search

lwfinger / rtl8852au

304 stars 75 forks source link

"array-index-out-of-bounds" Problem #26

Open RatexMak opened 1 year ago

RatexMak commented 1 year ago

Here is the output of dmesg. I am having 6 usb wireless adapter using 8852au drivers on a usb hub connected to my raspberry pi 4B, this warning appeared when i plugin my usb hub. Is it a problem which will casuse an unstable situation?

Thank you for any kind of support!

HW: rapberry pi 4B Mem: 4g Sys: Ubuntu 22.04 Server LTS Uname: Linux ubuntu 5.15.0-1018-raspi #20-Ubuntu SMP PREEMPT Fri Nov 4 18:20:53 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux

pi@ubuntu:~$ sudo dmesg |tail -50 [sudo] password for pi: [ 29.001020] CPU: 3 PID: 1142 Comm: disp_engshare Tainted: G C OE 5.15.0-1018-raspi #20-Ubuntu [ 29.001037] Hardware name: Raspberry Pi 4 Model B Rev 1.2 (DT) [ 29.001041] Call trace: [ 29.001043] dump_backtrace+0x0/0x1f0 [ 29.001054] show_stack+0x24/0x30 [ 29.001058] dump_stack_lvl+0x8c/0xb8 [ 29.001065] dump_stack+0x18/0x34 [ 29.001068] ubsan_epilogue+0x10/0x54 [ 29.001072] __ubsan_handle_out_of_bounds+0x80/0x90 [ 29.001080] ================================================================================ [ 29.001080] get_module_by_id+0x158/0x198 [8852au] [ 29.010847] dispr_send_msg+0x25c/0x360 [8852au] [ 29.011079] phl_disp_eng_send_msg+0x90/0x98 [8852au] [ 29.011249] _phl_cmd_scan_req_acquired+0x108/0x164 [8852au] [ 29.011446] register_cur_cmd_req+0x4c/0x7c [8852au] [ 29.011637] dispr_process_token_req+0x64/0x108 [8852au] [ 29.011815] _handle_token_op_info+0xac/0x1a8 [8852au] [ 29.011991] token_op_hanler+0x54/0xb4 [8852au] [ 29.012155] dispr_thread_loop_hdl+0x40/0x1f4 [8852au] [ 29.012318] dispr_share_thread_loop_hdl+0x1c/0x28 [8852au] [ 29.012480] share_thread_hdl+0x8c/0x144 [8852au] [ 29.012641] kthread+0x12c/0x140 [ 29.012649] ret_from_fork+0x10/0x20 [ 29.012803] ================================================================================ [ 31.711277] cam-dummy-reg: disabling [ 34.801783] ================================================================================ [ 34.812337] UBSAN: array-index-out-of-bounds in /home/pi/drivers/rtl8852au-dwa-x1850/phl/phl_msg_hub.c:136:6 [ 34.823860] index 16 is out of range for type 'u8 [16]' [ 34.830472] CPU: 1 PID: 1147 Comm: msg_notify_thre Tainted: G C OE 5.15.0-1018-raspi #20-Ubuntu [ 34.830483] Hardware name: Raspberry Pi 4 Model B Rev 1.2 (DT) [ 34.830488] Call trace: [ 34.830490] dump_backtrace+0x0/0x1f0 [ 34.830501] show_stack+0x24/0x30 [ 34.830506] dump_stack_lvl+0x8c/0xb8 [ 34.830512] dump_stack+0x18/0x34 [ 34.830516] ubsan_epilogue+0x10/0x54 [ 34.830519] __ubsan_handle_out_of_bounds+0x80/0x90 [ 34.830527] msg_forward+0xcc/0xf0 [8852au] [ 34.830782] msg_thread_hdl+0x60/0x144 [8852au] [ 34.830947] kthread+0x12c/0x140 [ 34.830954] ret_from_fork+0x10/0x20 [ 34.830961] ================================================================================ [ 36.663819] IPv6: ADDRCONF(NETDEV_CHANGE): wlan5: link becomes ready [ 36.749952] IPv6: ADDRCONF(NETDEV_CHANGE): wlan6: link becomes ready [ 36.755908] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 36.770325] IPv6: ADDRCONF(NETDEV_CHANGE): wlan4: link becomes ready [ 36.853535] IPv6: ADDRCONF(NETDEV_CHANGE): wlan3: link becomes ready [ 45.845433] IPv6: ADDRCONF(NETDEV_CHANGE): wlan2: link becomes ready [ 580.576867] bcmgenet fd580000.ethernet eth0: Link is Up - 1Gbps/Full - flow control rx/tx [ 580.576969] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready

lwfinger commented 1 year ago

The warnings are probably not serious, but I think I fixed the one at the warning from /home/pi/drivers/rtl8852au-dwa-x1850/phl/phl_msg_hub.c:136.

The other one was cut off so I have no idea where to look.

Please pull and try again. I have not tested my change.

Shulyaka commented 3 months ago

I have a similar issue. No warning about phl_msg_hub.c, but for ioctl_cfg80211.c. Latest revision.

