Aquantia GbE LAN driver causes UBSAN error during kernel boot
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Invalid
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Medium
|
Unassigned | ||
linux-oem-5.14 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Invalid
|
Undecided
|
Unassigned | ||
linux-oem-5.17 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Invalid
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The undefined behaviour sanitiser picks up an array-index-
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: linux-image-
ProcVersionSign
Uname: Linux 5.15.0-17-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.11-0ubuntu75
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Sun Jan 23 13:02:10 2022
InstallationDate: Installed on 2019-08-07 (899 days ago)
InstallationMedia: Ubuntu 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210)
MachineType: Gigabyte Technology Co., Ltd. X399 AORUS XTREME
ProcFB: 0 EFI VGA
ProcKernelCmdLine: BOOT_IMAGE=
RelatedPackageV
linux-
linux-
linux-firmware 1.204
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 12/11/2019
dmi.bios.release: 5.14
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: F5
dmi.board.
dmi.board.name: X399 AORUS XTREME-CF
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.board.version: x.x
dmi.chassis.
dmi.chassis.type: 3
dmi.chassis.vendor: Default string
dmi.chassis.
dmi.modalias: dmi:bvnAmerican
dmi.product.family: Default string
dmi.product.name: X399 AORUS XTREME
dmi.product.sku: Default string
dmi.product.
dmi.sys.vendor: Gigabyte Technology Co., Ltd.
bsdz (blairuk) wrote : | #1 |
- AlsaInfo.txt Edit (68.0 KiB, text/plain; charset="utf-8")
- AudioDevicesInUse.txt Edit (308 bytes, text/plain; charset="utf-8")
- CRDA.txt Edit (2.9 KiB, text/plain; charset="utf-8")
- CurrentDmesg.txt Edit (128.8 KiB, text/plain; charset="utf-8")
- Dependencies.txt Edit (2.8 KiB, text/plain; charset="utf-8")
- IwConfig.txt Edit (719 bytes, text/plain; charset="utf-8")
- Lspci.txt Edit (41.2 KiB, text/plain; charset="utf-8")
- Lspci-vt.txt Edit (6.1 KiB, text/plain; charset="utf-8")
- Lsusb.txt Edit (1.2 KiB, text/plain; charset="utf-8")
- Lsusb-t.txt Edit (1.4 KiB, text/plain; charset="utf-8")
- Lsusb-v.txt Edit (39.8 KiB, text/plain; charset="utf-8")
- PaInfo.txt Edit (117.7 KiB, text/plain; charset="utf-8")
- ProcCpuinfo.txt Edit (33.4 KiB, text/plain; charset="utf-8")
- ProcCpuinfoMinimal.txt Edit (1.4 KiB, text/plain; charset="utf-8")
- ProcEnviron.txt Edit (137 bytes, text/plain; charset="utf-8")
- ProcInterrupts.txt Edit (37.3 KiB, text/plain; charset="utf-8")
- ProcModules.txt Edit (9.3 KiB, text/plain; charset="utf-8")
- PulseList.txt Edit (26.7 KiB, text/plain; charset="utf-8")
- RfKill.txt Edit (112 bytes, text/plain; charset="utf-8")
- UdevDb.txt Edit (409.2 KiB, text/plain; charset="utf-8")
- WifiSyslog.txt Edit (170.7 KiB, text/plain; charset="utf-8")
- acpidump.txt Edit (660.1 KiB, text/plain; charset="utf-8")
Sigmund Ørjavik (lurulf) wrote : | #2 |
Launchpad Janitor (janitor) wrote : | #3 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
Sigmund Ørjavik (lurulf) wrote : | #4 |
Sigmund Ørjavik (lurulf) wrote : | #5 |
Sigmund Ørjavik (lurulf) wrote : | #6 |
Sigmund Ørjavik (lurulf) wrote : | #7 |
Updated to 5.15.0-18-generic and now the network adapter doesn't work at all.
Sigmund Ørjavik (lurulf) wrote : | #8 |
reverted to 5.13.0-28-generic from impish and aqc107 is still broken. is this caused by some updated firmware blob in jammy?
bsdz (blairuk) wrote : | #9 |
My system seems to be working now. My dmesg shows the driver as loading:
[ 1.439880] atlantic 0000:07:00.0 enp7s0: renamed from eth0
I had some problems with my distribution upgrade and had to re-run it, ie "apt dist-upgrade" along with other commands.
Mario Limonciello (superm1) wrote : | #10 |
Out of bounds still happens to me in 5.15.0-18.18.
bsdz (blairuk) wrote : | #11 |
This bug returned on my machine. Not sure why it disappeared & reappeared. Also now on 5.15.0-18-generic.
Kai-Heng Feng (kaihengfeng) wrote : | #12 |
Does latest mainline kernel have this issue?
Mario Limonciello (superm1) wrote : | #13 |
I checked on 5.17-rc3 most recently and reproduced it. AFAICT this code hasn't changed since 5.16-rc4.
Kai-Heng Feng (kaihengfeng) wrote : | #14 |
- 0001-net-atlantic-Fix-LP-1958770.patch Edit (1.3 KiB, text/plain)
Please give this patch a try, thanks!
tags: | added: patch |
Mario Limonciello (superm1) wrote : | #15 |
@KH:
Yeah that fixes it for me. I applied on top of a 5.15 kernel and would have seen UBSAN error at bootup.
Feel free to added a "Tested-by: Mario Limonciello <email address hidden>" tag for it when you submit up if you don't change it.
bsdz (blairuk) wrote : | #16 |
This doesn't seem to resolve it for me. It's been a long time since I recompiled kernel modules, these are the steps I took:
# module compile instructions from https:/
$ uname -r
5.15.0-18-generic
$ git clone git://git.
$ cd linux-jammy
$ git checkout Ubuntu-5.15.0-18.18
$ cd drivers/
# edit Makefile and add fq path to Include:
# ccflags-y += -I$(srctree)/$(src) -I/blahblah/
$ make -C /lib/modules/`uname -r`/build M=$PWD
...
$ sudo modprobe -v -r atlantic
rmmod atlantic
rmmod macsec
$ sudo cp atlantic.ko /lib/modules/
$ sudo modprobe -v atlantic
insmod /lib/modules/
insmod /lib/modules/
$ sudo dmesg
14218.647296] =======
[14218.647297] UBSAN: array-index-
[14218.647299] index 8 is out of range for type 'aq_vec_s *[8]'
[14218.647300] CPU: 4 PID: 2680 Comm: NetworkManager Tainted: P OE 5.15.0-18-generic #18-Ubuntu
[14218.647301] Hardware name: Gigabyte Technology Co., Ltd. X399 AORUS XTREME/X399 AORUS XTREME-CF, BIOS F5 12/11/2019
[14218.647302] Call Trace:
[14218.647302] <TASK>
[14218.647303] show_stack+
[14218.647304] dump_stack_
[14218.647306] dump_stack+
[14218.647307] ubsan_epilogue+
[14218.647308] __ubsan_
[14218.647309] ? aq_vec_
[14218.647316] aq_nic_
[14218.647322] aq_ndev_
[14218.647329] __dev_open+
[14218.647331] __dev_change_
[14218.647332] ? __nla_validate_
[14218.647334] dev_change_
[14218.647335] do_setlink+
[14218.647337] ? inet6_set_
[14218.647338] ? cpumask_
[14218.647340] ? __nla_validate_
[14218.647341] ? __snmp6_
[14218.647342] __rtnl_
[14218.647344] ? __nla_reserve+
[14218.647345] ? skb_free_
[14218.647347] ? cpumask_
[14218.647348] ? update_
[14218.647349] ? cpufreq_
[14218.647351] ? get_next_
[14218.647352] ? sugov_get_
[14218.647353] ? sugov_update_
[14218.647354] ? sugov_exit+
[14218.647357] ? kmem_cache_
[14218.647359] rtnl_newlink+
[14218.647360] rtnetlink_
[14218.647362] ? rtnl_calcit.
