Hello,
kernel test robot noticed "BUG:KASAN:slab-out-of-bounds_in_vhci_setup" on:
commit: b8aaf639b403f01d132c9ac1e906c45debfb0218 ("usbip: Use platform_device_register_full()")
https://git.kernel.org/cgit/linux/kernel/git/gregkh/usb.git usb-next
[test failed on linux-next/master 2a860505b617cf8fda4ebff6cf05d3f774145440]
in testcase: boot
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202310111714.cb804a0c-oliver.sang@xxxxxxxxx
[ 55.719220][ T1] BUG: KASAN: slab-out-of-bounds in vhci_setup (drivers/usb/usbip/vhci_hcd.c:1145)
[ 55.719220][ T1] Write of size 8 at addr ffff88814f4140e8 by task swapper/1
[ 55.719220][ T1]
[ 55.719220][ T1] CPU: 0 PID: 1 Comm: swapper Tainted: G T 6.6.0-rc4-00066-gb8aaf639b403 #1
[ 55.719220][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 55.719220][ T1] Call Trace:
[ 55.719220][ T1] <TASK>
[ 55.719220][ T1] dump_stack_lvl (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:67 arch/x86/include/asm/irqflags.h:127 lib/dump_stack.c:107)
[ 55.719220][ T1] print_address_description+0x2c/0x390
[ 55.719220][ T1] print_report (mm/kasan/report.c:476)
[ 55.719220][ T1] ? vhci_setup (drivers/usb/usbip/vhci_hcd.c:1145)
[ 55.719220][ T1] kasan_report (mm/kasan/report.c:590)
[ 55.719220][ T1] ? vhci_setup (drivers/usb/usbip/vhci_hcd.c:1145)
[ 55.719220][ T1] vhci_setup (drivers/usb/usbip/vhci_hcd.c:1145)
[ 55.719220][ T1] usb_add_hcd (drivers/usb/core/hcd.c:2911)
[ 55.719220][ T1] ? kernfs_create_link (fs/kernfs/symlink.c:48)
[ 55.719220][ T1] vhci_hcd_probe (drivers/usb/usbip/vhci_hcd.c:1363)
[ 55.719220][ T1] platform_probe (drivers/base/platform.c:1404)
[ 55.719220][ T1] really_probe (drivers/base/dd.c:579 drivers/base/dd.c:658)
[ 55.719220][ T1] __driver_probe_device (drivers/base/dd.c:800)
[ 55.719220][ T1] driver_probe_device (drivers/base/dd.c:830)
[ 55.719220][ T1] __device_attach_driver (drivers/base/dd.c:959)
[ 55.719220][ T1] ? driver_probe_device (drivers/base/dd.c:922)
[ 55.719220][ T1] bus_for_each_drv (drivers/base/bus.c:414 drivers/base/bus.c:456)
[ 55.719220][ T1] ? bus_for_each_dev (drivers/base/bus.c:445)
[ 55.719220][ T1] ? _raw_spin_unlock_irqrestore (arch/x86/include/asm/preempt.h:104 include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194)
[ 55.719220][ T1] __device_attach (drivers/base/dd.c:1030)
[ 55.719220][ T1] ? device_driver_attach (drivers/base/dd.c:1001)
[ 55.719220][ T1] ? _raw_spin_unlock (arch/x86/include/asm/preempt.h:104 include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186)
[ 55.719220][ T1] bus_probe_device (drivers/base/bus.c:532)
[ 55.719220][ T1] device_add (drivers/base/core.c:3631)
[ 55.719220][ T1] ? __fw_devlink_link_to_suppliers (drivers/base/core.c:3507)
[ 55.719220][ T1] ? kasan_set_track (mm/kasan/common.c:52)
[ 55.719220][ T1] ? __kasan_kmalloc (mm/kasan/common.c:374 mm/kasan/common.c:383)
[ 55.719220][ T1] platform_device_add (drivers/base/platform.c:717 (discriminator 3))
[ 55.719220][ T1] ? kmemdup (mm/util.c:135)
[ 55.719220][ T1] platform_device_register_full (drivers/base/platform.c:844)
[ 55.719220][ T1] ? driver_register (drivers/base/driver.c:258)
[ 55.719220][ T1] vhci_hcd_init (drivers/usb/usbip/vhci_hcd.c:1532)
[ 55.719220][ T1] ? usbip_core_init (drivers/usb/usbip/vhci_hcd.c:1507)
[ 55.719220][ T1] ? rng_is_initialized (drivers/char/random.c:918)
[ 55.719220][ T1] ? usbip_core_init (drivers/usb/usbip/vhci_hcd.c:1507)
[ 55.719220][ T1] do_one_initcall (init/main.c:1232)
[ 55.719220][ T1] ? trace_event_raw_event_initcall_level (init/main.c:1223)
[ 55.719220][ T1] ? parameq (kernel/params.c:171)
[ 55.719220][ T1] do_initcalls (init/main.c:1293 init/main.c:1310)
