zhuowei · March 9, 2025 03:21
diff --git a/extigy_kasan.txt b/extigy_kasan.txt
 [  158.425795] ==================================================================
 [  158.426607] BUG: KASAN: slab-out-of-bounds in usb_destroy_configuration+0x4ec/0x588
 [  158.427343] Read of size 8 at addr ffff00008f7a9548 by task kworker/0:4/3164
 [  158.427916] 
 [  158.428053] CPU: 0 UID: 0 PID: 3164 Comm: kworker/0:4 Kdump: loaded Tainted: G           OE      6.11.0-14-generic #15
 [  158.428905] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
 [  158.429329] Hardware name: VMware, Inc. VMware20,1/VBSA, BIOS VMW201.00V.24006586.BA64.2406042154 06/04/2024
 [  158.430108] Workqueue: usb_hub_wq hub_event
 [  158.430459] Call trace:
 [  158.430660]  dump_backtrace+0x1f8/0x220
 [  158.431259]  show_stack+0x38/0x68
 [  158.431648]  dump_stack_lvl+0xa4/0xe8
 [  158.432059]  print_address_description.constprop.0+0x94/0x348
 [  158.432676]  print_report+0x10c/0x228
 [  158.433075]  kasan_report+0xb8/0x130
 [  158.433479]  __asan_report_load8_noabort+0x24/0x50
 [  158.434003]  usb_destroy_configuration+0x4ec/0x588
 [  158.434521]  usb_release_dev+0x50/0x148
 [  158.434895]  device_release+0x98/0x220
 [  158.435237]  kobject_cleanup+0xfc/0x3a0
 [  158.435580]  kobject_put+0x194/0x1e0
 [  158.435900]  put_device+0x34/0x60
 [  158.436203]  usb_disconnect+0x54c/0x7a8
 [  158.436546]  hub_port_connect+0x1bc/0x1e18
 [  158.436906]  hub_port_connect_change+0x18c/0x5b0
 [  158.437315]  port_event+0xad4/0xf30
 [  158.437625]  hub_event+0x3c4/0xb90
 [  158.437938]  process_one_work+0x598/0x10e0
 [  158.438311]  worker_thread+0x68c/0xe18
 [  158.438643]  kthread+0x294/0x320
 [  158.438932]  ret_from_fork+0x10/0x20
 [  158.439260] 
 [  158.439400] Allocated by task 101:
 [  158.439852] 
 [  158.439996] The buggy address belongs to the object at ffff00008f7a9540
 [  158.439996]  which belongs to the cache kmalloc-8 of size 8
 [  158.440985] The buggy address is located 0 bytes to the right of
 [  158.440985]  allocated 8-byte region [ffff00008f7a9540, ffff00008f7a9548)
 [  158.441916] 
 [  158.442042] The buggy address belongs to the physical page:
 [  158.442498] 
 [  158.442617] Memory state around the buggy address:
 [  158.442974]  ffff00008f7a9400: fa fc fc fc 00 fc fc fc fa fc fc fc fa fc fc fc
 [  158.443506]  ffff00008f7a9480: 00 fc fc fc fa fc fc fc 00 fc fc fc fa fc fc fc
 [  158.444036] >ffff00008f7a9500: 00 fc fc fc fa fc fc fc 00 fc fc fc fa fc fc fc
 [  158.444576]                                               ^
 [  158.444984]  ffff00008f7a9580: fa fc fc fc fa fc fc fc fa fc fc fc 00 fc fc fc
 [  158.445516]  ffff00008f7a9600: 00 fc fc fc fa fc fc fc 00 fc fc fc fa fc fc fc
 [  158.446057] ==================================================================
 [  158.446816] Unable to handle kernel paging request at virtual address 0003ea0234000008
 [  158.447596] Mem abort info:
 [  158.447800]   ESR = 0x0000000096000004
 [  158.448104]   EC = 0x25: DABT (current EL), IL = 32 bits
 [  158.448484]   SET = 0, FnV = 0
 [  158.448686]   EA = 0, S1PTW = 0
 [  158.448883]   FSC = 0x04: level 0 translation fault
 [  158.449212] Data abort info:
 [  158.449397]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
 [  158.449736]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