[14218.647363] netlink_
[14218.647365] rtnetlink_
[14218.647366] netlink_
[14218.647367] netlink_
[14218.647369] sock_sendmsg+
[14218.64...
bsdz (blairuk) wrote : | #17 |
Oh I forgot to add that i also applied the patch before compiling.
Kai-Heng Feng (kaihengfeng) wrote : | #18 |
Please try this one:
https://<email address hidden>/
which converts all the usage pattern to a safer form.
bsdz (blairuk) wrote (last edit ): | #19 |
This new patch doesn't appear to resolve issue either. However, I did get it to work if I extended your technique to aq_nic.c. See following comment with patch.
Then I see the following in my dmesg:
[ 2991.604548] atlantic 0000:07:00.0 enp7s0: renamed from eth0
bsdz (blairuk) wrote : | #20 |
Changed in linux-oem-5.17 (Ubuntu): | |
status: | New → Confirmed |
Nikolaus Vladutescu-Zopp (populationless) wrote : | #21 |
I'm gonna chime in too. I have applied both patches from #18 and #20 and recompiled the module, however I still get the UBSAN: array-index-
Kernel: 5.15.0-25-generic
MB: ASRock Fatal1ty X399 Professional Gaming
NIC: Aquantia AQC107
bsdz (blairuk) wrote : | #22 |
This might be fixed in a future kernel release. I see the above patches in github (18 days old).
https:/
I can see aq_vec_stop in your stack trace and I can see the above patch addresses that frame.
That said, are you sure you've successfully loaded the module after patching and compiling? (like in my comment #16 but also including step to patch the files). One thing I did was add a printf statement as well as patch code to be sure (you might need to include stdio.h).
Nikolaus Vladutescu-Zopp (populationless) wrote : | #23 |
I'm not 100% sure if I loaded the new module correctly, but I believe that I did. Here are the steps I took to compile the module and load it, which resulted in the output of #21:
git clone git://git.
cd linux-jammy/
uname -r
git checkout Ubuntu-5.15.0-25.25
cd drivers/
nano Makefile # added PWD to ccflags line
nano aq_vec.c.patch
nano aq_nic.c.patch
patch < aq_vec.c.patch
patch < aq_nic.c.patch
nano aq_vec.c
make -C /lib/modules/`uname -r`/build M=$PWD
sudo modprobe -v -r atlantic
sudo rmmod atlantic
sudo rmmod macsec
sudo cp atlantic.ko /lib/modules/
sudo modprobe -v atlantic
sudo dmesg
I have tried including stdio.h and adding a printf to verify the new module was indeed loaded, but that kept failing with "no such file" errors when trying to compile, even though I have build-essentials installed.
I have tried compiling the module with the files from https:/
bsdz (blairuk) wrote : | #24 |
Just a couple of other suggestions.
You can generate a patch file from the upstream kernel repo. eg
cd linux-jammy
curl https:/
git diff
git apply ./atlantic.patch
git diff
I was wrong about printf. You need to use printk
printk(KERN_INFO "HERE!\n");
I expect printk just will work although you might need to "#include <linux/kernel.h>"
Nikolaus Vladutescu-Zopp (populationless) wrote : | #25 |
Sorry for the delay, life happened...
After mucking about with this for the past few days and not being able to get the module to compile on 5.15 for the life of me (always same error "implicit declaration of function ‘platform_
This is what I did:
sudo apt install alien autoconf bison build-essential ccache fakeroot flex gawk git libattr1-dev libblkid-dev libdevmapper-dev libelf-dev libncurses5-dev libselinux-dev libssl-dev libtool libudev-dev linux-headers-
mkdir build
cd build
git clone git://git.
cd ubuntu_kernel
git checkout tags/v5.18-rc6
cp /boot/config-
yes '' | make oldconfig
make prepare scripts
cd ..
git clone https:/
cd zfs
git checkout zfs-2.1.5-staging
sh autogen.sh
./configure --prefix=/ --libdir=/lib --includedir=
./copy-builtin $HOME/build/
cd ../ubuntu_kernel
make menuconfig # include zfs
scripts/config --set-str SYSTEM_TRUSTED_KEYS ""
scripts/config --set-str CONFIG_
make clean
make -j 16 bindeb-pkg LOCALVERSION=
cd ..
sudo apt install ./linux-
After a reboot I seem to get exactly the same error, stack trace is near the bottom of the log.
What should I do now?
Nikolaus Vladutescu-Zopp (populationless) wrote : | #26 |
bsdz (blairuk) wrote : | #27 |
Actually I took a look at the aq_nic.c and it looks like there are still places in the code that need patching to avoid UB. For example, from your dmesg I see it pointing to this section of code (https:/
Which looks like this:
for (i = 0U, aq_vec = self->aq_vec[0];
self->aq_vecs > i; ++i, aq_vec = self->aq_vec[i])
aq_vec_
And, to avoid UBSAN, should be rewritten as:
for (i = 0U; self->aq_vecs > i; ++i) {
aq_vec = self->aq_vec[i];
aq_vec_
}
And, in fact, looks like there are another two places in that file that require the same treatment.
Kai-Heng Feng (kaihengfeng) wrote : | #28 |
Nice catch, mind to send a patch to fix it?
Nikolaus Vladutescu-Zopp (populationless) wrote (last edit ): | #29 |
I tried changing the function, now the module doesn't compile.
EDIT: Sorry, forgot to close the curly bracket...
Nikolaus Vladutescu-Zopp (populationless) wrote : | #30 |
I have successfully modified two of the mentioned three functions and tested the module, so far UBSAN does not complain anymore :)
Unfdortunately I can't rewrite the third function, since it does not match the pattern (and I have no idea what I'm doing)
for (tc = 0U; tc < self->aq_
for (i = 0U, aq_vec = self->aq_vec[0];
aq_vec && self->aq_vecs > i;
++i, aq_vec = self->aq_vec[i]) {
data += count;
count = aq_vec_
}
}
I have included a diff for the other two functions.
bsdz (blairuk) wrote : | #31 |
I think the last/3rd one might be rewritten like:
for (tc = 0U; tc < self->aq_
for (i = 0U; self->aq_vecs > i; ++i) {
aq_vec = self->aq_vec[i];
if (aq_vec) {
data += count;
count = aq_vec_
}
}
}
Have tested whether it compiles sorry.
Nikolaus Vladutescu-Zopp (populationless) wrote : | #32 |
- aq_nic.c.patch Edit (1.2 KiB, text/plain)
Thank you @bsdz, compiles and works flawlessly since yesterday. UBSAN is happy, performance is as expected.
@kaihengfeng, is this patch suitable for inclusion upstream?
