UBSAN: invalid-load in /build/linux-WD899k/linux-5.15.0/net/mac80211/status.c:1164:21

Bug #1974018 reported by Innocenzo Ventre
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

$ lsb_release -rd
Description: Ubuntu 22.04 LTS
Release: 22.04

[ 29.170087] ================================================================================
[ 29.170097] UBSAN: invalid-load in /build/linux-WD899k/linux-5.15.0/net/mac80211/status.c:1164:21
[ 29.170102] load of value 255 is not a valid value for type '_Bool'
[ 29.170105] CPU: 3 PID: 549 Comm: in:imuxsock Tainted: P OE 5.15.0-30-generic #31-Ubuntu
[ 29.170110] Hardware name: ASUSTeK COMPUTER INC. X550CL/X550CL, BIOS X550CL.204 10/17/2013
[ 29.170113] Call Trace:
[ 29.170116] <IRQ>
[ 29.170119] show_stack+0x52/0x58
[ 29.170128] dump_stack_lvl+0x4a/0x5f
[ 29.170136] dump_stack+0x10/0x12
[ 29.170140] ubsan_epilogue+0x9/0x45
[ 29.170144] __ubsan_handle_load_invalid_value.cold+0x44/0x49
[ 29.170149] ieee80211_tx_status_ext.cold+0x4e/0x5f [mac80211]
[ 29.170251] ieee80211_tx_status+0x72/0xa0 [mac80211]
[ 29.170320] ath_txq_unlock_complete+0x12d/0x160 [ath9k]
[ 29.170336] ath_tx_edma_tasklet+0xef/0x4c0 [ath9k]
[ 29.170349] ? del_timer_sync+0x6c/0xb0
[ 29.170355] ath9k_tasklet+0x14e/0x290 [ath9k]
[ 29.170367] tasklet_action_common.constprop.0+0xc0/0xf0
[ 29.170373] tasklet_action+0x22/0x30
[ 29.170378] __do_softirq+0xd9/0x2e3
[ 29.170385] irq_exit_rcu+0x8c/0xb0
[ 29.170389] common_interrupt+0x8a/0xa0
[ 29.170396] </IRQ>
[ 29.170398] <TASK>
[ 29.170400] asm_common_interrupt+0x1e/0x40
[ 29.170404] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0
[ 29.170411] Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a
[ 29.170414] RSP: 0018:ffffae00c0b83c10 EFLAGS: 00000202
[ 29.170419] RAX: 00007f4885d52298 RBX: ffffae00c0b83c40 RCX: 0000000000000007
[ 29.170422] RDX: 0000000000000000 RSI: 00007f4885d52260 RDI: ffffae00c0b83c40
[ 29.170424] RBP: ffffae00c0b83c30 R08: 0000000000000000 R09: ffff9a32e177e418
[ 29.170427] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000038
[ 29.170429] R13: ffffae00c0b83cd8 R14: ffffae00c0b83ce0 R15: 0000000000000040
[ 29.170434] ? _copy_from_user+0x2e/0x60
[ 29.170440] __copy_msghdr_from_user+0x3d/0x130
[ 29.170446] ___sys_recvmsg+0x68/0x110
[ 29.170450] ? check_preempt_curr+0x5d/0x70
[ 29.170455] ? ttwu_do_wakeup+0x1c/0x160
[ 29.170460] ? rseq_get_rseq_cs.isra.0+0x1b/0x220
[ 29.170466] ? ttwu_do_activate+0x72/0xf0
[ 29.170470] ? __fget_files+0x86/0xc0
[ 29.170476] ? __fget_light+0x32/0x80
[ 29.170481] __sys_recvmsg+0x5f/0xb0
[ 29.170485] ? switch_fpu_return+0x4e/0xc0
[ 29.170491] ? exit_to_user_mode_prepare+0x92/0xb0
[ 29.170496] ? syscall_exit_to_user_mode+0x27/0x50
[ 29.170501] __x64_sys_recvmsg+0x1d/0x20
[ 29.170505] do_syscall_64+0x5c/0xc0
[ 29.170510] ? __x64_sys_futex+0x78/0x1e0
[ 29.170515] ? exit_to_user_mode_prepare+0x37/0xb0
[ 29.170520] ? syscall_exit_to_user_mode+0x27/0x50
[ 29.170524] ? do_syscall_64+0x69/0xc0
[ 29.170528] ? do_syscall_64+0x69/0xc0
[ 29.170533] ? do_syscall_64+0x69/0xc0
[ 29.170537] ? do_syscall_64+0x69/0xc0
[ 29.170541] ? asm_common_interrupt+0x8/0x40
[ 29.170546] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 29.170550] RIP: 0033:0x7f48864179ef
[ 29.170554] Code: 44 00 00 89 54 24 0c 48 89 34 24 89 7c 24 08 e8 97 90 f6 ff 8b 54 24 0c 48 8b 34 24 41 89 c0 8b 7c 24 08 b8 2f 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 4c 63 e0 44 89 c7 e8 de 90 f6 ff 48 83 c4
[ 29.170557] RSP: 002b:00007f4885d52140 EFLAGS: 00000293 ORIG_RAX: 000000000000002f
[ 29.170561] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f48864179ef
[ 29.170564] RDX: 0000000000000040 RSI: 00007f4885d52260 RDI: 0000000000000003
[ 29.170566] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f4878000bb0
[ 29.170568] R10: 00007f4878002b50 R11: 0000000000000293 R12: 000055d6ce037580
[ 29.170570] R13: 000055d6cc64e4cc R14: 0000000000001fa0 R15: 00007f4878000bb0
[ 29.170575] </TASK>
[ 29.170585] ================================================================================

