From: Kalle Valo <kvalo@kernel.org>
To: linux-kernel@vger.kernel.org
Cc: linux-wireless@vger.kernel.org, ath11k@lists.infradead.org,
regressions@lists.linux.dev,
Jeff Johnson <quic_jjohnson@quicinc.com>
Subject: [regression] BUG: KASAN: use-after-free in lockdep_register_key+0x755/0x8f0
Date: Tue, 28 May 2024 13:42:25 +0300 [thread overview]
Message-ID: <87v82y6wvi.fsf@kernel.org> (raw)
Hi,
Yesterday I run our ath11k regression tests with v6.10-rc1 and our
simple ath11k module reload stress started failing reliably with various
KASAN errors. The test removes and inserts ath11k and other wireless
modules in a loop. Usually I run it at least 100 times, some times even
more, and no issues until yesterday.
I have verified that the last wireless-next pull request (tag
wireless-next-2024-05-08) works without issues and v6.10-rc1 fails
always, usually within 50 module reload loops. From this I'm _guessing_
that we have a regression outside wireless, most probably introduced
between v6.9 and v6.10-rc1. But of course I cannot be sure of anything
yet.
I see different KASAN warnings and lockdep seems to be always visible in
the stack traces. I think I can reproduce the issue within 15 minutes or
so. Before I start bisecting has anyone else seen anything similar? Or
any suggestions how to debug this further?
I have included some crash logs below, they are retrieved using
netconsole. Here's a summary of the errors:
[ 159.970765] KASAN: maybe wild-memory-access in range [0xbbbbbbbbbbbbbbb8-0xbbbbbbbbbbbbbbbf]
[ 700.017632] BUG: KASAN: use-after-free in lockdep_register_key+0x755/0x8f0
[ 224.695821] BUG: KASAN: slab-out-of-bounds in lockdep_register_key+0x755/0x8f0
[ 259.666542] BUG: KASAN: slab-use-after-free in lockdep_register_key+0x755/0x8f0
Kalle
Crash 1:
[ 159.952138] ath11k_pci 0000:06:00.0: wcn6855 hw2.0
[ 159.970683] Oops: general protection fault, probably for non-canonical address 0xf777737777777777: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN
[ 159.970765] KASAN: maybe wild-memory-access in range [0xbbbbbbbbbbbbbbb8-0xbbbbbbbbbbbbbbbf]
[ 159.970839] CPU: 0 PID: 1182 Comm: insmod Not tainted 6.10.0-rc1 #1547
[ 159.970909] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021
[ 159.971000] RIP: 0010:lockdep_register_key+0x1c8/0x8f0
[ 159.971082] Code: 05 00 00 48 8b 1c cd 60 45 3c af 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 <80> 3c 30 00 0f 85 74 05 00 00 48 8b 1b 48 85 db 0f 84 ff 01 00 00
[ 159.971199] RSP: 0018:ffffc900013d74e0 EFLAGS: 00010806
[ 159.971263] RAX: 1777777777777777 RBX: bbbbbbbbbbbbbbbb RCX: 00000000000009f2
[ 159.971318] RDX: ffffffff9ea1ceb8 RSI: dffffc0000000000 RDI: ffffc900013d7518
[ 159.971370] RBP: ffffc900013d7580 R08: 0000000000000001 R09: fffff5200027aea3
[ 159.971421] R10: 0000000000000003 R11: 0000000000000000 R12: ffff888138b8c438
[ 159.971471] R13: 1ffff9200027ae9f R14: dffffc0000000000 R15: ffffffffaf5cf9c0
[ 159.971523] FS: 00007f1f2ed81740(0000) GS:ffff888231800000(0000) knlGS:0000000000000000
[ 159.971577] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 159.971624] CR2: 0000558d3b24e308 CR3: 000000012eb03002 CR4: 00000000003706f0
[ 159.971674] Call Trace:
[ 159.971712] <TASK>
[ 159.971748] ? show_regs+0x5b/0x70
[ 159.971791] ? die_addr+0x3c/0xa0
[ 159.971832] ? exc_general_protection+0x150/0x230
[ 159.971879] ? asm_exc_general_protection+0x27/0x30
[ 159.971971] ? lockdep_register_key+0x1c8/0x8f0
[ 159.972018] ? save_trace+0x720/0x720
[ 159.972059] ? dma_alloc_attrs+0x145/0x1d0
[ 159.972102] ath11k_hal_srng_init+0x143/0x280 [ath11k]
[ 159.972173] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci]
[ 159.972224] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 159.972272] ? __this_cpu_preempt_check+0x13/0x20
[ 159.972320] ? _raw_spin_unlock_irqrestore+0x3c/0x80
[ 159.972367] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 159.972415] local_pci_probe+0xd6/0x180
[ 159.972458] pci_call_probe+0x152/0x3f0
[ 159.972500] ? __kasan_check_read+0x11/0x20
[ 159.972544] ? pci_pm_suspend_late+0x40/0x40
[ 159.972589] ? pci_match_device+0x380/0x660
[ 159.972634] pci_device_probe+0xa6/0x100
[ 159.972675] really_probe+0x1d5/0x920
[ 159.972717] __driver_probe_device+0x2e8/0x3f0
[ 159.972761] driver_probe_device+0x4a/0x140
[ 159.972803] __driver_attach+0x1ed/0x4c0
[ 159.972844] ? __device_attach_driver+0x290/0x290
[ 159.972906] bus_for_each_dev+0xf5/0x180
[ 159.972961] ? bus_remove_file+0x40/0x40
[ 159.973002] ? _raw_spin_unlock+0x27/0x50
[ 159.973044] driver_attach+0x38/0x50
[ 159.973084] bus_add_driver+0x29b/0x5e0
[ 159.973137] driver_register+0x130/0x450
[ 159.973182] __pci_register_driver+0x1d2/0x270
[ 159.973226] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 159.973276] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 159.973325] ath11k_pci_init+0x1f/0x50 [ath11k_pci]
[ 159.973373] do_one_initcall+0xdf/0x500
[ 159.974122] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0
[ 159.974832] ? kasan_save_alloc_info+0x37/0x40
[ 159.975560] ? __kasan_kmalloc+0x90/0xa0
[ 159.976287] ? kasan_unpoison+0x45/0x70
[ 159.977027] ? kasan_poison+0x3a/0x50
[ 159.977713] ? __asan_register_globals+0x5e/0x70
[ 159.978436] do_init_module+0x23f/0x6c0
[ 159.979160] load_module+0x11e3/0x1aa0
[ 159.979833] init_module_from_file+0xe4/0x140
[ 159.980539] ? __ia32_sys_init_module+0xa0/0xa0
[ 159.981260] ? __kasan_check_read+0x11/0x20
[ 159.982011] ? do_raw_spin_unlock+0x54/0x220
[ 159.982653] idempotent_init_module+0x265/0x750
[ 159.983322] ? init_module_from_file+0x140/0x140
[ 159.983987] ? __kasan_check_read+0x11/0x20
[ 159.984593] __x64_sys_finit_module+0xbb/0x130
[ 159.985221] x64_sys_call+0x1c5/0x9e0
[ 159.985784] do_syscall_64+0x64/0x130
[ 159.986375] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 159.986974] RIP: 0033:0x7f1f2eec795d
[ 159.987558] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48
[ 159.988707] RSP: 002b:00007fff06ddf4d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 159.989325] RAX: ffffffffffffffda RBX: 000055f0e42647c0 RCX: 00007f1f2eec795d
[ 159.989921] RDX: 0000000000000000 RSI: 000055f0ba5e2358 RDI: 0000000000000003
[ 159.990521] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f1f2ef9e580
[ 159.991138] R10: 0000000000000003 R11: 0000000000000246 R12: 000055f0ba5e2358
[ 159.991699] R13: 0000000000000000 R14: 000055f0e4264790 R15: 0000000000000000
[ 159.992317] </TASK>
[ 159.992876] Modules linked in: ath11k_pci(+) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core
[ 159.993568] ---[ end trace 0000000000000000 ]---
[ 160.131323] RIP: 0010:lockdep_register_key+0x1c8/0x8f0
[ 160.131999] Code: 05 00 00 48 8b 1c cd 60 45 3c af 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 <80> 3c 30 00 0f 85 74 05 00 00 48 8b 1b 48 85 db 0f 84 ff 01 00 00
[ 160.133318] RSP: 0018:ffffc900013d74e0 EFLAGS: 00010806
[ 160.134034] RAX: 1777777777777777 RBX: bbbbbbbbbbbbbbbb RCX: 00000000000009f2
[ 160.134705] RDX: ffffffff9ea1ceb8 RSI: dffffc0000000000 RDI: ffffc900013d7518
[ 160.135417] RBP: ffffc900013d7580 R08: 0000000000000001 R09: fffff5200027aea3
[ 160.136136] R10: 0000000000000003 R11: 0000000000000000 R12: ffff888138b8c438
[ 160.136809] R13: 1ffff9200027ae9f R14: dffffc0000000000 R15: ffffffffaf5cf9c0
