Hi, Yesterday I run our ath11k regression tests with v6.10-rc1 and our simple ath11k module reload stress started failing reliably with various KASAN errors. The test removes and inserts ath11k and other wireless modules in a loop. Usually I run it at least 100 times, some times even more, and no issues until yesterday. I have verified that the last wireless-next pull request (tag wireless-next-2024-05-08) works without issues and v6.10-rc1 fails always, usually within 50 module reload loops. From this I'm _guessing_ that we have a regression outside wireless, most probably introduced between v6.9 and v6.10-rc1. But of course I cannot be sure of anything yet. I see different KASAN warnings and lockdep seems to be always visible in the stack traces. I think I can reproduce the issue within 15 minutes or so. Before I start bisecting has anyone else seen anything similar? Or any suggestions how to debug this further? I have included some crash logs below, they are retrieved using netconsole. Here's a summary of the errors: [ 159.970765] KASAN: maybe wild-memory-access in range [0xbbbbbbbbbbbbbbb8-0xbbbbbbbbbbbbbbbf] [ 700.017632] BUG: KASAN: use-after-free in lockdep_register_key+0x755/0x8f0 [ 224.695821] BUG: KASAN: slab-out-of-bounds in lockdep_register_key+0x755/0x8f0 [ 259.666542] BUG: KASAN: slab-use-after-free in lockdep_register_key+0x755/0x8f0 Kalle Crash 1: [ 159.952138] ath11k_pci 0000:06:00.0: wcn6855 hw2.0 [ 159.970683] Oops: general protection fault, probably for non-canonical address 0xf777737777777777: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN [ 159.970765] KASAN: maybe wild-memory-access in range [0xbbbbbbbbbbbbbbb8-0xbbbbbbbbbbbbbbbf] [ 159.970839] CPU: 0 PID: 1182 Comm: insmod Not tainted 6.10.0-rc1 #1547 [ 159.970909] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 [ 159.971000] RIP: 0010:lockdep_register_key+0x1c8/0x8f0 [ 159.971082] Code: 05 00 00 48 8b 1c cd 60 45 3c af 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 <80> 3c 30 00 0f 85 74 05 00 00 48 8b 1b 48 85 db 0f 84 ff 01 00 00 [ 159.971199] RSP: 0018:ffffc900013d74e0 EFLAGS: 00010806 [ 159.971263] RAX: 1777777777777777 RBX: bbbbbbbbbbbbbbbb RCX: 00000000000009f2 [ 159.971318] RDX: ffffffff9ea1ceb8 RSI: dffffc0000000000 RDI: ffffc900013d7518 [ 159.971370] RBP: ffffc900013d7580 R08: 0000000000000001 R09: fffff5200027aea3 [ 159.971421] R10: 0000000000000003 R11: 0000000000000000 R12: ffff888138b8c438 [ 159.971471] R13: 1ffff9200027ae9f R14: dffffc0000000000 R15: ffffffffaf5cf9c0 [ 159.971523] FS: 00007f1f2ed81740(0000) GS:ffff888231800000(0000) knlGS:0000000000000000 [ 159.971577] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 159.971624] CR2: 0000558d3b24e308 CR3: 000000012eb03002 CR4: 00000000003706f0 [ 159.971674] Call Trace: [ 159.971712] <TASK> [ 159.971748] ? show_regs+0x5b/0x70 [ 159.971791] ? die_addr+0x3c/0xa0 [ 159.971832] ? exc_general_protection+0x150/0x230 [ 159.971879] ? asm_exc_general_protection+0x27/0x30 [ 159.971971] ? lockdep_register_key+0x1c8/0x8f0 [ 159.972018] ? save_trace+0x720/0x720 [ 159.972059] ? dma_alloc_attrs+0x145/0x1d0 [ 159.972102] ath11k_hal_srng_init+0x143/0x280 [ath11k] [ 159.972173] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci] [ 159.972224] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 159.972272] ? __this_cpu_preempt_check+0x13/0x20 [ 159.972320] ? _raw_spin_unlock_irqrestore+0x3c/0x80 [ 159.972367] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 159.972415] local_pci_probe+0xd6/0x180 [ 159.972458] pci_call_probe+0x152/0x3f0 [ 159.972500] ? __kasan_check_read+0x11/0x20 [ 159.972544] ? pci_pm_suspend_late+0x40/0x40 [ 159.972589] ? pci_match_device+0x380/0x660 [ 159.972634] pci_device_probe+0xa6/0x100 [ 159.972675] really_probe+0x1d5/0x920 [ 159.972717] __driver_probe_device+0x2e8/0x3f0 [ 159.972761] driver_probe_device+0x4a/0x140 [ 159.972803] __driver_attach+0x1ed/0x4c0 [ 159.972844] ? __device_attach_driver+0x290/0x290 [ 159.972906] bus_for_each_dev+0xf5/0x180 [ 159.972961] ? bus_remove_file+0x40/0x40 [ 159.973002] ? _raw_spin_unlock+0x27/0x50 [ 159.973044] driver_attach+0x38/0x50 [ 159.973084] bus_add_driver+0x29b/0x5e0 [ 159.973137] driver_register+0x130/0x450 [ 159.973182] __pci_register_driver+0x1d2/0x270 [ 159.973226] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 159.973276] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 159.973325] ath11k_pci_init+0x1f/0x50 [ath11k_pci] [ 159.973373] do_one_initcall+0xdf/0x500 [ 159.974122] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0 [ 159.974832] ? kasan_save_alloc_info+0x37/0x40 [ 159.975560] ? __kasan_kmalloc+0x90/0xa0 [ 159.976287] ? kasan_unpoison+0x45/0x70 [ 159.977027] ? kasan_poison+0x3a/0x50 [ 159.977713] ? __asan_register_globals+0x5e/0x70 [ 159.978436] do_init_module+0x23f/0x6c0 [ 159.979160] load_module+0x11e3/0x1aa0 [ 159.979833] init_module_from_file+0xe4/0x140 [ 159.980539] ? __ia32_sys_init_module+0xa0/0xa0 [ 159.981260] ? __kasan_check_read+0x11/0x20 [ 159.982011] ? do_raw_spin_unlock+0x54/0x220 [ 159.982653] idempotent_init_module+0x265/0x750 [ 159.983322] ? init_module_from_file+0x140/0x140 [ 159.983987] ? __kasan_check_read+0x11/0x20 [ 159.984593] __x64_sys_finit_module+0xbb/0x130 [ 159.985221] x64_sys_call+0x1c5/0x9e0 [ 159.985784] do_syscall_64+0x64/0x130 [ 159.986375] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 159.986974] RIP: 0033:0x7f1f2eec795d [ 159.987558] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48 [ 159.988707] RSP: 002b:00007fff06ddf4d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 159.989325] RAX: ffffffffffffffda RBX: 000055f0e42647c0 RCX: 00007f1f2eec795d [ 159.989921] RDX: 0000000000000000 RSI: 000055f0ba5e2358 RDI: 0000000000000003 [ 159.990521] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f1f2ef9e580 [ 159.991138] R10: 0000000000000003 R11: 0000000000000246 R12: 000055f0ba5e2358 [ 159.991699] R13: 0000000000000000 R14: 000055f0e4264790 R15: 0000000000000000 [ 159.992317] </TASK> [ 159.992876] Modules linked in: ath11k_pci(+) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core [ 159.993568] ---[ end trace 0000000000000000 ]--- [ 160.131323] RIP: 0010:lockdep_register_key+0x1c8/0x8f0 [ 160.131999] Code: 05 00 00 48 8b 1c cd 60 45 3c af 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 <80> 3c 30 00 0f 85 74 05 00 00 48 8b 1b 48 85 db 0f 84 ff 01 00 00 [ 160.133318] RSP: 0018:ffffc900013d74e0 EFLAGS: 00010806 [ 160.134034] RAX: 1777777777777777 RBX: bbbbbbbbbbbbbbbb RCX: 00000000000009f2 [ 160.134705] RDX: ffffffff9ea1ceb8 RSI: dffffc0000000000 RDI: ffffc900013d7518 [ 160.135417] RBP: ffffc900013d7580 R08: 0000000000000001 R09: fffff5200027aea3 [ 160.136136] R10: 0000000000000003 R11: 0000000000000000 R12: ffff888138b8c438 [ 160.136809] R13: 1ffff9200027ae9f R14: dffffc0000000000 R15: ffffffffaf5cf9c0 [ 160.137519] FS: 00007f1f2ed81740(0000) GS:ffff888231800000(0000) knlGS:0000000000000000 [ 160.138248] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 160.138954] CR2: 0000558d3b24e308 CR3: 000000012eb03002 