[ 5692.271363] ------------[ cut here ]------------
[ 5692.272028] UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8852au/1.15.0.1/build/os_dep/linux/ioctl_cfg80211.c:1
836:110
[ 5692.273396] index 16 is out of range for type 'u8 [*]'
[ 5692.274046] CPU: 3 PID: 15262 Comm: wpa_supplicant Tainted: G         C OE      6.9.9-200.fc40.aarch64 #1
[ 5692.275140] Hardware name: radxa Radxa ROCK Pi 4A/Radxa ROCK Pi 4A, BIOS 2024.04 04/01/2024
[ 5692.276090] Call trace:
[ 5692.276393]  dump_backtrace+0xdc/0x140
[ 5692.276856]  show_stack+0x20/0x40
[ 5692.277262]  dump_stack_lvl+0x60/0x80
[ 5692.277711]  dump_stack+0x18/0x28
[ 5692.278119]  ubsan_epilogue+0x10/0x48
[ 5692.278562]  __ubsan_handle_out_of_bounds+0xa0/0xd0
[ 5692.279144]  rtw_cfg80211_set_encryption+0x274/0x9e8 [8852au]
[ 5692.281445]  cfg80211_rtw_add_key+0x284/0x2d0 [8852au]
[ 5692.283650]  nl80211_new_key+0x154/0x3c0 [cfg80211]
[ 5692.284774]  genl_family_rcv_msg_doit+0xe0/0x160
[ 5692.285336]  genl_family_rcv_msg+0x1e4/0x260
[ 5692.285848]  genl_rcv_msg+0x64/0xe8
[ 5692.286273]  netlink_rcv_skb+0x68/0x140
[ 5692.286736]  genl_rcv+0x40/0x60
[ 5692.287123]  netlink_unicast+0x308/0x368
[ 5692.287593]  netlink_sendmsg+0x1ac/0x408
[ 5692.288065]  __sock_sendmsg+0x64/0xc0
[ 5692.288511]  ____sys_sendmsg+0x270/0x300
[ 5692.288984]  ___sys_sendmsg+0xb8/0x118
[ 5692.289437]  __sys_sendmsg+0x90/0x100
[ 5692.289882]  __arm64_sys_sendmsg+0x2c/0x40
[ 5692.290375]  invoke_syscall+0x74/0x100
[ 5692.290827]  el0_svc_common.constprop.0+0x48/0xf0
[ 5692.291382]  do_el0_svc+0x24/0x38
[ 5692.291783]  el0_svc+0x3c/0x158
[ 5692.292174]  el0t_64_sync_handler+0x120/0x138
[ 5692.292698]  el0t_64_sync+0x194/0x198
[ 5692.293268] ---[ end trace ]---
[ 5692.294197] UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8852au/1.15.0.1/build/os_dep/linux/ioctl_cfg80211.c:1837:110
[ 5692.295435] index 24 is out of range for type 'u8 [*]'
[ 5692.296018] CPU: 3 PID: 15262 Comm: wpa_supplicant Tainted: G         C OE      6.9.9-200.fc40.aarch64 #1
[ 5692.297039] Hardware name: radxa Radxa ROCK Pi 4A/Radxa ROCK Pi 4A, BIOS 2024.04 04/01/2024
[ 5692.297929] Call trace:
[ 5692.298208]  dump_backtrace+0xdc/0x140
[ 5692.298638]  show_stack+0x20/0x40
[ 5692.299013]  dump_stack_lvl+0x60/0x80
[ 5692.299426]  dump_stack+0x18/0x28
[ 5692.299801]  ubsan_epilogue+0x10/0x48
[ 5692.300212]  __ubsan_handle_out_of_bounds+0xa0/0xd0
[ 5692.300751]  rtw_cfg80211_set_encryption+0x2b4/0x9e8 [8852au]
[ 5692.302676]  cfg80211_rtw_add_key+0x284/0x2d0 [8852au]
[ 5692.304504]  nl80211_new_key+0x154/0x3c0 [cfg80211]
[ 5692.305473]  genl_family_rcv_msg_doit+0xe0/0x160
[ 5692.305990]  genl_family_rcv_msg+0x1e4/0x260
[ 5692.306465]  genl_rcv_msg+0x64/0xe8
[ 5692.306856]  netlink_rcv_skb+0x68/0x140
[ 5692.307284]  genl_rcv+0x40/0x60
[ 5692.312944]  netlink_unicast+0x308/0x368
[ 5692.318740]  netlink_sendmsg+0x1ac/0x408
[ 5692.324464]  __sock_sendmsg+0x64/0xc0
[ 5692.330148]  ____sys_sendmsg+0x270/0x300
[ 5692.335827]  ___sys_sendmsg+0xb8/0x118
[ 5692.341416]  __sys_sendmsg+0x90/0x100
[ 5692.346012]  __arm64_sys_sendmsg+0x2c/0x40
[ 5692.351416]  invoke_syscall+0x74/0x100
[ 5692.356356]  el0_svc_common.constprop.0+0x48/0xf0
[ 5692.360863]  do_el0_svc+0x24/0x38
[ 5692.365199]  el0_svc+0x3c/0x158
[ 5692.369409]  el0t_64_sync_handler+0x120/0x138
[ 5692.373709]  el0t_64_sync+0x194/0x198
[ 5692.378042] ---[ end trace ]---
[ 5701.811383] systemd-journald[602]: Time jumped backwards, rotating.