Date
June 26, 2025, 9:10 a.m.
| Environment | |
|---|---|
| dragonboard-845c |
[ 213.907156] ================================================================== [ 213.907163] BUG: KASAN: slab-out-of-bounds in __nvmem_cell_read.part.0+0x518/0x650 [ 213.907178] Read of size 1 at addr ffff000097d0a8a4 by task kworker/u32:1/14 [ 213.907184] [ 213.907192] CPU: 7 UID: 0 PID: 14 Comm: kworker/u32:1 Tainted: G B D W N 6.16.0-rc3-next-20250626 #1 PREEMPT [ 213.907204] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 213.907207] Hardware name: Thundercomm Dragonboard 845c (DT) [ 213.907213] Workqueue: events_unbound deferred_probe_work_func [ 213.907225] Call trace: [ 213.907229] show_stack+0x20/0x38 (C) [ 213.907237] dump_stack_lvl+0x8c/0xd0 [ 213.907245] print_report+0x118/0x608 [ 213.907253] kasan_report+0xdc/0x128 [ 213.907258] __asan_report_load1_noabort+0x20/0x30 [ 213.907263] __nvmem_cell_read.part.0+0x518/0x650 [ 213.907268] nvmem_cell_read+0x18c/0x248 [ 213.907273] qusb2_phy_init+0x6a4/0x1748 [ 213.907281] phy_init+0x120/0x2f8 [ 213.907288] dwc3_core_init+0x298/0x5290 [ 213.907295] dwc3_core_probe+0x1d1c/0x4bf8 [ 213.907300] dwc3_probe+0xd4/0x158 [ 213.907305] platform_probe+0xcc/0x198 [ 213.907311] really_probe+0x188/0x7f0 [ 213.907315] __driver_probe_device+0x164/0x378 [ 213.907320] driver_probe_device+0x64/0x180 [ 213.907324] __device_attach_driver+0x174/0x280 [ 213.907329] bus_for_each_drv+0x118/0x1b0 [ 213.907338] __device_attach+0x174/0x378 [ 213.907342] device_initial_probe+0x1c/0x30 [ 213.907346] bus_probe_device+0x12c/0x170 [ 213.907352] deferred_probe_work_func+0x140/0x208 [ 213.907356] process_one_work+0x530/0xf98 [ 213.907363] worker_thread+0x618/0xf38 [ 213.907367] kthread+0x328/0x630 [ 213.907372] ret_from_fork+0x10/0x20 [ 213.907379] [ 213.907381] Allocated by task 14: [ 213.907385] kasan_save_stack+0x3c/0x68 [ 213.907391] kasan_save_track+0x20/0x40 [ 213.907395] kasan_save_alloc_info+0x40/0x58 [ 213.907399] __kasan_kmalloc+0xd4/0xd8 [ 213.907403] __kmalloc_noprof+0x198/0x4c8 [ 213.907408] nvmem_cell_read+0xb8/0x248 [ 213.907412] qusb2_phy_init+0x6a4/0x1748 [ 213.907417] phy_init+0x120/0x2f8 [ 213.907422] dwc3_core_init+0x298/0x5290 [ 213.907425] dwc3_core_probe+0x1d1c/0x4bf8 [ 213.907429] dwc3_probe+0xd4/0x158 [ 213.907433] platform_probe+0xcc/0x198 [ 213.907437] really_probe+0x188/0x7f0 [ 213.907440] __driver_probe_device+0x164/0x378 [ 213.907444] driver_probe_device+0x64/0x180 [ 213.907447] __device_attach_driver+0x174/0x280 [ 213.907451] bus_for_each_drv+0x118/0x1b0 [ 213.907456] __device_attach+0x174/0x378 [ 213.907459] device_initial_probe+0x1c/0x30 [ 213.907463] bus_probe_device+0x12c/0x170 [ 213.907468] deferred_probe_work_func+0x140/0x208 [ 213.907471] process_one_work+0x530/0xf98 [ 213.907476] worker_thread+0x618/0xf38 [ 213.907479] kthread+0x328/0x630 [ 213.907482] ret_from_fork+0x10/0x20 [ 213.907487] [ 213.907488] The buggy address belongs to the object at ffff000097d0a8a0 [ 213.907488] which belongs to the cache kmalloc-8 of size 8 [ 213.907493] The buggy address is located 0 bytes to the right of [ 213.907493] allocated 4-byte region [ffff000097d0a8a0, ffff000097d0a8a4) [ 213.907498] [ 213.907500] The buggy address belongs to the physical page: [ 213.907504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117d0a [ 213.907509] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 213.907516] page_type: f5(slab) [ 213.907522] raw: 0bfffe0000000000 ffff000080002500 dead000000000122 0000000000000000 [ 213.907527] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 213.907529] page dumped because: kasan: bad access detected [ 213.907532] [ 213.907534] Memory state around the buggy address: [ 213.907537] ffff000097d0a780: 00 fc fc fc 00 fc fc fc 04 fc fc fc 04 fc fc fc [ 213.907541] ffff000097d0a800: 00 fc fc fc 00 fc fc fc fa fc fc fc fa fc fc fc [ 213.907544] >ffff000097d0a880: 00 fc fc fc 04 fc fc fc fc fc fc fc fc fc fc fc [ 213.907546] ^ [ 213.907549] ffff000097d0a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 213.907552] ffff000097d0a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 213.907555] ==================================================================