[ 160.137519] FS: 00007f1f2ed81740(0000) GS:ffff888231800000(0000) knlGS:0000000000000000
[ 160.138248] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 160.138954] CR2: 0000558d3b24e308 CR3: 000000012eb03002 CR4: 00000000003706f0
[ 160.139671] Kernel panic - not syncing: Fatal exception
[ 160.140435] Kernel Offset: 0x18e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
Crash 2:
[ 699.996725] ath11k_pci 0000:06:00.0: wcn6855 hw2.0
[ 700.016765] ==================================================================
[ 700.017632] BUG: KASAN: use-after-free in lockdep_register_key+0x755/0x8f0
[ 700.018501] Read of size 8 at addr ffff88810fe71870 by task insmod/9675
[ 700.019375]
[ 700.020249] CPU: 3 PID: 9675 Comm: insmod Not tainted 6.10.0-rc1 #1543
[ 700.021138] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021
[ 700.022040] Call Trace:
[ 700.022878] <TASK>
[ 700.023696] dump_stack_lvl+0x7d/0xe0
[ 700.024549] print_address_description.constprop.0+0x33/0x3a0
[ 700.025412] print_report+0xb5/0x260
[ 700.026258] ? kasan_addr_to_slab+0x24/0x80
[ 700.027108] kasan_report+0xd8/0x110
[ 700.027950] ? lockdep_register_key+0x755/0x8f0
[ 700.028748] ? lockdep_register_key+0x755/0x8f0
[ 700.029585] __asan_report_load8_noabort+0x14/0x20
[ 700.030427] lockdep_register_key+0x755/0x8f0
[ 700.031239] ? save_trace+0x720/0x720
[ 700.032027] ? dma_alloc_attrs+0x145/0x1d0
[ 700.032780] ath11k_hal_srng_init+0x143/0x280 [ath11k]
[ 700.033601] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci]
[ 700.034399] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 700.035223] ? __this_cpu_preempt_check+0x13/0x20
[ 700.036029] ? _raw_spin_unlock_irqrestore+0x3c/0x80
[ 700.036782] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 700.037570] local_pci_probe+0xd6/0x180
[ 700.038351] pci_call_probe+0x152/0x3f0
[ 700.039402] ? __kasan_check_read+0x11/0x20
[ 700.040800] ? pci_pm_suspend_late+0x40/0x40
[ 700.041576] ? pci_match_device+0x380/0x660
[ 700.042352] pci_device_probe+0xa6/0x100
[ 700.043127] really_probe+0x1d5/0x920
[ 700.043878] __driver_probe_device+0x2e8/0x3f0
[ 700.044609] driver_probe_device+0x4a/0x140
[ 700.045356] __driver_attach+0x1ed/0x4c0
[ 700.046082] ? __device_attach_driver+0x290/0x290
[ 700.046745] bus_for_each_dev+0xf5/0x180
[ 700.047472] ? bus_remove_file+0x40/0x40
[ 700.048198] ? _raw_spin_unlock+0x27/0x50
[ 700.048911] driver_attach+0x38/0x50
[ 700.050381] bus_add_driver+0x29b/0x5e0
[ 700.051097] driver_register+0x130/0x450
[ 700.051746] __pci_register_driver+0x1d2/0x270
[ 700.052450] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 700.053159] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 700.053789] ath11k_pci_init+0x1f/0x50 [ath11k_pci]
[ 700.054488] do_one_initcall+0xdf/0x500
[ 700.055183] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0
[ 700.055829] ? kasan_save_alloc_info+0x37/0x40
[ 700.056534] ? __kasan_kmalloc+0x90/0xa0
[ 700.057218] ? kasan_unpoison+0x45/0x70
[ 700.057834] ? kasan_poison+0x3a/0x50
[ 700.058465] ? __asan_register_globals+0x5e/0x70
[ 700.059115] do_init_module+0x23f/0x6c0
[ 700.059717] load_module+0x11e3/0x1aa0
[ 700.060373] init_module_from_file+0xe4/0x140
[ 700.061034] ? __ia32_sys_init_module+0xa0/0xa0
[ 700.061631] ? __kasan_check_read+0x11/0x20
[ 700.062277] ? do_raw_spin_unlock+0x54/0x220
[ 700.062882] idempotent_init_module+0x265/0x750
[ 700.063486] ? init_module_from_file+0x140/0x140
[ 700.064116] ? __kasan_check_read+0x11/0x20
[ 700.064671] __x64_sys_finit_module+0xbb/0x130
[ 700.065294] x64_sys_call+0x1c5/0x9e0
[ 700.065878] do_syscall_64+0x64/0x130
[ 700.066450] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 700.067059] RIP: 0033:0x7f1039e4195d
[ 700.067603] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48
[ 700.068785] RSP: 002b:00007ffc40b5d918 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 700.069418] RAX: ffffffffffffffda RBX: 00005609ae2a57c0 RCX: 00007f1039e4195d
[ 700.070063] RDX: 0000000000000000 RSI: 00005609a145c358 RDI: 0000000000000003
[ 700.070643] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f1039f18580
[ 700.071282] R10: 0000000000000003 R11: 0000000000000246 R12: 00005609a145c358
[ 700.071885] R13: 0000000000000000 R14: 00005609ae2a5790 R15: 0000000000000000
[ 700.072492] </TASK>
[ 700.073129]
[ 700.073695] The buggy address belongs to the physical page:
[ 700.074336] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x10fe71
[ 700.074997] flags: 0x200000000000000(node=0|zone=2)
[ 700.075591] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000
[ 700.076256] raw: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 700.076889] page dumped because: kasan: bad access detected
[ 700.077521]
[ 700.078177] Memory state around the buggy address:
[ 700.078782] ffff88810fe71700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 700.079458] ffff88810fe71780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 700.080129] >ffff88810fe71800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 700.080730] ^
[ 700.081393] ffff88810fe71880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 700.082069] ffff88810fe71900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 700.082675] ==================================================================
[ 700.083351] Disabling lock debugging due to kernel taint
[ 700.084030] BUG: unable to handle page fault for address: ffff88810fe71870
[ 700.084657] #PF: supervisor read access in kernel mode
[ 700.085341] #PF: error_code(0x0000) - not-present page
[ 700.086027] PGD 24be01067 P4D 24be01067 PUD 27ea1a067 PMD 27e99a067 PTE 800ffffef018e060
[ 700.086677] Oops: Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN
[ 700.087380] CPU: 3 PID: 9675 Comm: insmod Tainted: G B 6.10.0-rc1 #1543
[ 700.088094] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021
[ 700.088777] RIP: 0010:lockdep_register_key+0x1d2/0x8f0
[ 700.089511] Code: a6 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 80 3c 30 00 0f 85 74 05 00 00 <48> 8b 1b 48 85 db 0f 84 ff 01 00 00 49 39 dc 75 de 0f 0b 48 b8 00
[ 700.091027] RSP: 0018:ffffc90001f974e0 EFLAGS: 00010082
[ 700.091752] RAX: 0000000000000001 RBX: ffff88810fe71870 RCX: 0000000000000a51
[ 700.092539] RDX: ffffffff9601ceb8 RSI: dffffc0000000000 RDI: ffffffff96498420
[ 700.093360] RBP: ffffc90001f97580 R08: 0000000000000001 R09: fffffbfff2c93084
[ 700.094152] R10: ffffffff96498427 R11: 0000000000000001 R12: ffff88812ef4bf58
[ 700.094957] R13: 1ffff920003f2e9f R14: dffffc0000000000 R15: ffffffffa6bcf9c0
[ 700.096987] FS: 00007f1039cfb740(0000) GS:ffff88821c400000(0000) knlGS:0000000000000000
[ 700.097743] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 700.098533] CR2: ffff88810fe71870 CR3: 000000011139b001 CR4: 00000000003706f0
[ 700.099351] Call Trace:
[ 700.100155] <TASK>
[ 700.100984] ? show_regs+0x5b/0x70
[ 700.101742] ? __die+0x1f/0x60
[ 700.102546] ? page_fault_oops+0x121/0x260
[ 700.103351] ? show_fault_oops+0x6e0/0x6e0
[ 700.104153] ? search_module_extables+0xb5/0xf0
[ 700.104942] ? lockdep_register_key+0x1d2/0x8f0
[ 700.105686] ? search_exception_tables+0x4a/0x50
[ 700.106490] ? fixup_exception+0x48/0x8e0
[ 700.107292] ? vprintk+0x29/0x30
