[Bug 2065839] Re: UBSAN: array-index-out-of-bounds
Still happens with the latest kernel. ``` [ 15.027316] [ cut here ] [ 15.027323] UBSAN: array-index-out-of-bounds in /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/wl/sys/wl_linux.c:1935:4 [ 15.027329] index 2 is out of range for type 'ether_addr [1]' [ 15.027333] CPU: 3 PID: 63 Comm: kworker/3:1 Tainted: P OE 6.8.0-35-generic #35-Ubuntu [ 15.027336] Hardware name: Apple Inc. MacBookPro11,1/Mac-189A3D4F975D5FFC, BIOS 478.0.0.0.0 01/13/2023 [ 15.027339] Workqueue: ipv6_addrconf addrconf_dad_work [ 15.027346] Call Trace: [ 15.027348] [ 15.027351] dump_stack_lvl+0x48/0x70 [ 15.027360] dump_stack+0x10/0x20 [ 15.027364] __ubsan_handle_out_of_bounds+0xc6/0x110 [ 15.027369] _wl_set_multicast_list+0x211/0x230 [wl] [ 15.027448] wl_set_multicast_list+0x3a/0xa0 [wl] [ 15.027522] __dev_set_rx_mode+0x79/0xe0 [ 15.027528] __dev_mc_add+0x94/0xa0 [ 15.027532] dev_mc_add+0x10/0x20 [ 15.027535] igmp6_group_added+0xe0/0x100 [ 15.027541] __ipv6_dev_mc_inc+0x27d/0x400 [ 15.027545] ipv6_dev_mc_inc+0x10/0x20 [ 15.027549] addrconf_dad_work+0xaa/0x510 [ 15.027553] process_one_work+0x16f/0x350 [ 15.027560] worker_thread+0x306/0x440 [ 15.027564] ? _raw_spin_lock_irqsave+0xe/0x20 [ 15.027569] ? __pfx_worker_thread+0x10/0x10 [ 15.027573] kthread+0xf2/0x120 [ 15.027577] ? __pfx_kthread+0x10/0x10 [ 15.027580] ret_from_fork+0x47/0x70 [ 15.027583] ? __pfx_kthread+0x10/0x10 [ 15.027587] ret_from_fork_asm+0x1b/0x30 [ 15.027592] [ 15.027639] ---[ end trace ]--- ``` -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065839 Title: UBSAN: array-index-out-of-bounds To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/broadcom-sta/+bug/2065839/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065839] Re: UBSAN: array-index-out-of-bounds
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: broadcom-sta (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065839 Title: UBSAN: array-index-out-of-bounds To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/broadcom-sta/+bug/2065839/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065839] Re: UBSAN: array-index-out-of-bounds
** Changed in: linux (Ubuntu) Status: New => Invalid ** No longer affects: linux (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065839 Title: UBSAN: array-index-out-of-bounds To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/broadcom-sta/+bug/2065839/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065839] Re: UBSAN: array-index-out-of-bounds
** Also affects: broadcom-sta (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065839 Title: UBSAN: array-index-out-of-bounds To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/broadcom-sta/+bug/2065839/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065839] Re: UBSAN: array-index-out-of-bounds
on different machine running 6.8.0-31-generic: [ 8341.842158] [ cut here ] [ 8341.842166] UBSAN: array-index-out-of-bounds in /build/linux-yrLejD/linux-6.8.0/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8192e2ant.c:3005:36 [ 8341.842173] index 10 is out of range for type 'u8 [10]' [ 8341.842177] CPU: 0 PID: 9796 Comm: kworker/0:2 Tainted: P IO 6.8.0-31-generic #31-Ubuntu [ 8341.842181] Hardware name: Dell Inc. Precision WorkStation T7500 /0D881F, BIOS A18 10/15/2018 [ 8341.842184] Workqueue: rtl92ee_pci rtl_c2hcmd_wq_callback [rtlwifi] [ 8341.842211] Call Trace: [ 8341.842213] [ 8341.842217] dump_stack_lvl+0x48/0x70 [ 8341.842227] dump_stack+0x10/0x20 [ 8341.842231] __ubsan_handle_out_of_bounds+0xc6/0x110 [ 8341.842237] ex_btc8192e2ant_bt_info_notify+0x42b/0x4c0 [btcoexist] [ 8341.842260] exhalbtc_bt_info_notify+0x9c/0xe0 [btcoexist] [ 8341.842284] rtl_btc_btinfo_notify+0x1d/0x40 [btcoexist] [ 8341.842305] rtl_c2h_content_parsing.isra.0+0x66/0x100 [rtlwifi] [ 