CR4: 00000000003706f0 [ 160.139671] Kernel panic - not syncing: Fatal exception [ 160.140435] Kernel Offset: 0x18e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) Crash 2: [ 699.996725] ath11k_pci 0000:06:00.0: wcn6855 hw2.0 [ 700.016765] ================================================================== [ 700.017632] BUG: KASAN: use-after-free in lockdep_register_key+0x755/0x8f0 [ 700.018501] Read of size 8 at addr ffff88810fe71870 by task insmod/9675 [ 700.019375] [ 700.020249] CPU: 3 PID: 9675 Comm: insmod Not tainted 6.10.0-rc1 #1543 [ 700.021138] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 [ 700.022040] Call Trace: [ 700.022878] <TASK> [ 700.023696] dump_stack_lvl+0x7d/0xe0 [ 700.024549] print_address_description.constprop.0+0x33/0x3a0 [ 700.025412] print_report+0xb5/0x260 [ 700.026258] ? kasan_addr_to_slab+0x24/0x80 [ 700.027108] kasan_report+0xd8/0x110 [ 700.027950] ? lockdep_register_key+0x755/0x8f0 [ 700.028748] ? lockdep_register_key+0x755/0x8f0 [ 700.029585] __asan_report_load8_noabort+0x14/0x20 [ 700.030427] lockdep_register_key+0x755/0x8f0 [ 700.031239] ? save_trace+0x720/0x720 [ 700.032027] ? dma_alloc_attrs+0x145/0x1d0 [ 700.032780] ath11k_hal_srng_init+0x143/0x280 [ath11k] [ 700.033601] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci] [ 700.034399] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 700.035223] ? __this_cpu_preempt_check+0x13/0x20 [ 700.036029] ? _raw_spin_unlock_irqrestore+0x3c/0x80 [ 700.036782] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 700.037570] local_pci_probe+0xd6/0x180 [ 700.038351] pci_call_probe+0x152/0x3f0 [ 700.039402] ? __kasan_check_read+0x11/0x20 [ 700.040800] ? pci_pm_suspend_late+0x40/0x40 [ 700.041576] ? pci_match_device+0x380/0x660 [ 700.042352] pci_device_probe+0xa6/0x100 [ 700.043127] really_probe+0x1d5/0x920 [ 700.043878] __driver_probe_device+0x2e8/0x3f0 [ 700.044609] driver_probe_device+0x4a/0x140 [ 700.045356] __driver_attach+0x1ed/0x4c0 [ 700.046082] ? __device_attach_driver+0x290/0x290 [ 700.046745] bus_for_each_dev+0xf5/0x180 [ 700.047472] ? bus_remove_file+0x40/0x40 [ 700.048198] ? _raw_spin_unlock+0x27/0x50 [ 700.048911] driver_attach+0x38/0x50 [ 700.050381] bus_add_driver+0x29b/0x5e0 [ 700.051097] driver_register+0x130/0x450 [ 700.051746] __pci_register_driver+0x1d2/0x270 [ 700.052450] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 700.053159] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 700.053789] ath11k_pci_init+0x1f/0x50 [ath11k_pci] [ 700.054488] do_one_initcall+0xdf/0x500 [ 700.055183] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0 [ 700.055829] ? kasan_save_alloc_info+0x37/0x40 [ 700.056534] ? __kasan_kmalloc+0x90/0xa0 [ 700.057218] ? kasan_unpoison+0x45/0x70 [ 700.057834] ? kasan_poison+0x3a/0x50 [ 700.058465] ? __asan_register_globals+0x5e/0x70 [ 700.059115] do_init_module+0x23f/0x6c0 [ 700.059717] load_module+0x11e3/0x1aa0 [ 700.060373] init_module_from_file+0xe4/0x140 [ 700.061034] ? __ia32_sys_init_module+0xa0/0xa0 [ 700.061631] ? __kasan_check_read+0x11/0x20 [ 700.062277] ? do_raw_spin_unlock+0x54/0x220 [ 700.062882] idempotent_init_module+0x265/0x750 [ 700.063486] ? init_module_from_file+0x140/0x140 [ 700.064116] ? __kasan_check_read+0x11/0x20 [ 700.064671] __x64_sys_finit_module+0xbb/0x130 [ 700.065294] x64_sys_call+0x1c5/0x9e0 [ 700.065878] do_syscall_64+0x64/0x130 [ 700.066450] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 700.067059] RIP: 0033:0x7f1039e4195d [ 700.067603] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48 [ 700.068785] RSP: 002b:00007ffc40b5d918 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 700.069418] RAX: ffffffffffffffda RBX: 00005609ae2a57c0 RCX: 00007f1039e4195d [ 700.070063] RDX: 0000000000000000 RSI: 00005609a145c358 RDI: 0000000000000003 [ 700.070643] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f1039f18580 [ 700.071282] R10: 0000000000000003 R11: 0000000000000246 R12: 00005609a145c358 [ 700.071885] R13: 0000000000000000 R14: 00005609ae2a5790 R15: 0000000000000000 [ 700.072492] </TASK> [ 700.073129] [ 700.073695] The buggy address belongs to the physical page: [ 700.074336] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x10fe71 [ 700.074997] flags: 0x200000000000000(node=0|zone=2) [ 700.075591] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 700.076256] raw: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 700.076889] page dumped because: kasan: bad access detected [ 700.077521] [ 700.078177] Memory state around the buggy address: [ 700.078782] ffff88810fe71700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 700.079458] ffff88810fe71780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 700.080129] >ffff88810fe71800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 700.080730] ^ [ 700.081393] ffff88810fe71880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 700.082069] ffff88810fe71900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 700.082675] ================================================================== [ 700.083351] Disabling lock debugging due to kernel taint [ 700.084030] BUG: unable to handle page fault for address: ffff88810fe71870 [ 700.084657] #PF: supervisor read access in kernel mode [ 700.085341] #PF: error_code(0x0000) - not-present page [ 700.086027] PGD 24be01067 P4D 24be01067 PUD 27ea1a067 PMD 27e99a067 PTE 800ffffef018e060 [ 700.086677] Oops: Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN [ 700.087380] CPU: 3 PID: 9675 Comm: insmod Tainted: G B 6.10.0-rc1 #1543 [ 700.088094] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 [ 700.088777] RIP: 0010:lockdep_register_key+0x1d2/0x8f0 [ 700.089511] Code: a6 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 80 3c 30 00 0f 85 74 05 00 00 <48> 8b 1b 48 85 db 0f 84 ff 01 00 00 49 39 dc 75 de 0f 0b 48 b8 00 [ 700.091027] RSP: 0018:ffffc90001f974e0 EFLAGS: 00010082 [ 700.091752] RAX: 0000000000000001 RBX: ffff88810fe71870 RCX: 0000000000000a51 [ 700.092539] RDX: ffffffff9601ceb8 RSI: dffffc0000000000 RDI: ffffffff96498420 [ 700.093360] RBP: ffffc90001f97580 R08: 0000000000000001 R09: fffffbfff2c93084 [ 700.094152] R10: ffffffff96498427 R11: 0000000000000001 R12: ffff88812ef4bf58 [ 700.094957] R13: 1ffff920003f2e9f R14: dffffc0000000000 R15: ffffffffa6bcf9c0 [ 700.096987] FS: 00007f1039cfb740(0000) GS:ffff88821c400000(0000) knlGS:0000000000000000 [ 700.097743] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 700.098533] CR2: ffff88810fe71870 CR3: 000000011139b001 CR4: 00000000003706f0 [ 700.099351] Call Trace: [ 700.100155] <TASK> [ 700.100984] ? show_regs+0x5b/0x70 [ 700.101742] ? __die+0x1f/0x60 [ 700.102546] ? page_fault_oops+0x121/0x260 [ 700.103351] ? show_fault_oops+0x6e0/0x6e0 [ 700.104153] ? search_module_extables+0xb5/0xf0 [ 700.104942] ? lockdep_register_key+0x1d2/0x8f0 [ 700.105686] ? search_exception_tables+0x4a/0x50 [ 700.106490] ? fixup_exception+0x48/0x8e0 [ 700.107292] ? vprintk+0x29/0x30 [ 700.108092] ? kernelmode_fixup_or_oops.isra.0+0x7a/0x90 [ 700.108864] ? __bad_area_nosemaphore+0x256/0x580 [ 700.109628] ? trace_irq_disable+0x3d/0x140 [ 700.110438] ? bad_area_nosemaphore+0x11/0x20 [ 700.111240] ? do_kern_addr_fault+0xa7/0xc0 [ 700.112052] ? exc_page_fault+0xbc/0xc0 [ 700.112798] ? asm_exc_page_fault+0x27/0x30 [ 700.113602] ? lockdep_register_key+0x1d2/0x8f0 [ 700.114386] ? save_trace+0x720/0x720 [ 700.115146] ? dma_alloc_attrs+0x145/0x1d0 [ 700.115914] ath11k_hal_srng_init+0x143/0x280 [ath11k] [ 700.116630] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci] [ 700.117366] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 700.118119] ? __this_cpu_preempt_check+0x13/0x20 [ 700.118816] ? _raw_spin_unlock_irqrestore+0x3c/0x80 [ 700.119565] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 700.120315] local_pci_probe+0xd6/0x180 [ 700.121055] pci_call_probe+0x152/0x3f0 [ 700.121742] ? __kasan_check_read+0x11/0x20 [ 700.122482] ? pci_pm_suspend_late+0x40/0x40 [ 700.123216] ? pci_match_device+0x380/0x660 [ 700.123944] pci_device_probe+0xa6/0x100 [ 700.124613] really_probe+0x1d5/0x920 [ 700.125332] __driver_probe_device+0x2e8/0x3f0 [ 700.126047] driver_probe_device+0x4a/0x140 [ 700.126705] __driver_attach+0x1ed/0x4c0 [ 700.127412] ? __device_attach_driver+0x290/0x290 [ 700.128126] bus_for_each_dev+0xf5/0x180 [ 700.128789] ? bus_remove_file+0x40/0x40 [ 700.129499] ? _raw_spin_unlock+0x27/0x50 [ 700.130204] driver_attach+0x38/0x50 [ 700.130895] bus_add_driver+0x29b/0x5e0 [ 700.131556] driver_register+0x130/0x450 [ 700.132252] __pci_register_driver+0x1d2/0x270 [ 700.132943] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 700.133581] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 700.134269] ath11k_pci_init+0x1f/0x50 [ath11k_pci] [ 700.134949] do_one_initcall+0xdf/0x500 [ 700.135562] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0 [ 700.136235] ? kasan_save_alloc_info+0x37/0x40 [ 700.136874] ? __kasan_kmalloc+0x90/0xa0 [ 700.137483] ? kasan_unpoison+0x45/0x70 [ 700.138102] ? kasan_poison+0x3a/0x50 [ 700.138647] ? __asan_register_globals+0x5e/0x70 [ 700.139241] do_init_module+0x23f/0x6c0 [ 700.139782] load_module+0x11e3/0x1aa0 [ 700.140371] init_module_from_file+0xe4/0x140 [ 700.140953] ? __ia32_sys_init_module+0xa0/0xa0 [ 700.141479] ? __kasan_check_read+0x11/0x20 [ 700.142057] ? do_raw_spin_unlock+0x54/0x220 [ 700.142572] idempotent_init_module+0x265/0x750 [ 700.143137] ? init_module_from_file+0x140/0x140 [ 700.143647] ? __kasan_check_read+0x11/0x20 [ 700.144198] __x64_sys_finit_module+0xbb/0x130 [ 700.144699] x64_sys_call+0x1c5/0x9e0 [ 700.145254] do_syscall_64+0x64/0x130 [ 700.145754] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 700.146319] RIP: 0033:0x7f1039e4195d [ 700.146831] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48 [ 700.148018] RSP: 002b:00007ffc40b5d918 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 700.148592] RAX: ffffffffffffffda RBX: 00005609ae2a57c0 RCX: 00007f1039e4195d [ 700.149210] RDX: 0000000000000000 RSI: 00005609a145c358 RDI: 0000000000000003 [ 700.149789] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f1039f18580 [ 700.150421] R10: 0000000000000003 R11: 0000000000000246 R12: 00005609a145c358 [ 700.151053] R13: 0000000000000000 R14: 00005609ae2a5790 R15: 0000000000000000 [ 700.151632] </TASK> [ 700.152261] Modules linked in: ath11k_pci(+) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core [last unloaded: mhi] [ 700.152949] CR2: ffff88810fe71870 [ 700.153555] ---[ end trace 0000000000000000 ]--- [ 700.288393] RIP: 0010:lockdep_register_key+0x1d2/0x8f0 [ 700.289147] Code: a6 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 80 3c 30 00 0f 85 74 05 00 00 <48> 8b 1b 48 85 db 0f 84 ff 01 00 00 49 39 dc 75 de 0f 0b 48 b8 00 [ 700.290484] RSP: 0018:ffffc90001f974e0 EFLAGS: 00010082 [ 700.291200] RAX: 0000000000000001 RBX: ffff88810fe71870 RCX: 0000000000000a51 [ 700.291909] RDX: ffffffff9601ceb8 RSI: dffffc0000000000 RDI: ffffffff96498420 [ 700.292591] RBP: ffffc90001f97580 R08: 0000000000000001 R09: fffffbfff2c93084 [ 700.293315] R10: ffffffff96498427 R11: 0000000000000001 R12: ffff88812ef4bf58 [ 700.294029] R13: 1ffff920003f2e9f R14: dffffc0000000000 R15: ffffffffa6bcf9c0 [ 700.294698] FS: 00007f1039cfb740(0000) GS:ffff88821c400000(0000) knlGS:0000000000000000 [ 700.295430] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 700.296162] CR2: ffff88810fe71870 CR3: 000000011139b001 CR4: 00000000003706f0 [ 700.296877] Kernel panic - not syncing: Fatal exception [ 700.297623] Kernel Offset: 0x10400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) Crash 3: [ 224.681700] ath11k_pci 0000:06:00.0: wcn6855 hw2.0 [ 224.695019] ================================================================== [ 224.695821] BUG: KASAN: slab-out-of-bounds in lockdep_register_key+0x755/0x8f0 [ 224.696644] Read of size 8 at addr ffff88810d771870 by task insmod/3533 [ 224.697486] [ 224.698323] CPU: 5 PID: 3533 Comm: insmod Not tainted 6.10.0-rc1 #1543 [ 224.699188] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 [ 224.700074] Call Trace: [ 224.700962] <TASK> [ 224.701776] dump_stack_lvl+0x7d/0xe0 [ 224.702620] print_address_description.constprop.0+0x33/0x3a0 [ 224.703468] print_report+0xb5/0x260 [ 224.704363] ? kasan_complete_mode_report_info+0x64/0x1a0 [ 224.705205] kasan_report+0xd8/0x110 [ 224.706077] ? lockdep_register_key+0x755/0x8f0 [ 224.706929] ? lockdep_register_key+0x755/0x8f0 [ 224.707736] __asan_report_load8_noabort+0x14/0x20 [ 224.708576] lockdep_register_key+0x755/0x8f0 [ 224.709397] ? save_trace+0x720/0x720 [ 224.710199] ? dma_alloc_attrs+0x145/0x1d0 [ 224.711034] ath11k_hal_srng_init+0x143/0x280 [ath11k] [ 224.711848] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci] [ 224.712649] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 224.713461] ? __this_cpu_preempt_check+0x13/0x20 [ 224.714270] ? _raw_spin_unlock_irqrestore+0x3c/0x80 [ 224.715078] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 224.715900] local_pci_probe+0xd6/0x180 [ 224.716658] pci_call_probe+0x152/0x3f0 [ 224.717437] ? __kasan_check_read+0x11/0x20 [ 224.718216] ? pci_pm_suspend_late+0x40/0x40 [ 224.719007] ? pci_match_device+0x380/0x660 [ 224.719749] pci_device_probe+0xa6/0x100 [ 224.720553] really_probe+0x1d5/0x920 [ 224.721309] __driver_probe_device+0x2e8/0x3f0 [ 224.722059] driver_probe_device+0x4a/0x140 [ 224.722741] __driver_attach+0x1ed/0x4c0 [ 224.723461] ? __device_attach_driver+0x290/0x290 [ 224.724177] bus_for_each_dev+0xf5/0x180 [ 224.724878] ? bus_remove_file+0x40/0x40 [ 224.725542] ? _raw_spin_unlock+0x27/0x50 [ 224.726258] driver_attach+0x38/0x50 [ 224.726966] bus_add_driver+0x29b/0x5e0 [ 224.727616] driver_register+0x130/0x450 [ 224.728314] __pci_register_driver+0x1d2/0x270 [ 224.729009] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 224.729651] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 224.730334] ath11k_pci_init+0x1f/0x50 [ath11k_pci] [ 224.731019] do_one_initcall+0xdf/0x500 [ 224.731649] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0 [ 224.732338] ? kasan_save_alloc_info+0x37/0x40 [ 