[ 700.108092] ? kernelmode_fixup_or_oops.isra.0+0x7a/0x90
[ 700.108864] ? __bad_area_nosemaphore+0x256/0x580
[ 700.109628] ? trace_irq_disable+0x3d/0x140
[ 700.110438] ? bad_area_nosemaphore+0x11/0x20
[ 700.111240] ? do_kern_addr_fault+0xa7/0xc0
[ 700.112052] ? exc_page_fault+0xbc/0xc0
[ 700.112798] ? asm_exc_page_fault+0x27/0x30
[ 700.113602] ? lockdep_register_key+0x1d2/0x8f0
[ 700.114386] ? save_trace+0x720/0x720
[ 700.115146] ? dma_alloc_attrs+0x145/0x1d0
[ 700.115914] ath11k_hal_srng_init+0x143/0x280 [ath11k]
[ 700.116630] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci]
[ 700.117366] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 700.118119] ? __this_cpu_preempt_check+0x13/0x20
[ 700.118816] ? _raw_spin_unlock_irqrestore+0x3c/0x80
[ 700.119565] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 700.120315] local_pci_probe+0xd6/0x180
[ 700.121055] pci_call_probe+0x152/0x3f0
[ 700.121742] ? __kasan_check_read+0x11/0x20
[ 700.122482] ? pci_pm_suspend_late+0x40/0x40
[ 700.123216] ? pci_match_device+0x380/0x660
[ 700.123944] pci_device_probe+0xa6/0x100
[ 700.124613] really_probe+0x1d5/0x920
[ 700.125332] __driver_probe_device+0x2e8/0x3f0
[ 700.126047] driver_probe_device+0x4a/0x140
[ 700.126705] __driver_attach+0x1ed/0x4c0
[ 700.127412] ? __device_attach_driver+0x290/0x290
[ 700.128126] bus_for_each_dev+0xf5/0x180
[ 700.128789] ? bus_remove_file+0x40/0x40
[ 700.129499] ? _raw_spin_unlock+0x27/0x50
[ 700.130204] driver_attach+0x38/0x50
[ 700.130895] bus_add_driver+0x29b/0x5e0
[ 700.131556] driver_register+0x130/0x450
[ 700.132252] __pci_register_driver+0x1d2/0x270
[ 700.132943] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 700.133581] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 700.134269] ath11k_pci_init+0x1f/0x50 [ath11k_pci]
[ 700.134949] do_one_initcall+0xdf/0x500
[ 700.135562] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0
[ 700.136235] ? kasan_save_alloc_info+0x37/0x40
[ 700.136874] ? __kasan_kmalloc+0x90/0xa0
[ 700.137483] ? kasan_unpoison+0x45/0x70
[ 700.138102] ? kasan_poison+0x3a/0x50
[ 700.138647] ? __asan_register_globals+0x5e/0x70
[ 700.139241] do_init_module+0x23f/0x6c0
[ 700.139782] load_module+0x11e3/0x1aa0
[ 700.140371] init_module_from_file+0xe4/0x140
[ 700.140953] ? __ia32_sys_init_module+0xa0/0xa0
[ 700.141479] ? __kasan_check_read+0x11/0x20
[ 700.142057] ? do_raw_spin_unlock+0x54/0x220
[ 700.142572] idempotent_init_module+0x265/0x750
[ 700.143137] ? init_module_from_file+0x140/0x140
[ 700.143647] ? __kasan_check_read+0x11/0x20
[ 700.144198] __x64_sys_finit_module+0xbb/0x130
[ 700.144699] x64_sys_call+0x1c5/0x9e0
[ 700.145254] do_syscall_64+0x64/0x130
[ 700.145754] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 700.146319] RIP: 0033:0x7f1039e4195d
[ 700.146831] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48
[ 700.148018] RSP: 002b:00007ffc40b5d918 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 700.148592] RAX: ffffffffffffffda RBX: 00005609ae2a57c0 RCX: 00007f1039e4195d
[ 700.149210] RDX: 0000000000000000 RSI: 00005609a145c358 RDI: 0000000000000003
[ 700.149789] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f1039f18580
[ 700.150421] R10: 0000000000000003 R11: 0000000000000246 R12: 00005609a145c358
[ 700.151053] R13: 0000000000000000 R14: 00005609ae2a5790 R15: 0000000000000000
[ 700.151632] </TASK>
[ 700.152261] Modules linked in: ath11k_pci(+) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core [last unloaded: mhi]
[ 700.152949] CR2: ffff88810fe71870
[ 700.153555] ---[ end trace 0000000000000000 ]---
[ 700.288393] RIP: 0010:lockdep_register_key+0x1d2/0x8f0
[ 700.289147] Code: a6 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 80 3c 30 00 0f 85 74 05 00 00 <48> 8b 1b 48 85 db 0f 84 ff 01 00 00 49 39 dc 75 de 0f 0b 48 b8 00
[ 700.290484] RSP: 0018:ffffc90001f974e0 EFLAGS: 00010082
[ 700.291200] RAX: 0000000000000001 RBX: ffff88810fe71870 RCX: 0000000000000a51
[ 700.291909] RDX: ffffffff9601ceb8 RSI: dffffc0000000000 RDI: ffffffff96498420
[ 700.292591] RBP: ffffc90001f97580 R08: 0000000000000001 R09: fffffbfff2c93084
[ 700.293315] R10: ffffffff96498427 R11: 0000000000000001 R12: ffff88812ef4bf58
[ 700.294029] R13: 1ffff920003f2e9f R14: dffffc0000000000 R15: ffffffffa6bcf9c0
[ 700.294698] FS: 00007f1039cfb740(0000) GS:ffff88821c400000(0000) knlGS:0000000000000000
[ 700.295430] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 700.296162] CR2: ffff88810fe71870 CR3: 000000011139b001 CR4: 00000000003706f0
[ 700.296877] Kernel panic - not syncing: Fatal exception
[ 700.297623] Kernel Offset: 0x10400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
Crash 3:
[ 224.681700] ath11k_pci 0000:06:00.0: wcn6855 hw2.0
[ 224.695019] ==================================================================
[ 224.695821] BUG: KASAN: slab-out-of-bounds in lockdep_register_key+0x755/0x8f0
[ 224.696644] Read of size 8 at addr ffff88810d771870 by task insmod/3533
[ 224.697486]
[ 224.698323] CPU: 5 PID: 3533 Comm: insmod Not tainted 6.10.0-rc1 #1543
[ 224.699188] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021
[ 224.700074] Call Trace:
[ 224.700962] <TASK>
[ 224.701776] dump_stack_lvl+0x7d/0xe0
[ 224.702620] print_address_description.constprop.0+0x33/0x3a0
[ 224.703468] print_report+0xb5/0x260
[ 224.704363] ? kasan_complete_mode_report_info+0x64/0x1a0
[ 224.705205] kasan_report+0xd8/0x110
[ 224.706077] ? lockdep_register_key+0x755/0x8f0
[ 224.706929] ? lockdep_register_key+0x755/0x8f0
[ 224.707736] __asan_report_load8_noabort+0x14/0x20
[ 224.708576] lockdep_register_key+0x755/0x8f0
[ 224.709397] ? save_trace+0x720/0x720
[ 224.710199] ? dma_alloc_attrs+0x145/0x1d0
[ 224.711034] ath11k_hal_srng_init+0x143/0x280 [ath11k]
[ 224.711848] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci]
[ 224.712649] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 224.713461] ? __this_cpu_preempt_check+0x13/0x20
[ 224.714270] ? _raw_spin_unlock_irqrestore+0x3c/0x80
[ 224.715078] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 224.715900] local_pci_probe+0xd6/0x180
[ 224.716658] pci_call_probe+0x152/0x3f0
[ 224.717437] ? __kasan_check_read+0x11/0x20
[ 224.718216] ? pci_pm_suspend_late+0x40/0x40
[ 224.719007] ? pci_match_device+0x380/0x660
[ 224.719749] pci_device_probe+0xa6/0x100
[ 224.720553] really_probe+0x1d5/0x920
[ 224.721309] __driver_probe_device+0x2e8/0x3f0
[ 224.722059] driver_probe_device+0x4a/0x140
[ 224.722741] __driver_attach+0x1ed/0x4c0
[ 224.723461] ? __device_attach_driver+0x290/0x290
[ 224.724177] bus_for_each_dev+0xf5/0x180
[ 224.724878] ? bus_remove_file+0x40/0x40
[ 224.725542] ? _raw_spin_unlock+0x27/0x50
[ 224.726258] driver_attach+0x38/0x50
[ 224.726966] bus_add_driver+0x29b/0x5e0
[ 224.727616] driver_register+0x130/0x450
[ 224.728314] __pci_register_driver+0x1d2/0x270
[ 224.729009] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 224.729651] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 224.730334] ath11k_pci_init+0x1f/0x50 [ath11k_pci]
[ 224.731019] do_one_initcall+0xdf/0x500
[ 224.731649] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0
[ 224.732338] ? kasan_save_alloc_info+0x37/0x40
[ 224.733025] ? __kasan_kmalloc+0x90/0xa0
[ 224.733652] ? kasan_unpoison+0x45/0x70