Kai-Heng Feng (kaihengfeng) wrote : | #33 |
I think that's a bit different to the original version, which breaks out the loop as soon as "aq_vec" evaluates to false.
So, instead of
if (aq_vec) {
...
}
Should be
if (!aq_vec)
break;
Nikolaus Vladutescu-Zopp (populationless) wrote : | #34 |
- aq_nic.c.patch Edit (1.4 KiB, text/plain)
I have implemented your suggestion, so far no issues. I'm going to kick off my backup now and do some more testing later.
Kai-Heng Feng (kaihengfeng) wrote : | #35 |
The following two lines shouldn't be omitted:
data += count;
count = aq_vec_
Nikolaus Vladutescu-Zopp (populationless) wrote : | #36 |
Sorry. Like this?
for (tc = 0U; tc < self->aq_
for (i = 0U; self->aq_vecs > i; ++i) {
aq_vec = self->aq_vec[i];
if (!aq_vec)
break;
data += count;
count = aq_vec_
}
}
Kai-Heng Feng (kaihengfeng) wrote : | #37 |
Yes, that one looks correct.
Nikolaus Vladutescu-Zopp (populationless) wrote : | #38 |
- aq_nic.c.patch Edit (1.4 KiB, text/plain)
OK, so far everything seems to be working great. Performance is good, no UBSAN messages, no other abnormalities. I think we are good now.
Kai-Heng Feng (kaihengfeng) wrote : | #39 |
Great! Please consider to send it to upstream mailing list.
Nikolaus Vladutescu-Zopp (populationless) wrote : | #40 |
How would I go about doing so, while giving credit to bsdz and you?
Mario Limonciello (superm1) wrote : | #41 |
https:/
You can use tags like "Suggested-by:" for the email of KH and bsdz.
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #42 |
This bug is awaiting verification that the linux-oem-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: verification-needed-jammy |
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : | #43 |
This bug is awaiting verification that the linux-oem-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
tags: | added: verification-needed-focal |
bsdz (blairuk) wrote : | #44 |
I followed instructions under the wiki (https:/
sudo apt-get install linux-generic/
However, inspection of dmesg shows the proposed/installed kernel is 5.15.0-35-generic (not the version from the above Ubuntu kernel bot, i.e. linux-oem-
Also, the UBSAN issue still persists.
Do I need to do something else?
Kay-Michael Voit (kmvoit) wrote : | #45 |
I experience this with Ubuntu kernel 5.15.0-33, but not with 5.15.0-25.
I installed the system with the latter, and then updated to the former, with which it stopped working. Selecting 5.15.0-25 in grub still works.
Timo Aaltonen (tjaalton) wrote : | #46 |
the fix for oem-5.14 comes via stable updates
Changed in linux (Ubuntu Focal): | |
status: | New → Invalid |
Changed in linux-oem-5.14 (Ubuntu Jammy): | |
status: | New → Invalid |
Changed in linux-oem-5.17 (Ubuntu Focal): | |
status: | New → Invalid |
Changed in linux-oem-5.14 (Ubuntu): | |
status: | New → Invalid |
tags: |
added: verification-done-focal removed: verification-needed-focal |
Timo Aaltonen (tjaalton) wrote : | #47 |
oem-5.17 verification missing
Timo Aaltonen (tjaalton) wrote : | #48 |
oh well, the fix came via stable backports, so marking verified
Changed in linux-oem-5.17 (Ubuntu): | |
status: | Confirmed → Invalid |
tags: |
added: verification-done-jammy removed: verification-needed-jammy |
Launchpad Janitor (janitor) wrote : | #49 |
This bug was fixed in the package linux-oem-5.17 - 5.17.0-1011.12
---------------
linux-oem-5.17 (5.17.0-1011.12) jammy; urgency=medium
* CVE-2022-1972
- netfilter: nf_tables: sanitize nft_set_
* CVE-2022-1966
- netfilter: nf_tables: disallow non-stateful expression in sets earlier
-- Thadeu Lima de Souza Cascardo <email address hidden> Fri, 03 Jun 2022 14:17:23 -0300
Changed in linux-oem-5.17 (Ubuntu Jammy): | |
status: | New → Fix Released |
Launchpad Janitor (janitor) wrote : | #50 |
This bug was fixed in the package linux-oem-5.14 - 5.14.0-1042.47
---------------
linux-oem-5.14 (5.14.0-1042.47) focal; urgency=medium
* CVE-2022-1972
- netfilter: nf_tables: sanitize nft_set_
* CVE-2022-1966
- netfilter: nf_tables: disallow non-stateful expression in sets earlier
-- Thadeu Lima de Souza Cascardo <email address hidden> Fri, 03 Jun 2022 15:00:01 -0300
Changed in linux-oem-5.14 (Ubuntu Focal): | |
status: | New → Fix Released |
Launchpad Janitor (janitor) wrote : | #51 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in linux (Ubuntu Jammy): | |
status: | New → Confirmed |
Changed in linux (Ubuntu Jammy): | |
importance: | Undecided → Medium |
status: | Confirmed → Fix Committed |
Bruce Campbell (yakman2020) wrote : | #52 |
What package/version is this release in? I tried (among others) linux-oem-22.04 from the proposed ppa with no luck. I still see this issue. When I looked at the source, it appeared the problem cod (++i, aq_vec = self->aq_vec[i]) is still present in the aq_nic.c file in three places, including line 1268. I get an UBSAN error on boot for aq_nic.c:1268
Launchpad Janitor (janitor) wrote : | #53 |
This bug was fixed in the package linux - 5.15.0-41.44
---------------
linux (5.15.0-41.44) jammy; urgency=medium
* jammy/linux: 5.15.0-41.44 -proposed tracker (LP: #1979448)
* Fix can't boot up after change to vmd (LP: #1976587)
- PCI: vmd: Assign VMD IRQ domain before enumeration
- PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if
interrupt remapping is enabled by IOMMU.")
* [SRU][Jammy/
- mac80211: fix struct ieee80211_tx_info size
* [SRU][Jammy][PATCH 0/1] Fix amd display corruption on s2idle resume
(LP: #1978244)
- drm/amd/display: Don't reinitialize DMCUB on s0ix resume
* pl2303 serial adapter not recognized (LP: #1967493)
- USB: serial: pl2303: fix type detection for odd device
* Remove SAUCE patches from test_vxlan_
ubuntu_
- Revert "UBUNTU: SAUCE: selftests: net: Don't fail test_vxlan_
xfail"
- Revert "UBUNTU: SAUCE: selftests: net: Make test for VXLAN underlay in non-
default VRF an expected failure"
* Fix hp_wmi_read_int() reporting error (0x05) (LP: #1979051)
- platform/x86: hp-wmi: Fix hp_wmi_read_int() reporting error (0x05)
* Request to back port vmci patches to Ubuntu kernel (LP: #1978145)
- VMCI: dma dg: whitespace formatting change for vmci register defines
- VMCI: dma dg: add MMIO access to registers
- VMCI: dma dg: detect DMA datagram capability
- VMCI: dma dg: set OS page size
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams
- VMCI: dma dg: allocate send and receive buffers for DMA datagrams
- VMCI: dma dg: add support for DMA datagrams sends
- VMCI: dma dg: add support for DMA datagrams receive
- VMCI: Fix some error handling paths in vmci_guest_
- VMCI: Release notification_bitmap in error path
- VMCI: Check exclusive_vectors when freeing interrupt 1
- VMCI: Add support for ARM64
- [Config] Update policies for VMWARE_VMCI and VMWARE_
* [UBUNTU 20.04] rcu stalls with many storage key guests (LP: #1975582)
- s390/gmap: voluntarily schedule during key setting
- s390/mm: use non-quiescing sske for KVM switch to keyed guest
* [SRU][OEM-
(LP: #1976214)
- drm/i915: update new TMDS clock setting defined by VBT
* Revert PPC get_user workaround (LP: #1976248)
- powerpc: Export mmu_feature_keys[] as non-GPL
* Jammy update: v5.15.39 upstream stable release (LP: #1978240)
- MIPS: Fix CP0 counter erratum detection for R4k CPUs
- parisc: Merge model and model name into one line in /proc/cpuinfo
- ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers
- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
- mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC
- mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits
- mmc: core: Set HS clock speed before sending HS CMD13
- gpiolib: of: fix bounds check for 'gpio-reserved-
- x86/fpu: Prevent FPU s...