224.733025] ? __kasan_kmalloc+0x90/0xa0 [ 224.733652] ? kasan_unpoison+0x45/0x70 [ 224.734312] ? kasan_poison+0x3a/0x50 [ 224.734946] ? __asan_register_globals+0x5e/0x70 [ 224.735535] do_init_module+0x23f/0x6c0 [ 224.736174] load_module+0x11e3/0x1aa0 [ 224.736764] init_module_from_file+0xe4/0x140 [ 224.737408] ? __ia32_sys_init_module+0xa0/0xa0 [ 224.738045] ? __kasan_check_read+0x11/0x20 [ 224.738621] ? do_raw_spin_unlock+0x54/0x220 [ 224.739246] idempotent_init_module+0x265/0x750 [ 224.739848] ? init_module_from_file+0x140/0x140 [ 224.740425] ? __kasan_check_read+0x11/0x20 [ 224.741031] __x64_sys_finit_module+0xbb/0x130 [ 224.741592] x64_sys_call+0x1c5/0x9e0 [ 224.742195] do_syscall_64+0x64/0x130 [ 224.742739] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 224.743334] RIP: 0033:0x7f0b4a71895d [ 224.743924] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48 [ 224.745095] RSP: 002b:00007ffd47fdbb88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 224.745666] RAX: ffffffffffffffda RBX: 0000562da1c5e7c0 RCX: 00007f0b4a71895d [ 224.746291] RDX: 0000000000000000 RSI: 0000562d7e0c8358 RDI: 0000000000000003 [ 224.746925] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f0b4a7ef580 [ 224.747504] R10: 0000000000000003 R11: 0000000000000246 R12: 0000562d7e0c8358 [ 224.748130] R13: 0000000000000000 R14: 0000562da1c5e790 R15: 0000000000000000 [ 224.748705] </TASK> [ 224.749318] [ 224.749927] Allocated by task 796 on cpu 5 at 29.132818s: [ 224.750502] kasan_save_stack+0x26/0x50 [ 224.751128] kasan_save_track+0x18/0x60 [ 224.751696] kasan_save_alloc_info+0x37/0x40 [ 224.752311] __kasan_slab_alloc+0x6a/0x70 [ 224.752925] kmem_cache_alloc_noprof+0x108/0x290 [ 224.753491] key_alloc+0x305/0x12b0 [ 224.754104] keyring_alloc+0x25/0x70 [ 224.754662] install_session_keyring_to_cred+0x13d/0x1c0 [ 224.755275] join_session_keyring+0x162/0x2c0 [ 224.755870] __do_sys_keyctl+0x1ce/0x2e0 [ 224.756474] __x64_sys_keyctl+0xb8/0x140 [ 224.757078] x64_sys_call+0x37e/0x9e0 [ 224.757631] do_syscall_64+0x64/0x130 [ 224.758233] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 224.758811] [ 224.759376] Freed by task 1802201963 on cpu 748395 at 3779491.451988s: [ 224.759998] ------------[ cut here ]------------ [ 224.760567] pool index 93034 out of bounds (1296) for stack id 6b6b6b6b [ 224.761212] WARNING: CPU: 5 PID: 3533 at lib/stackdepot.c:451 depot_fetch_stack+0x97/0xc0 [ 224.761829] Modules linked in: ath11k_pci(+) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core [last unloaded: mhi] [ 224.762499] CPU: 5 PID: 3533 Comm: insmod Not tainted 6.10.0-rc1 #1543 [ 224.763174] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 [ 224.763842] RIP: 0010:depot_fetch_stack+0x97/0xc0 [ 224.764517] Code: ff 48 c7 c7 18 01 e6 94 e8 46 1f c7 01 83 f8 01 75 ba 0f 0b eb b6 44 89 e1 44 89 f2 89 de 48 c7 c7 98 bf 55 94 e8 59 95 f9 fe <0f> 0b 31 c0 eb c3 0f 0b 31 c0 eb bd 0f 0b 31 c0 eb b7 4c 89 e6 48 [ 224.765966] RSP: 0018:ffffc900014272f8 EFLAGS: 00010086 [ 224.766661] RAX: 0000000000000000 RBX: 0000000000016b6a RCX: 0000000000000000 [ 224.767417] RDX: 0000000000000003 RSI: 0000000000000004 RDI: 0000000000000001 [ 224.768170] RBP: ffffc90001427318 R08: 0000000000000001 R09: ffffed10439bdd19 [ 224.768911] R10: ffff88821cdee8cb R11: 0000000000000001 R12: 000000006b6b6b6b [ 224.769618] R13: 0000000000001b50 R14: 0000000000000510 R15: 0000000000000082 [ 224.770375] FS: 00007f0b4a5d2740(0000) GS:ffff88821cc00000(0000) knlGS:0000000000000000 [ 224.771137] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 224.771900] CR2: 000055cd5a072308 CR3: 000000014233d005 CR4: 00000000003706f0 [ 224.772619] Call Trace: [ 224.773379] <TASK> [ 224.774135] ? show_regs+0x5b/0x70 [ 224.774901] ? __warn+0xc7/0x300 [ 224.775609] ? depot_fetch_stack+0x97/0xc0 [ 224.776369] ? report_bug+0x310/0x3f0 [ 224.777137] ? handle_bug+0x3e/0x90 [ 224.777912] ? exc_invalid_op+0x18/0x40 [ 224.778633] ? asm_exc_invalid_op+0x1b/0x20 [ 224.779394] ? depot_fetch_stack+0x97/0xc0 [ 224.780159] ? depot_fetch_stack+0x97/0xc0 [ 224.780937] stack_depot_print+0x31/0x60 [ 224.781654] print_track+0x66/0x80 [ 224.782405] print_address_description.constprop.0+0x367/0x3a0 [ 224.783170] print_report+0xb5/0x260 [ 224.783935] ? kasan_complete_mode_report_info+0x64/0x1a0 [ 224.784660] kasan_report+0xd8/0x110 [ 224.785427] ? lockdep_register_key+0x755/0x8f0 [ 224.786223] ? lockdep_register_key+0x755/0x8f0 [ 224.786954] __asan_report_load8_noabort+0x14/0x20 [ 224.787612] lockdep_register_key+0x755/0x8f0 [ 224.788312] ? save_trace+0x720/0x720 [ 224.789005] ? dma_alloc_attrs+0x145/0x1d0 [ 224.789659] ath11k_hal_srng_init+0x143/0x280 [ath11k] [ 224.790375] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci] [ 224.791072] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 224.791736] ? __this_cpu_preempt_check+0x13/0x20 [ 224.792439] ? _raw_spin_unlock_irqrestore+0x3c/0x80 [ 224.793139] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 224.793789] local_pci_probe+0xd6/0x180 [ 224.794485] pci_call_probe+0x152/0x3f0 [ 224.795184] ? __kasan_check_read+0x11/0x20 [ 224.795858] ? pci_pm_suspend_late+0x40/0x40 [ 224.796566] ? pci_match_device+0x380/0x660 [ 224.797267] pci_device_probe+0xa6/0x100 [ 224.797964] really_probe+0x1d5/0x920 [ 224.798612] __driver_probe_device+0x2e8/0x3f0 [ 224.799311] driver_probe_device+0x4a/0x140 [ 224.800008] __driver_attach+0x1ed/0x4c0 [ 224.800653] ? __device_attach_driver+0x290/0x290 [ 224.801350] bus_for_each_dev+0xf5/0x180 [ 224.802049] ? bus_remove_file+0x40/0x40 [ 224.802699] ? _raw_spin_unlock+0x27/0x50 [ 224.803397] driver_attach+0x38/0x50 [ 224.804089] bus_add_driver+0x29b/0x5e0 [ 224.804729] driver_register+0x130/0x450 [ 224.805417] __pci_register_driver+0x1d2/0x270 [ 224.806096] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 224.806727] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 224.807385] ath11k_pci_init+0x1f/0x50 [ath11k_pci] [ 224.808028] do_one_initcall+0xdf/0x500 [ 224.808602] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0 [ 224.809222] ? kasan_save_alloc_info+0x37/0x40 [ 224.809769] ? __kasan_kmalloc+0x90/0xa0 [ 224.810329] ? kasan_unpoison+0x45/0x70 [ 224.810884] ? kasan_poison+0x3a/0x50 [ 224.811408] ? __asan_register_globals+0x5e/0x70 [ 224.811976] do_init_module+0x23f/0x6c0 [ 224.812492] load_module+0x11e3/0x1aa0 [ 224.813057] init_module_from_file+0xe4/0x140 [ 224.813568] ? __ia32_sys_init_module+0xa0/0xa0 [ 224.814126] ? __kasan_check_read+0x11/0x20 [ 224.814624] ? do_raw_spin_unlock+0x54/0x220 [ 224.815168] idempotent_init_module+0x265/0x750 [ 224.815657] ? init_module_from_file+0x140/0x140 [ 224.816206] ? __kasan_check_read+0x11/0x20 [ 224.816717] __x64_sys_finit_module+0xbb/0x130 [ 224.817255] x64_sys_call+0x1c5/0x9e0 [ 224.817766] do_syscall_64+0x64/0x130 [ 224.818301] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 224.818881] RIP: 0033:0x7f0b4a71895d [ 224.819406] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48 [ 224.820527] RSP: 002b:00007ffd47fdbb88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 