[ 224.734312] ? kasan_poison+0x3a/0x50
[ 224.734946] ? __asan_register_globals+0x5e/0x70
[ 224.735535] do_init_module+0x23f/0x6c0
[ 224.736174] load_module+0x11e3/0x1aa0
[ 224.736764] init_module_from_file+0xe4/0x140
[ 224.737408] ? __ia32_sys_init_module+0xa0/0xa0
[ 224.738045] ? __kasan_check_read+0x11/0x20
[ 224.738621] ? do_raw_spin_unlock+0x54/0x220
[ 224.739246] idempotent_init_module+0x265/0x750
[ 224.739848] ? init_module_from_file+0x140/0x140
[ 224.740425] ? __kasan_check_read+0x11/0x20
[ 224.741031] __x64_sys_finit_module+0xbb/0x130
[ 224.741592] x64_sys_call+0x1c5/0x9e0
[ 224.742195] do_syscall_64+0x64/0x130
[ 224.742739] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 224.743334] RIP: 0033:0x7f0b4a71895d
[ 224.743924] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48
[ 224.745095] RSP: 002b:00007ffd47fdbb88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 224.745666] RAX: ffffffffffffffda RBX: 0000562da1c5e7c0 RCX: 00007f0b4a71895d
[ 224.746291] RDX: 0000000000000000 RSI: 0000562d7e0c8358 RDI: 0000000000000003
[ 224.746925] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f0b4a7ef580
[ 224.747504] R10: 0000000000000003 R11: 0000000000000246 R12: 0000562d7e0c8358
[ 224.748130] R13: 0000000000000000 R14: 0000562da1c5e790 R15: 0000000000000000
[ 224.748705] </TASK>
[ 224.749318]
[ 224.749927] Allocated by task 796 on cpu 5 at 29.132818s:
[ 224.750502] kasan_save_stack+0x26/0x50
[ 224.751128] kasan_save_track+0x18/0x60
[ 224.751696] kasan_save_alloc_info+0x37/0x40
[ 224.752311] __kasan_slab_alloc+0x6a/0x70
[ 224.752925] kmem_cache_alloc_noprof+0x108/0x290
[ 224.753491] key_alloc+0x305/0x12b0
[ 224.754104] keyring_alloc+0x25/0x70
[ 224.754662] install_session_keyring_to_cred+0x13d/0x1c0
[ 224.755275] join_session_keyring+0x162/0x2c0
[ 224.755870] __do_sys_keyctl+0x1ce/0x2e0
[ 224.756474] __x64_sys_keyctl+0xb8/0x140
[ 224.757078] x64_sys_call+0x37e/0x9e0
[ 224.757631] do_syscall_64+0x64/0x130
[ 224.758233] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 224.758811]
[ 224.759376] Freed by task 1802201963 on cpu 748395 at 3779491.451988s:
[ 224.759998] ------------[ cut here ]------------
[ 224.760567] pool index 93034 out of bounds (1296) for stack id 6b6b6b6b
[ 224.761212] WARNING: CPU: 5 PID: 3533 at lib/stackdepot.c:451 depot_fetch_stack+0x97/0xc0
[ 224.761829] Modules linked in: ath11k_pci(+) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core [last unloaded: mhi]
[ 224.762499] CPU: 5 PID: 3533 Comm: insmod Not tainted 6.10.0-rc1 #1543
[ 224.763174] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021
[ 224.763842] RIP: 0010:depot_fetch_stack+0x97/0xc0
[ 224.764517] Code: ff 48 c7 c7 18 01 e6 94 e8 46 1f c7 01 83 f8 01 75 ba 0f 0b eb b6 44 89 e1 44 89 f2 89 de 48 c7 c7 98 bf 55 94 e8 59 95 f9 fe <0f> 0b 31 c0 eb c3 0f 0b 31 c0 eb bd 0f 0b 31 c0 eb b7 4c 89 e6 48
[ 224.765966] RSP: 0018:ffffc900014272f8 EFLAGS: 00010086
[ 224.766661] RAX: 0000000000000000 RBX: 0000000000016b6a RCX: 0000000000000000
[ 224.767417] RDX: 0000000000000003 RSI: 0000000000000004 RDI: 0000000000000001
[ 224.768170] RBP: ffffc90001427318 R08: 0000000000000001 R09: ffffed10439bdd19
[ 224.768911] R10: ffff88821cdee8cb R11: 0000000000000001 R12: 000000006b6b6b6b
[ 224.769618] R13: 0000000000001b50 R14: 0000000000000510 R15: 0000000000000082
[ 224.770375] FS: 00007f0b4a5d2740(0000) GS:ffff88821cc00000(0000) knlGS:0000000000000000
[ 224.771137] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 224.771900] CR2: 000055cd5a072308 CR3: 000000014233d005 CR4: 00000000003706f0
[ 224.772619] Call Trace:
[ 224.773379] <TASK>
[ 224.774135] ? show_regs+0x5b/0x70
[ 224.774901] ? __warn+0xc7/0x300
[ 224.775609] ? depot_fetch_stack+0x97/0xc0
[ 224.776369] ? report_bug+0x310/0x3f0
[ 224.777137] ? handle_bug+0x3e/0x90
[ 224.777912] ? exc_invalid_op+0x18/0x40
[ 224.778633] ? asm_exc_invalid_op+0x1b/0x20
[ 224.779394] ? depot_fetch_stack+0x97/0xc0
[ 224.780159] ? depot_fetch_stack+0x97/0xc0
[ 224.780937] stack_depot_print+0x31/0x60
[ 224.781654] print_track+0x66/0x80
[ 224.782405] print_address_description.constprop.0+0x367/0x3a0
[ 224.783170] print_report+0xb5/0x260
[ 224.783935] ? kasan_complete_mode_report_info+0x64/0x1a0
[ 224.784660] kasan_report+0xd8/0x110
[ 224.785427] ? lockdep_register_key+0x755/0x8f0
[ 224.786223] ? lockdep_register_key+0x755/0x8f0
[ 224.786954] __asan_report_load8_noabort+0x14/0x20
[ 224.787612] lockdep_register_key+0x755/0x8f0
[ 224.788312] ? save_trace+0x720/0x720
[ 224.789005] ? dma_alloc_attrs+0x145/0x1d0
[ 224.789659] ath11k_hal_srng_init+0x143/0x280 [ath11k]
[ 224.790375] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci]
[ 224.791072] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 224.791736] ? __this_cpu_preempt_check+0x13/0x20
[ 224.792439] ? _raw_spin_unlock_irqrestore+0x3c/0x80
[ 224.793139] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 224.793789] local_pci_probe+0xd6/0x180
[ 224.794485] pci_call_probe+0x152/0x3f0
[ 224.795184] ? __kasan_check_read+0x11/0x20
[ 224.795858] ? pci_pm_suspend_late+0x40/0x40
[ 224.796566] ? pci_match_device+0x380/0x660
[ 224.797267] pci_device_probe+0xa6/0x100
[ 224.797964] really_probe+0x1d5/0x920
[ 224.798612] __driver_probe_device+0x2e8/0x3f0
[ 224.799311] driver_probe_device+0x4a/0x140
[ 224.800008] __driver_attach+0x1ed/0x4c0
[ 224.800653] ? __device_attach_driver+0x290/0x290
[ 224.801350] bus_for_each_dev+0xf5/0x180
[ 224.802049] ? bus_remove_file+0x40/0x40
[ 224.802699] ? _raw_spin_unlock+0x27/0x50
[ 224.803397] driver_attach+0x38/0x50
[ 224.804089] bus_add_driver+0x29b/0x5e0
[ 224.804729] driver_register+0x130/0x450
[ 224.805417] __pci_register_driver+0x1d2/0x270
[ 224.806096] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 224.806727] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 224.807385] ath11k_pci_init+0x1f/0x50 [ath11k_pci]
[ 224.808028] do_one_initcall+0xdf/0x500
[ 224.808602] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0
[ 224.809222] ? kasan_save_alloc_info+0x37/0x40
[ 224.809769] ? __kasan_kmalloc+0x90/0xa0
[ 224.810329] ? kasan_unpoison+0x45/0x70
[ 224.810884] ? kasan_poison+0x3a/0x50
[ 224.811408] ? __asan_register_globals+0x5e/0x70
[ 224.811976] do_init_module+0x23f/0x6c0
[ 224.812492] load_module+0x11e3/0x1aa0
[ 224.813057] init_module_from_file+0xe4/0x140
[ 224.813568] ? __ia32_sys_init_module+0xa0/0xa0
[ 224.814126] ? __kasan_check_read+0x11/0x20
[ 224.814624] ? do_raw_spin_unlock+0x54/0x220
[ 224.815168] idempotent_init_module+0x265/0x750
[ 224.815657] ? init_module_from_file+0x140/0x140
[ 224.816206] ? __kasan_check_read+0x11/0x20
[ 224.816717] __x64_sys_finit_module+0xbb/0x130
[ 224.817255] x64_sys_call+0x1c5/0x9e0
[ 224.817766] do_syscall_64+0x64/0x130
[ 224.818301] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 224.818881] RIP: 0033:0x7f0b4a71895d
[ 224.819406] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48
[ 224.820527] RSP: 002b:00007ffd47fdbb88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 224.821175] RAX: ffffffffffffffda RBX: 0000562da1c5e7c0 RCX: 00007f0b4a71895d
[ 224.821772] RDX: 0000000000000000 RSI: 0000562d7e0c8358 RDI: 0000000000000003
[ 224.822392] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f0b4a7ef580
