On 6/12/2025 4:31 PM, Sergey Senozhatsky wrote: > On (25/06/12 16:14), Baochen Qiang wrote: >>> <4>[23562.576034] ath11k_qmi_driver_event_work+0xbd/0x1050 [ath11k (HASH:6cea 4)] >>> <4>[23562.576058] worker_thread+0x389/0x930 >>> <4>[23562.576065] kthread+0x149/0x170 >>> <4>[23562.576074] ? start_flush_work+0x130/0x130 >>> <4>[23562.576078] ? kthread_associate_blkcg+0xb0/0xb0 >>> <4>[23562.576084] ret_from_fork+0x3b/0x50 >>> <4>[23562.576090] ? kthread_associate_blkcg+0xb0/0xb0 >>> <4>[23562.576096] ret_from_fork_asm+0x11/0x20 >>> >>> >>> There are clearly two ath11k_hal_dump_srng_stats() calls, the first >>> one happens before crash recovery, the second happens right after >>> and presumably causes UAF, because ->initialized flag is not cleared. >> >> So with above we can confirm our guess. >> >> Could you refine your commit message with these details such that readers have a clear >> understanding of this issue? > > Sure, I can do that. I didn't want to throw my guesses into the commit > message, stale ->initialized flag looked like a good enough justification Yeah, it is indeed enough. But would be better to disclose any known issue caused by it. > for the patch. But I can send out v3 with a more detailed commit message. Thanks.