224.821175] RAX: ffffffffffffffda RBX: 0000562da1c5e7c0 RCX: 00007f0b4a71895d [ 224.821772] RDX: 0000000000000000 RSI: 0000562d7e0c8358 RDI: 0000000000000003 [ 224.822392] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f0b4a7ef580 [ 224.823053] R10: 0000000000000003 R11: 0000000000000246 R12: 0000562d7e0c8358 [ 224.823649] R13: 0000000000000000 R14: 0000562da1c5e790 R15: 0000000000000000 [ 224.824282] </TASK> [ 224.824911] irq event stamp: 31227 [ 224.825496] hardirqs last enabled at (31227): [<ffffffff93852291>] _raw_spin_unlock_irqrestore+0x51/0x80 [ 224.826172] hardirqs last disabled at (31226): [<ffffffff93851fbd>] _raw_spin_lock_irqsave+0x6d/0x90 [ 224.826786] softirqs last enabled at (29008): [<ffffffff90b713a3>] handle_softirqs+0x573/0x890 [ 224.827424] softirqs last disabled at (28595): [<ffffffff90b71ffc>] irq_exit_rcu+0xac/0x110 [ 224.828087] ---[ end trace 0000000000000000 ]--- [ 224.828705] ------------[ cut here ]------------ [ 224.829359] corrupt handle or use after stack_depot_put() [ 224.829376] WARNING: CPU: 5 PID: 3533 at lib/stackdepot.c:711 stack_depot_print+0x5a/0x60 [ 224.830668] Modules linked in: ath11k_pci(+) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core [last unloaded: mhi] [ 224.831396] CPU: 5 PID: 3533 Comm: insmod Tainted: G W 6.10.0-rc1 #1543 [ 224.832100] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 [ 224.832780] RIP: 0010:stack_depot_print+0x5a/0x60 [ 224.833474] Code: ff 48 85 c0 74 18 8b 70 14 48 8d 78 20 85 f6 74 e4 31 d2 e8 48 a5 1e ff 5b 41 5c 5d c3 c3 48 c7 c7 50 c0 55 94 e8 76 8c f9 fe <0f> 0b eb c7 66 90 85 ff 74 6d 55 48 89 e5 41 57 44 0f b6 3d 0e c8 [ 224.834940] RSP: 0018:ffffc90001427328 EFLAGS: 00010086 [ 224.835663] RAX: 0000000000000000 RBX: 000000006b6b6b6b RCX: 0000000000000000 [ 224.836448] RDX: 0000000000000003 RSI: 0000000000000004 RDI: 0000000000000001 [ 224.837218] RBP: ffffc90001427338 R08: 0000000000000001 R09: ffffed10439bdd19 [ 224.838005] R10: ffff88821cdee8cb R11: 0000000000000001 R12: 0000000000000000 [ 224.838739] R13: ffffc90001427428 R14: 0000000000000008 R15: 0000000000000082 [ 224.839488] FS: 00007f0b4a5d2740(0000) GS:ffff88821cc00000(0000) knlGS:0000000000000000 [ 224.840272] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 224.841075] CR2: 000055cd5a072308 CR3: 000000014233d005 CR4: 00000000003706f0 [ 224.841848] Call Trace: [ 224.842617] <TASK> [ 224.843394] ? show_regs+0x5b/0x70 [ 224.844180] ? __warn+0xc7/0x300 [ 224.844964] ? stack_depot_print+0x5a/0x60 [ 224.845706] ? report_bug+0x310/0x3f0 [ 224.846501] ? handle_bug+0x3e/0x90 [ 224.847277] ? exc_invalid_op+0x18/0x40 [ 224.848063] ? asm_exc_invalid_op+0x1b/0x20 [ 224.848828] ? stack_depot_print+0x5a/0x60 [ 224.849595] ? stack_depot_print+0x5a/0x60 [ 224.850363] print_track+0x66/0x80 [ 224.851145] print_address_description.constprop.0+0x367/0x3a0 [ 224.851933] print_report+0xb5/0x260 [ 224.852662] ? kasan_complete_mode_report_info+0x64/0x1a0 [ 224.853438] kasan_report+0xd8/0x110 [ 224.854233] ? lockdep_register_key+0x755/0x8f0 [ 224.855017] ? lockdep_register_key+0x755/0x8f0 [ 224.855752] __asan_report_load8_noabort+0x14/0x20 [ 224.856543] lockdep_register_key+0x755/0x8f0 [ 224.857318] ? save_trace+0x720/0x720 [ 224.858097] ? dma_alloc_attrs+0x145/0x1d0 [ 224.858870] ath11k_hal_srng_init+0x143/0x280 [ath11k] [ 224.859646] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci] [ 224.860427] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 224.861232] ? __this_cpu_preempt_check+0x13/0x20 [ 224.862022] ? _raw_spin_unlock_irqrestore+0x3c/0x80 [ 224.862766] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 224.863562] local_pci_probe+0xd6/0x180 [ 224.864347] pci_call_probe+0x152/0x3f0 [ 224.865136] ? __kasan_check_read+0x11/0x20 [ 224.865912] ? pci_pm_suspend_late+0x40/0x40 [ 224.866630] ? pci_match_device+0x380/0x660 [ 224.867356] pci_device_probe+0xa6/0x100 [ 224.868075] really_probe+0x1d5/0x920 [ 224.868738] __driver_probe_device+0x2e8/0x3f0 [ 224.869456] driver_probe_device+0x4a/0x140 [ 224.870172] __driver_attach+0x1ed/0x4c0 [ 224.870860] ? __device_attach_driver+0x290/0x290 [ 224.871579] bus_for_each_dev+0xf5/0x180 [ 224.872290] ? bus_remove_file+0x40/0x40 [ 224.872991] ? _raw_spin_unlock+0x27/0x50 [ 224.873640] driver_attach+0x38/0x50 [ 224.874333] bus_add_driver+0x29b/0x5e0 [ 224.875025] driver_register+0x130/0x450 [ 224.875667] __pci_register_driver+0x1d2/0x270 [ 224.876355] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 224.877045] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 224.877671] ath11k_pci_init+0x1f/0x50 [ath11k_pci] [ 224.878329] do_one_initcall+0xdf/0x500 [ 224.878967] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0 [ 224.879550] ? kasan_save_alloc_info+0x37/0x40 [ 224.880169] ? __kasan_kmalloc+0x90/0xa0 [ 224.880717] ? kasan_unpoison+0x45/0x70 [ 224.881289] ? kasan_poison+0x3a/0x50 [ 224.881829] ? __asan_register_globals+0x5e/0x70 [ 224.882372] do_init_module+0x23f/0x6c0 [ 224.882940] load_module+0x11e3/0x1aa0 [ 224.883454] init_module_from_file+0xe4/0x140 [ 224.884029] ? __ia32_sys_init_module+0xa0/0xa0 [ 224.884548] ? __kasan_check_read+0x11/0x20 [ 224.885105] ? do_raw_spin_unlock+0x54/0x220 [ 224.885605] idempotent_init_module+0x265/0x750 [ 224.886152] ? init_module_from_file+0x140/0x140 [ 224.886644] ? __kasan_check_read+0x11/0x20 [ 224.887191] __x64_sys_finit_module+0xbb/0x130 [ 224.887687] x64_sys_call+0x1c5/0x9e0 [ 224.888231] do_syscall_64+0x64/0x130 [ 224.888725] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 224.889275] RIP: 0033:0x7f0b4a71895d [ 224.889775] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48 [ 224.890947] RSP: 002b:00007ffd47fdbb88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 224.891513] RAX: ffffffffffffffda RBX: 0000562da1c5e7c0 RCX: 00007f0b4a71895d [ 224.892137] RDX: 0000000000000000 RSI: 0000562d7e0c8358 RDI: 0000000000000003 [ 224.892714] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f0b4a7ef580 [ 224.893340] R10: 0000000000000003 R11: 0000000000000246 R12: 0000562d7e0c8358 [ 224.893962] R13: 0000000000000000 R14: 0000562da1c5e790 R15: 0000000000000000 [ 224.894535] </TASK> [ 224.895148] irq event stamp: 31227 [ 224.895709] hardirqs last enabled at (31227): [<ffffffff93852291>] _raw_spin_unlock_irqrestore+0x51/0x80 [ 224.896354] hardirqs last disabled at (31226): [<ffffffff93851fbd>] _raw_spin_lock_irqsave+0x6d/0x90 [ 224.897000] softirqs last enabled at (29008): [<ffffffff90b713a3>] handle_softirqs+0x573/0x890 [ 224.897596] softirqs last disabled at (28595): [<ffffffff90b71ffc>] irq_exit_rcu+0xac/0x110 [ 224.898242] ---[ end trace 0000000000000000 ]--- [ 224.898885] [ 224.899470] The buggy address belongs to the object at ffff88810d7716c0#012[ 224.899470] which belongs to the cache key_jar of size 344 [ 224.900697] The buggy address is located 88 bytes to the right of#012[ 224.900697] allocated 344-byte region [ffff88810d7716c0, ffff88810d771818) [ 224.901988] [ 224.902588] The buggy address belongs to the physical page: [ 