[ 224.823053] R10: 0000000000000003 R11: 0000000000000246 R12: 0000562d7e0c8358
[ 224.823649] R13: 0000000000000000 R14: 0000562da1c5e790 R15: 0000000000000000
[ 224.824282] </TASK>
[ 224.824911] irq event stamp: 31227
[ 224.825496] hardirqs last enabled at (31227): [<ffffffff93852291>] _raw_spin_unlock_irqrestore+0x51/0x80
[ 224.826172] hardirqs last disabled at (31226): [<ffffffff93851fbd>] _raw_spin_lock_irqsave+0x6d/0x90
[ 224.826786] softirqs last enabled at (29008): [<ffffffff90b713a3>] handle_softirqs+0x573/0x890
[ 224.827424] softirqs last disabled at (28595): [<ffffffff90b71ffc>] irq_exit_rcu+0xac/0x110
[ 224.828087] ---[ end trace 0000000000000000 ]---
[ 224.828705] ------------[ cut here ]------------
[ 224.829359] corrupt handle or use after stack_depot_put()
[ 224.829376] WARNING: CPU: 5 PID: 3533 at lib/stackdepot.c:711 stack_depot_print+0x5a/0x60
[ 224.830668] Modules linked in: ath11k_pci(+) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core [last unloaded: mhi]
[ 224.831396] CPU: 5 PID: 3533 Comm: insmod Tainted: G W 6.10.0-rc1 #1543
[ 224.832100] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021
[ 224.832780] RIP: 0010:stack_depot_print+0x5a/0x60
[ 224.833474] Code: ff 48 85 c0 74 18 8b 70 14 48 8d 78 20 85 f6 74 e4 31 d2 e8 48 a5 1e ff 5b 41 5c 5d c3 c3 48 c7 c7 50 c0 55 94 e8 76 8c f9 fe <0f> 0b eb c7 66 90 85 ff 74 6d 55 48 89 e5 41 57 44 0f b6 3d 0e c8
[ 224.834940] RSP: 0018:ffffc90001427328 EFLAGS: 00010086
[ 224.835663] RAX: 0000000000000000 RBX: 000000006b6b6b6b RCX: 0000000000000000
[ 224.836448] RDX: 0000000000000003 RSI: 0000000000000004 RDI: 0000000000000001
[ 224.837218] RBP: ffffc90001427338 R08: 0000000000000001 R09: ffffed10439bdd19
[ 224.838005] R10: ffff88821cdee8cb R11: 0000000000000001 R12: 0000000000000000
[ 224.838739] R13: ffffc90001427428 R14: 0000000000000008 R15: 0000000000000082
[ 224.839488] FS: 00007f0b4a5d2740(0000) GS:ffff88821cc00000(0000) knlGS:0000000000000000
[ 224.840272] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 224.841075] CR2: 000055cd5a072308 CR3: 000000014233d005 CR4: 00000000003706f0
[ 224.841848] Call Trace:
[ 224.842617] <TASK>
[ 224.843394] ? show_regs+0x5b/0x70
[ 224.844180] ? __warn+0xc7/0x300
[ 224.844964] ? stack_depot_print+0x5a/0x60
[ 224.845706] ? report_bug+0x310/0x3f0
[ 224.846501] ? handle_bug+0x3e/0x90
[ 224.847277] ? exc_invalid_op+0x18/0x40
[ 224.848063] ? asm_exc_invalid_op+0x1b/0x20
[ 224.848828] ? stack_depot_print+0x5a/0x60
[ 224.849595] ? stack_depot_print+0x5a/0x60
[ 224.850363] print_track+0x66/0x80
[ 224.851145] print_address_description.constprop.0+0x367/0x3a0
[ 224.851933] print_report+0xb5/0x260
[ 224.852662] ? kasan_complete_mode_report_info+0x64/0x1a0
[ 224.853438] kasan_report+0xd8/0x110
[ 224.854233] ? lockdep_register_key+0x755/0x8f0
[ 224.855017] ? lockdep_register_key+0x755/0x8f0
[ 224.855752] __asan_report_load8_noabort+0x14/0x20
[ 224.856543] lockdep_register_key+0x755/0x8f0
[ 224.857318] ? save_trace+0x720/0x720
[ 224.858097] ? dma_alloc_attrs+0x145/0x1d0
[ 224.858870] ath11k_hal_srng_init+0x143/0x280 [ath11k]
[ 224.859646] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci]
[ 224.860427] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 224.861232] ? __this_cpu_preempt_check+0x13/0x20
[ 224.862022] ? _raw_spin_unlock_irqrestore+0x3c/0x80
[ 224.862766] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 224.863562] local_pci_probe+0xd6/0x180
[ 224.864347] pci_call_probe+0x152/0x3f0
[ 224.865136] ? __kasan_check_read+0x11/0x20
[ 224.865912] ? pci_pm_suspend_late+0x40/0x40
[ 224.866630] ? pci_match_device+0x380/0x660
[ 224.867356] pci_device_probe+0xa6/0x100
[ 224.868075] really_probe+0x1d5/0x920
[ 224.868738] __driver_probe_device+0x2e8/0x3f0
[ 224.869456] driver_probe_device+0x4a/0x140
[ 224.870172] __driver_attach+0x1ed/0x4c0
[ 224.870860] ? __device_attach_driver+0x290/0x290
[ 224.871579] bus_for_each_dev+0xf5/0x180
[ 224.872290] ? bus_remove_file+0x40/0x40
[ 224.872991] ? _raw_spin_unlock+0x27/0x50
[ 224.873640] driver_attach+0x38/0x50
[ 224.874333] bus_add_driver+0x29b/0x5e0
[ 224.875025] driver_register+0x130/0x450
[ 224.875667] __pci_register_driver+0x1d2/0x270
[ 224.876355] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 224.877045] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 224.877671] ath11k_pci_init+0x1f/0x50 [ath11k_pci]
[ 224.878329] do_one_initcall+0xdf/0x500
[ 224.878967] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0
[ 224.879550] ? kasan_save_alloc_info+0x37/0x40
[ 224.880169] ? __kasan_kmalloc+0x90/0xa0
[ 224.880717] ? kasan_unpoison+0x45/0x70
[ 224.881289] ? kasan_poison+0x3a/0x50
[ 224.881829] ? __asan_register_globals+0x5e/0x70
[ 224.882372] do_init_module+0x23f/0x6c0
[ 224.882940] load_module+0x11e3/0x1aa0
[ 224.883454] init_module_from_file+0xe4/0x140
[ 224.884029] ? __ia32_sys_init_module+0xa0/0xa0
[ 224.884548] ? __kasan_check_read+0x11/0x20
[ 224.885105] ? do_raw_spin_unlock+0x54/0x220
[ 224.885605] idempotent_init_module+0x265/0x750
[ 224.886152] ? init_module_from_file+0x140/0x140
[ 224.886644] ? __kasan_check_read+0x11/0x20
[ 224.887191] __x64_sys_finit_module+0xbb/0x130
[ 224.887687] x64_sys_call+0x1c5/0x9e0
[ 224.888231] do_syscall_64+0x64/0x130
[ 224.888725] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 224.889275] RIP: 0033:0x7f0b4a71895d
[ 224.889775] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48
[ 224.890947] RSP: 002b:00007ffd47fdbb88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 224.891513] RAX: ffffffffffffffda RBX: 0000562da1c5e7c0 RCX: 00007f0b4a71895d
[ 224.892137] RDX: 0000000000000000 RSI: 0000562d7e0c8358 RDI: 0000000000000003
[ 224.892714] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f0b4a7ef580
[ 224.893340] R10: 0000000000000003 R11: 0000000000000246 R12: 0000562d7e0c8358
[ 224.893962] R13: 0000000000000000 R14: 0000562da1c5e790 R15: 0000000000000000
[ 224.894535] </TASK>
[ 224.895148] irq event stamp: 31227
[ 224.895709] hardirqs last enabled at (31227): [<ffffffff93852291>] _raw_spin_unlock_irqrestore+0x51/0x80
[ 224.896354] hardirqs last disabled at (31226): [<ffffffff93851fbd>] _raw_spin_lock_irqsave+0x6d/0x90
[ 224.897000] softirqs last enabled at (29008): [<ffffffff90b713a3>] handle_softirqs+0x573/0x890
[ 224.897596] softirqs last disabled at (28595): [<ffffffff90b71ffc>] irq_exit_rcu+0xac/0x110
[ 224.898242] ---[ end trace 0000000000000000 ]---
[ 224.898885]
[ 224.899470] The buggy address belongs to the object at ffff88810d7716c0#012[ 224.899470] which belongs to the cache key_jar of size 344
[ 224.900697] The buggy address is located 88 bytes to the right of#012[ 224.900697] allocated 344-byte region [ffff88810d7716c0, ffff88810d771818)
[ 224.901988]
[ 224.902588] The buggy address belongs to the physical page:
[ 224.903251] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810d771000 pfn:0x10d770
[ 224.903938] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 224.904581] flags: 0x200000000000240(workingset|head|node=0|zone=2)
[ 224.905260] page_type: 0xffffefff(slab)
[ 224.905963] raw: 0200000000000240 ffff8881018603c0 ffffea000440c210 ffffea0004378010
[ 224.906642] raw: ffff88810d771000 00000000001c0010 00000001ffffefff 0000000000000000