Changed in linux (Ubuntu Jammy): | |
status: | Fix Committed → Fix Released |
Kaz (ka4684346) wrote : | #54 |
I had updated to 5.15.0-41.44, but I still get the error.
syslog:
Jul 13 15:05:58 *** kernel: [ 0.000000] Linux version 5.15.0-41-generic (buildd@
...
Jul 13 15:06:04 *** kernel: [ 13.227143] UBSAN: array-index-
Jul 13 15:06:04 *** kernel: [ 13.228858] index 8 is out of range for type 'aq_vec_s *[8]'
uname -a:
Linux ***.***.*** 5.15.0-41-generic #44-Ubuntu SMP Wed Jun 22 14:20:53 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
ltkarrde (ltkarrde) wrote : | #55 |
I am still getting this on 5.15.0-
7/26/22 7:33 AM kernel =======
7/26/22 7:33 AM kernel UBSAN: array-index-
7/26/22 7:33 AM kernel index 8 is out of range for type 'aq_vec_s *[8]'
7/26/22 7:33 AM kernel CPU: 2 PID: 2109 Comm: daemon-init Not tainted 5.15.0-
7/26/22 7:33 AM kernel Hardware name: To Be Filled By O.E.M. X570 Creator/X570 Creator, BIOS P3.72 05/17/2022
7/26/22 7:33 AM kernel Call Trace:
7/26/22 7:33 AM kernel <TASK>
7/26/22 7:33 AM kernel show_stack+
7/26/22 7:33 AM kernel dump_stack_
7/26/22 7:33 AM kernel dump_stack+
7/26/22 7:33 AM kernel ubsan_epilogue+
7/26/22 7:33 AM kernel __ubsan_
7/26/22 7:33 AM kernel ? netdev_
7/26/22 7:33 AM kernel ? aq_vec_
7/26/22 7:33 AM kernel aq_nic_
7/26/22 7:33 AM kernel aq_ndev_
7/26/22 7:33 AM kernel __netdev_
7/26/22 7:33 AM kernel dev_disable_
7/26/22 7:33 AM kernel devinet_
7/26/22 7:33 AM kernel proc_sys_
7/26/22 7:33 AM kernel proc_sys_
7/26/22 7:33 AM kernel new_sync_
7/26/22 7:33 AM kernel vfs_write+
7/26/22 7:33 AM kernel ksys_write+
7/26/22 7:33 AM kernel __x64_sys_
7/26/22 7:33 AM kernel do_syscall_
7/26/22 7:33 AM kernel ? exit_to_
7/26/22 7:33 AM kernel ? syscall_
7/26/22 7:33 AM kernel ? do_syscall_
7/26/22 7:33 AM kernel ? exit_to_
7/26/22 7:33 AM kernel ? syscall_
7/26/22 7:33 AM kernel ? do_syscall_
7/26/22 7:33 AM kernel ? asm_exc_
7/26/22 7:33 AM kernel entry_SYSCALL_
7/26/22 7:33 AM kernel RIP: 0033:0x7f4be0057a6f
7/26/22 7:33 AM kernel Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 19 c0 f7 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 5c c0 f7 ff 48
7/26/22 7:33 AM kernel RSP: 002b:00007f4b9b
7/26/22 7:33 AM kernel RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4be0057a6f
7/26/22 7:33 AM kernel RDX: 0000000000000002 RSI: 00007f4be09dd5e5 RDI: 0000000000000013
7/26/22 7:33 AM kernel RBP: 00007f4be09dd5e5 R08: 0000000000000000 R09: 0000000000000001
7/26/22 7:33 AM kernel R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000013
7/26/22 7:33 AM kernel R13: 0000000000000013 R14: 0000000000000000 R15: 00007f4b90024b50
7/26/22 7:33 AM kernel </TASK>
7/26/22 7:33 AM kernel =======
bsdz (blairuk) wrote : | #56 |
I have the same problem. Curiously, the patch previously submitted should fix those code lines reported in the UBSAN report
ltkarrde (ltkarrde) wrote : | #57 |
Still present on 5.15.0-
8/6/22 10:11 AM kernel =======
8/6/22 10:11 AM kernel UBSAN: array-index-
8/6/22 10:11 AM kernel index 8 is out of range for type 'aq_vec_s *[8]'
8/6/22 10:11 AM kernel CPU: 2 PID: 2097 Comm: daemon-init Not tainted 5.15.0-
8/6/22 10:11 AM kernel Hardware name: To Be Filled By O.E.M. X570 Creator/X570 Creator, BIOS P3.72 05/17/2022
8/6/22 10:11 AM kernel Call Trace:
8/6/22 10:11 AM kernel <TASK>
8/6/22 10:11 AM kernel show_stack+
8/6/22 10:11 AM kernel dump_stack_
8/6/22 10:11 AM kernel dump_stack+
8/6/22 10:11 AM kernel ubsan_epilogue+
8/6/22 10:11 AM kernel __ubsan_
8/6/22 10:11 AM kernel ? qdisc_pkt_
8/6/22 10:11 AM kernel ? aq_vec_
8/6/22 10:11 AM kernel aq_nic_
8/6/22 10:11 AM kernel aq_ndev_
8/6/22 10:11 AM kernel __netdev_
8/6/22 10:11 AM kernel dev_disable_
8/6/22 10:11 AM kernel devinet_
8/6/22 10:11 AM kernel proc_sys_
8/6/22 10:11 AM kernel proc_sys_
8/6/22 10:11 AM kernel new_sync_
8/6/22 10:11 AM kernel ? blk_tracer_
8/6/22 10:11 AM kernel vfs_write+
8/6/22 10:11 AM kernel ksys_write+
8/6/22 10:11 AM kernel __x64_sys_
8/6/22 10:11 AM kernel do_syscall_
8/6/22 10:11 AM kernel ? exit_to_
8/6/22 10:11 AM kernel ? syscall_
8/6/22 10:11 AM kernel ? do_syscall_
8/6/22 10:11 AM kernel entry_SYSCALL_
8/6/22 10:11 AM kernel RIP: 0033:0x7ff6d640da6f
8/6/22 10:11 AM kernel Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 19 c0 f7 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 5c c0 f7 ff 48
8/6/22 10:11 AM kernel RSP: 002b:00007ff6a2
8/6/22 10:11 AM kernel RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007ff6d640da6f
8/6/22 10:11 AM kernel RDX: 0000000000000002 RSI: 00007ff6d6d965e5 RDI: 0000000000000013
8/6/22 10:11 AM kernel RBP: 00007ff6d6d965e5 R08: 0000000000000000 R09: 0000000000000001
8/6/22 10:11 AM kernel R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000013
8/6/22 10:11 AM kernel R13: 0000000000000013 R14: 0000000000000000 R15: 00007ff684024b10
8/6/22 10:11 AM kernel </TASK>
ltkarrde (ltkarrde) wrote : | #58 |
Still present in 5.15.0-