 [  158.450501]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
 [  158.450835] [0003ea0234000008] address between user and kernel address ranges
 [  158.451307] Internal error: Oops: 0000000096000004 [#1] SMP
 [  158.451654] Modules linked in: snd_usb_audio snd_usbmidi_lib snd_ump raw_gadget(OE) dummy_hcd udc_core isofs snd_seq_dummy snd_hrtimer qrtr binfmt_misc snd_hda_codec_generic uvcvideo snd_hda_intel snd_intel_dspcfg uvc snd_hda_codec aes_ce_blk aes_ce_cipher crct10dif_ce polyval_ce videobuf2_vmalloc polyval_generic videobuf2_memops snd_hwdep ghash_ce videobuf2_v4l2 snd_hda_core sm4 snd_pcm sha3_ce sha2_ce nls_iso8859_1 sha256_arm64 videodev sha1_ce snd_seq_midi snd_seq_midi_event snd_rawmidi videobuf2_common mc snd_seq snd_seq_device snd_timer vmwgfx drm_ttm_helper snd ttm soundcore joydev input_leds sch_fq_codel efi_pstore nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vmw_vmci vsock dmi_sysfs ip_tables x_tables autofs4 hid_generic usbhid hid nvme nvme_core nvme_auth xhci_pci xhci_pci_renesas e1000e ahci
 [  158.456473] CPU: 0 UID: 0 PID: 3164 Comm: kworker/0:4 Kdump: loaded Tainted: G    B      OE      6.11.0-14-generic #15
 [  158.457151] Tainted: [B]=BAD_PAGE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
 [  158.457565] Hardware name: VMware, Inc. VMware20,1/VBSA, BIOS VMW201.00V.24006586.BA64.2406042154 06/04/2024
 [  158.458192] Workqueue: usb_hub_wq hub_event
 [  158.458464] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
 [  158.458857] pc : kfree+0x6c/0x330
 [  158.459055] lr : usb_destroy_configuration+0xf4/0x588
 [  158.459345] sp : ffff80008ed07450
 [  158.459536] x29: ffff80008ed07460 x28: ffff0000108cd880 x27: ffff000009671800
 [  158.459942] x26: 00000000000000ff x25: 0000000000000001 x24: ffff0000917364e8
 [  158.460356] x23: 1fffe000122e6c79 x22: 8ad78000825daa5c x21: 00fa009d00000020
 [  158.460762] x20: dfff800000000000 x19: 0003ea0234000000 x18: ffff80008ab4d078
 [  158.461193] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
 [  158.461613] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000000
 [  158.462032] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000825daa5c
 [  158.462558] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
 [  158.463438] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff00008b840648
 [  158.464129] x2 : 0000000082000000 x1 : 0000000080000000 x0 : fffffdffc0000000
 [  158.464727] Call trace:
 [  158.464997]  kfree+0x6c/0x330
 [  158.465196]  usb_destroy_configuration+0xf4/0x588
 [  158.465491]  usb_release_dev+0x50/0x148
 [  158.465841]  device_release+0x98/0x220
 [  158.466086]  kobject_cleanup+0xfc/0x3a0
 [  158.466552]  kobject_put+0x194/0x1e0
 [  158.466774]  put_device+0x34/0x60
 [  158.466994]  usb_disconnect+0x54c/0x7a8
 [  158.467309]  hub_port_connect+0x1bc/0x1e18
 [  158.467545]  hub_port_connect_change+0x18c/0x5b0
 [  158.467813]  port_event+0xad4/0xf30
 [  158.468019]  hub_event+0x3c4/0xb90
 [  158.468215]  process_one_work+0x598/0x10e0
 [  158.468704]  worker_thread+0x68c/0xe18
 [  158.468914]  kthread+0x294/0x320
 [  158.469102]  ret_from_fork+0x10/0x20
 [  158.469304] Code: d34cfe73 f2dfbfe0 52b00001 8b131813 (f9400660) 
 [  158.469769] SMP: stopping secondary CPUs
 [  158.471069] Starting crashdump kernel...
 [  158.471313] Bye!
