Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UBSAN: array-index-out-of-bounds #334

Closed
ianmccul opened this issue Jan 18, 2024 · 1 comment
Closed

UBSAN: array-index-out-of-bounds #334

ianmccul opened this issue Jan 18, 2024 · 1 comment

Comments

@ianmccul
Copy link

ianmccul commented Jan 18, 2024
edited
Loading

Linux ryzen 6.5.0-14-generic #14~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Nov 20 18:15:30 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

Jan 18 14:36:32 hostname kernel: ================================================================================
Jan 18 14:36:32 hostname kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8192eu/1.0/build/core/rtw_wlan_util.c:1906:48
Jan 18 14:36:32 hostname kernel: index 1 is out of range for type 'u8 [1]'
Jan 18 14:36:32 hostname kernel: CPU: 14 PID: 2591 Comm: wpa_supplicant Tainted: P           OE      6.5.0-14-generic #14~22.04.1-Ubuntu
Jan 18 14:36:32 hostname kernel: Hardware name: ASUS System Product Name/PRIME Z690-P WIFI D4, BIOS 0407 09/13/2021
Jan 18 14:36:32 hostname kernel: Call Trace:
Jan 18 14:36:32 hostname kernel:  <TASK>
Jan 18 14:36:32 hostname kernel:  dump_stack_lvl+0x48/0x70
Jan 18 14:36:32 hostname kernel:  dump_stack+0x10/0x20
Jan 18 14:36:32 hostname kernel:  __ubsan_handle_out_of_bounds+0xc6/0x110
Jan 18 14:36:32 hostname kernel:  HT_caps_handler+0x2f2/0x300 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_check_beacon_data+0x706/0xf50 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_add_beacon+0x14d/0x270 [8192eu]
Jan 18 14:36:32 hostname kernel:  cfg80211_rtw_start_ap+0x69/0x1a0 [8192eu]
Jan 18 14:36:32 hostname kernel:  ? nl80211_calculate_ap_params+0x1fc/0x320 [cfg80211]
Jan 18 14:36:32 hostname kernel:  nl80211_start_ap+0x821/0xa90 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? rtnl_unlock+0xe/0x20
Jan 18 14:36:32 hostname kernel:  ? nl80211_pre_doit+0x225/0x2d0 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg_doit.isra.0+0xe5/0x150
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg+0x180/0x250
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_start_ap+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_rcv_msg+0x4c/0xb0
Jan 18 14:36:32 hostname kernel:  ? __pfx_genl_rcv_msg+0x10/0x10
Jan 18 14:36:32 hostname kernel:  netlink_rcv_skb+0x5a/0x110
Jan 18 14:36:32 hostname kernel:  genl_rcv+0x28/0x50
Jan 18 14:36:32 hostname kernel:  netlink_unicast+0x1ab/0x2a0
Jan 18 14:36:32 hostname kernel:  netlink_sendmsg+0x25e/0x4e0
Jan 18 14:36:32 hostname kernel:  sock_sendmsg+0xc9/0xd0
Jan 18 14:36:32 hostname kernel:  ____sys_sendmsg+0x2aa/0x370
Jan 18 14:36:32 hostname kernel:  ___sys_sendmsg+0x9a/0xf0
Jan 18 14:36:32 hostname kernel:  __sys_sendmsg+0x89/0xf0
Jan 18 14:36:32 hostname kernel:  __x64_sys_sendmsg+0x1d/0x30
Jan 18 14:36:32 hostname kernel:  do_syscall_64+0x58/0x90
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit_to_user_mode+0x17/0x20
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit+0x43/0x50
Jan 18 14:36:32 hostname kernel:  ? exc_page_fault+0x94/0x1b0
Jan 18 14:36:32 hostname kernel:  entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Jan 18 14:36:32 hostname kernel: RIP: 0033:0x7f3239b1e967
Jan 18 14:36:32 hostname kernel: Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
Jan 18 14:36:32 hostname kernel: RSP: 002b:00007ffd97028ad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
Jan 18 14:36:32 hostname kernel: RAX: ffffffffffffffda RBX: 000055b943d7ead0 RCX: 00007f3239b1e967
Jan 18 14:36:32 hostname kernel: RDX: 0000000000000000 RSI: 00007ffd97028b10 RDI: 0000000000000006
Jan 18 14:36:32 hostname kernel: RBP: 000055b943d7edb0 R08: 0000000000000004 R09: 000055b943ea5f00
