Ubuntu
broadcom-sta package

kernel 6.5 changes cause UBSAN errors (patch included)

Bug #2030978 reported by satmandu on 2023-08-10

This bug affects 6 people

Affects		Status	Importance	Assigned to	Milestone
	broadcom-sta (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

"On Linux 6.5, due to commit 2d47c6956ab3 ("ubsan: Tighten UBSAN_BOUNDS
on GCC"), flexible trailing arrays declared like `whatever_t foo[1];`
will generate warnings when CONFIG_UBSAN & co. is enabled."

Due to changes in kernel 6.5, we get this error in dmesg:

[ 28.818756] ================================================================================
[ 28.822952] UBSAN: array-index-out-of-bounds in /var/lib/dkms/broadcom-wl/6.30.223.271/build/src/wl/sys/wl_linux.c:1938:4
[ 28.828888] index 2 is out of range for type 'ether_addr [1]'
[ 28.832900] CPU: 1 PID: 1232 Comm: avahi-daemon Tainted: P OE 6.5.0-rc4 #1
[ 28.836452] Hardware name: Apple Inc. MacBookPro11,3/Mac-2BD1B31983FE1663, BIOS 432.60.3.0.0 10/27/2021
[ 28.839806] Call Trace:
[ 28.843091] <TASK>
[ 28.846387] dump_stack_lvl+0x48/0x60
[ 28.849692] dump_stack+0x10/0x20
[ 28.852965] __ubsan_handle_out_of_bounds+0xc6/0x100
[ 28.856251] _wl_set_multicast_list+0x1fd/0x220 [wl]
[ 28.859191] wl_set_multicast_list+0x3a/0x80 [wl]
[ 28.861879] __dev_set_rx_mode+0x6a/0xc0
[ 28.864237] __dev_mc_add+0x82/0x90
[ 28.866587] dev_mc_add+0x10/0x20
[ 28.868920] igmp_group_added+0x198/0x1d0
[ 28.871102] ____ip_mc_inc_group+0x185/0x2b0
[ 28.873231] __ip_mc_join_group+0x108/0x170
[ 28.875170] ip_mc_join_group+0x10/0x20
[ 28.877111] do_ip_setsockopt+0x104d/0x1160
[ 28.878894] ? __sys_setsockopt+0xeb/0x1c0
[ 28.880657] ip_setsockopt+0x30/0xb0
[ 28.882326] udp_setsockopt+0x22/0x40
[ 28.883949] sock_common_setsockopt+0x14/0x20
[ 28.885554] __sys_setsockopt+0xde/0x1c0
[ 28.887063] __x64_sys_setsockopt+0x1f/0x30
[ 28.888564] do_syscall_64+0x55/0x80
[ 28.889952] ? syscall_exit_to_user_mode+0x26/0x40
[ 28.891226] ? __x64_sys_recvmsg+0x1d/0x20
[ 28.892450] ? do_syscall_64+0x61/0x80
[ 28.893651] ? do_syscall_64+0x61/0x80
[ 28.894796] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 28.895942] RIP: 0033:0x7f0a97a7ddae
[ 28.897100] Code: 0f 1f 40 00 48 8b 15 69 60 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 49 89 ca b8 36 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 31
[ 28.898270] RSP: 002b:00007fffb7b1b3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 28.899449] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f0a97a7ddae
[ 28.900623] RDX: 0000000000000023 RSI: 0000000000000000 RDI: 000000000000000c
[ 28.901784] RBP: 0000000000000001 R08: 000000000000000c R09: 0000000000000004
[ 28.902895] R10: 00007fffb7b1b404 R11: 0000000000000246 R12: 00007fffb7b1b404
[ 28.904011] R13: 0000000000000014 R14: 000055cc506ee078 R15: 000055cc506eaf60
[ 28.905149] </TASK>
[ 28.906228] ================================================================================

A patch is however available for this issue:

https://gist.github.com/joanbm/9cd5fda1dcfab9a67b42cc6195b7b269

ProblemType: Bug
DistroRelease: Ubuntu 23.04
Package: bcmwl-kernel-source (not installed)
Uname: Linux 6.5.0-rc4 x86_64
NonfreeKernelModules: wl zfs
ApportVersion: 2.26.1-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Thu Aug 10 10:40:27 2023
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
SourcePackage: broadcom-sta
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

satmandu (satadru-umich) wrote on 2023-08-10:

ProcCpuinfoMinimal.txt Edit (1.3 KiB, text/plain; charset="utf-8")

Revision history for this message

satmandu (satadru-umich) wrote on 2023-08-10:

ubsan patch for broadcom-wl driver Edit (6.0 KiB, text/plain)

summary:

- UBSAN errors due to kernel 6.5 changes
+ kernel 6.5 changes cause UBSAN errors (patch included)

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2023-08-10:

The attachment "ubsan patch for broadcom-wl driver" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags:

added: patch

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-11-03:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in broadcom-sta (Ubuntu):
status:	New → Confirmed

Revision history for this message

Marietto (marietto2008) wrote on 2023-11-06:

Download full text (8.3 KiB)

I've upgraded ubuntu 23.04 to 23.10 and I've got the bug that you said that should have been fixed.

On my Ubuntu 23.10 I'm using kernel 6.5.0-10-generic and I've installed the nvidia driver version 535.129.03. (my nvidia gpu is the RTX 2080 ti ; my cpu is the intel I9)

Not exactly the same bug because the error in the Ubuntu bug report is for a different kernel module. But the underlying cause is probably the same.

Ubuntu is probably at fault here. Possibly the code for the nvidia-uvm module is designed for kernel versions < 6.5, so when Ubuntu upgraded to Linux kernel 6.5, it broke some modules because of changes to UBSAN in Linux 6.5 which causes modules such as nvidia-uvm to need patches to be compatible with Linux 6.5, but either nvidia has not yet provided a version of nvidia-uvm that is compatible with Linux 6.5 or Ubuntu neglected to apply an updated version from nvidia that is compatible with Linux 6.5.

Whois the guilty ? the nvidia or the ubuntu developers ? I didn't see this error on ubuntu 23.04,maybe because it does not use the kernel 6.5 by default,but 23.10 does it.

I see a lot of those errors when I issue the command "dmesg" and any audio-video streamings don't flow.

Log :

[ 15.029102] UBSAN: array-index-out-of-bounds in /var/lib/dkms/nvidia/535.129.03/build/nvidia-uvm/uvm_pmm_gpu.c:829:45

I've upgraded ubuntu 23.04 to 23.10 and I've got the bug that you said that should have been fixed.

On my Ubuntu 23.10 I'm using kernel 6.5.0-10-generic and I've installed the nvidia driver version 535.129.03. (my nvidia gpu is the RTX 2080 ti ; my cpu is the intel I9)

Not exactly the same bug because the error in the Ubuntu bug report is for a different kernel module. But the underlying cause is probably the same.

Whois the guilty ? the nvidia or the ubuntu developers ? I didn't see this error on ubuntu 23.04,maybe because it does not use the kernel 6.5 by default,but 23.10 does it.

I see a lot of those errors when I issue the command "dmesg" and any audio-video streamings don't flow.

Log :

[   15.029102] UBSAN: array-index-out-of-bounds in /var/lib/dkms/nvidia/535.129.03/build/nvidia-uvm/uvm_pmm_gpu.c:829:45