	[ 158.425795] ==================================================================
	[ 158.426607] BUG: KASAN: slab-out-of-bounds in usb_destroy_configuration+0x4ec/0x588
	[ 158.427343] Read of size 8 at addr ffff00008f7a9548 by task kworker/0:4/3164
	[ 158.427916]
	[ 158.428053] CPU: 0 UID: 0 PID: 3164 Comm: kworker/0:4 Kdump: loaded Tainted: G OE 6.11.0-14-generic #15
	[ 158.428905] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
	[ 158.429329] Hardware name: VMware, Inc. VMware20,1/VBSA, BIOS VMW201.00V.24006586.BA64.2406042154 06/04/2024
	[ 158.430108] Workqueue: usb_hub_wq hub_event
	[ 158.430459] Call trace:
	[ 158.430660] dump_backtrace+0x1f8/0x220
	[ 158.431259] show_stack+0x38/0x68
	[ 158.431648] dump_stack_lvl+0xa4/0xe8
	[ 158.432059] print_address_description.constprop.0+0x94/0x348
	[ 158.432676] print_report+0x10c/0x228
	[ 158.433075] kasan_report+0xb8/0x130
	[ 158.433479] __asan_report_load8_noabort+0x24/0x50
	[ 158.434003] usb_destroy_configuration+0x4ec/0x588
	[ 158.434521] usb_release_dev+0x50/0x148
	[ 158.434895] device_release+0x98/0x220
	[ 158.435237] kobject_cleanup+0xfc/0x3a0
	[ 158.435580] kobject_put+0x194/0x1e0
	[ 158.435900] put_device+0x34/0x60
	[ 158.436203] usb_disconnect+0x54c/0x7a8
	[ 158.436546] hub_port_connect+0x1bc/0x1e18
	[ 158.436906] hub_port_connect_change+0x18c/0x5b0
	[ 158.437315] port_event+0xad4/0xf30
	[ 158.437625] hub_event+0x3c4/0xb90
	[ 158.437938] process_one_work+0x598/0x10e0
	[ 158.438311] worker_thread+0x68c/0xe18
	[ 158.438643] kthread+0x294/0x320
	[ 158.438932] ret_from_fork+0x10/0x20
	[ 158.439260]
	[ 158.439400] Allocated by task 101:
	[ 158.439852]
	[ 158.439996] The buggy address belongs to the object at ffff00008f7a9540
	[ 158.439996] which belongs to the cache kmalloc-8 of size 8
	[ 158.440985] The buggy address is located 0 bytes to the right of
	[ 158.440985] allocated 8-byte region [ffff00008f7a9540, ffff00008f7a9548)
	[ 158.441916]
	[ 158.442042] The buggy address belongs to the physical page:
	[ 158.442498]
	[ 158.442617] Memory state around the buggy address:
	[ 158.442974] ffff00008f7a9400: fa fc fc fc 00 fc fc fc fa fc fc fc fa fc fc fc
	[ 158.443506] ffff00008f7a9480: 00 fc fc fc fa fc fc fc 00 fc fc fc fa fc fc fc
	[ 158.444036] >ffff00008f7a9500: 00 fc fc fc fa fc fc fc 00 fc fc fc fa fc fc fc
	[ 158.444576] ^
	[ 158.444984] ffff00008f7a9580: fa fc fc fc fa fc fc fc fa fc fc fc 00 fc fc fc
	[ 158.445516] ffff00008f7a9600: 00 fc fc fc fa fc fc fc 00 fc fc fc fa fc fc fc
	[ 158.446057] ==================================================================
	[ 158.446816] Unable to handle kernel paging request at virtual address 0003ea0234000008
	[ 158.447596] Mem abort info:
	[ 158.447800] ESR = 0x0000000096000004
	[ 158.448104] EC = 0x25: DABT (current EL), IL = 32 bits
	[ 158.448484] SET = 0, FnV = 0
	[ 158.448686] EA = 0, S1PTW = 0
	[ 158.448883] FSC = 0x04: level 0 translation fault
	[ 158.449212] Data abort info:
	[ 158.449397] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
	[ 158.449736] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
	[ 158.450501] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