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: xorg 1:7.7+23ubuntu2
ProcVersionSignature: Ubuntu 5.15.0-30.31-generic 5.15.30
Uname: Linux 5.15.0-30-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: unknown
CompositorRunning: None
Date: Wed May 18 13:36:06 2022
DistUpgraded: 2022-05-16 13:44:28,450 DEBUG /openCache(), new cache size 71860
DistroCodename: jammy
DistroVariant: ubuntu
DkmsStatus:
 nvidia/470.129.06, 5.15.0-30-generic, x86_64: installed
 virtualbox/6.1.32, 5.15.0-27-generic, x86_64: installed
 virtualbox/6.1.32, 5.15.0-30-generic, x86_64: installed
ExtraDebuggingInterest: No
GraphicsCard:
 Intel Corporation 3rd Gen Core processor Graphics Controller [8086:0166] (rev 09) (prog-if 00 [VGA controller])
   Subsystem: ASUSTeK Computer Inc. 3rd Gen Core processor Graphics Controller [1043:124d]
   Subsystem: ASUSTeK Computer Inc. GeForce GT 710M [1043:223a]
InstallationDate: Installed on 2020-12-17 (517 days ago)
InstallationMedia: Kubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
MachineType: ASUSTeK COMPUTER INC. X550CL
ProcEnviron:
 LANGUAGE=
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=it_IT.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-30-generic root=UUID=7780a4bb-9ec6-42c3-96d6-b0fa6a284458 ro quiet splash vt.handoff=7
SourcePackage: xorg
Symptom: display
UpgradeStatus: Upgraded to jammy on 2022-05-16 (1 days ago)
dmi.bios.date: 10/17/2013
dmi.bios.release: 4.6
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: X550CL.204
dmi.board.asset.tag: ATN12345678901234567
dmi.board.name: X550CL
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: 1.0
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: ASUSTeK COMPUTER INC.
dmi.chassis.version: 1.0
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrX550CL.204:bd10/17/2013:br4.6:svnASUSTeKCOMPUTERINC.:pnX550CL:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnX550CL:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0:skuASUS-NotebookSKU:
dmi.product.family: X
dmi.product.name: X550CL
dmi.product.sku: ASUS-NotebookSKU
dmi.product.version: 1.0
dmi.sys.vendor: ASUSTeK COMPUTER INC.
version.compiz: compiz N/A
version.libdrm2: libdrm2 2.4.110-1ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 22.0.1-1ubuntu2
version.libgl1-mesa-glx: libgl1-mesa-glx 22.0.1-1ubuntu2
version.xserver-xorg-core: xserver-xorg-core 2:21.1.3-2ubuntu2
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-2build3
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20210115-1
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.17-2build1

Revision history for this message
Innocenzo Ventre (eldiabl09) wrote :
affects: ubuntu → xorg (Ubuntu)
summary: - dmesg
+ UBSAN: invalid-load in /build/linux-
+ WD899k/linux-5.15.0/net/mac80211/status.c:1164:21
affects: xorg (Ubuntu) → linux (Ubuntu)
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
lorn10 (kle) wrote :

I can also confirm this bug for an older iMac 12.2 running latest Kubuntu 22.04 LTS (in native EFI mode).

