| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 May 2024 09:53:28 +0300 From: Kalle Valo <kvalo@...nel.org> To: Dave Jiang <dave.jiang@...el.com>, Dan Williams <dan.j.williams@...el.com>, Bjorn Helgaas <bhelgaas@...gle.com> Cc: linux-wireless@...r.kernel.org, ath11k@...ts.infradead.org, regressions@...ts.linux.dev, Jeff Johnson <quic_jjohnson@...cinc.com>, linux-kernel@...r.kernel.org, linux-cxl@...r.kernel.org, linux-pci@...r.kernel.org Subject: Re: [regression] BUG: KASAN: use-after-free in lockdep_register_key+0x755/0x8f0 Kalle Valo <kvalo@...nel.org> writes: > Kalle Valo <kvalo@...nel.org> writes: > >> Yesterday I run our ath11k regression tests with v6.10-rc1 and our >> simple ath11k module reload stress started failing reliably with various >> KASAN errors. The test removes and inserts ath11k and other wireless >> modules in a loop. Usually I run it at least 100 times, some times even >> more, and no issues until yesterday. >> >> I have verified that the last wireless-next pull request (tag >> wireless-next-2024-05-08) works without issues and v6.10-rc1 fails >> always, usually within 50 module reload loops. From this I'm _guessing_ >> that we have a regression outside wireless, most probably introduced >> between v6.9 and v6.10-rc1. But of course I cannot be sure of anything >> yet. >> >> I see different KASAN warnings and lockdep seems to be always visible in >> the stack traces. I think I can reproduce the issue within 15 minutes or >> so. Before I start bisecting has anyone else seen anything similar? Or >> any suggestions how to debug this further? >> >> I have included some crash logs below, they are retrieved using >> netconsole. Here's a summary of the errors: >> >> [ 159.970765] KASAN: maybe wild-memory-access in range >> [0xbbbbbbbbbbbbbbb8-0xbbbbbbbbbbbbbbbf] >> [ 700.017632] BUG: KASAN: use-after-free in lockdep_register_key+0x755/0x8f0 >> [ 224.695821] BUG: KASAN: slab-out-of-bounds in lockdep_register_key+0x755/0x8f0 >> [ 259.666542] BUG: KASAN: slab-use-after-free in lockdep_register_key+0x755/0x8f0 > > I did a bisect and got this: > > cf29111d3e4a9ebe1cbe2b431274718506d69f10 is the first bad commit > commit cf29111d3e4a9ebe1cbe2b431274718506d69f10 > Merge: ed11a28cb709 e6f7d27df5d2 > Author: Bjorn Helgaas <bhelgaas@...gle.com> > Date: Thu May 16 18:14:11 2024 -0500 > > Merge branch 'pci/of' > > - Check for kcalloc() failure and handle it gracefully (Duoming Zhou) > > * pci/of: > PCI: of_property: Return error for int_map allocation failure > > drivers/pci/of_property.c | 2 ++ > 1 file changed, 2 insertions(+) > > But that doesn't make any sense to me, I don't even have > CONFIG_PCI_DYNAMIC_OF_NODES enabled in my .config. I guess I did a > mistake during bisect, I'm now testing the parents (e6f7d27df5d2 and > ed11a28cb709) and trying to pinpoint where I did it wrong. I found my mistake and was able to finish the bisect. This seems to be the commit causing my problems: # first bad commit: [7e89efc6e9e402839643cb297bab14055c547f07] PCI: Lock upstream bridge for pci_reset_function() I verified by reverting that commit on top of v6.10-rc1 and I have not seen any crashes so far, normally I would have seen it by now. But I will continue testing the revert just to be sure. Adding people and lists involved with that commit. Here is my original report: https://lore.kernel.org/all/87v82y6wvi.fsf@kernel.org/ -- https://patchwork.kernel.org/project/linux-wireless/list/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Powered by blists - more mailing lists