| 2022-06-10 08:43:00 |
AaronMa |
bug |
|
|
added bug |
| 2022-06-10 08:43:10 |
AaronMa |
nominated for series |
|
Ubuntu Jammy |
|
| 2022-06-10 08:43:10 |
AaronMa |
bug task added |
|
linux (Ubuntu Jammy) |
|
| 2022-06-10 08:43:22 |
AaronMa |
bug task added |
|
linux-oem-5.17 (Ubuntu) |
|
| 2022-06-10 08:43:30 |
AaronMa |
linux (Ubuntu): status |
New |
In Progress |
|
| 2022-06-10 08:43:34 |
AaronMa |
linux (Ubuntu Jammy): status |
New |
In Progress |
|
| 2022-06-10 08:43:36 |
AaronMa |
linux-oem-5.17 (Ubuntu): status |
New |
In Progress |
|
| 2022-06-10 08:43:38 |
AaronMa |
linux-oem-5.17 (Ubuntu Jammy): status |
New |
In Progress |
|
| 2022-06-10 08:47:26 |
AaronMa |
description |
[Impact]
When bootup Jammy kernel, it shows callrace:
kernel: ================================================================================
kernel: UBSAN: invalid-load in /home/u/aaron/bionic/net/mac80211/status.c:1164:21
kernel: load of value 216 is not a valid value for type '_Bool'
kernel: CPU: 9 PID: 0 Comm: swapper/9 Not tainted 5.15.36+ #12
kernel: Hardware name: LENOVO 21D2SIT061/21D2SIT061, BIOS N3GET30W (1.11 ) 05/27/2022
kernel: Call Trace:
kernel: <IRQ>
kernel: dump_stack_lvl+0x4a/0x5f
kernel: dump_stack+0x10/0x12
kernel: ubsan_epilogue+0x9/0x45
kernel: __ubsan_handle_load_invalid_value.cold+0x44/0x49
kernel: ieee80211_tx_status_ext.cold+0x1e/0xb0 [mac80211]
kernel: ? percpu_ref_kill_and_confirm+0xd0/0xd0
kernel: ? rht_key_get_hash.isra.0+0x19/0x20 [mac80211]
kernel: ? sta_info_hash_lookup+0xac/0x100 [mac80211]
kernel: ieee80211_tx_status+0x72/0xa0 [mac80211]
kernel: ieee80211_tasklet_handler+0xa2/0xd0 [mac80211]
kernel: tasklet_action_common.constprop.0+0xc0/0xf0
kernel: tasklet_action+0x22/0x30
kernel: __do_softirq+0xd9/0x2e3
kernel: irq_exit_rcu+0x8c/0xb0
kernel: common_interrupt+0x8a/0xa0
kernel: </IRQ>
kernel: <TASK>
kernel: asm_common_interrupt+0x1e/0x40
kernel: RIP: 0010:cpuidle_enter_state+0xd9/0x620
kernel: Code: 3d b4 85 3d 5c e8 57 a7 6b ff 49 89 c7 0f 1f 44 00 00 31 ff e8 a8 b3 6b ff 80 7d d0>
kernel: RSP: 0018:ffff9e2dc01f7e38 EFLAGS: 00000246
kernel: RAX: ffff8dfdb6870b00 RBX: ffff8df6c3ab6c00 RCX: 000000023cd33784
kernel: RDX: 000000023d103fa8 RSI: 000000023cd33784 RDI: 0000000000000000
kernel: RBP: ffff9e2dc01f7e88 R08: 000000023cd33d63 R09: 00000000000aae60
kernel: R10: 0000000000000004 R11: 071c71c71c71c71c R12: ffffffffa4ce65a0
kernel: R13: 0000000000000003 R14: 0000000000000003 R15: 000000023cd33d63
kernel: ? cpuidle_enter_state+0xc8/0x620
kernel: ? sched_clock_local+0x13/0x90
kernel: cpuidle_enter+0x2e/0x40
kernel: do_idle+0x203/0x2a0
kernel: cpu_startup_entry+0x20/0x30
kernel: start_secondary+0x12a/0x180
kernel: secondary_startup_64_no_verify+0xc2/0xcb
kernel: </TASK>
kernel: ================================================================================
[Fix]
The size of the status_driver_data field was not adjusted
when the is_valid_ack_signal field was added.
Adjust the struct size accordingly.
[Test]
Verified on hardware, no error.