8/10/22 7:56 AM kernel =======
8/10/22 7:56 AM kernel UBSAN: array-index-
8/10/22 7:56 AM kernel index 8 is out of range for type 'aq_vec_s *[8]'
8/10/22 7:56 AM kernel CPU: 12 PID: 2172 Comm: daemon-init Not tainted 5.15.0-
8/10/22 7:56 AM kernel Hardware name: To Be Filled By O.E.M. X570 Creator/X570 Creator, BIOS P3.72 05/17/2022
8/10/22 7:56 AM kernel Call Trace:
8/10/22 7:56 AM kernel <TASK>
8/10/22 7:56 AM kernel show_stack+
8/10/22 7:56 AM kernel dump_stack_
8/10/22 7:56 AM kernel dump_stack+
8/10/22 7:56 AM kernel ubsan_epilogue+
8/10/22 7:56 AM kernel __ubsan_
8/10/22 7:56 AM kernel ? qdisc_pkt_
8/10/22 7:56 AM kernel ? aq_vec_
8/10/22 7:56 AM kernel aq_nic_
8/10/22 7:56 AM kernel aq_ndev_
8/10/22 7:56 AM kernel __netdev_
8/10/22 7:56 AM kernel dev_disable_
8/10/22 7:56 AM kernel devinet_
8/10/22 7:56 AM kernel proc_sys_
8/10/22 7:56 AM kernel proc_sys_
8/10/22 7:56 AM kernel new_sync_
8/10/22 7:56 AM kernel ? intel_pmu_
8/10/22 7:56 AM kernel vfs_write+
8/10/22 7:56 AM kernel ksys_write+
8/10/22 7:56 AM kernel __x64_sys_
8/10/22 7:56 AM kernel do_syscall_
8/10/22 7:56 AM kernel ? exit_to_
8/10/22 7:56 AM kernel ? syscall_
8/10/22 7:56 AM kernel ? do_syscall_
8/10/22 7:56 AM kernel entry_SYSCALL_
8/10/22 7:56 AM kernel RIP: 0033:0x7f0adb562a6f
8/10/22 7:56 AM kernel Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 19 c0 f7 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 5c c0 f7 ff 48
8/10/22 7:56 AM kernel RSP: 002b:00007f0a9b
8/10/22 7:56 AM kernel RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0adb562a6f
8/10/22 7:56 AM kernel RDX: 0000000000000002 RSI: 00007f0adbeeb5e5 RDI: 0000000000000013
8/10/22 7:56 AM kernel RBP: 00007f0adbeeb5e5 R08: 0000000000000000 R09: 0000000000000001
8/10/22 7:56 AM kernel R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000013
8/10/22 7:56 AM kernel R13: 0000000000000013 R14: 0000000000000000 R15: 00007f0a90024b10
8/10/22 7:56 AM kernel </TASK>
8/10/22 7:56 AM kernel =======
ltkarrde (ltkarrde) wrote : | #59 |
Still present in 5.15.0-
8/20/22 7:42 AM kernel =======
8/20/22 7:42 AM kernel UBSAN: array-index-
8/20/22 7:42 AM kernel index 8 is out of range for type 'aq_vec_s *[8]'
8/20/22 7:42 AM kernel CPU: 12 PID: 2174 Comm: daemon-init Not tainted 5.15.0-
8/20/22 7:42 AM kernel Hardware name: To Be Filled By O.E.M. X570 Creator/X570 Creator, BIOS P3.72 05/17/2022
8/20/22 7:42 AM kernel Call Trace:
8/20/22 7:42 AM kernel <TASK>
8/20/22 7:42 AM kernel show_stack+
8/20/22 7:42 AM kernel dump_stack_
8/20/22 7:42 AM kernel dump_stack+
8/20/22 7:42 AM kernel ubsan_epilogue+
8/20/22 7:42 AM kernel __ubsan_
8/20/22 7:42 AM kernel ? is_skb_
8/20/22 7:42 AM kernel ? aq_vec_
8/20/22 7:42 AM kernel aq_nic_
8/20/22 7:42 AM kernel aq_ndev_
8/20/22 7:42 AM kernel __netdev_
8/20/22 7:42 AM kernel dev_disable_
8/20/22 7:42 AM kernel devinet_
8/20/22 7:42 AM kernel proc_sys_
8/20/22 7:42 AM kernel proc_sys_
8/20/22 7:42 AM kernel new_sync_
8/20/22 7:42 AM kernel ? intel_pmu_
8/20/22 7:42 AM kernel vfs_write+
8/20/22 7:42 AM kernel ksys_write+
8/20/22 7:42 AM kernel __x64_sys_
8/20/22 7:42 AM kernel do_syscall_
8/20/22 7:42 AM kernel ? syscall_
8/20/22 7:42 AM kernel ? do_syscall_
8/20/22 7:42 AM kernel ? exit_to_
8/20/22 7:42 AM kernel entry_SYSCALL_
8/20/22 7:42 AM kernel RIP: 0033:0x7f8073495a6f
8/20/22 7:42 AM kernel Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 19 c0 f7 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 5c c0 f7 ff 48
8/20/22 7:42 AM kernel RSP: 002b:00007f803b
8/20/22 7:42 AM kernel RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f8073495a6f
8/20/22 7:42 AM kernel RDX: 0000000000000002 RSI: 00007f8073e1e5e5 RDI: 0000000000000013
8/20/22 7:42 AM kernel RBP: 00007f8073e1e5e5 R08: 0000000000000000 R09: 0000000000000001
8/20/22 7:42 AM kernel R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000013
8/20/22 7:42 AM kernel R13: 0000000000000013 R14: 0000000000000000 R15: 00007f8028024ab0
8/20/22 7:42 AM kernel </TASK>
8/20/22 7:42 AM kernel =======
Henrique Bucher (vitorian) wrote : | #60 |
Still present on 5.15.0-46-generic (Ubuntu 20.04.3)
[ 30.346347] UBSAN: array-index-
[ 30.346349] index 8 is out of range for type 'aq_vec_s *[8]'
ltkarrde (ltkarrde) wrote : | #61 |
Still present in 5.15.0-48-generic
8/31/22 8:01 AM kernel =======
8/31/22 8:01 AM kernel UBSAN: array-index-
8/31/22 8:01 AM kernel index 8 is out of range for type 'aq_vec_s *[8]'
8/31/22 8:01 AM kernel CPU: 22 PID: 1987 Comm: daemon-init Tainted: G O 5.15.0-48-generic #54-Ubuntu
8/31/22 8:01 AM kernel Hardware name: To Be Filled By O.E.M. X570 Creator/X570 Creator, BIOS P3.72 05/17/2022
8/31/22 8:01 AM kernel Call Trace:
8/31/22 8:01 AM kernel <TASK>
8/31/22 8:01 AM kernel show_stack+
8/31/22 8:01 AM kernel dump_stack_
8/31/22 8:01 AM kernel dump_stack+
8/31/22 8:01 AM kernel ubsan_epilogue+
8/31/22 8:01 AM kernel __ubsan_
8/31/22 8:01 AM kernel ? netdev_
8/31/22 8:01 AM kernel ? aq_vec_