[ 224.907362] head: 0200000000000240 ffff8881018603c0 ffffea000440c210 ffffea0004378010
[ 224.908097] head: ffff88810d771000 00000000001c0010 00000001ffffefff 0000000000000000
[ 224.908791] head: 0200000000000002 ffffea000435dc01 ffffffffffffffff 0000000000000000
[ 224.909523] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 224.910256] page dumped because: kasan: bad access detected
[ 224.911015]
[ 224.911702] Memory state around the buggy address:
[ 224.912461] ffff88810d771700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 224.913215] ffff88810d771780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 224.913970] >ffff88810d771800: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 224.914678] ^
[ 224.915429] ffff88810d771880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 224.916226] ffff88810d771900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 224.916993] ==================================================================
[ 224.917703] Disabling lock debugging due to kernel taint
[ 224.918470] Oops: general protection fault, probably for non-canonical address 0xe00002c873880000: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN
[ 224.919267] KASAN: probably user-memory-access in range [0x000036439c400000-0x000036439c400007]
[ 224.920064] CPU: 5 PID: 3533 Comm: insmod Tainted: G B W 6.10.0-rc1 #1543
[ 224.920848] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021
[ 224.921653] RIP: 0010:lockdep_register_key+0x1c8/0x8f0
[ 224.922482] Code: 05 00 00 48 8b 1c cd 60 45 fc a5 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 <80> 3c 30 00 0f 85 74 05 00 00 48 8b 1b 48 85 db 0f 84 ff 01 00 00
[ 224.924193] RSP: 0018:ffffc900014274e0 EFLAGS: 00010007
[ 224.925070] RAX: 000006c873880000 RBX: 000036439c400005 RCX: 0000000000000594
[ 224.925957] RDX: ffffffff9561ceb8 RSI: dffffc0000000000 RDI: ffffffff95a98420
[ 224.926794] RBP: ffffc90001427580 R08: 0000000000000001 R09: fffffbfff2b53084
[ 224.927671] R10: ffffffff95a98427 R11: 0000000000000001 R12: ffff88813bb8c668
[ 224.928561] R13: 1ffff92000284e9f R14: dffffc0000000000 R15: ffffffffa61cf9c0
[ 224.929454] FS: 00007f0b4a5d2740(0000) GS:ffff88821cc00000(0000) knlGS:0000000000000000
[ 224.930355] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 224.931259] CR2: 000055cd5a072308 CR3: 000000014233d005 CR4: 00000000003706f0
[ 224.932171] Call Trace:
[ 224.933061] <TASK>
[ 224.933964] ? show_regs+0x5b/0x70
[ 224.934841] ? die_addr+0x3c/0xa0
[ 224.935718] ? exc_general_protection+0x150/0x230
[ 224.936600] ? asm_exc_general_protection+0x27/0x30
[ 224.937465] ? lockdep_register_key+0x1c8/0x8f0
[ 224.938325] ? save_trace+0x720/0x720
[ 224.939178] ? dma_alloc_attrs+0x145/0x1d0
[ 224.940039] ath11k_hal_srng_init+0x143/0x280 [ath11k]
[ 224.940927] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci]
[ 224.941742] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 224.942612] ? __this_cpu_preempt_check+0x13/0x20
[ 224.943460] ? _raw_spin_unlock_irqrestore+0x3c/0x80
[ 224.944316] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 224.945168] local_pci_probe+0xd6/0x180
[ 224.946041] pci_call_probe+0x152/0x3f0
[ 224.946860] ? __kasan_check_read+0x11/0x20
[ 224.947640] ? pci_pm_suspend_late+0x40/0x40
[ 224.948463] ? pci_match_device+0x380/0x660
[ 224.949284] pci_device_probe+0xa6/0x100
[ 224.950097] really_probe+0x1d5/0x920
[ 224.950910] __driver_probe_device+0x2e8/0x3f0
[ 224.951667] driver_probe_device+0x4a/0x140
[ 224.952472] __driver_attach+0x1ed/0x4c0
[ 224.953269] ? __device_attach_driver+0x290/0x290
[ 224.954067] bus_for_each_dev+0xf5/0x180
[ 224.954825] ? bus_remove_file+0x40/0x40
[ 224.955578] ? _raw_spin_unlock+0x27/0x50
[ 224.956349] driver_attach+0x38/0x50
[ 224.957121] bus_add_driver+0x29b/0x5e0
[ 224.957866] driver_register+0x130/0x450
[ 224.958610] __pci_register_driver+0x1d2/0x270
[ 224.959368] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 224.960126] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 224.960857] ath11k_pci_init+0x1f/0x50 [ath11k_pci]
[ 224.961593] do_one_initcall+0xdf/0x500
[ 224.962328] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0
[ 224.963075] ? kasan_save_alloc_info+0x37/0x40
[ 224.963775] ? __kasan_kmalloc+0x90/0xa0
[ 224.964488] ? kasan_unpoison+0x45/0x70
[ 224.965224] ? kasan_poison+0x3a/0x50
[ 224.965997] ? __asan_register_globals+0x5e/0x70
[ 224.966687] do_init_module+0x23f/0x6c0
[ 224.967405] load_module+0x11e3/0x1aa0
[ 224.968130] init_module_from_file+0xe4/0x140
[ 224.968829] ? __ia32_sys_init_module+0xa0/0xa0
[ 224.969532] ? __kasan_check_read+0x11/0x20
[ 224.970224] ? do_raw_spin_unlock+0x54/0x220
[ 224.970908] idempotent_init_module+0x265/0x750
[ 224.971519] ? init_module_from_file+0x140/0x140
[ 224.972185] ? __kasan_check_read+0x11/0x20
[ 224.972787] __x64_sys_finit_module+0xbb/0x130
[ 224.973406] x64_sys_call+0x1c5/0x9e0
[ 224.974007] do_syscall_64+0x64/0x130
[ 224.974562] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 224.975156] RIP: 0033:0x7f0b4a71895d
[ 224.975705] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48
[ 224.976969] RSP: 002b:00007ffd47fdbb88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 224.977556] RAX: ffffffffffffffda RBX: 0000562da1c5e7c0 RCX: 00007f0b4a71895d
[ 224.978188] RDX: 0000000000000000 RSI: 0000562d7e0c8358 RDI: 0000000000000003
[ 224.978767] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f0b4a7ef580
[ 224.979381] R10: 0000000000000003 R11: 0000000000000246 R12: 0000562d7e0c8358
[ 224.979998] R13: 0000000000000000 R14: 0000562da1c5e790 R15: 0000000000000000
[ 224.980572] </TASK>
[ 224.981186] Modules linked in: ath11k_pci(+) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core [last unloaded: mhi]
[ 224.981843] ---[ end trace 0000000000000000 ]---
[ 225.115543] RIP: 0010:lockdep_register_key+0x1c8/0x8f0
[ 225.116200] Code: 05 00 00 48 8b 1c cd 60 45 fc a5 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 <80> 3c 30 00 0f 85 74 05 00 00 48 8b 1b 48 85 db 0f 84 ff 01 00 00
[ 225.117542] RSP: 0018:ffffc900014274e0 EFLAGS: 00010007
[ 225.118274] RAX: 000006c873880000 RBX: 000036439c400005 RCX: 0000000000000594
[ 225.119009] RDX: ffffffff9561ceb8 RSI: dffffc0000000000 RDI: ffffffff95a98420
[ 225.119694] RBP: ffffc90001427580 R08: 0000000000000001 R09: fffffbfff2b53084
[ 225.120432] R10: ffffffff95a98427 R11: 0000000000000001 R12: ffff88813bb8c668
[ 225.121199] R13: 1ffff92000284e9f R14: dffffc0000000000 R15: ffffffffa61cf9c0
[ 225.121951] FS: 00007f0b4a5d2740(0000) GS:ffff88821cc00000(0000) knlGS:0000000000000000
[ 225.122641] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 225.123370] CR2: 000055cd5a072308 CR3: 000000014233d005 CR4: 00000000003706f0
[ 225.124130] Kernel panic - not syncing: Fatal exception
[ 225.124916] Kernel Offset: 0xfa00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
Crash 4:
[ 259.652506] ath11k_pci 0000:06:00.0: wcn6855 hw2.0
[ 259.665664] ==================================================================
[ 259.666542] BUG: KASAN: slab-use-after-free in lockdep_register_key+0x755/0x8f0
[ 259.667418] Read of size 8 at addr ffff88810fe49870 by task insmod/1944
[ 259.668282]