[   15.031655] index 0 is out of range for type 'uvm_gpu_chunk_t *[*]'
[   15.034248] CPU: 9 PID: 2571 Comm: ffdetect Tainted: P           OE      6.5.0-10-generic #10-Ubuntu
[   15.034249] Hardware name: Gigabyte Technology Co., Ltd. Z390 AORUS PRO/Z390 AORUS PRO-CF, BIOS F12g GA9 06/08/2020
[   15.034250] Call Trace:
[   15.034251]  <TASK>
[   15.034251]  dump_stack_lvl+0x48/0x70
[   15.034255]  dump_stack+0x10/0x20
[   15.034257]  __ubsan_handle_out_of_bounds+0xc6/0x110
[   15.034259]  merge_gpu_chunk+0x57/0x1d0 [nvidia_uvm]
[   15.034293]  free_chunk_with_merges+0x13d/0x180 [nvidia_uvm]
[   15.034325]  free_chunk+0xa4/0xd0 [nvidia_uvm]
[   15.034355]  uvm_pmm_gpu_free+0xbf/0xf0 [nvidia_uvm]
[   15.034386]  phys_mem_deallocate+0x33/0xd0 [nvidia_uvm]
[   15.034422]  uvm_page_tree_put_ptes_async+0x4d5/0x580 [nvidia_uvm]
[   15.034459]  uvm_page_table_range_vec_deinit+0x3e/0xd0 [nvidia_uvm]
[   15.034494]  uvm_va_range_destroy+0x14d/0x590 [nvidia_uvm]
[   15.034527]  ? os_release_spinlock+0x1a/0x30 [nvidia]
[   15.034792]  ? uvm_kvfree+0x30/0x70 [nvidia_uvm]
[   15.034826]  destroy_va_ranges.part.0+0x61/0x90 [nvidia_uvm]
[   15.034857]  uvm_user_channel_detach+0x9e/0xe0 [nvidia_uvm]
[   15.034886]  uvm_api_unregister_channel+0xee/0x1a0 [nvidia_uvm]
[   15.034915]  uvm_ioctl+0x1a04/0x1cd0 [nvidia_uvm]
[   15.034939]  ? uvm_api_unregister_channel+0x134/0x1a0 [nvidia_uvm]
[   15.034968]  ? _copy_to_user+0x25/0x70
[   15.034970]  ? uvm_ioctl+0x5cc/0x1cd0 [nvidia_uvm]
[   15.034994]  ? _raw_spin_lock_irqsave+0xe/0x20
[   15.034996]  ? thread_context_non_interrupt_add+0x13a/0x2c0 [nvidia_uvm]
[   15.035031]  uvm_unlocked_ioctl_entry.part.0+0x7b/0xf0 [nvidia_uvm]
[   15.035055]  ? uvm_thread_context_remove+0x39/0x50 [nvidia_uvm]
[   15.035091]  uvm_unlocked_ioctl_entry+0x6b/0x90 [nvidia_uvm]
[   15.035115]  __x64_sys_ioctl+0xa0/0xf0
[   15.035116]  do_syscall_64+0x59/0x90
[   15.035118]  ? __rseq_handle_notify_resume+0x37/0x70
[   15.035119]  ? exit_to_user_mode_loop+0xe0/0x130
[   15.035122]  ? exit_to_user_mode_prepare+0x9b/0xb0
[   15.035123]  ? syscall_exit_to_user_mode+0x37/0x60
[   15.035125]  ? do_syscall_64+0x68/0x90
[   15.035126]  ? syscall_exit_to_user_mode+0x37/0x60
[   15.035128]  ? do_syscall_64+0x68/0x90
[   15.035129]  ? syscall_exit_to_user_mode+0x37/0x60
[   15.035130]  ? do_syscall_64+0x68/0x90
[   15.035131]  ? do_syscall_64+0x68/0x90
[   15.035133]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[   15.035134] RIP: 0033:0x7f9b9e7238ef
[   15.035144] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00
00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   15.035145] RSP: 002b:00007fff0ed9b9a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   15.035147] RAX: ffffffffffffffda RBX: 000000000239f8b8 RCX: 00007f9b9e7238ef
[   15.035147] RDX: 00007fff0ed9ba10 RSI: 000000000000001c RDI: 0000000000000004
[   15.035148] RBP: 00007fff0ed9ba50 R08: 000000000000242a R09: 0000000000000007
[   15.035149] R10: 000000000242a3c0 R11: 0000000000000246 R12: 00007fff0ed9ba10
[   15.035150] R13: 0000000000000004 R14: 0000000002506600 R15: 000000000237c138
[   15.035151]  </TASK>
[   15.035152] ================================================================================
[   15.037818] ================================================================================
[   15.040413] UBSAN: array-index-out-of-bounds in /var/lib/dkms/nvidia/535.129.03/build/nvidia-uvm/uvm_pmm_gpu.c:857:39