224.903251] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810d771000 pfn:0x10d770 [ 224.903938] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 224.904581] flags: 0x200000000000240(workingset|head|node=0|zone=2) [ 224.905260] page_type: 0xffffefff(slab) [ 224.905963] raw: 0200000000000240 ffff8881018603c0 ffffea000440c210 ffffea0004378010 [ 224.906642] raw: ffff88810d771000 00000000001c0010 00000001ffffefff 0000000000000000 [ 224.907362] head: 0200000000000240 ffff8881018603c0 ffffea000440c210 ffffea0004378010 [ 224.908097] head: ffff88810d771000 00000000001c0010 00000001ffffefff 0000000000000000 [ 224.908791] head: 0200000000000002 ffffea000435dc01 ffffffffffffffff 0000000000000000 [ 224.909523] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 224.910256] page dumped because: kasan: bad access detected [ 224.911015] [ 224.911702] Memory state around the buggy address: [ 224.912461] ffff88810d771700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 224.913215] ffff88810d771780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 224.913970] >ffff88810d771800: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 224.914678] ^ [ 224.915429] ffff88810d771880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 224.916226] ffff88810d771900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 224.916993] ================================================================== [ 224.917703] Disabling lock debugging due to kernel taint [ 224.918470] Oops: general protection fault, probably for non-canonical address 0xe00002c873880000: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN [ 224.919267] KASAN: probably user-memory-access in range [0x000036439c400000-0x000036439c400007] [ 224.920064] CPU: 5 PID: 3533 Comm: insmod Tainted: G B W 6.10.0-rc1 #1543 [ 224.920848] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 [ 224.921653] RIP: 0010:lockdep_register_key+0x1c8/0x8f0 [ 224.922482] Code: 05 00 00 48 8b 1c cd 60 45 fc a5 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 <80> 3c 30 00 0f 85 74 05 00 00 48 8b 1b 48 85 db 0f 84 ff 01 00 00 [ 224.924193] RSP: 0018:ffffc900014274e0 EFLAGS: 00010007 [ 224.925070] RAX: 000006c873880000 RBX: 000036439c400005 RCX: 0000000000000594 [ 224.925957] RDX: ffffffff9561ceb8 RSI: dffffc0000000000 RDI: ffffffff95a98420 [ 224.926794] RBP: ffffc90001427580 R08: 0000000000000001 R09: fffffbfff2b53084 [ 224.927671] R10: ffffffff95a98427 R11: 0000000000000001 R12: ffff88813bb8c668 [ 224.928561] R13: 1ffff92000284e9f R14: dffffc0000000000 R15: ffffffffa61cf9c0 [ 224.929454] FS: 00007f0b4a5d2740(0000) GS:ffff88821cc00000(0000) knlGS:0000000000000000 [ 224.930355] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 224.931259] CR2: 000055cd5a072308 CR3: 000000014233d005 CR4: 00000000003706f0 [ 224.932171] Call Trace: [ 224.933061] <TASK> [ 224.933964] ? show_regs+0x5b/0x70 [ 224.934841] ? die_addr+0x3c/0xa0 [ 224.935718] ? exc_general_protection+0x150/0x230 [ 224.936600] ? asm_exc_general_protection+0x27/0x30 [ 224.937465] ? lockdep_register_key+0x1c8/0x8f0 [ 224.938325] ? save_trace+0x720/0x720 [ 224.939178] ? dma_alloc_attrs+0x145/0x1d0 [ 224.940039] ath11k_hal_srng_init+0x143/0x280 [ath11k] [ 224.940927] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci] [ 224.941742] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 224.942612] ? __this_cpu_preempt_check+0x13/0x20 [ 224.943460] ? _raw_spin_unlock_irqrestore+0x3c/0x80 [ 224.944316] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 224.945168] local_pci_probe+0xd6/0x180 [ 224.946041] pci_call_probe+0x152/0x3f0 [ 224.946860] ? __kasan_check_read+0x11/0x20 [ 224.947640] ? pci_pm_suspend_late+0x40/0x40 [ 224.948463] ? pci_match_device+0x380/0x660 [ 224.949284] pci_device_probe+0xa6/0x100 [ 224.950097] really_probe+0x1d5/0x920 [ 224.950910] __driver_probe_device+0x2e8/0x3f0 [ 224.951667] driver_probe_device+0x4a/0x140 [ 224.952472] __driver_attach+0x1ed/0x4c0 [ 224.953269] ? __device_attach_driver+0x290/0x290 [ 224.954067] bus_for_each_dev+0xf5/0x180 [ 224.954825] ? bus_remove_file+0x40/0x40 [ 224.955578] ? _raw_spin_unlock+0x27/0x50 [ 224.956349] driver_attach+0x38/0x50 [ 224.957121] bus_add_driver+0x29b/0x5e0 [ 224.957866] driver_register+0x130/0x450 [ 224.958610] __pci_register_driver+0x1d2/0x270 [ 224.959368] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 224.960126] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 224.960857] ath11k_pci_init+0x1f/0x50 [ath11k_pci] [ 224.961593] do_one_initcall+0xdf/0x500 [ 224.962328] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0 [ 224.963075] ? kasan_save_alloc_info+0x37/0x40 [ 224.963775] ? __kasan_kmalloc+0x90/0xa0 [ 224.964488] ? kasan_unpoison+0x45/0x70 [ 224.965224] ? kasan_poison+0x3a/0x50 [ 224.965997] ? __asan_register_globals+0x5e/0x70 [ 224.966687] do_init_module+0x23f/0x6c0 [ 224.967405] load_module+0x11e3/0x1aa0 [ 224.968130] init_module_from_file+0xe4/0x140 [ 224.968829] ? __ia32_sys_init_module+0xa0/0xa0 [ 224.969532] ? __kasan_check_read+0x11/0x20 [ 224.970224] ? do_raw_spin_unlock+0x54/0x220 [ 224.970908] idempotent_init_module+0x265/0x750 [ 224.971519] ? init_module_from_file+0x140/0x140 [ 224.972185] ? __kasan_check_read+0x11/0x20 [ 224.972787] __x64_sys_finit_module+0xbb/0x130 [ 224.973406] x64_sys_call+0x1c5/0x9e0 [ 224.974007] do_syscall_64+0x64/0x130 [ 224.974562] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 224.975156] RIP: 0033:0x7f0b4a71895d [ 224.975705] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48 [ 224.976969] RSP: 002b:00007ffd47fdbb88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 224.977556] RAX: ffffffffffffffda RBX: 0000562da1c5e7c0 RCX: 00007f0b4a71895d [ 224.978188] RDX: 0000000000000000 RSI: 0000562d7e0c8358 RDI: 0000000000000003 [ 224.978767] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f0b4a7ef580 [ 224.979381] R10: 0000000000000003 R11: 0000000000000246 R12: 0000562d7e0c8358 [ 224.979998] R13: 0000000000000000 R14: 0000562da1c5e790 R15: 0000000000000000 [ 224.980572] </TASK> [ 224.981186] Modules linked in: ath11k_pci(+) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core [last unloaded: mhi] [ 224.981843] ---[ end trace 0000000000000000 ]--- [ 225.115543] RIP: 0010:lockdep_register_key+0x1c8/0x8f0 [ 225.116200] Code: 05 00 00 48 8b 1c cd 60 45 fc a5 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 <80> 3c 30 00 0f 85 74 05 00 00 48 8b 1b 48 85 db 0f 84 ff 01 00 00 [ 225.117542] RSP: 0018:ffffc900014274e0 EFLAGS: 00010007 [ 225.118274] RAX: 000006c873880000 RBX: 000036439c400005 RCX: 0000000000000594 [ 225.119009] RDX: ffffffff9561ceb8 RSI: dffffc0000000000 RDI: ffffffff95a98420 [ 225.119694] RBP: ffffc90001427580 R08: 0000000000000001 R09: fffffbfff2b53084 [ 225.120432] R10: ffffffff95a98427 R11: 0000000000000001 R12: ffff88813bb8c668 [ 225.121199] R13: 1ffff92000284e9f R14: dffffc0000000000 R15: ffffffffa61cf9c0 [ 225.121951] FS: 00007f0b4a5d2740(0000) GS:ffff88821cc00000(0000) knlGS:0000000000000000 [ 225.122641] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 225.123370] CR2: 