[ 55.719220][ T1] kernel_init_freeable (init/main.c:1551)
[ 55.719220][ T1] ? rest_init (init/main.c:1429)
[ 55.719220][ T1] kernel_init (init/main.c:1439)
[ 55.719220][ T1] ? _raw_spin_unlock_irq (arch/x86/include/asm/preempt.h:104 include/linux/spinlock_api_smp.h:160 kernel/locking/spinlock.c:202)
[ 55.719220][ T1] ret_from_fork (arch/x86/kernel/process.c:153)
[ 55.719220][ T1] ? rest_init (init/main.c:1429)
[ 55.719220][ T1] ret_from_fork_asm (arch/x86/entry/entry_64.S:312)
[ 55.719220][ T1] </TASK>
[ 55.719220][ T1]
[ 55.719220][ T1] Allocated by task 1:
[ 55.719220][ T1] kasan_save_stack (mm/kasan/common.c:46)
[ 55.719220][ T1] kasan_set_track (mm/kasan/common.c:52)
[ 55.719220][ T1] __kasan_kmalloc (mm/kasan/common.c:374 mm/kasan/common.c:383)
[ 55.719220][ T1] __kmalloc_node_track_caller (mm/slab_common.c:1024 mm/slab_common.c:1043)
[ 55.719220][ T1] kvasprintf (lib/kasprintf.c:25)
[ 55.719220][ T1] kobject_set_name_vargs (lib/kobject.c:272)
[ 55.719220][ T1] device_create_groups_vargs (drivers/base/core.c:4307)
[ 55.719220][ T1] device_create (drivers/base/core.c:4353)
[ 55.719220][ T1] mon_bin_add (drivers/usb/mon/mon_bin.c:1369 (discriminator 4))
[ 55.719220][ T1] mon_bus_init (drivers/usb/mon/mon_main.c:291)
[ 55.719220][ T1] mon_notify (drivers/usb/mon/mon_main.c:189 drivers/usb/mon/mon_main.c:219)
[ 55.719220][ T1] notifier_call_chain (kernel/notifier.c:95 (discriminator 2))
[ 55.719220][ T1] blocking_notifier_call_chain (kernel/notifier.c:389)
[ 55.719220][ T1] usb_add_hcd (drivers/usb/core/hcd.c:912 drivers/usb/core/hcd.c:2852)
[ 55.719220][ T1] vhci_hcd_probe (drivers/usb/usbip/vhci_hcd.c:1363)
[ 55.719220][ T1] platform_probe (drivers/base/platform.c:1404)
[ 55.719220][ T1] really_probe (drivers/base/dd.c:579 drivers/base/dd.c:658)
[ 55.719220][ T1] __driver_probe_device (drivers/base/dd.c:800)
[ 55.719220][ T1] driver_probe_device (drivers/base/dd.c:830)
[ 55.719220][ T1] __device_attach_driver (drivers/base/dd.c:959)
[ 55.719220][ T1] bus_for_each_drv (drivers/base/bus.c:414 drivers/base/bus.c:456)
[ 55.719220][ T1] __device_attach (drivers/base/dd.c:1030)
[ 55.719220][ T1] bus_probe_device (drivers/base/bus.c:532)
[ 55.719220][ T1] device_add (drivers/base/core.c:3631)
[ 55.719220][ T1] platform_device_add (drivers/base/platform.c:717 (discriminator 3))
[ 55.719220][ T1] platform_device_register_full (drivers/base/platform.c:844)
[ 55.719220][ T1] vhci_hcd_init (drivers/usb/usbip/vhci_hcd.c:1532)
[ 55.719220][ T1] do_one_initcall (init/main.c:1232)
[ 55.719220][ T1] do_initcalls (init/main.c:1293 init/main.c:1310)
[ 55.719220][ T1] kernel_init_freeable (init/main.c:1551)
[ 55.719220][ T1] kernel_init (init/main.c:1439)
[ 55.719220][ T1] ret_from_fork (arch/x86/kernel/process.c:153)
[ 55.719220][ T1] ret_from_fork_asm (arch/x86/entry/entry_64.S:312)
[ 55.719220][ T1]
[ 55.719220][ T1] The buggy address belongs to the object at ffff88814f4140c8
[ 55.719220][ T1] which belongs to the cache kmalloc-8 of size 8
[ 55.719220][ T1] The buggy address is located 24 bytes to the right of
[ 55.719220][ T1] allocated 8-byte region [ffff88814f4140c8, ffff88814f4140d0)
[ 55.719220][ T1]
[ 55.719220][ T1] The buggy address belongs to the physical page:
[ 55.719220][ T1] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14f414
[ 55.719220][ T1] flags: 0x4000000000000800(slab|zone=1)
[ 55.719220][ T1] page_type: 0xffffffff()
[ 55.719220][ T1] raw: 4000000000000800 ffff888100041280 dead000000000122 0000000000000000
[ 55.719220][ T1] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20231011/202310111714.cb804a0c-oliver.sang@xxxxxxxxx
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
