+0x174/0x378 [ 210.184061] device_initial_probe+0x1c/0x30 [ 210.184065] bus_probe_device+0x12c/0x170 [ 210.184071] deferred_probe_work_func+0x140/0x208 [ 210.184075] process_one_work+0x530/0xf98 [ 210.184082] worker_thread+0x618/0xf38 [ 210.184086] kthread+0x328/0x630 [ 210.184091] ret_from_fork+0x10/0x20 [ 210.184098] [ 210.184101] Allocated by task 67: [ 210.184105] kasan_save_stack+0x3c/0x68 [ 210.184110] kasan_save_track+0x20/0x40 [ 210.184114] kasan_save_alloc_info+0x40/0x58 [ 210.184118] __kasan_kmalloc+0xd4/0xd8 [ 210.184123] __kmalloc_noprof+0x198/0x4c8 [ 210.184129] nvmem_cell_read+0xb8/0x248 [ 210.184133] qusb2_phy_init+0x6a4/0x1748 [ 210.184138] phy_init+0x120/0x2f8 [ 210.184143] dwc3_core_init+0x298/0x5290 [ 210.184147] dwc3_core_probe+0x1d1c/0x4bf8 [ 210.184150] dwc3_probe+0xd4/0x158 [ 210.184154] platform_probe+0xcc/0x198 [ 210.184160] really_probe+0x188/0x7f0 [ 210.184163] __driver_probe_device+0x164/0x378 [ 210.184167] driver_probe_device+0x64/0x180 [ 210.184171] __device_attach_driver+0x174/0x280 [ 210.184174] bus_for_each_drv+0x118/0x1b0 [ 210.184179] __device_attach+0x174/0x378 [ 210.184183] device_initial_probe+0x1c/0x30 [ 210.184186] bus_probe_device+0x12c/0x170 [ 210.184192] deferred_probe_work_func+0x140/0x208 [ 210.184196] process_one_work+0x530/0xf98 [ 210.184200] worker_thread+0x618/0xf38 [ 210.184204] kthread+0x328/0x630 [ 210.184208] ret_from_fork+0x10/0x20 [ 210.184212] [ 210.184213] The buggy address belongs to the object at ffff000091646f20 [ 210.184213] which belongs to the cache kmalloc-8 of size 8 [ 210.184218] The buggy address is located 0 bytes to the right of [ 210.184218] allocated 4-byte region [ffff000091646f20, ffff000091646f24) [ 210.184223] [ 210.184226] The buggy address belongs to the physical page: [ 210.184230] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff000091646680 pfn:0x111646 [ 210.184236] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 210.184243] page_type: f5(slab) [ 210.184250] raw: 0bfffe0000000000 ffff000080002500 dead000000000122 0000000000000000 [ 210.184255] raw: ffff000091646680 0000000080800067 00000000f5000000 0000000000000000 [ 210.184258] page dumped because: kasan: bad access detected [ 210.184260] [ 210.184262] Memory state around the buggy address: [ 210.184265] ffff000091646e00: 00 fc fc fc 00 fc fc fc 04 fc fc fc 04 fc fc fc [ 210.184268] ffff000091646e80: 00 fc fc fc 00 fc fc fc fa fc fc fc fa fc fc fc [ 210.184272] >ffff000091646f00: 00 fc fc fc 04 fc fc fc fc fc fc fc fc fc fc fc [ 210.184275] ^ [ 210.184277] ffff000091646f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 210.184280] ffff000091647000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 210.184283] ==================================================================