8/31/22 8:01 AM kernel aq_nic_
8/31/22 8:01 AM kernel aq_ndev_
8/31/22 8:01 AM kernel __netdev_
8/31/22 8:01 AM kernel dev_disable_
8/31/22 8:01 AM kernel devinet_
8/31/22 8:01 AM kernel proc_sys_
8/31/22 8:01 AM kernel proc_sys_
8/31/22 8:01 AM kernel new_sync_
8/31/22 8:01 AM kernel vfs_write+
8/31/22 8:01 AM kernel ksys_write+
8/31/22 8:01 AM kernel __x64_sys_
8/31/22 8:01 AM kernel do_syscall_
8/31/22 8:01 AM kernel ? exit_to_
8/31/22 8:01 AM kernel ? syscall_
8/31/22 8:01 AM kernel ? do_syscall_
8/31/22 8:01 AM kernel entry_SYSCALL_
8/31/22 8:01 AM kernel RIP: 0033:0x7fdfff746a6f
8/31/22 8:01 AM kernel Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 19 c0 f7 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 5c c0 f7 ff 48
8/31/22 8:01 AM kernel RSP: 002b:00007fdfc3
8/31/22 8:01 AM kernel RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fdfff746a6f
8/31/22 8:01 AM kernel RDX: 0000000000000002 RSI: 00007fe0000cf5e5 RDI: 0000000000000013
8/31/22 8:01 AM kernel RBP: 00007fe0000cf5e5 R08: 0000000000000000 R09: 0000000000000001
8/31/22 8:01 AM kernel R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000013
8/31/22 8:01 AM kernel R13: 0000000000000013 R14: 0000000000000000 R15: 00007fdfb4024b50
8/31/22 8:01 AM kernel </TASK>
ltkarrde (ltkarrde) wrote : | #62 |
Still present in 5.15.0-
9/1/22 8:01 AM kernel =======
9/1/22 8:01 AM kernel UBSAN: array-index-
9/1/22 8:01 AM kernel index 8 is out of range for type 'aq_vec_s *[8]'
9/1/22 8:01 AM kernel CPU: 0 PID: 2103 Comm: daemon-init Not tainted 5.15.0-
9/1/22 8:01 AM kernel Hardware name: To Be Filled By O.E.M. X570 Creator/X570 Creator, BIOS P3.72 05/17/2022
9/1/22 8:01 AM kernel Call Trace:
9/1/22 8:01 AM kernel <TASK>
9/1/22 8:01 AM kernel show_stack+
9/1/22 8:01 AM kernel dump_stack_
9/1/22 8:01 AM kernel dump_stack+
9/1/22 8:01 AM kernel ubsan_epilogue+
9/1/22 8:01 AM kernel __ubsan_
9/1/22 8:01 AM kernel ? call_netdevice_
9/1/22 8:01 AM kernel ? aq_vec_
9/1/22 8:01 AM kernel aq_nic_
9/1/22 8:01 AM kernel aq_ndev_
9/1/22 8:01 AM kernel __netdev_
9/1/22 8:01 AM kernel dev_disable_
9/1/22 8:01 AM kernel devinet_
9/1/22 8:01 AM kernel proc_sys_
9/1/22 8:01 AM kernel proc_sys_
9/1/22 8:01 AM kernel new_sync_
9/1/22 8:01 AM kernel ? io_req_
9/1/22 8:01 AM kernel vfs_write+
9/1/22 8:01 AM kernel ksys_write+
9/1/22 8:01 AM kernel __x64_sys_
9/1/22 8:01 AM kernel do_syscall_
9/1/22 8:01 AM kernel ? do_syscall_
9/1/22 8:01 AM kernel ? syscall_
9/1/22 8:01 AM kernel ? irqentry_
9/1/22 8:01 AM kernel ? exc_page_
9/1/22 8:01 AM kernel entry_SYSCALL_
9/1/22 8:01 AM kernel RIP: 0033:0x7f79df4f1a6f
9/1/22 8:01 AM kernel Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 19 c0 f7 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 5c c0 f7 ff 48
9/1/22 8:01 AM kernel RSP: 002b:00007f799f
9/1/22 8:01 AM kernel RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f79df4f1a6f
9/1/22 8:01 AM kernel RDX: 0000000000000002 RSI: 00007f79dfe7a5e5 RDI: 0000000000000013
9/1/22 8:01 AM kernel RBP: 00007f79dfe7a5e5 R08: 0000000000000000 R09: 0000000000000001
9/1/22 8:01 AM kernel R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000013
9/1/22 8:01 AM kernel R13: 0000000000000013 R14: 0000000000000000 R15: 00007f7994024a70
9/1/22 8:01 AM kernel </TASK>
9/1/22 8:01 AM kernel =======
ltkarrde (ltkarrde) wrote : | #63 |
Still present in 5.15.0-50-generic
9/21/22 7:54 AM kernel =======
9/21/22 7:54 AM kernel UBSAN: array-index-
9/21/22 7:54 AM kernel index 8 is out of range for type 'aq_vec_s *[8]'
9/21/22 7:54 AM kernel CPU: 4 PID: 1930 Comm: daemon-init Tainted: G O 5.15.0-50-generic #56-Ubuntu
9/21/22 7:54 AM kernel Hardware name: To Be Filled By O.E.M. X570 Creator/X570 Creator, BIOS P3.72 05/17/2022
9/21/22 7:54 AM kernel Call Trace:
9/21/22 7:54 AM kernel <TASK>
9/21/22 7:54 AM kernel show_stack+
9/21/22 7:54 AM kernel dump_stack_
9/21/22 7:54 AM kernel dump_stack+
9/21/22 7:54 AM kernel ubsan_epilogue+
9/21/22 7:54 AM kernel __ubsan_
9/21/22 7:54 AM kernel ? dev_get_
9/21/22 7:54 AM kernel ? aq_vec_
9/21/22 7:54 AM kernel aq_nic_
9/21/22 7:54 AM kernel aq_ndev_
9/21/22 7:54 AM kernel __netdev_
9/21/22 7:54 AM kernel dev_disable_
9/21/22 7:54 AM kernel devinet_
9/21/22 7:54 AM kernel proc_sys_
9/21/22 7:54 AM kernel proc_sys_
9/21/22 7:54 AM kernel new_sync_
9/21/22 7:54 AM kernel vfs_write+
9/21/22 7:54 AM kernel ksys_write+
9/21/22 7:54 AM kernel __x64_sys_
9/21/22 7:54 AM kernel do_syscall_
9/21/22 7:54 AM kernel ? exit_to_
9/21/22 7:54 AM kernel ? syscall_
9/21/22 7:54 AM kernel ? do_syscall_
9/21/22 7:54 AM kernel ? exit_to_
9/21/22 7:54 AM kernel entry_SYSCALL_
9/21/22 7:54 AM kernel RIP: 0033:0x7fed8a694a6f
9/21/22 7:54 AM kernel Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 19 c0 f7 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 5c c0 f7 ff 48
9/21/22 7:54 AM kernel RSP: 002b:00007fed4e
9/21/22 7:54 AM kernel RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fed8a694a6f