000055cd5a072308 CR3: 000000014233d005 CR4: 00000000003706f0 [ 225.124130] Kernel panic - not syncing: Fatal exception [ 225.124916] Kernel Offset: 0xfa00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) Crash 4: [ 259.652506] ath11k_pci 0000:06:00.0: wcn6855 hw2.0 [ 259.665664] ================================================================== [ 259.666542] BUG: KASAN: slab-use-after-free in lockdep_register_key+0x755/0x8f0 [ 259.667418] Read of size 8 at addr ffff88810fe49870 by task insmod/1944 [ 259.668282] [ 259.669132] CPU: 0 PID: 1944 Comm: insmod Not tainted 6.10.0-rc1 #1547 [ 259.670001] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 [ 259.670904] Call Trace: [ 259.671744] <TASK> [ 259.672580] dump_stack_lvl+0x7d/0xe0 [ 259.673436] print_address_description.constprop.0+0x33/0x3a0 [ 259.674297] print_report+0xb5/0x260 [ 259.675158] ? kasan_complete_mode_report_info+0x64/0x1a0 [ 259.676033] kasan_report+0xd8/0x110 [ 259.676937] ? lockdep_register_key+0x755/0x8f0 [ 259.677843] ? lockdep_register_key+0x755/0x8f0 [ 259.678647] __asan_report_load8_noabort+0x14/0x20 [ 259.679486] lockdep_register_key+0x755/0x8f0 [ 259.680314] ? save_trace+0x720/0x720 [ 259.681124] ? dma_alloc_attrs+0x145/0x1d0 [ 259.681944] ath11k_hal_srng_init+0x143/0x280 [ath11k] [ 259.682762] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci] [ 259.683560] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 259.684380] ? __this_cpu_preempt_check+0x13/0x20 [ 259.685198] ? _raw_spin_unlock_irqrestore+0x3c/0x80 [ 259.686014] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 259.686838] local_pci_probe+0xd6/0x180 [ 259.687595] pci_call_probe+0x152/0x3f0 [ 259.688387] ? __kasan_check_read+0x11/0x20 [ 259.689191] ? pci_pm_suspend_late+0x40/0x40 [ 259.689993] ? pci_match_device+0x380/0x660 [ 259.690763] pci_device_probe+0xa6/0x100 [ 259.691500] really_probe+0x1d5/0x920 [ 259.692284] __driver_probe_device+0x2e8/0x3f0 [ 259.693065] driver_probe_device+0x4a/0x140 [ 259.693778] __driver_attach+0x1ed/0x4c0 [ 259.694483] ? __device_attach_driver+0x290/0x290 [ 259.695207] bus_for_each_dev+0xf5/0x180 [ 259.695932] ? bus_remove_file+0x40/0x40 [ 259.696595] ? _raw_spin_unlock+0x27/0x50 [ 259.697323] driver_attach+0x38/0x50 [ 259.698039] bus_add_driver+0x29b/0x5e0 [ 259.698688] driver_register+0x130/0x450 [ 259.699392] __pci_register_driver+0x1d2/0x270 [ 259.700095] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 259.700767] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 259.701428] ath11k_pci_init+0x1f/0x50 [ath11k_pci] [ 259.702123] do_one_initcall+0xdf/0x500 [ 259.702781] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0 [ 259.703435] ? kasan_save_alloc_info+0x37/0x40 [ 259.704134] ? __kasan_kmalloc+0x90/0xa0 [ 259.704811] ? kasan_unpoison+0x45/0x70 [ 259.705420] ? kasan_poison+0x3a/0x50 [ 259.706062] ? __asan_register_globals+0x5e/0x70 [ 259.706652] do_init_module+0x23f/0x6c0 [ 259.707300] load_module+0x11e3/0x1aa0 [ 259.707953] init_module_from_file+0xe4/0x140 [ 259.708546] ? __ia32_sys_init_module+0xa0/0xa0 [ 259.709199] ? __kasan_check_read+0x11/0x20 [ 259.709852] ? do_raw_spin_unlock+0x54/0x220 [ 259.710459] idempotent_init_module+0x265/0x750 [ 259.711113] ? init_module_from_file+0x140/0x140 [ 259.711695] ? __kasan_check_read+0x11/0x20 [ 259.712304] __x64_sys_finit_module+0xbb/0x130 [ 259.712954] x64_sys_call+0x1c5/0x9e0 [ 259.713528] do_syscall_64+0x64/0x130 [ 259.714144] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 259.714707] RIP: 0033:0x7ff1ed6c595d [ 259.715309] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48 [ 259.716503] RSP: 002b:00007ffe9970fe88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 259.717158] RAX: ffffffffffffffda RBX: 000056003aabc7c0 RCX: 00007ff1ed6c595d [ 259.717806] RDX: 0000000000000000 RSI: 000056000fddb358 RDI: 0000000000000003 [ 259.718425] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ff1ed79c580 [ 259.719090] R10: 0000000000000003 R11: 0000000000000246 R12: 000056000fddb358 [ 259.719666] R13: 0000000000000000 R14: 000056003aabc790 R15: 0000000000000000 [ 259.720301] </TASK> [ 259.720926] [ 259.721482] Allocated by task 1925 on cpu 0 at 258.277859s: [ 259.722120] kasan_save_stack+0x26/0x50 [ 259.722696] kasan_save_track+0x18/0x60 [ 259.723325] kasan_save_alloc_info+0x37/0x40 [ 259.723952] __kasan_slab_alloc+0x6a/0x70 [ 259.724517] kmem_cache_alloc_noprof+0x108/0x290 [ 259.725142] __alloc_object+0x33/0x280 [ 259.725707] __create_object+0x24/0x90 [ 259.726328] kmemleak_alloc+0x45/0x80 [ 259.726946] kmem_cache_alloc_noprof+0x24a/0x290 [ 259.727507] vm_area_alloc+0x102/0x1e0 [ 259.728126] mmap_region+0x316/0x2390 [ 259.728678] do_mmap+0x756/0x1180 [ 259.729294] vm_mmap_pgoff+0x18f/0x320 [ 259.729903] ksys_mmap_pgoff+0x22b/0x520 [ 259.730453] __x64_sys_mmap+0xed/0x1a0 [ 259.731061] x64_sys_call+0x99e/0x9e0 [ 259.731609] do_syscall_64+0x64/0x130 [ 259.732219] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 259.732826] [ 259.733371] Freed by task 0 on cpu 0 at 258.306253s: [ 259.733985] kasan_save_stack+0x26/0x50 [ 259.734541] kasan_save_track+0x18/0x60 [ 259.735147] kasan_save_free_info+0x3b/0x50 [ 259.735693] poison_slab_object+0xf4/0x160 [ 259.736303] __kasan_slab_free+0x15/0x30 [ 259.736916] kmem_cache_free+0xf0/0x410 [ 259.737463] free_object_rcu+0x11a/0x130 [ 259.738069] rcu_do_batch+0x43c/0x1090 [ 259.738615] rcu_core+0x2b5/0x500 [ 259.739213] rcu_core_si+0x9/0x10 [ 259.739798] handle_softirqs+0x28b/0x890 [ 259.740354] irq_exit_rcu+0xac/0x110 [ 259.740950] sysvec_apic_timer_interrupt+0x94/0xc0 [ 259.741491] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 259.742089] [ 259.742620] Last potentially related work creation: [ 259.743222] kasan_save_stack+0x26/0x50 [ 259.743830] __kasan_record_aux_stack+0x93/0xa0 [ 259.744378] kasan_record_aux_stack_noalloc+0xb/0x10 [ 259.744987] __call_rcu_common.constprop.0+0x9e/0x750 [ 259.745537] call_rcu+0x9/0x10 [ 259.746145] put_object+0x30/0x40 [ 259.746690] __delete_object+0x37/0x50 [ 259.747294] delete_object_full+0x52/0x70 [ 259.747901] kmemleak_free+0x2c/0x60 [ 259.748456] kmem_cache_free+0x17d/0x410 [ 259.749056] vm_area_free_rcu_cb+0x7f/0xc0 [ 259.749600] rcu_do_batch+0x43c/0x1090 [ 259.750198] rcu_core+0x2b5/0x500 [ 259.750765] rcu_core_si+0x9/0x10 [ 259.751327] handle_softirqs+0x28b/0x890 [ 259.751925] run_ksoftirqd+0x37/0x60 [ 259.752457] smpboot_thread_fn+0x594/0x9b0 [ 259.753031] kthread+0x2fa/0x3f0 [ 259.753519] ret_from_fork+0x31/0x70 [ 259.754058] ret_from_fork_asm+0x11/0x20 [ 259.754527] [ 259.755045] The buggy address belongs to the object at ffff88810fe497c8#012[ 259.755045] which belongs to the cache kmemleak_object of size 240 [ 259.756039] The buggy address is located 168 bytes inside of#012[ 259.756039] freed 240-byte region [ffff88810fe497c8, ffff88810fe498b8) [ 259.757049] [ 259.757530] The buggy address belongs to the physical page: [ 259.758091] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fe48 [ 259.758611] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 