[Where problems could occur]
Low risk, It may break wifi driver. |
[Impact]
When bootup Jammy kernel, it shows callrace:
kernel: ================================================================================
kernel: UBSAN: invalid-load in /home/u/aaron/bionic/net/mac80211/status.c:1164:21
kernel: load of value 216 is not a valid value for type '_Bool'
kernel: CPU: 9 PID: 0 Comm: swapper/9 Not tainted 5.15.36+ #12
kernel: Hardware name: LENOVO 21D2SIT061/21D2SIT061, BIOS N3GET30W (1.11 ) 05/27/2022
kernel: Call Trace:
kernel: <IRQ>
kernel: dump_stack_lvl+0x4a/0x5f
kernel: dump_stack+0x10/0x12
kernel: ubsan_epilogue+0x9/0x45
kernel: __ubsan_handle_load_invalid_value.cold+0x44/0x49
kernel: ieee80211_tx_status_ext.cold+0x1e/0xb0 [mac80211]
kernel: ? percpu_ref_kill_and_confirm+0xd0/0xd0
kernel: ? rht_key_get_hash.isra.0+0x19/0x20 [mac80211]
kernel: ? sta_info_hash_lookup+0xac/0x100 [mac80211]
kernel: ieee80211_tx_status+0x72/0xa0 [mac80211]
kernel: ieee80211_tasklet_handler+0xa2/0xd0 [mac80211]
kernel: tasklet_action_common.constprop.0+0xc0/0xf0
kernel: tasklet_action+0x22/0x30
kernel: __do_softirq+0xd9/0x2e3
kernel: irq_exit_rcu+0x8c/0xb0
kernel: common_interrupt+0x8a/0xa0
kernel: </IRQ>
kernel: <TASK>
kernel: asm_common_interrupt+0x1e/0x40
kernel: RIP: 0010:cpuidle_enter_state+0xd9/0x620
kernel: Code: 3d b4 85 3d 5c e8 57 a7 6b ff 49 89 c7 0f 1f 44 00 00 31 ff e8 a8 b3 6b ff 80 7d d0>
kernel: RSP: 0018:ffff9e2dc01f7e38 EFLAGS: 00000246
kernel: RAX: ffff8dfdb6870b00 RBX: ffff8df6c3ab6c00 RCX: 000000023cd33784
kernel: RDX: 000000023d103fa8 RSI: 000000023cd33784 RDI: 0000000000000000
kernel: RBP: ffff9e2dc01f7e88 R08: 000000023cd33d63 R09: 00000000000aae60
kernel: R10: 0000000000000004 R11: 071c71c71c71c71c R12: ffffffffa4ce65a0
kernel: R13: 0000000000000003 R14: 0000000000000003 R15: 000000023cd33d63
kernel: ? cpuidle_enter_state+0xc8/0x620
kernel: ? sched_clock_local+0x13/0x90
kernel: cpuidle_enter+0x2e/0x40
kernel: do_idle+0x203/0x2a0
kernel: cpu_startup_entry+0x20/0x30
kernel: start_secondary+0x12a/0x180
kernel: secondary_startup_64_no_verify+0xc2/0xcb
kernel: </TASK>
kernel: ================================================================================
[Fix]
The size of the status_driver_data field was not adjusted
when the is_valid_ack_signal field was added.
Adjust the struct size accordingly.
[Test]
Verified on hardware, no error.
[Where problems could occur]
Low risk, It may break wifi driver.
Minor changes in title of "Copyright" when backport. |
|
| 2022-06-13 11:38:41 |
Timo Aaltonen |
linux-oem-5.17 (Ubuntu Jammy): status |
In Progress |
Fix Committed |
|
| 2022-06-13 11:38:44 |
Timo Aaltonen |
linux-oem-5.17 (Ubuntu): status |
In Progress |
Invalid |
|
| 2022-06-22 09:28:12 |
Ubuntu Kernel Bot |
tags |
|
verification-needed-jammy |
|
| 2022-06-22 10:00:38 |
Stefan Bader |
linux (Ubuntu Jammy): importance |
Undecided |
Medium |
|
| 2022-06-22 10:00:45 |
Stefan Bader |
linux (Ubuntu Jammy): status |
In Progress |
Fix Committed |
|
| 2022-06-28 13:44:44 |
AaronMa |
tags |
verification-needed-jammy |
verification-done-jammy |
|
| 2022-06-30 08:57:21 |
Launchpad Janitor |
linux-oem-5.17 (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
| 2022-07-11 13:20:28 |
Launchpad Janitor |
linux (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
| 2022-07-11 13:20:28 |
Launchpad Janitor |
cve linked |
|
2022-1789 |
|
| 2023-01-05 13:45:52 |
Timo Aaltonen |
linux (Ubuntu): status |
In Progress |
Fix Released |
|
