hi, Andy Shevchenko, we reported "[usb:usb-next] [usbip] b8aaf639b4: BUG:KASAN:slab-out-of-bounds_in_vhci_setup" on https://lore.kernel.org/all/202310111714.cb804a0c-oliver.sang@xxxxxxxxx/ when this commit is still in https://git.kernel.org/cgit/linux/kernel/git/gregkh/usb.git usb-next now we noticed it's in linux-next/master, below report FYI. Hello, kernel test robot noticed "BUG:KASAN:slab-out-of-bounds_in_lockdep_init_map_type" on: commit: b8aaf639b403f01d132c9ac1e906c45debfb0218 ("usbip: Use platform_device_register_full()") https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master [test failed on linux-next/master f9a6bea131849702d591d18d5c8b8a0eda6f62b3] in testcase: boot compiler: gcc-12 test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G (please refer to attached dmesg/kmsg for entire log/backtrace) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <oliver.sang@xxxxxxxxx> | Closes: https://lore.kernel.org/oe-lkp/202310171658.eceb99b8-oliver.sang@xxxxxxxxx [ 124.077874][ T1] BUG: KASAN: slab-out-of-bounds in lockdep_init_map_type (kernel/locking/lockdep.c:4862) [ 124.077913][ T1] Write of size 8 at addr ffff88811506ce58 by task swapper/0/1 [ 124.077913][ T1] [ 124.077913][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.0-rc4-00066-gb8aaf639b403 #1 b7f5a4e58d773035f956074c1d632e313715f9ac [ 124.077913][ T1] Call Trace: [ 124.077913][ T1] <TASK> [ 124.077913][ T1] dump_stack_lvl (lib/dump_stack.c:107) [ 124.077913][ T1] print_address_description+0x2b/0x3d0 [ 124.077913][ T1] ? lockdep_init_map_type (kernel/locking/lockdep.c:4862) [ 124.077913][ T1] print_report (mm/kasan/report.c:476) [ 124.077913][ T1] ? lock_acquired (include/trace/events/lock.h:85 kernel/locking/lockdep.c:6026) [ 124.077913][ T1] ? kasan_addr_to_slab (mm/kasan/common.c:35) [ 124.077913][ T1] ? lockdep_init_map_type (kernel/locking/lockdep.c:4862) [ 124.077913][ T1] kasan_report (mm/kasan/report.c:590) [ 124.077913][ T1] ? lockdep_init_map_type (kernel/locking/lockdep.c:4862) [ 124.077913][ T1] lockdep_init_map_type (kernel/locking/lockdep.c:4862) [ 124.077913][ T1] __raw_spin_lock_init (kernel/locking/spinlock_debug.c:26) [ 124.077913][ T1] vhci_start (drivers/usb/usbip/vhci_hcd.c:1185) [ 124.077913][ T1] ? vhci_setup (drivers/usb/usbip/vhci_hcd.c:1173) [ 124.077913][ T1] usb_add_hcd (drivers/usb/core/hcd.c:2944) [ 124.077913][ T1] vhci_hcd_probe (drivers/usb/usbip/vhci_hcd.c:1363) [ 124.077913][ T1] platform_probe (drivers/base/platform.c:1410) [ 124.077913][ T1] really_probe (drivers/base/dd.c:579 drivers/base/dd.c:658) [ 124.077913][ T1] ? acpi_driver_match_device (drivers/acpi/bus.c:956) [ 124.077913][ T1] driver_probe_device (drivers/base/dd.c:830) [ 124.077913][ T1] __device_attach_driver (drivers/base/dd.c:959) [ 124.077913][ T1] ? driver_probe_device (drivers/base/dd.c:922) [ 124.077913][ T1] bus_for_each_drv (drivers/base/bus.c:414 drivers/base/bus.c:456) [ 124.077913][ T1] ? bus_for_each_dev (drivers/base/bus.c:445) [ 124.077913][ T1] ? __lock_acquired (kernel/locking/lockdep.c:339 kernel/locking/lockdep.c:5990) [ 124.077913][ T1] __device_attach (drivers/base/dd.c:1032) [ 124.077913][ T1] ? device_driver_attach (drivers/base/dd.c:1001) [ 124.077913][ T1] ? preempt_count_sub (kernel/sched/core.c:5863 kernel/sched/core.c:5859 kernel/sched/core.c:5881) [ 124.077913][ T1] ? _raw_spin_unlock (arch/x86/include/asm/preempt.h:104 include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186) [ 124.077913][ T1] bus_probe_device (drivers/base/bus.c:532) [ 124.077913][ T1] device_add (drivers/base/core.c:3631) [ 124.077913][ T1] ? __fw_devlink_link_to_consumers+0x1f0/0x1f0 [ 124.077913][ T1] ? kasan_set_track (mm/kasan/common.c:52) [ 124.077913][ T1] ? __kasan_kmalloc (mm/kasan/common.c:374 mm/kasan/common.c:383) [ 124.077913][ T1] platform_device_add (drivers/base/platform.c:717) [ 124.077913][ T1] platform_device_register_full (drivers/base/platform.c:844) [ 124.077913][ T1] ? driver_register (drivers/base/driver.c:258) [ 124.077913][ T1] vhci_hcd_init (drivers/usb/usbip/vhci_hcd.c:1532) [ 124.077913][ T1] ? _raw_spin_unlock_irqrestore (arch/x86/include/asm/preempt.h:104 include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194) [ 124.077913][ T1] ? usbip_core_init (drivers/usb/usbip/vhci_hcd.c:1507) [ 124.077913][ T1] ? rng_is_initialized (drivers/char/random.c:918) [ 124.077913][ T1] ? usbip_core_init (drivers/usb/usbip/vhci_hcd.c:1507) [ 124.077913][ T1] do_one_initcall (init/main.c:1232) [ 124.077913][ T1] ? trace_initcall_level (init/main.c:1223) [ 124.077913][ T1] ? parse_one (kernel/params.c:138) [ 124.077913][ T1] ? __kmem_cache_alloc_node (mm/slab.h:761 mm/slub.c:3478 mm/slub.c:3517) [ 124.077913][ T1] ? kasan_set_track (mm/kasan/common.c:52) [ 124.077913][ T1] ? __kasan_kmalloc (mm/kasan/common.c:374 mm/kasan/common.c:383) [ 124.077913][ T1] do_initcalls (init/main.c:1293 init/main.c:1310) [ 124.077913][ T1] kernel_init_freeable (init/main.c:1549) [ 124.077913][ T1] ? rest_init (init/main.c:1429) [ 124.077913][ T1] kernel_init (init/main.c:1439) [ 124.077913][ T1] ? _raw_spin_unlock_irq (arch/x86/include/asm/preempt.h:104 include/linux/spinlock_api_smp.h:160 kernel/locking/spinlock.c:202) [ 124.077913][ T1] ret_from_fork (arch/x86/kernel/process.c:153) [ 124.077913][ T1] ? rest_init (init/main.c:1429) [ 124.077913][ T1] ret_from_fork_asm (arch/x86/entry/entry_64.S:312) [ 124.077913][ T1] </TASK> [ 124.077913][ T1] [ 124.077913][ T1] Allocated by task 1: [ 124.077913][ T1] kasan_save_stack (mm/kasan/common.c:46) [ 124.077913][ T1] kasan_set_track (mm/kasan/common.c:52) [ 124.077913][ T1] __kasan_kmalloc (mm/kasan/common.c:374 mm/kasan/common.c:383) [ 124.077913][ T1] __kmalloc_node_track_caller (mm/slab_common.c:1024 mm/slab_common.c:1043) [ 124.077913][ T1] kmemdup (mm/util.c:131) [ 124.077913][ T1] platform_device_add_data (include/linux/fortify-string.h:765 drivers/base/platform.c:638) [ 124.077913][ T1] platform_device_register_full (drivers/base/platform.c:832) [ 124.077913][ T1] vhci_hcd_init (drivers/usb/usbip/vhci_hcd.c:1532) [ 124.077913][ T1] do_one_initcall (init/main.c:1232) [ 124.077913][ T1] do_initcalls (init/main.c:1293 init/main.c:1310) [ 124.077913][ T1] kernel_init_freeable (init/main.c:1549) [ 124.077913][ T1] kernel_init (init/main.c:1439) [ 124.077913][ T1] ret_from_fork (arch/x86/kernel/process.c:153) [ 124.077913][ T1] ret_from_fork_asm (arch/x86/entry/entry_64.S:312) [ 124.077913][ T1] [ 124.077913][ T1] The buggy address belongs to the object at ffff88811506ce38 [ 124.077913][ T1] which belongs to the cache kmalloc-8 of size 8 [ 124.077913][ T1] The buggy address is located 24 bytes to the right of [ 124.077913][ T1] allocated 8-byte region [ffff88811506ce38, ffff88811506ce40) [ 124.077913][ T1] [ 124.077913][ T1] The buggy address belongs to the physical page: [ 124.077913][ T1] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11506c [ 124.077913][ T1] flags: 0x20000000000800(slab|node=0|zone=2) [ 124.077913][ T1] page_type: 0xffffffff() [ 124.077913][ T1] raw: 0020000000000800 ffff888100041280 dead000000000122 0000000000000000 [ 124.077913][ T1] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000 [ 124.077913][ T1] page dumped because: kasan: bad access detected [ 124.077913][ T1] page_owner tracks the page as allocated [ 124.077913][ T1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 27, tgid 27 (kworker/u4:1), ts 45269241050, free_ts 0 [ 124.077913][ T1] get_page_from_freelist (mm/page_alloc.c:1545 mm/page_alloc.c:3170) [ 124.077913][ T1] __alloc_pages (mm/page_alloc.c:4426) [ 124.077913][ T1] allocate_slab (mm/slub.c:1870 mm/slub.c:2017) [ 124.077913][ T1] ___slab_alloc (mm/slub.c:3224 (discriminator 3)) [ 124.077913][ T1] __kmem_cache_alloc_node (mm/slub.c:3322 mm/slub.c:3375 mm/slub.c:3468 mm/slub.c:3517) [ 124.077913][ T1] __kmalloc_node_track_caller (include/linux/kasan.h:198 mm/slab_common.c:1023 mm/slab_common.c:1043) [ 124.077913][ T1] kstrdup (mm/util.c:62) [ 124.077913][ T1] eventfs_prepare_ef+0x6a/0x300 The kernel config and materials to reproduce are available at: https://download.01.org/0day-ci/archive/20231017/202310171658.eceb99b8-oliver.sang@xxxxxxxxx -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