9/21/22 7:54 AM kernel RDX: 0000000000000002 RSI: 00007fed8b01c5e5 RDI: 0000000000000013
9/21/22 7:54 AM kernel RBP: 00007fed8b01c5e5 R08: 0000000000000000 R09: 0000000000000001
9/21/22 7:54 AM kernel R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000013
9/21/22 7:54 AM kernel R13: 0000000000000013 R14: 0000000000000000 R15: 00007fed38024ab0
9/21/22 7:54 AM kernel </TASK>
9/21/22 7:54 AM kernel =======
ltkarrde (ltkarrde) wrote : | #64 |
Present in 5.15.0-
9/22/22 1:41 PM kernel =======
9/22/22 1:41 PM kernel UBSAN: array-index-
9/22/22 1:41 PM kernel index 8 is out of range for type 'aq_vec_s *[8]'
9/22/22 1:41 PM kernel CPU: 22 PID: 2103 Comm: daemon-init Not tainted 5.15.0-
9/22/22 1:41 PM kernel Hardware name: To Be Filled By O.E.M. X570 Creator/X570 Creator, BIOS P3.72 05/17/2022
9/22/22 1:41 PM kernel Call Trace:
9/22/22 1:41 PM kernel <TASK>
9/22/22 1:41 PM kernel show_stack+
9/22/22 1:41 PM kernel dump_stack_
9/22/22 1:41 PM kernel dump_stack+
9/22/22 1:41 PM kernel ubsan_epilogue+
9/22/22 1:41 PM kernel __ubsan_
9/22/22 1:41 PM kernel ? dev_fetch_
9/22/22 1:41 PM kernel ? aq_vec_
9/22/22 1:41 PM kernel aq_nic_
9/22/22 1:41 PM kernel aq_ndev_
9/22/22 1:41 PM kernel __netdev_
9/22/22 1:41 PM kernel dev_disable_
9/22/22 1:41 PM kernel devinet_
9/22/22 1:41 PM kernel proc_sys_
9/22/22 1:41 PM kernel proc_sys_
9/22/22 1:41 PM kernel new_sync_
9/22/22 1:41 PM kernel vfs_write+
9/22/22 1:41 PM kernel ksys_write+
9/22/22 1:41 PM kernel __x64_sys_
9/22/22 1:41 PM kernel do_syscall_
9/22/22 1:41 PM kernel entry_SYSCALL_
9/22/22 1:41 PM kernel RIP: 0033:0x7f492a2f6a6f
9/22/22 1:41 PM kernel Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 19 c0 f7 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 5c c0 f7 ff 48
9/22/22 1:41 PM kernel RSP: 002b:00007f48fe
9/22/22 1:41 PM kernel RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f492a2f6a6f
9/22/22 1:41 PM kernel RDX: 0000000000000002 RSI: 00007f492ac7e5e5 RDI: 0000000000000013
9/22/22 1:41 PM kernel RBP: 00007f492ac7e5e5 R08: 0000000000000000 R09: 0000000000000001
9/22/22 1:41 PM kernel R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000013
9/22/22 1:41 PM kernel R13: 0000000000000013 R14: 0000000000000000 R15: 00007f48dc030970
9/22/22 1:41 PM kernel </TASK>
9/22/22 1:41 PM kernel =======
ltkarrde (ltkarrde) wrote : | #65 |
Still present in 5.15.0-
10/19/22 7:59 AM kernel =======
10/19/22 7:59 AM kernel UBSAN: array-index-
10/19/22 7:59 AM kernel index 8 is out of range for type 'aq_vec_s *[8]'
10/19/22 7:59 AM kernel CPU: 7 PID: 2084 Comm: daemon-init Not tainted 5.15.0-
10/19/22 7:59 AM kernel Hardware name: To Be Filled By O.E.M. X570 Creator/X570 Creator, BIOS P3.72 05/17/2022
10/19/22 7:59 AM kernel Call Trace:
10/19/22 7:59 AM kernel <TASK>
10/19/22 7:59 AM kernel show_stack+
10/19/22 7:59 AM kernel dump_stack_
10/19/22 7:59 AM kernel dump_stack+
10/19/22 7:59 AM kernel ubsan_epilogue+
10/19/22 7:59 AM kernel __ubsan_
10/19/22 7:59 AM kernel ? dev_fetch_
10/19/22 7:59 AM kernel ? aq_vec_
10/19/22 7:59 AM kernel aq_nic_
10/19/22 7:59 AM kernel aq_ndev_
10/19/22 7:59 AM kernel __netdev_
10/19/22 7:59 AM kernel dev_disable_
10/19/22 7:59 AM kernel devinet_
10/19/22 7:59 AM kernel proc_sys_
10/19/22 7:59 AM kernel proc_sys_
10/19/22 7:59 AM kernel new_sync_
10/19/22 7:59 AM kernel ? icl_set_
10/19/22 7:59 AM kernel vfs_write+
10/19/22 7:59 AM kernel ksys_write+
10/19/22 7:59 AM kernel __x64_sys_
10/19/22 7:59 AM kernel do_syscall_
10/19/22 7:59 AM kernel ? syscall_
10/19/22 7:59 AM kernel ? do_syscall_
10/19/22 7:59 AM kernel ? irqentry_
10/19/22 7:59 AM kernel ? irqentry_
10/19/22 7:59 AM kernel ? exc_page_
10/19/22 7:59 AM kernel entry_SYSCALL_
10/19/22 7:59 AM kernel RIP: 0033:0x7f61c36a1a6f
10/19/22 7:59 AM kernel Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 19 c0 f7 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 5c c0 f7 ff 48
10/19/22 7:59 AM kernel RSP: 002b:00007f6183
10/19/22 7:59 AM kernel RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f61c36a1a6f
10/19/22 7:59 AM kernel RDX: 0000000000000002 RSI: 00007f61c40265e5 RDI: 0000000000000013
10/19/22 7:59 AM kernel RBP: 00007f61c40265e5 R08: 0000000000000000 R09: 0000000000000001
10/19/22 7:59 AM kernel R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000013
10/19/22 7:59 AM kernel R13: 0000000000000013 R14: 0000000000000000 R15: 00007f6178031e10
10/19/22 7:59 AM kernel </TASK>
10/19/22 7:59 AM kernel =======
ltkarrde (ltkarrde) wrote : | #66 |
Appears to be fixed in 5.15.0-
Timo Aaltonen (tjaalton) wrote : | #67 |
included upstream in 5.18 and up
Changed in linux (Ubuntu): | |
status: | Confirmed → Fix Released |
Vitaly Protsko (atanw) wrote : | #68 |
5.15.0-91-generic
Nov 16 21:15:29 mon-host kernel: [ 101.739280] =======
Nov 16 21:15:29 mon-host kernel: [ 101.785597] UBSAN: array-index-
Nov 16 21:15:29 mon-host kernel: [ 101.786940] IPMI message handler: version 39.2
