lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20241007013404.46f185e9@yea>
Date: Mon, 7 Oct 2024 01:34:04 +0200
From: Erhard Furtner <erhard_f@...lbox.org>
To: netdev@...r.kernel.org
Cc: linuxppc-dev@...ts.ozlabs.org
Subject: BUG: KMSAN: use-after-free in napi_consume_skb+0x22d/0x2c0
 (netconsole, r8169, kernel 6.11.2)

Greetings!

I am getting this most of the time when booting a KMSAN-enabled kernel when netconsole is in use:

[...]
r8169 0000:05:00.0: Unable to load firmware rtl_nic/rtl8168h-2.fw (-2)
=====================================================
BUG: KMSAN: uninit-value in bcmp+0x8e/0x140

Uninit was stored to memory at:

Local variable vendor_guid created at:
 efivar_init+0x77/0x1010 [efivarfs]

CPU: 18 UID: 0 PID: 1 Comm: systemd Tainted: G    B              6.11.2-Zen3 #19
Tainted: [B]=BAD_PAGE
Hardware name: To Be Filled By O.E.M. B550M Pro4/B550M Pro4, BIOS P3.40 01/18/2024
=====================================================
=====================================================
BUG: KMSAN: use-after-free in napi_consume_skb+0x22d/0x2c0

Uninit was created at:

CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Tainted: G    B              6.11.2-Zen3 #19
Tainted: [B]=BAD_PAGE
Hardware name: To Be Filled By O.E.M. B550M Pro4/B550M Pro4, BIOS P3.40 01/18/2024
=====================================================
=====================================================
BUG: KMSAN: uninit-value in bcmp+0x8e/0x140

Uninit was stored to memory at:

Uninit was stored to memory at:

Uninit was stored to memory at:

Local variable vendor_guid created at:
 efivar_init+0x77/0x1010 [efivarfs]

CPU: 18 UID: 0 PID: 1 Comm: systemd Tainted: G    B              6.11.2-Zen3 #19
Tainted: [B]=BAD_PAGE
Hardware name: To Be Filled By O.E.M. B550M Pro4/B550M Pro4, BIOS P3.40 01/18/2024
=====================================================
=====================================================
BUG: KMSAN: use-after-free in napi_consume_skb+0x242/0x2c0

Uninit was created at:

CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Tainted: G    B              6.11.2-Zen3 #19
Tainted: [B]=BAD_PAGE
Hardware name: To Be Filled By O.E.M. B550M Pro4/B550M Pro4, BIOS P3.40 01/18/2024
=====================================================
=====================================================
BUG: KMSAN: uninit-value in bcmp+0xf7/0x140
[...]


At least I guess this is connected to netconsole as it happens rather early at bootup and the machine does not finish booting, so I can neither login via ssh nor via keyboard.

The system is a Ryzen 5950X running on an ASRock B550M Pro4, 32 GB RAM, Radeon RX 6700, NVMe SSD. Network card in use is:

 # lspci -v -s 05:00.0
05:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd.
RTL8111/8168/8211/8411 PCI Express Gigabit Ethernet Controller (rev 15)
Subsystem: ASRock Incorporation Motherboard (one of many) Flags: bus master,
fast devsel, latency 0, IRQ 33, IOMMU group 0 I/O ports at d000 [size=256]
	Memory at fcc04000 (64-bit, non-prefetchable) [size=4K]
	Memory at fcc00000 (64-bit, non-prefetchable) [size=16K]
	Capabilities: [40] Power Management version 3
	Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+
	Capabilities: [70] Express Endpoint, IntMsgNum 1
	Capabilities: [b0] MSI-X: Enable+ Count=4 Masked-
	Capabilities: [100] Advanced Error Reporting
	Capabilities: [140] Virtual Channel
	Capabilities: [160] Device Serial Number f9-95-22-00-6b-9c-00-00
	Capabilities: [170] Latency Tolerance Reporting
	Capabilities: [178] L1 PM Substates
	Kernel driver in use: r8169

dmesg (via netconsole) and kernel .config attached.

Regards,
Erhard

Download attachment "dmesg_6112_zen3_01" of type "application/octet-stream" (58254 bytes)

Download attachment "config_6112_zen3-van" of type "application/octet-stream" (126167 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