From: Ryutaroh Matsumoto <ryutaroh@ict.e.titech.ac.jp>
To: arend.vanspriel@broadcom.com
Cc: linux-rpi-kernel@lists.infradead.org,
linux-wireless@vger.kernel.org,
brcm80211-dev-list.pdl@broadcom.com,
SHA-cyfmac-dev-list@infineon.com, franky.lin@broadcom.com,
hante.meuleman@broadcom.com, chi-hsien.lin@infineon.com,
wright.feng@infineon.com, chung-hsien.hsu@infineon.com
Subject: Re: 5.10.58 UBSAN from brcmf_sdio_dpc+0xa50/0x128c [brcmfmac]
Date: Tue, 17 Aug 2021 09:36:58 +0900 (JST) [thread overview]
Message-ID: <20210817.093658.33467107987117119.ryutaroh@ict.e.titech.ac.jp> (raw)
In-Reply-To: <85b31c5a-eb4a-48a0-ad94-e46db00af016@broadcom.com>
Hi Arend, thank you for paying attention to this.
> Line 2016 in skbuff.h is inline function __skb_queue_before() and as
> far as I can tell brcmfmac is not using that direct or indirect. Maybe
> I am reading the line info incorrectly?
I am unsure of it. On the other hand, I have also seen somewhat similar
UBSAN from a header file "include/net/flow.h" as reported at
https://lore.kernel.org/netdev/20210813.081908.1574714532738245424.ryutaroh@ict.e.titech.ac.jp/
All UBSANs that I have seen come from *.h compiled with clang...
> Would you be able to provide information as to what line
> brcmf_sdio_dpc+0xa50 refers to.
I'd like to do, but I do not know how to let kernel UBSAN include a line number,
though I know it with user-space applications...
Best regards, Ryutaroh
From: Arend van Spriel <arend.vanspriel@broadcom.com>
Subject: Re: 5.10.58 UBSAN from brcmf_sdio_dpc+0xa50/0x128c [brcmfmac]
Date: Mon, 16 Aug 2021 11:54:31 +0200
> On 8/16/2021 1:42 AM, Ryutaroh Matsumoto wrote:
>> Dear Maintainers of the
>> drivers/net/wireless/broadcom/brcm80211/brcmfmac driver,
>> I found the following UBSAN error in kernel 5.10.58 compiled with
>> CLang 12.0.1
>> with integrated assembler (make LLVM=1 LLVM_IAS=1).
>> It always happens when iwd starts an access point, where
>> /etc/iwd/main.conf
>> looks as follows:
>> [General]
>> UseDefaultInterface=true
>> DisableANQP=false
>> I do not observe the following error if
>> * kernel is compiled with gcc 10, or
>> * kernel version is 5.13.9 or 5.14rc5.
>> The reported UBSAN error is only seen with 5.10 series compiled with
>> CLang 12.
>> UBSAN looks as follows. The hardware is Raspberry Pi 4B with 8GB RAM.
>> Aug 16 08:11:21 raspi4b-router systemd[1]: systemd-rfkill.service:
>> Succeeded.
>> Aug 16 08:11:21 raspi4b-router kernel: IPv6: ADDRCONF(NETDEV_CHANGE):
>> wlan0: link becomes ready
>> Aug 16 08:11:21 raspi4b-router systemd[1]:
>> iwd_start_ap@Yamashita_guest.service: Succeeded.
>> Aug 16 08:11:21 raspi4b-router systemd[1]: Finished iwd starting
>> Yamashita_guest access point.
>> Aug 16 08:11:21 raspi4b-router kernel:
>> ================================================================================
>> Aug 16 08:11:21 raspi4b-router kernel: UBSAN: object-size-mismatch in
>> ./include/linux/skbuff.h:2016:28
>
> Line 2016 in skbuff.h is inline function __skb_queue_before() and as
> far as I can tell brcmfmac is not using that direct or indirect. Maybe
> I am reading the line info incorrectly?
>
>> Aug 16 08:11:21 raspi4b-router kernel: member access within address
>> 000000002d0b610c with insufficient space
>> Aug 16 08:11:21 raspi4b-router kernel: for an object of type 'struct
>> sk_buff'
>> Aug 16 08:11:21 raspi4b-router kernel: CPU: 1 PID: 295 Comm:
>> kworker/u8:3 Tainted: G C 5.10.58-clang12a #1
>> Aug 16 08:11:21 raspi4b-router kernel: Hardware name: Raspberry Pi 4
>> Model B Rev 1.4 (DT)
>> Aug 16 08:11:21 raspi4b-router kernel: Workqueue: brcmf_wq/mmc0:0001:1
>> brcmf_sdio_dataworker [brcmfmac]
>> Aug 16 08:11:21 raspi4b-router kernel: Call trace:
>> Aug 16 08:11:21 raspi4b-router kernel: dump_backtrace+0x0/0x1e4
>> Aug 16 08:11:21 raspi4b-router kernel: show_stack+0x18/0x24
>> Aug 16 08:11:21 raspi4b-router kernel: dump_stack+0xac/0x104
>> Aug 16 08:11:21 raspi4b-router kernel:
>> ubsan_type_mismatch_common+0x198/0x298
>> Aug 16 08:11:21 raspi4b-router kernel:
>> __ubsan_handle_type_mismatch_v1+0x40/0x50
>> Aug 16 08:11:21 raspi4b-router kernel: brcmf_sdio_dpc+0xa50/0x128c
>> [brcmfmac]
>
> Would you be able to provide information as to what line
> brcmf_sdio_dpc+0xa50 refers to.
>
> Regards,
> Arend
next prev parent reply other threads:[~2021-08-17 0:38 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-15 23:42 5.10.58 UBSAN from brcmf_sdio_dpc+0xa50/0x128c [brcmfmac] Ryutaroh Matsumoto
2021-08-16 9:54 ` Arend van Spriel
2021-08-17 0:36 ` Ryutaroh Matsumoto [this message]
2021-08-17 1:57 ` Ryutaroh Matsumoto
2021-08-17 5:42 ` Arend van Spriel
2021-08-17 8:17 ` Arend van Spriel
2021-08-18 9:41 ` Ryutaroh Matsumoto
2021-08-19 16:40 ` Arend Van Spriel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210817.093658.33467107987117119.ryutaroh@ict.e.titech.ac.jp \
--to=ryutaroh@ict.e.titech.ac.jp \
--cc=SHA-cyfmac-dev-list@infineon.com \
--cc=arend.vanspriel@broadcom.com \
--cc=brcm80211-dev-list.pdl@broadcom.com \
--cc=chi-hsien.lin@infineon.com \
--cc=chung-hsien.hsu@infineon.com \
--cc=franky.lin@broadcom.com \
--cc=hante.meuleman@broadcom.com \
--cc=linux-rpi-kernel@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=wright.feng@infineon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.