[ 259.669132] CPU: 0 PID: 1944 Comm: insmod Not tainted 6.10.0-rc1 #1547
[ 259.670001] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021
[ 259.670904] Call Trace:
[ 259.671744] <TASK>
[ 259.672580] dump_stack_lvl+0x7d/0xe0
[ 259.673436] print_address_description.constprop.0+0x33/0x3a0
[ 259.674297] print_report+0xb5/0x260
[ 259.675158] ? kasan_complete_mode_report_info+0x64/0x1a0
[ 259.676033] kasan_report+0xd8/0x110
[ 259.676937] ? lockdep_register_key+0x755/0x8f0
[ 259.677843] ? lockdep_register_key+0x755/0x8f0
[ 259.678647] __asan_report_load8_noabort+0x14/0x20
[ 259.679486] lockdep_register_key+0x755/0x8f0
[ 259.680314] ? save_trace+0x720/0x720
[ 259.681124] ? dma_alloc_attrs+0x145/0x1d0
[ 259.681944] ath11k_hal_srng_init+0x143/0x280 [ath11k]
[ 259.682762] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci]
[ 259.683560] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 259.684380] ? __this_cpu_preempt_check+0x13/0x20
[ 259.685198] ? _raw_spin_unlock_irqrestore+0x3c/0x80
[ 259.686014] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 259.686838] local_pci_probe+0xd6/0x180
[ 259.687595] pci_call_probe+0x152/0x3f0
[ 259.688387] ? __kasan_check_read+0x11/0x20
[ 259.689191] ? pci_pm_suspend_late+0x40/0x40
[ 259.689993] ? pci_match_device+0x380/0x660
[ 259.690763] pci_device_probe+0xa6/0x100
[ 259.691500] really_probe+0x1d5/0x920
[ 259.692284] __driver_probe_device+0x2e8/0x3f0
[ 259.693065] driver_probe_device+0x4a/0x140
[ 259.693778] __driver_attach+0x1ed/0x4c0
[ 259.694483] ? __device_attach_driver+0x290/0x290
[ 259.695207] bus_for_each_dev+0xf5/0x180
[ 259.695932] ? bus_remove_file+0x40/0x40
[ 259.696595] ? _raw_spin_unlock+0x27/0x50
[ 259.697323] driver_attach+0x38/0x50
[ 259.698039] bus_add_driver+0x29b/0x5e0
[ 259.698688] driver_register+0x130/0x450
[ 259.699392] __pci_register_driver+0x1d2/0x270
[ 259.700095] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 259.700767] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 259.701428] ath11k_pci_init+0x1f/0x50 [ath11k_pci]
[ 259.702123] do_one_initcall+0xdf/0x500
[ 259.702781] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0
[ 259.703435] ? kasan_save_alloc_info+0x37/0x40
[ 259.704134] ? __kasan_kmalloc+0x90/0xa0
[ 259.704811] ? kasan_unpoison+0x45/0x70
[ 259.705420] ? kasan_poison+0x3a/0x50
[ 259.706062] ? __asan_register_globals+0x5e/0x70
[ 259.706652] do_init_module+0x23f/0x6c0
[ 259.707300] load_module+0x11e3/0x1aa0
[ 259.707953] init_module_from_file+0xe4/0x140
[ 259.708546] ? __ia32_sys_init_module+0xa0/0xa0
[ 259.709199] ? __kasan_check_read+0x11/0x20
[ 259.709852] ? do_raw_spin_unlock+0x54/0x220
[ 259.710459] idempotent_init_module+0x265/0x750
[ 259.711113] ? init_module_from_file+0x140/0x140
[ 259.711695] ? __kasan_check_read+0x11/0x20
[ 259.712304] __x64_sys_finit_module+0xbb/0x130
[ 259.712954] x64_sys_call+0x1c5/0x9e0
[ 259.713528] do_syscall_64+0x64/0x130
[ 259.714144] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 259.714707] RIP: 0033:0x7ff1ed6c595d
[ 259.715309] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48
[ 259.716503] RSP: 002b:00007ffe9970fe88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 259.717158] RAX: ffffffffffffffda RBX: 000056003aabc7c0 RCX: 00007ff1ed6c595d
[ 259.717806] RDX: 0000000000000000 RSI: 000056000fddb358 RDI: 0000000000000003
[ 259.718425] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ff1ed79c580
[ 259.719090] R10: 0000000000000003 R11: 0000000000000246 R12: 000056000fddb358
[ 259.719666] R13: 0000000000000000 R14: 000056003aabc790 R15: 0000000000000000
[ 259.720301] </TASK>
[ 259.720926]
[ 259.721482] Allocated by task 1925 on cpu 0 at 258.277859s:
[ 259.722120] kasan_save_stack+0x26/0x50
[ 259.722696] kasan_save_track+0x18/0x60
[ 259.723325] kasan_save_alloc_info+0x37/0x40
[ 259.723952] __kasan_slab_alloc+0x6a/0x70
[ 259.724517] kmem_cache_alloc_noprof+0x108/0x290
[ 259.725142] __alloc_object+0x33/0x280
[ 259.725707] __create_object+0x24/0x90
[ 259.726328] kmemleak_alloc+0x45/0x80
[ 259.726946] kmem_cache_alloc_noprof+0x24a/0x290
[ 259.727507] vm_area_alloc+0x102/0x1e0
[ 259.728126] mmap_region+0x316/0x2390
[ 259.728678] do_mmap+0x756/0x1180
[ 259.729294] vm_mmap_pgoff+0x18f/0x320
[ 259.729903] ksys_mmap_pgoff+0x22b/0x520
[ 259.730453] __x64_sys_mmap+0xed/0x1a0
[ 259.731061] x64_sys_call+0x99e/0x9e0
[ 259.731609] do_syscall_64+0x64/0x130
[ 259.732219] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 259.732826]
[ 259.733371] Freed by task 0 on cpu 0 at 258.306253s:
[ 259.733985] kasan_save_stack+0x26/0x50
[ 259.734541] kasan_save_track+0x18/0x60
[ 259.735147] kasan_save_free_info+0x3b/0x50
[ 259.735693] poison_slab_object+0xf4/0x160
[ 259.736303] __kasan_slab_free+0x15/0x30
[ 259.736916] kmem_cache_free+0xf0/0x410
[ 259.737463] free_object_rcu+0x11a/0x130
[ 259.738069] rcu_do_batch+0x43c/0x1090
[ 259.738615] rcu_core+0x2b5/0x500
[ 259.739213] rcu_core_si+0x9/0x10
[ 259.739798] handle_softirqs+0x28b/0x890
[ 259.740354] irq_exit_rcu+0xac/0x110
[ 259.740950] sysvec_apic_timer_interrupt+0x94/0xc0
[ 259.741491] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 259.742089]
[ 259.742620] Last potentially related work creation:
[ 259.743222] kasan_save_stack+0x26/0x50
[ 259.743830] __kasan_record_aux_stack+0x93/0xa0
[ 259.744378] kasan_record_aux_stack_noalloc+0xb/0x10
[ 259.744987] __call_rcu_common.constprop.0+0x9e/0x750
[ 259.745537] call_rcu+0x9/0x10
[ 259.746145] put_object+0x30/0x40
[ 259.746690] __delete_object+0x37/0x50
[ 259.747294] delete_object_full+0x52/0x70
[ 259.747901] kmemleak_free+0x2c/0x60
[ 259.748456] kmem_cache_free+0x17d/0x410
[ 259.749056] vm_area_free_rcu_cb+0x7f/0xc0
[ 259.749600] rcu_do_batch+0x43c/0x1090
[ 259.750198] rcu_core+0x2b5/0x500
[ 259.750765] rcu_core_si+0x9/0x10
[ 259.751327] handle_softirqs+0x28b/0x890
[ 259.751925] run_ksoftirqd+0x37/0x60
[ 259.752457] smpboot_thread_fn+0x594/0x9b0
[ 259.753031] kthread+0x2fa/0x3f0
[ 259.753519] ret_from_fork+0x31/0x70
[ 259.754058] ret_from_fork_asm+0x11/0x20
[ 259.754527]
[ 259.755045] The buggy address belongs to the object at ffff88810fe497c8#012[ 259.755045] which belongs to the cache kmemleak_object of size 240
[ 259.756039] The buggy address is located 168 bytes inside of#012[ 259.756039] freed 240-byte region [ffff88810fe497c8, ffff88810fe498b8)
[ 259.757049]
[ 259.757530] The buggy address belongs to the physical page:
[ 259.758091] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fe48
[ 259.758611] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 259.759195] flags: 0x200000000000040(head|node=0|zone=2)
[ 259.759751] page_type: 0xffffefff(slab)
[ 259.760313] raw: 0200000000000040 ffff888100050900 dead000000000100 dead000000000122
[ 259.760920] raw: 0000000000000000 0000000000190019 00000001ffffefff 0000000000000000
[ 259.761466] head: 0200000000000040 ffff888100050900 dead000000000100 dead000000000122
[ 259.762079] head: 0000000000000000 0000000000190019 00000001ffffefff 0000000000000000
[ 259.762631] head: 0200000000000001 ffffea00043f9201 ffffffffffffffff 0000000000000000
[ 259.763257] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[ 259.763868] page dumped because: kasan: bad access detected
[ 259.764422]