8341.842322] rtl_c2hcmd_wq_callback+0x3c/0x80 [rtlwifi] [ 8341.842339] process_one_work+0x16f/0x350 [ 8341.842345] worker_thread+0x306/0x440 [ 8341.842349] ? _raw_spin_lock_irqsave+0xe/0x20 [ 8341.842354] ? __pfx_worker_thread+0x10/0x10 [ 8341.842358] kthread+0xf2/0x120 [ 8341.842362] ? __pfx_kthread+0x10/0x10 [ 8341.842365] ret_from_fork+0x47/0x70 [ 8341.842369] ? __pfx_kthread+0x10/0x10 [ 8341.842372] ret_from_fork_asm+0x1b/0x30 [ 8341.842378] [ 8341.842413] ---[ end trace ]--- [ 8341.847443] [ cut here ] [ 8341.847445] UBSAN: invalid-load in /build/linux-yrLejD/linux-6.8.0/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8192e2ant.c:889:11 [ 8341.847450] load of value 248 is not a valid value for type '_Bool' [ 8341.847453] CPU: 0 PID: 9796 Comm: kworker/0:2 Tainted: P IO 6.8.0-31-generic #31-Ubuntu [ 8341.847456] Hardware name: Dell Inc. Precision WorkStation T7500 /0D881F, BIOS A18 10/15/2018 [ 8341.847458] Workqueue: rtl92ee_pci rtl_c2hcmd_wq_callback [rtlwifi] [ 8341.847477] Call Trace: [ 8341.847479] [ 8341.847481] dump_stack_lvl+0x48/0x70 [ 8341.847486] dump_stack+0x10/0x20 [ 8341.847490] __ubsan_handle_load_invalid_value+0xce/0x120 [ 8341.847495] btc8192e2ant_rf_shrink.constprop.0.cold+0x79/0xb2 [btcoexist] [ 8341.847517] btc8192e2ant_run_coexist_mechanism.part.0+0x1be/0x2c0 [btcoexist] [ 8341.847534] btc8192e2ant_run_coexist_mechanism+0x54/0x70 [btcoexist] [ 8341.847550] ex_btc8192e2ant_bt_info_notify+0x30f/0x4c0 [btcoexist] [ 8341.847569] exhalbtc_bt_info_notify+0x9c/0xe0 [btcoexist] [ 8341.847592] rtl_btc_btinfo_notify+0x1d/0x40 [btcoexist] [ 8341.847613] rtl_c2h_content_parsing.isra.0+0x66/0x100 [rtlwifi] [ 8341.847630] rtl_c2hcmd_wq_callback+0x3c/0x80 [rtlwifi] [ 8341.847647] process_one_work+0x16f/0x350 [ 8341.847652] worker_thread+0x306/0x440 [ 8341.847656] ? _raw_spin_lock_irqsave+0xe/0x20 [ 8341.847660] ? __pfx_worker_thread+0x10/0x10 [ 8341.847664] kthread+0xf2/0x120 [ 8341.847668] ? __pfx_kthread+0x10/0x10 [ 8341.847671] ret_from_fork+0x47/0x70 [ 8341.847674] ? __pfx_kthread+0x10/0x10 [ 8341.847677] ret_from_fork_asm+0x1b/0x30 [ 8341.847683] [ 8341.847695] ---[ end trace ]--- [ 8341.847697] [ cut here ] [ 8341.847698] UBSAN: invalid-load in /build/linux-yrLejD/linux-6.8.0/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8192e2ant.c:892:14 [ 8341.847702] load of value 248 is not a valid value for type '_Bool' [ 8341.847704] CPU: 0 PID: 9796 Comm: kworker/0:2 Tainted: P IO 6.8.0-31-generic #31-Ubuntu [ 8341.847707] Hardware name: Dell Inc. Precision WorkStation T7500 /0D881F, BIOS A18 10/15/2018 [ 8341.847709] Workqueue: rtl92ee_pci rtl_c2hcmd_wq_callback [rtlwifi] [ 8341.847727] Call Trace: [ 8341.847728] [ 8341.847730] dump_stack_lvl+0x48/0x70 [ 8341.847735] dump_stack+0x10/0x20 [ 8341.847738] __ubsan_handle_load_invalid_value+0xce/0x120 [ 8341.847743] btc8192e2ant_rf_shrink.constprop.0.cold+0x98/0xb2 [btcoexist] [ 8341.847765] btc8192e2ant_run_coexist_mechanism.part.0+0x1be/0x2c0 [btcoexist] [ 8341.847782] btc8192e2ant_run_coexist_mechanism+0x54/0x70 [btcoexist] [ 8341.847798] ex_btc8192e2ant_bt_info_notify+0x30f/0x4c0 [btcoexist] [ 8341.847817] exhalbtc_bt_info_notify+0x9c/0xe0 [btcoexist] [ 8341.847840] rtl_btc_btinfo_notify+0x1d/0x40 [btcoexist] [ 8341.847861] rtl_c2h_content_parsing.isra.0+0x66/0x100 [rtlwifi] [ 8341.847878] rtl_c2hcmd_wq_callback+0x3c/0x80 [rtlwifi] [ 8341.847895] process_one_work+0x16f/0x350 [ 8341.847900] worker_thread+0x306/0x440 [ 8341.847904] ? _raw_spin_lock_irqsave+0xe/0x20 [ 8341.847908] ? __pfx_worker_thread+0x10/0x10 [ 8341.847912] kthread+0xf2/0x120 [ 8341.847916] ? __pfx_kthread+0x10/0x10 [ 8341.847919] ret_from_fork+0x47/0x70 [ 8341.847923] ? __pfx_kthread+0x10/0x10 [ 8341.847926] ret_from_fork_asm+0x1b/0x30 [ 8341.847931] [ 8341.847932] ---[ end trace ]--- [ 8341.847934]