[   15.043033] index 0 is out of range for type 'uvm_gpu_chunk_t *[*]'
[   15.045636] CPU: 9 PID: 2571 Comm: ffdetect Tainted: P           OE      6.5.0-10-generic #10-Ubuntu
[   15.045639] Hardware name: Gigabyte Technology Co., Ltd. Z390 AORUS PRO/Z390 AORUS PRO-CF, BIOS F12g GA9 06/08/2020
[   15.045640] Call Trace:
[   15.045641]  <TASK>
[   15.045642]  dump_stack_lvl+0x48/0x70
[   15.045647]  dump_stack+0x10/0x20
[   15.045649]  __ubsan_handle_out_of_bounds+0xc6/0x110
[   15.045652]  merge_gpu_chunk+0xc6/0x1d0 [nvidia_uvm]
[   15.045702]  free_chunk_with_merges+0x13d/0x180 [nvidia_uvm]
[   15.045734]  free_chunk+0xa4/0xd0 [nvidia_uvm]
[   15.045765]  uvm_pmm_gpu_free+0xbf/0xf0 [nvidia_uvm]
[   15.045795]  phys_mem_deallocate+0x33/0xd0 [nvidia_uvm]
[   15.045831]  uvm_page_tree_put_ptes_async+0x4d5/0x580 [nvidia_uvm]
[   15.045868]  uvm_page_table_range_vec_deinit+0x3e/0xd0 [nvidia_uvm]
[   15.045904]  uvm_va_range_destroy+0x14d/0x590 [nvidia_uvm]
[   15.045936]  ? os_release_spinlock+0x1a/0x30 [nvidia]
[   15.046201]  ? uvm_kvfree+0x30/0x70 [nvidia_uvm]
[   15.046236]  destroy_va_ranges.part.0+0x61/0x90 [nvidia_uvm]
[   15.046277]  uvm_user_channel_detach+0x9e/0xe0 [nvidia_uvm]
[   15.046315]  uvm_api_unregister_channel+0xee/0x1a0 [nvidia_uvm]
[   15.046354]  uvm_ioctl+0x1a04/0x1cd0 [nvidia_uvm]
[   15.046388]  ? uvm_api_unregister_channel+0x134/0x1a0 [nvidia_uvm]
[   15.046427]  ? _copy_to_user+0x25/0x70
[   15.046429]  ? uvm_ioctl+0x5cc/0x1cd0 [nvidia_uvm]
[   15.046463]  ? _raw_spin_lock_irqsave+0xe/0x20
[   15.046466]  ? thread_context_non_interrupt_add+0x13a/0x2c0 [nvidia_uvm]
[   15.046511]  uvm_unlocked_ioctl_entry.part.0+0x7b/0xf0 [nvidia_uvm]
[   15.046544]  ? uvm_thread_context_remove+0x39/0x50 [nvidia_uvm]
[   15.046589]  uvm_unlocked_ioctl_entry+0x6b/0x90 [nvidia_uvm]
[   15.046622]  __x64_sys_ioctl+0xa0/0xf0
[   15.046625]  do_syscall_64+0x59/0x90
[   15.046627]  ? __rseq_handle_notify_resume+0x37/0x70
[   15.046629]  ? exit_to_user_mode_loop+0xe0/0x130
[   15.046632]  ? exit_to_user_mode_prepare+0x9b/0xb0
[   15.046634]  ? syscall_exit_to_user_mode+0x37/0x60
[   15.046636]  ? do_syscall_64+0x68/0x90
[   15.046638]  ? syscall_exit_to_user_mode+0x37/0x60
[   15.046639]  ? do_syscall_64+0x68/0x90
[   15.046641]  ? syscall_exit_to_user_mode+0x37/0x60
[   15.046642]  ? do_syscall_64+0x68/0x90
[   15.046644]  ? do_syscall_64+0x68/0x90
[   15.046645]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[   15.046648] RIP: 0033:0x7f9b9e7238ef
[   15.046668] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00
00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   15.046669] RSP: 002b:00007fff0ed9b9a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   15.046671] RAX: ffffffffffffffda RBX: 000000000239f8b8 RCX: 00007f9b9e7238ef
[   15.046672] RDX: 00007fff0ed9ba10 RSI: 000000000000001c RDI: 0000000000000004
[   15.046673] RBP: 00007fff0ed9ba50 R08: 000000000000242a R09: 0000000000000007
[   15.046674] R10: 000000000242a3c0 R11: 0000000000000246 R12: 00007fff0ed9ba10
[   15.046675] R13: 0000000000000004 R14: 0000000002506600 R15: 000000000237c138
[   15.046677]  </TASK>
[   15.046678] ================================================================================

whois the guilty ? the nvidia or the ubuntu developers ? Everything went well on ubuntu 23.04. I've made a mistake upgrading to Ubuntu 23.10. I have a lot of those errors on the log file and I can't open any audio-video streaming. To fix this ugly bug will take a lot of time for me.

Revision history for this message

Tim Ritberg (xpert-reactos) wrote on 2023-12-18:

I build me own kernel now and removed all UBSAN-stuff. This helped.