[ 12.611168] ================================================================================
[ 12.611173] UBSAN: invalid-load in /build/linux-WD899k/linux-5.15.0/net/mac80211/status.c:1164:21
[ 12.611175] load of value 255 is not a valid value for type '_Bool'
[ 12.611178] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 5.15.0-30-generic #31-Ubuntu
[ 12.611180] Hardware name: Apple Inc. iMac12,2/Mac-942B59F58194171B, BIOS IM121.88Z.004F.B00.1804101150 04/10/18
[ 12.611181] Call Trace:
[ 12.611184] <IRQ>
[ 12.611186] show_stack+0x52/0x58
[ 12.611192] dump_stack_lvl+0x4a/0x5f
[ 12.611197] dump_stack+0x10/0x12
[ 12.611199] ubsan_epilogue+0x9/0x45
[ 12.611201] __ubsan_handle_load_invalid_value.cold+0x44/0x49
[ 12.611204] ieee80211_tx_status_ext.cold+0x4e/0x5f [mac80211]
[ 12.611272] ieee80211_tx_status+0x72/0xa0 [mac80211]
[ 12.611297] ath_txq_unlock_complete+0x12d/0x160 [ath9k]
[ 12.611305] ath_tx_edma_tasklet+0xef/0x4c0 [ath9k]
[ 12.611311] ? del_timer_sync+0x6c/0xb0
[ 12.611315] ath9k_tasklet+0x14e/0x290 [ath9k]
[ 12.611320] tasklet_action_common.constprop.0+0xc0/0xf0
[ 12.611324] tasklet_action+0x22/0x30
[ 12.611326] __do_softirq+0xd9/0x2e3
[ 12.611331] irq_exit_rcu+0x8c/0xb0
[ 12.611333] common_interrupt+0x8a/0xa0
[ 12.611338] </IRQ>
[ 12.611338] <TASK>
[ 12.611339] asm_common_interrupt+0x1e/0x40
[ 12.611342] RIP: 0010:cpuidle_enter_state+0xd9/0x620
[ 12.611346] Code: 3d c4 4b 7e 75 e8 d7 ad 6c ff 49 89 c7 0f 1f 44 00 00 31 ff e8 28 ba 6c ff 80 7d d0 00 0f 85 5d 01 00 00 fb 66 0f 1f 44 00 00 <45> 85 f6 0f 88 69 01 00 00 4d 63 ee 49 83 fd 09 0f 87 e3 03 00 00
[ 12.611348] RSP: 0018:ffff9ee1400bfe28 EFLAGS: 00000246
[ 12.611350] RAX: ffff902ddfbb0f00 RBX: ffffbee13fd80000 RCX: 0000000000000000
[ 12.611351] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
[ 12.611353] RBP: ffff9ee1400bfe78 R08: 00000002efaed3d6 R09: 0000000000033838
[ 12.611354] R10: 0000000000000005 R11: 071c71c71c71c71c R12: ffffffff8bed36c0
[ 12.611355] R13: 0000000000000002 R14: 0000000000000002 R15: 00000002efaed3d6
[ 12.611357] ? cpuidle_enter_state+0xc8/0x620
[ 12.611360] cpuidle_enter+0x2e/0x40
[ 12.611362] cpuidle_idle_call+0x13e/0x1e0
[ 12.611364] do_idle+0x83/0xf0
[ 12.611366] cpu_startup_entry+0x20/0x30
[ 12.611368] start_secondary+0x12a/0x180
[ 12.611371] secondary_startup_64_no_verify+0xc2/0xcb
[ 12.611375] </TASK>
[ 12.611379] ================================================================================

Revision history for this message
Kai-Heng Feng (kaihengfeng) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.