Jan 18 14:36:32 hostname kernel: R10: 00007ffd97028bf0 R11: 0000000000000246 R12: 000055b943eaa280
Jan 18 14:36:32 hostname kernel: R13: 00007ffd97028b10 R14: 0000000000000000 R15: 0000000000000000
Jan 18 14:36:32 hostname kernel:  </TASK>
Jan 18 14:36:32 hostname kernel: ================================================================================
Jan 18 14:36:32 hostname kernel: ================================================================================
Jan 18 14:36:32 hostname kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8192eu/1.0/build/core/rtw_wlan_util.c:1911:75
Jan 18 14:36:32 hostname kernel: index 2 is out of range for type 'u8 [1]'
Jan 18 14:36:32 hostname kernel: CPU: 14 PID: 2591 Comm: wpa_supplicant Tainted: P           OE      6.5.0-14-generic #14~22.04.1-Ubuntu
Jan 18 14:36:32 hostname kernel: Hardware name: ASUS System Product Name/PRIME Z690-P WIFI D4, BIOS 0407 09/13/2021
Jan 18 14:36:32 hostname kernel: Call Trace:
Jan 18 14:36:32 hostname kernel:  <TASK>
Jan 18 14:36:32 hostname kernel:  dump_stack_lvl+0x48/0x70
Jan 18 14:36:32 hostname kernel:  dump_stack+0x10/0x20
Jan 18 14:36:32 hostname kernel:  __ubsan_handle_out_of_bounds+0xc6/0x110
Jan 18 14:36:32 hostname kernel:  HT_caps_handler+0x1d2/0x300 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_check_beacon_data+0x706/0xf50 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_add_beacon+0x14d/0x270 [8192eu]
Jan 18 14:36:32 hostname kernel:  cfg80211_rtw_start_ap+0x69/0x1a0 [8192eu]
Jan 18 14:36:32 hostname kernel:  ? nl80211_calculate_ap_params+0x1fc/0x320 [cfg80211]
Jan 18 14:36:32 hostname kernel:  nl80211_start_ap+0x821/0xa90 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? rtnl_unlock+0xe/0x20
Jan 18 14:36:32 hostname kernel:  ? nl80211_pre_doit+0x225/0x2d0 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg_doit.isra.0+0xe5/0x150
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg+0x180/0x250
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_start_ap+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_rcv_msg+0x4c/0xb0
Jan 18 14:36:32 hostname kernel:  ? __pfx_genl_rcv_msg+0x10/0x10
Jan 18 14:36:32 hostname kernel:  netlink_rcv_skb+0x5a/0x110
Jan 18 14:36:32 hostname kernel:  genl_rcv+0x28/0x50
Jan 18 14:36:32 hostname kernel:  netlink_unicast+0x1ab/0x2a0
Jan 18 14:36:32 hostname kernel:  netlink_sendmsg+0x25e/0x4e0
Jan 18 14:36:32 hostname kernel:  sock_sendmsg+0xc9/0xd0
Jan 18 14:36:32 hostname kernel:  ____sys_sendmsg+0x2aa/0x370
Jan 18 14:36:32 hostname kernel:  ___sys_sendmsg+0x9a/0xf0
Jan 18 14:36:32 hostname kernel:  __sys_sendmsg+0x89/0xf0
Jan 18 14:36:32 hostname kernel:  __x64_sys_sendmsg+0x1d/0x30
Jan 18 14:36:32 hostname kernel:  do_syscall_64+0x58/0x90
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit_to_user_mode+0x17/0x20
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit+0x43/0x50
Jan 18 14:36:32 hostname kernel:  ? exc_page_fault+0x94/0x1b0
Jan 18 14:36:32 hostname kernel:  entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Jan 18 14:36:32 hostname kernel: RIP: 0033:0x7f3239b1e967
Jan 18 14:36:32 hostname kernel: Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
Jan 18 14:36:32 hostname kernel: RSP: 002b:00007ffd97028ad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
Jan 18 14:36:32 hostname kernel: RAX: ffffffffffffffda RBX: 000055b943d7ead0 RCX: 00007f3239b1e967
Jan 18 14:36:32 hostname kernel: RDX: 0000000000000000 RSI: 00007ffd97028b10 RDI: 0000000000000006
Jan 18 14:36:32 hostname kernel: RBP: 000055b943d7edb0 R08: 0000000000000004 R09: 000055b943ea5f00
Jan 18 14:36:32 hostname kernel: R10: 00007ffd97028bf0 R11: 0000000000000246 R12: 000055b943eaa280
Jan 18 14:36:32 hostname kernel: R13: 00007ffd97028b10 R14: 0000000000000000 R15: 0000000000000000