	[ 158.450835] [0003ea0234000008] address between user and kernel address ranges
	[ 158.451307] Internal error: Oops: 0000000096000004 [#1] SMP
	[ 158.451654] Modules linked in: snd_usb_audio snd_usbmidi_lib snd_ump raw_gadget(OE) dummy_hcd udc_core isofs snd_seq_dummy snd_hrtimer qrtr binfmt_misc snd_hda_codec_generic uvcvideo snd_hda_intel snd_intel_dspcfg uvc snd_hda_codec aes_ce_blk aes_ce_cipher crct10dif_ce polyval_ce videobuf2_vmalloc polyval_generic videobuf2_memops snd_hwdep ghash_ce videobuf2_v4l2 snd_hda_core sm4 snd_pcm sha3_ce sha2_ce nls_iso8859_1 sha256_arm64 videodev sha1_ce snd_seq_midi snd_seq_midi_event snd_rawmidi videobuf2_common mc snd_seq snd_seq_device snd_timer vmwgfx drm_ttm_helper snd ttm soundcore joydev input_leds sch_fq_codel efi_pstore nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vmw_vmci vsock dmi_sysfs ip_tables x_tables autofs4 hid_generic usbhid hid nvme nvme_core nvme_auth xhci_pci xhci_pci_renesas e1000e ahci
	[ 158.456473] CPU: 0 UID: 0 PID: 3164 Comm: kworker/0:4 Kdump: loaded Tainted: G B OE 6.11.0-14-generic #15
	[ 158.457151] Tainted: [B]=BAD_PAGE, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
	[ 158.457565] Hardware name: VMware, Inc. VMware20,1/VBSA, BIOS VMW201.00V.24006586.BA64.2406042154 06/04/2024
	[ 158.458192] Workqueue: usb_hub_wq hub_event
	[ 158.458464] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
	[ 158.458857] pc : kfree+0x6c/0x330
	[ 158.459055] lr : usb_destroy_configuration+0xf4/0x588
	[ 158.459345] sp : ffff80008ed07450
	[ 158.459536] x29: ffff80008ed07460 x28: ffff0000108cd880 x27: ffff000009671800
	[ 158.459942] x26: 00000000000000ff x25: 0000000000000001 x24: ffff0000917364e8
	[ 158.460356] x23: 1fffe000122e6c79 x22: 8ad78000825daa5c x21: 00fa009d00000020
	[ 158.460762] x20: dfff800000000000 x19: 0003ea0234000000 x18: ffff80008ab4d078
	[ 158.461193] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
	[ 158.461613] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000000
	[ 158.462032] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000825daa5c
	[ 158.462558] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
	[ 158.463438] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff00008b840648
	[ 158.464129] x2 : 0000000082000000 x1 : 0000000080000000 x0 : fffffdffc0000000
	[ 158.464727] Call trace:
	[ 158.464997] kfree+0x6c/0x330
	[ 158.465196] usb_destroy_configuration+0xf4/0x588
	[ 158.465491] usb_release_dev+0x50/0x148
	[ 158.465841] device_release+0x98/0x220
	[ 158.466086] kobject_cleanup+0xfc/0x3a0
	[ 158.466552] kobject_put+0x194/0x1e0
	[ 158.466774] put_device+0x34/0x60
	[ 158.466994] usb_disconnect+0x54c/0x7a8
	[ 158.467309] hub_port_connect+0x1bc/0x1e18
	[ 158.467545] hub_port_connect_change+0x18c/0x5b0
	[ 158.467813] port_event+0xad4/0xf30
	[ 158.468019] hub_event+0x3c4/0xb90
	[ 158.468215] process_one_work+0x598/0x10e0
	[ 158.468704] worker_thread+0x68c/0xe18
	[ 158.468914] kthread+0x294/0x320
	[ 158.469102] ret_from_fork+0x10/0x20
	[ 158.469304] Code: d34cfe73 f2dfbfe0 52b00001 8b131813 (f9400660)
	[ 158.469769] SMP: stopping secondary CPUs
	[ 158.471069] Starting crashdump kernel...
	[ 158.471313] Bye!