Nov 16 21:15:29 mon-host kernel: [ 101.836146] index 4 is out of range for type 'u16 [4]'
Nov 16 21:15:29 mon-host kernel: [ 101.836152] CPU: 0 PID: 447 Comm: systemd-udevd Not tainted 5.15.0-91-generic #101-Ubuntu
Nov 16 21:15:29 mon-host kernel: [ 101.836156] Hardware name: Dell Inc. PowerEdge 1950/0D8635, BIOS 2.7.0 10/30/2010
Nov 16 21:15:29 mon-host kernel: [ 101.836158] Call Trace:
Nov 16 21:15:29 mon-host kernel: [ 101.836162] <TASK>
Nov 16 21:15:29 mon-host kernel: [ 101.836166] show_stack+
Nov 16 21:15:29 mon-host kernel: [ 101.836175] dump_stack_
Nov 16 21:15:29 mon-host kernel: [ 101.836182] dump_stack+
Nov 16 21:15:29 mon-host kernel: [ 101.836184] ubsan_epilogue+
Nov 16 21:15:29 mon-host kernel: [ 101.836187] __ubsan_
Nov 16 21:15:29 mon-host kernel: [ 101.836190] ? i5000_get_
Nov 16 21:15:29 mon-host kernel: [ 101.836197] i5000_probe1+
Nov 16 21:15:29 mon-host kernel: [ 101.836201] ? pci_bus_
Nov 16 21:15:29 mon-host kernel: [ 101.862944] ? do_pci_
Nov 16 21:15:29 mon-host kernel: [ 101.862948] i5000_init_
Nov 16 21:15:29 mon-host kernel: [ 101.862952] local_pci_
Nov 16 21:15:29 mon-host kernel: [ 101.862956] pci_device_
Nov 16 21:15:29 mon-host kernel: [ 101.862960] really_
Nov 16 21:15:29 mon-host kernel: [ 101.862964] __driver_
Nov 16 21:15:29 mon-host kernel: [ 101.862966] driver_
Nov 16 21:15:29 mon-host kernel: [ 101.862969] __driver_
Nov 16 21:15:29 mon-host kernel: [ 101.862971] ? __device_
Nov 16 21:15:29 mon-host kernel: [ 101.862974] bus_for_
Nov 16 21:15:29 mon-host kernel: [ 101.862978] driver_
Nov 16 21:15:29 mon-host kernel: [ 101.862980] bus_add_
Nov 16 21:15:29 mon-host kernel: [ 101.862982] ? vunmap_
Nov 16 21:15:29 mon-host kernel: [ 101.862987] driver_
Nov 16 21:15:29 mon-host kernel: [ 101.862990] ? 0xffffffffc03d8000
Nov 16 21:15:29 mon-host kernel: [ 101.862993] __pci_register_
Nov 16 21:15:29 mon-host kernel: [ 101.862996] i5000_init+
Nov 16 21:15:29 mon-host kernel: [ 101.863000] do_one_
Nov 16 21:15:29 mon-host kernel: [ 101.863005] ? kmem_cache_
Nov 16 21:15:29 mon-host kernel: [ 101.863011] do_init_
Nov 16 21:15:29 mon-host kernel: [ 101.863016] load_module+
Nov 16 21:15:29 mon-host kernel: [ 101.863019] __do_sys_finit...
Same in my system: out-of- bounds in /build/ linux-Qow4fL/ linux-5. 15.0/drivers/ net/ethernet/ aquantia/ atlantic/ aq_nic. c:484:48 0x52/0x58 lvl+0x4a/ 0x5f 0x10/0x12 0x9/0x45 handle_ out_of_ bounds. cold+0x44/ 0x49 get_link_ ksettings+ 0x58/0x380 [atlantic] start+0x94/ 0xb0 [atlantic] start+0x3af/ 0x3d0 [atlantic] open+0x49/ 0x70 [atlantic] 0xf3/0x1c0 flags+0x1a3/ 0x220 flags+0x26/ 0x60 0x28a/0xc50 parse+0x4c/ 0x1a0 0xf6/0x170 rcv_msg+ 0x15d/0x400 isra.0+ 0x130/0x130 rcv_skb+ 0x55/0x100 rcv+0x15/ 0x20 unicast+ 0x21d/0x330 sendmsg+ 0x24c/0x4c0 0x65/0x70 0x113/0x190 sendto+ 0x24/0x30 64+0x5c/ 0xc0 exit_to_ user_mode+ 0x27/0x50 64+0x69/ 0xc0 computing+ 0x42/0xe0 trace_enter. constprop. 0+0xa3/ 0x1c0 user_mode_ prepare+ 0x37/0xb0 exit_to_ user_mode+ 0x27/0x50 gettid+ 0x1b/0x20 64+0x69/ 0xc0 64+0x69/ 0xc0 64_after_ hwframe+ 0x44/0xae f72cf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 294.432996] UBSAN: array-index-
[ 294.433695] index 8 is out of range for type 'aq_vec_s *[8]'
[ 294.434372] CPU: 5 PID: 1341 Comm: systemd-network Tainted: P O 5.15.0-17-generic #17-Ubuntu
[ 294.434374] Hardware name: System manufacturer System Product Name/Z170-PRO, BIOS 3801 03/14/2018
[ 294.434374] Call Trace:
[ 294.434376] <TASK>
[ 294.434377] show_stack+
[ 294.434380] dump_stack_
[ 294.434383] dump_stack+
[ 294.434384] ubsan_epilogue+
[ 294.434385] __ubsan_
[ 294.434386] ? aq_nic_
[ 294.434393] ? aq_vec_
[ 294.434398] aq_nic_
[ 294.434402] aq_ndev_
[ 294.434405] __dev_open+
[ 294.434408] __dev_change_
[ 294.434410] dev_change_
[ 294.434411] do_setlink+
[ 294.434414] ? __nla_validate_
[ 294.434416] rtnl_setlink+
[ 294.434419] rtnetlink_
[ 294.434421] ? rtnl_calcit.
[ 294.434422] netlink_
[ 294.434424] rtnetlink_
[ 294.434426] netlink_
[ 294.434427] netlink_
[ 294.434428] sock_sendmsg+
[ 294.434430] __sys_sendto+
[ 294.434433] __x64_sys_
[ 294.434435] do_syscall_
[ 294.434437] ? syscall_
[ 294.434439] ? do_syscall_
[ 294.434440] ? __secure_
[ 294.434442] ? syscall_
[ 294.434444] ? exit_to_
[ 294.434446] ? syscall_
[ 294.434447] ? __do_sys_
[ 294.434449] ? do_syscall_
[ 294.434450] ? do_syscall_
[ 294.434451] entry_SYSCALL_
[ 294.434453] RIP: 0033:0x7feeaf99146a
[ 294.434455] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
[ 294.434456] RSP: 002b:00007ffc9c
[ 294.434458] RAX: ffffffffffffffda RBX: 000055afe2a315e8 RCX: 00007feeaf99146a
[ 294.434458] RDX: 0000000000000020 RSI: 000055afe2a30290 RDI: 0000000000000003
[ 294.434459] RBP: 000055afe2a11900 R08: 00007ffc9cf72d00 R09: 0000000000000080
[ 294.434460] R10: 0000000000000000 R11: 0000000000000246 R12: 000055afe2a32bf0
[ 294.434461] R13: 000000000000053d R14: 000055afe2a315a0 R15: 000055afe13b0e40
[ 294.434462] </TASK>