Jan 18 14:36:32 hostname kernel:  </TASK>
Jan 18 14:36:32 hostname kernel: ================================================================================
Jan 18 14:36:32 hostname kernel: ================================================================================
Jan 18 14:36:32 hostname kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8192eu/1.0/build/core/rtw_wlan_util.c:1917:76
Jan 18 14:36:32 hostname kernel: index 2 is out of range for type 'u8 [1]'
Jan 18 14:36:32 hostname kernel: CPU: 14 PID: 2591 Comm: wpa_supplicant Tainted: P           OE      6.5.0-14-generic #14~22.04.1-Ubuntu
Jan 18 14:36:32 hostname kernel: Hardware name: ASUS System Product Name/PRIME Z690-P WIFI D4, BIOS 0407 09/13/2021
Jan 18 14:36:32 hostname kernel: Call Trace:
Jan 18 14:36:32 hostname kernel:  <TASK>
Jan 18 14:36:32 hostname kernel:  dump_stack_lvl+0x48/0x70
Jan 18 14:36:32 hostname kernel:  dump_stack+0x10/0x20
Jan 18 14:36:32 hostname kernel:  __ubsan_handle_out_of_bounds+0xc6/0x110
Jan 18 14:36:32 hostname kernel:  HT_caps_handler+0x220/0x300 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_check_beacon_data+0x706/0xf50 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_add_beacon+0x14d/0x270 [8192eu]
Jan 18 14:36:32 hostname kernel:  cfg80211_rtw_start_ap+0x69/0x1a0 [8192eu]
Jan 18 14:36:32 hostname kernel:  ? nl80211_calculate_ap_params+0x1fc/0x320 [cfg80211]
Jan 18 14:36:32 hostname kernel:  nl80211_start_ap+0x821/0xa90 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? rtnl_unlock+0xe/0x20
Jan 18 14:36:32 hostname kernel:  ? nl80211_pre_doit+0x225/0x2d0 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg_doit.isra.0+0xe5/0x150
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg+0x180/0x250
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_start_ap+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_rcv_msg+0x4c/0xb0
Jan 18 14:36:32 hostname kernel:  ? __pfx_genl_rcv_msg+0x10/0x10
Jan 18 14:36:32 hostname kernel:  netlink_rcv_skb+0x5a/0x110
Jan 18 14:36:32 hostname kernel:  genl_rcv+0x28/0x50
Jan 18 14:36:32 hostname kernel:  netlink_unicast+0x1ab/0x2a0
Jan 18 14:36:32 hostname kernel:  netlink_sendmsg+0x25e/0x4e0
Jan 18 14:36:32 hostname kernel:  sock_sendmsg+0xc9/0xd0
Jan 18 14:36:32 hostname kernel:  ____sys_sendmsg+0x2aa/0x370
Jan 18 14:36:32 hostname kernel:  ___sys_sendmsg+0x9a/0xf0
Jan 18 14:36:32 hostname kernel:  __sys_sendmsg+0x89/0xf0
Jan 18 14:36:32 hostname kernel:  __x64_sys_sendmsg+0x1d/0x30
Jan 18 14:36:32 hostname kernel:  do_syscall_64+0x58/0x90
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit_to_user_mode+0x17/0x20
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit+0x43/0x50
Jan 18 14:36:32 hostname kernel:  ? exc_page_fault+0x94/0x1b0
Jan 18 14:36:32 hostname kernel:  entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Jan 18 14:36:32 hostname kernel: RIP: 0033:0x7f3239b1e967
Jan 18 14:36:32 hostname kernel: Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
Jan 18 14:36:32 hostname kernel: RSP: 002b:00007ffd97028ad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
Jan 18 14:36:32 hostname kernel: RAX: ffffffffffffffda RBX: 000055b943d7ead0 RCX: 00007f3239b1e967
Jan 18 14:36:32 hostname kernel: RDX: 0000000000000000 RSI: 00007ffd97028b10 RDI: 0000000000000006
Jan 18 14:36:32 hostname kernel: RBP: 000055b943d7edb0 R08: 0000000000000004 R09: 000055b943ea5f00
Jan 18 14:36:32 hostname kernel: R10: 00007ffd97028bf0 R11: 0000000000000246 R12: 000055b943eaa280
Jan 18 14:36:32 hostname kernel: R13: 00007ffd97028b10 R14: 0000000000000000 R15: 0000000000000000
Jan 18 14:36:32 hostname kernel:  </TASK>
Jan 18 14:36:32 hostname kernel: ================================================================================