259.759195] flags: 0x200000000000040(head|node=0|zone=2) [ 259.759751] page_type: 0xffffefff(slab) [ 259.760313] raw: 0200000000000040 ffff888100050900 dead000000000100 dead000000000122 [ 259.760920] raw: 0000000000000000 0000000000190019 00000001ffffefff 0000000000000000 [ 259.761466] head: 0200000000000040 ffff888100050900 dead000000000100 dead000000000122 [ 259.762079] head: 0000000000000000 0000000000190019 00000001ffffefff 0000000000000000 [ 259.762631] head: 0200000000000001 ffffea00043f9201 ffffffffffffffff 0000000000000000 [ 259.763257] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 259.763868] page dumped because: kasan: bad access detected [ 259.764422] [ 259.765030] Memory state around the buggy address: [ 259.765590] ffff88810fe49700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 259.766220] ffff88810fe49780: fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 259.766850] >ffff88810fe49800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 259.767429] ^ [ 259.768074] ffff88810fe49880: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc [ 259.768661] ffff88810fe49900: fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 259.769319] ================================================================== [ 259.769972] Disabling lock debugging due to kernel taint [ 259.770574] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN [ 259.771267] KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af] [ 259.771965] CPU: 0 PID: 1944 Comm: insmod Tainted: G B 6.10.0-rc1 #1547 [ 259.772619] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 [ 259.773346] RIP: 0010:lockdep_register_key+0x1c8/0x8f0 [ 259.774074] Code: 05 00 00 48 8b 1c cd 60 45 fc a5 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 <80> 3c 30 00 0f 85 74 05 00 00 48 8b 1b 48 85 db 0f 84 ff 01 00 00 [ 259.775518] RSP: 0018:ffffc900015274e0 EFLAGS: 00010002 [ 259.776295] RAX: 0000000000000015 RBX: 00000000000000a8 RCX: 0000000000000556 [ 259.777081] RDX: ffffffff9561ceb8 RSI: dffffc0000000000 RDI: ffffffff95a98420 [ 259.777868] RBP: ffffc90001527580 R08: 0000000000000001 R09: fffffbfff2b53084 [ 259.778625] R10: ffffffff95a98427 R11: 0000000000000001 R12: ffff88814189c398 [ 259.779410] R13: 1ffff920002a4e9f R14: dffffc0000000000 R15: ffffffffa61cf9c0 [ 259.780194] FS: 00007ff1ed57f740(0000) GS:ffff88821b800000(0000) knlGS:0000000000000000 [ 259.780985] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 259.781722] CR2: 00007f08211a9e50 CR3: 00000001074ee005 CR4: 00000000003706f0 [ 259.782517] Call Trace: [ 259.783306] <TASK> [ 259.784089] ? show_regs+0x5b/0x70 [ 259.784879] ? die_addr+0x3c/0xa0 [ 259.785604] ? exc_general_protection+0x150/0x230 [ 259.786389] ? asm_exc_general_protection+0x27/0x30 [ 259.787180] ? lockdep_register_key+0x1c8/0x8f0 [ 259.787971] ? save_trace+0x720/0x720 [ 259.788704] ? dma_alloc_attrs+0x145/0x1d0 [ 259.789496] ath11k_hal_srng_init+0x143/0x280 [ath11k] [ 259.790316] ath11k_pci_probe+0x67a/0x1210 [ath11k_pci] [ 259.791116] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 259.791921] ? __this_cpu_preempt_check+0x13/0x20 [ 259.792672] ? _raw_spin_unlock_irqrestore+0x3c/0x80 [ 259.793481] ? ath11k_pci_power_up+0x380/0x380 [ath11k_pci] [ 259.794295] local_pci_probe+0xd6/0x180 [ 259.795116] pci_call_probe+0x152/0x3f0 [ 259.795928] ? __kasan_check_read+0x11/0x20 [ 259.796683] ? pci_pm_suspend_late+0x40/0x40 [ 259.797507] ? pci_match_device+0x380/0x660 [ 259.798323] pci_device_probe+0xa6/0x100 [ 259.799129] really_probe+0x1d5/0x920 [ 259.799934] __driver_probe_device+0x2e8/0x3f0 [ 259.800680] driver_probe_device+0x4a/0x140 [ 259.801484] __driver_attach+0x1ed/0x4c0 [ 259.802273] ? __device_attach_driver+0x290/0x290 [ 259.803065] bus_for_each_dev+0xf5/0x180 [ 259.803847] ? bus_remove_file+0x40/0x40 [ 259.804568] ? _raw_spin_unlock+0x27/0x50 [ 259.805334] driver_attach+0x38/0x50 [ 259.806100] bus_add_driver+0x29b/0x5e0 [ 259.806858] driver_register+0x130/0x450 [ 259.807557] __pci_register_driver+0x1d2/0x270 [ 259.808308] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 259.809065] ? ath11k_pci_get_msi_irq+0x50/0x50 [ath11k_pci] [ 259.809789] ath11k_pci_init+0x1f/0x50 [ath11k_pci] [ 259.810514] do_one_initcall+0xdf/0x500 [ 259.811256] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0 [ 259.812003] ? kasan_save_alloc_info+0x37/0x40 [ 259.812693] ? __kasan_kmalloc+0x90/0xa0 [ 259.813434] ? kasan_unpoison+0x45/0x70 [ 259.814166] ? kasan_poison+0x3a/0x50 [ 259.814885] ? __asan_register_globals+0x5e/0x70 [ 259.815557] do_init_module+0x23f/0x6c0 [ 259.816287] load_module+0x11e3/0x1aa0 [ 259.817003] init_module_from_file+0xe4/0x140 [ 259.817658] ? __ia32_sys_init_module+0xa0/0xa0 [ 259.818364] ? __kasan_check_read+0x11/0x20 [ 259.819062] ? do_raw_spin_unlock+0x54/0x220 [ 259.819697] idempotent_init_module+0x265/0x750 [ 259.820402] ? init_module_from_file+0x140/0x140 [ 259.821067] ? __kasan_check_read+0x11/0x20 [ 259.821670] __x64_sys_finit_module+0xbb/0x130 [ 259.822293] x64_sys_call+0x1c5/0x9e0 [ 259.822901] do_syscall_64+0x64/0x130 [ 259.823456] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 259.824054] RIP: 0033:0x7ff1ed6c595d [ 259.824605] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 03 35 0d 00 f7 d8 64 89 01 48 [ 259.825828] RSP: 002b:00007ffe9970fe88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 259.826445] RAX: ffffffffffffffda RBX: 000056003aabc7c0 RCX: 00007ff1ed6c595d [ 259.827096] RDX: 0000000000000000 RSI: 000056000fddb358 RDI: 0000000000000003 [ 259.827697] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ff1ed79c580 [ 259.828316] R10: 0000000000000003 R11: 0000000000000246 R12: 000056000fddb358 [ 259.828953] R13: 0000000000000000 R14: 000056003aabc790 R15: 0000000000000000 [ 259.829545] </TASK> [ 259.830166] Modules linked in: ath11k_pci(+) ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core [last unloaded: mhi] [ 259.830859] ---[ end trace 0000000000000000 ]--- [ 259.915081] RIP: 0010:lockdep_register_key+0x1c8/0x8f0 [ 259.915719] Code: 05 00 00 48 8b 1c cd 60 45 fc a5 48 85 db 0f 84 2b 02 00 00 48 be 00 00 00 00 00 fc ff df 49 39 dc 74 22 48 89 d8 48 c1 e8 03 <80> 3c 30 00 0f 85 74 05 00 00 48 8b 1b 48 85 db 0f 84 ff 01 00 00 [ 259.917080] RSP: 0018:ffffc900015274e0 EFLAGS: 00010002 [ 259.917800] RAX: 0000000000000015 RBX: 00000000000000a8 RCX: 0000000000000556 [ 259.918506] RDX: ffffffff9561ceb8 RSI: dffffc0000000000 RDI: ffffffff95a98420 [ 259.919237] RBP: ffffc90001527580 R08: 0000000000000001 R09: fffffbfff2b53084 [ 259.919970] R10: ffffffff95a98427 R11: 0000000000000001 R12: ffff88814189c398 [ 259.920652] R13: 1ffff920002a4e9f R14: dffffc0000000000 R15: ffffffffa61cf9c0 [ 259.921374] FS: 00007ff1ed57f740(0000) GS:ffff88821b800000(0000) knlGS:0000000000000000 [ 259.922111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 259.922855] CR2: 00007f08211a9e50 CR3: 00000001074ee005 CR4: 00000000003706f0 [ 259.923554] Kernel panic - not syncing: Fatal exception [ 259.924332] Kernel Offset: 0xfa00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)