[ 259.765030] Memory state around the buggy address:
[ 259.765590] ffff88810fe49700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 259.766220] ffff88810fe49780: fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb
[ 259.766850] >ffff88810fe49800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 259.767429] ^
[ 259.768074] ffff88810fe49880: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 259.768661] ffff88810fe49900: fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 259.769319] ==================================================================
[ 259.769972] Disabling lock debugging due to kernel taint
[ 259.770574] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN
[ 259.771267] KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af]
[ 259.771965] CPU: 0 PID: 1944 Comm: insmod Tainted: G B 6.10.0-rc1 #1547
[ 259.772619] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021
[ 259.773346] RIP: 0010:lockdep_register_key+0x1c8/0x8f0
[ 259.774074] Code: 05 00 00 48 8b 1c cd 60 45 fc a5 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 <80> 3c 30 00 0f 85 74 05 00 00 48 8b 1b 48 85 db 0f 84 ff 01 00 00
[ 259.775518] RSP: 0018:ffffc900015274e0 EFLAGS: 00010002
[ 259.776295] RAX: 0000000000000015 RBX: 00000000000000a8 RCX: 0000000000000556
[ 259.777081] RDX: ffffffff9561ceb8 RSI: dffffc0000000000 RDI: ffffffff95a98420
[ 259.777868] RBP: ffffc90001527580 R08: 0000000000000001 R09: fffffbfff2b53084
[ 259.778625] R10: ffffffff95a98427 R11: 0000000000000001 R12: ffff88814189c398
[ 259.779410] R13: 1ffff920002a4e9f R14: dffffc0000000000 R15: ffffffffa61cf9c0
[ 259.780194] FS: 00007ff1ed57f740(0000) GS:ffff88821b800000(0000) knlGS:0000000000000000
[ 259.780985] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 259.781722] CR2: 00007f08211a9e50 CR3: 00000001074ee005 CR4: 00000000003706f0
[ 259.782517] Call Trace:
[ 259.783306] <TASK>
[ 259.784089] ? show_regs+0x5b/0x70
[ 259.784879] ? die_addr+0x3c/0xa0
[ 259.785604] ? exc_general_protection+0x150/0x230
[ 259.786389] ? asm_exc_general_protection+0x27/0x30
[ 259.787180] ? lockdep_register_key+0x1c8/0x8f0
[ 259.787971] ? save_trace+0x720/0x720
[ 259.788704] ? dma_alloc_attrs+0x145/0x1d0
[ 259.789496] ath11k_hal_srng_init+0x143/0x280 [ath11k]
[ 259.790316] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci]
[ 259.791116] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 259.791921] ? __this_cpu_preempt_check+0x13/0x20
[ 259.792672] ? _raw_spin_unlock_irqrestore+0x3c/0x80
[ 259.793481] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci]
[ 259.794295] local_pci_probe+0xd6/0x180
[ 259.795116] pci_call_probe+0x152/0x3f0
[ 259.795928] ? __kasan_check_read+0x11/0x20
[ 259.796683] ? pci_pm_suspend_late+0x40/0x40
[ 259.797507] ? pci_match_device+0x380/0x660
[ 259.798323] pci_device_probe+0xa6/0x100
[ 259.799129] really_probe+0x1d5/0x920
[ 259.799934] __driver_probe_device+0x2e8/0x3f0
[ 259.800680] driver_probe_device+0x4a/0x140
[ 259.801484] __driver_attach+0x1ed/0x4c0
[ 259.802273] ? __device_attach_driver+0x290/0x290
[ 259.803065] bus_for_each_dev+0xf5/0x180
[ 259.803847] ? bus_remove_file+0x40/0x40
[ 259.804568] ? _raw_spin_unlock+0x27/0x50
[ 259.805334] driver_attach+0x38/0x50
[ 259.806100] bus_add_driver+0x29b/0x5e0
[ 259.806858] driver_register+0x130/0x450
[ 259.807557] __pci_register_driver+0x1d2/0x270
[ 259.808308] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 259.809065] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci]
[ 259.809789] ath11k_pci_init+0x1f/0x50 [ath11k_pci]
[ 259.810514] do_one_initcall+0xdf/0x500
[ 259.811256] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0
[ 259.812003] ? kasan_save_alloc_info+0x37/0x40
[ 259.812693] ? __kasan_kmalloc+0x90/0xa0
[ 259.813434] ? kasan_unpoison+0x45/0x70
[ 259.814166] ? kasan_poison+0x3a/0x50
[ 259.814885] ? __asan_register_globals+0x5e/0x70
[ 259.815557] do_init_module+0x23f/0x6c0
[ 259.816287] load_module+0x11e3/0x1aa0
[ 259.817003] init_module_from_file+0xe4/0x140
[ 259.817658] ? __ia32_sys_init_module+0xa0/0xa0
[ 259.818364] ? __kasan_check_read+0x11/0x20
[ 259.819062] ? do_raw_spin_unlock+0x54/0x220
[ 259.819697] idempotent_init_module+0x265/0x750
[ 259.820402] ? init_module_from_file+0x140/0x140
[ 259.821067] ? __kasan_check_read+0x11/0x20
[ 259.821670] __x64_sys_finit_module+0xbb/0x130
[ 259.822293] x64_sys_call+0x1c5/0x9e0
[ 259.822901] do_syscall_64+0x64/0x130
[ 259.823456] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 259.824054] RIP: 0033:0x7ff1ed6c595d
[ 259.824605] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48
[ 259.825828] RSP: 002b:00007ffe9970fe88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 259.826445] RAX: ffffffffffffffda RBX: 000056003aabc7c0 RCX: 00007ff1ed6c595d
[ 259.827096] RDX: 0000000000000000 RSI: 000056000fddb358 RDI: 0000000000000003
[ 259.827697] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ff1ed79c580
[ 259.828316] R10: 0000000000000003 R11: 0000000000000246 R12: 000056000fddb358
[ 259.828953] R13: 0000000000000000 R14: 000056003aabc790 R15: 0000000000000000
[ 259.829545] </TASK>
[ 259.830166] Modules linked in: ath11k_pci(+) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core [last unloaded: mhi]
[ 259.830859] ---[ end trace 0000000000000000 ]---
[ 259.915081] RIP: 0010:lockdep_register_key+0x1c8/0x8f0
[ 259.915719] Code: 05 00 00 48 8b 1c cd 60 45 fc a5 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 <80> 3c 30 00 0f 85 74 05 00 00 48 8b 1b 48 85 db 0f 84 ff 01 00 00
[ 259.917080] RSP: 0018:ffffc900015274e0 EFLAGS: 00010002
[ 259.917800] RAX: 0000000000000015 RBX: 00000000000000a8 RCX: 0000000000000556
[ 259.918506] RDX: ffffffff9561ceb8 RSI: dffffc0000000000 RDI: ffffffff95a98420
[ 259.919237] RBP: ffffc90001527580 R08: 0000000000000001 R09: fffffbfff2b53084
[ 259.919970] R10: ffffffff95a98427 R11: 0000000000000001 R12: ffff88814189c398
[ 259.920652] R13: 1ffff920002a4e9f R14: dffffc0000000000 R15: ffffffffa61cf9c0
[ 259.921374] FS: 00007ff1ed57f740(0000) GS:ffff88821b800000(0000) knlGS:0000000000000000
[ 259.922111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 259.922855] CR2: 00007f08211a9e50 CR3: 00000001074ee005 CR4: 00000000003706f0
[ 259.923554] Kernel panic - not syncing: Fatal exception
[ 259.924332] Kernel Offset: 0xfa00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
next reply other threads:[~2024-05-28 10:42 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-28 10:42 Kalle Valo [this message]
2024-05-29 15:58 ` [regression] BUG: KASAN: use-after-free in lockdep_register_key+0x755/0x8f0 Kalle Valo
2024-05-30 6:53 ` Kalle Valo
2024-05-30 7:18 ` Linux regression tracking (Thorsten Leemhuis)
2024-05-30 7:34 ` Dan Williams
2024-05-30 7:48 ` Kalle Valo
2024-05-30 8:18 ` Kalle Valo
2024-05-31 15:36 ` Dan Williams
2024-05-31 16:47 ` Kalle Valo
2024-06-01 8:39 ` Kalle Valo
2024-06-03 16:53 ` Bjorn Helgaas
2024-06-03 18:29 ` Kalle Valo
2024-06-03 19:14 ` Dan Williams
2024-06-04 8:09 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v82y6wvi.fsf@kernel.org \
--to=kvalo@kernel.org \
--cc=ath11k@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=quic_jjohnson@quicinc.com \
--cc=regressions@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.