Jan 18 14:36:32 hostname kernel: ================================================================================
Jan 18 14:36:32 hostname kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8192eu/1.0/build/core/rtw_wlan_util.c:1920:34
Jan 18 14:36:32 hostname kernel: index 2 is out of range for type 'u8 [1]'
Jan 18 14:36:32 hostname kernel: CPU: 14 PID: 2591 Comm: wpa_supplicant Tainted: P           OE      6.5.0-14-generic #14~22.04.1-Ubuntu
Jan 18 14:36:32 hostname kernel: Hardware name: ASUS System Product Name/PRIME Z690-P WIFI D4, BIOS 0407 09/13/2021
Jan 18 14:36:32 hostname kernel: Call Trace:
Jan 18 14:36:32 hostname kernel:  <TASK>
Jan 18 14:36:32 hostname kernel:  dump_stack_lvl+0x48/0x70
Jan 18 14:36:32 hostname kernel:  dump_stack+0x10/0x20
Jan 18 14:36:32 hostname kernel:  __ubsan_handle_out_of_bounds+0xc6/0x110
Jan 18 14:36:32 hostname kernel:  HT_caps_handler+0x240/0x300 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_check_beacon_data+0x706/0xf50 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_add_beacon+0x14d/0x270 [8192eu]
Jan 18 14:36:32 hostname kernel:  cfg80211_rtw_start_ap+0x69/0x1a0 [8192eu]
Jan 18 14:36:32 hostname kernel:  ? nl80211_calculate_ap_params+0x1fc/0x320 [cfg80211]
Jan 18 14:36:32 hostname kernel:  nl80211_start_ap+0x821/0xa90 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? rtnl_unlock+0xe/0x20
Jan 18 14:36:32 hostname kernel:  ? nl80211_pre_doit+0x225/0x2d0 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg_doit.isra.0+0xe5/0x150
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg+0x180/0x250
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_start_ap+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_rcv_msg+0x4c/0xb0
Jan 18 14:36:32 hostname kernel:  ? __pfx_genl_rcv_msg+0x10/0x10
Jan 18 14:36:32 hostname kernel:  netlink_rcv_skb+0x5a/0x110
Jan 18 14:36:32 hostname kernel:  genl_rcv+0x28/0x50
Jan 18 14:36:32 hostname kernel:  netlink_unicast+0x1ab/0x2a0
Jan 18 14:36:32 hostname kernel:  netlink_sendmsg+0x25e/0x4e0
Jan 18 14:36:32 hostname kernel:  sock_sendmsg+0xc9/0xd0
Jan 18 14:36:32 hostname kernel:  ____sys_sendmsg+0x2aa/0x370
Jan 18 14:36:32 hostname kernel:  ___sys_sendmsg+0x9a/0xf0
Jan 18 14:36:32 hostname kernel:  __sys_sendmsg+0x89/0xf0
Jan 18 14:36:32 hostname kernel:  __x64_sys_sendmsg+0x1d/0x30
Jan 18 14:36:32 hostname kernel:  do_syscall_64+0x58/0x90
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit_to_user_mode+0x17/0x20
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit+0x43/0x50
Jan 18 14:36:32 hostname kernel:  ? exc_page_fault+0x94/0x1b0
Jan 18 14:36:32 hostname kernel:  entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Jan 18 14:36:32 hostname kernel: RIP: 0033:0x7f3239b1e967
Jan 18 14:36:32 hostname kernel: Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
Jan 18 14:36:32 hostname kernel: RSP: 002b:00007ffd97028ad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
Jan 18 14:36:32 hostname kernel: RAX: ffffffffffffffda RBX: 000055b943d7ead0 RCX: 00007f3239b1e967
Jan 18 14:36:32 hostname kernel: RDX: 0000000000000000 RSI: 00007ffd97028b10 RDI: 0000000000000006
Jan 18 14:36:32 hostname kernel: RBP: 000055b943d7edb0 R08: 0000000000000004 R09: 000055b943ea5f00
Jan 18 14:36:32 hostname kernel: R10: 00007ffd97028bf0 R11: 0000000000000246 R12: 000055b943eaa280
Jan 18 14:36:32 hostname kernel: R13: 00007ffd97028b10 R14: 0000000000000000 R15: 0000000000000000
Jan 18 14:36:32 hostname kernel:  </TASK>
Jan 18 14:36:32 hostname kernel: ================================================================================
@pbrochart
Copy link
Contributor

Fixed by #340

@CGarces CGarces closed this as completed May 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@CGarces @ianmccul @pbrochart