[参考译文] TPS65219：bug：Kasan：tps65219_regulator_probe 中的 pla-out-越 界

https://e2e.ti.com/support/power-management-group/power-management/f/power-management-forum/1521240/tps65219-bug-kasan-slab-out-of-bounds-in-tps65219_regulator_probe

工具/软件：

尊敬的 TI：

我们将 tps65219与 AM62X 一起使用、并使 Kasan 调试不相关的问题、但我注意到弹出了该错误。

Linux 内核在 ti-linux-kernel 中的6.12.22标记为11.00.12。

谢谢、

布莱斯

[    1.620418] ==================================================================
[    1.620475] BUG: KASAN: slab-out-of-bounds in tps65219_regulator_probe+0x750/0x950
[    1.620528] Write of size 8 at addr ffff000001f526c8 by task kworker/u4:2/46
[    1.620547] 
[    1.620566] CPU: 0 UID: 0 PID: 46 Comm: kworker/u4:2 Not tainted 6.12.22 #1
[    1.620591] Hardware name: LandisGyr e370 AM62X (DT)
[    1.620608] Workqueue: async async_run_entry_fn
[    1.620660] Call trace:
[    1.620669]  dump_backtrace+0x98/0x118
[    1.620700]  show_stack+0x18/0x24
[    1.620723]  dump_stack_lvl+0x78/0x90
[    1.620748]  print_report+0x118/0x57c
[    1.620776]  kasan_report+0xb8/0xfc
[    1.620798]  __asan_report_store8_noabort+0x20/0x2c
[    1.620824]  tps65219_regulator_probe+0x750/0x950
[    1.620844]  platform_probe+0xc4/0x180
[    1.620876]  really_probe+0x180/0x7d8
[    1.620898]  __driver_probe_device+0x15c/0x364
[    1.620919]  driver_probe_device+0x5c/0x16c
[    1.620941]  __device_attach_driver+0x16c/0x270
[    1.620962]  bus_for_each_drv+0x108/0x194
[    1.620982]  __device_attach_async_helper+0x18c/0x230
[    1.621004]  async_run_entry_fn+0x90/0x3ac
[    1.621029]  process_one_work+0x524/0xbdc
[    1.621053]  worker_thread+0x5f8/0xfbc
[    1.621073]  kthread+0x2b8/0x33c
[    1.621091]  ret_from_fork+0x10/0x20
[    1.621113] 
[    1.621121] Allocated by task 46 on cpu 0 at 1.619923s:
[    1.621138]  kasan_save_stack+0x3c/0x64
[    1.621162]  kasan_save_track+0x24/0x5c
[    1.621182]  kasan_save_alloc_info+0x40/0x54
[    1.621206]  __kasan_kmalloc+0xd4/0xd8
[    1.621225]  __kmalloc_node_track_caller_noprof+0x170/0x320
[    1.621248]  devm_kmalloc+0x4c/0x18c
[    1.621267]  tps65219_regulator_probe+0x3c4/0x950
[    1.621286]  platform_probe+0xc4/0x180
[    1.621309]  really_probe+0x180/0x7d8
[    1.621328]  __driver_probe_device+0x15c/0x364
[    1.621348]  driver_probe_device+0x5c/0x16c
[    1.621369]  __device_attach_driver+0x16c/0x270
[    1.621389]  bus_for_each_drv+0x108/0x194
[    1.621408]  __device_attach_async_helper+0x18c/0x230
[    1.621429]  async_run_entry_fn+0x90/0x3ac
[    1.621453]  process_one_work+0x524/0xbdc
[    1.621472]  worker_thread+0x5f8/0xfbc
[    1.621492]  kthread+0x2b8/0x33c
[    1.621508]  ret_from_fork+0x10/0x20
[    1.621526] 
[    1.621534] The buggy address belongs to the object at ffff000001f52600
[    1.621534]  which belongs to the cache kmalloc-192 of size 192
[    1.621551] The buggy address is located 8 bytes to the right of
[    1.621551]  allocated 192-byte region [ffff000001f52600, ffff000001f526c0)
[    1.621570] 
[    1.621579] The buggy address belongs to the physical page:
[    1.621593] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x81f52
[    1.621618] flags: 0x0(zone=0)
[    1.621637] page_type: f5(slab)
[    1.621661] raw: 0000000000000000 ffff0000000013c0 dead000000000122 0000000000000000
[    1.621678] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[    1.621689] page dumped because: kasan: bad access detected
[    1.621699] 
[    1.621705] Memory state around the buggy address:
[    1.621718]  ffff000001f52580: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[    1.621732]  ffff000001f52600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    1.621746] >ffff000001f52680: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[    1.621756]                                               ^
[    1.621768]  ffff000001f52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    1.621782]  ffff000001f52780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[    1.621793] ==================================================================