Dear Linux folks,
I enabled the undefined behavior sanitizer, and built Linus’ master
branch under Ubuntu 16.04 with gcc (Ubuntu 5.4.0-6ubuntu1~16.04.5) 5.4.0
20160609.
```
$ grep UBSAN /boot/config-4.15.0-rc6+
CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
# CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set
CONFIG_UBSAN=y
CONFIG_UBSAN_SANITIZE_ALL=y
# CONFIG_UBSAN_ALIGNMENT is not set
CONFIG_UBSAN_NULL=y
```
Starting the system Dell XPS 13 9360 the messages below are printed.
```
$ git describe --tags
4.15-rc6
$ git log --oneline -1
30a7acd Linux 4.15-rc6
$ dmesg
[…]
[ 12.861199] ath10k_pci 0000:3a:00.0: Direct firmware load for
ath10k/pre-cal-pci-0000:3a:00.0.bin failed with error -2
[ 12.861215] ath10k_pci 0000:3a:00.0: Direct firmware load for
ath10k/cal-pci-0000:3a:00.0.bin failed with error -2
[ 12.889785] ath10k_pci 0000:3a:00.0: qca6174 hw3.2 target 0x05030000
chip_id 0x00340aff sub 1a56:1535
[ 12.889787] ath10k_pci 0000:3a:00.0: kconfig debug 0 debugfs 1
tracing 1 dfs 0 testmode 0
[ 12.890736] ath10k_pci 0000:3a:00.0: firmware ver
WLAN.RM.4.4-00022-QCARMSWPZ-2 api 6 features wowlan,ignore-otp crc32
4d458559
[ 12.956579] ath10k_pci 0000:3a:00.0: board_file api 2 bmi_id N/A
crc32 6fc88fe7
[ 13.526010] ath10k_pci 0000:3a:00.0: Unknown eventid: 90118
[ 13.526564] ath10k_pci 0000:3a:00.0: htt-ver 3.32 wmi-op 4 htt-op 3
cal otp max-sta 32 raw 0 hwcrypto 1
[ 13.610154] ath: EEPROM regdomain: 0x6c
[ 13.610155] ath: EEPROM indicates we should expect a direct regpair map
[ 13.610156] ath: Country alpha2 being used: 00
[ 13.610157] ath: Regpair used: 0x6c
[ 13.615581] ath10k_pci 0000:3a:00.0 wlp58s0: renamed from wlan0
[ 13.646881] IPv6: ADDRCONF(NETDEV_UP): wlp58s0: link is not ready
[ 14.379528] ath10k_pci 0000:3a:00.0: Unknown eventid: 90118
[ 14.437330] IPv6: ADDRCONF(NETDEV_UP): wlp58s0: link is not ready
[ 14.499142] IPv6: ADDRCONF(NETDEV_UP): wlp58s0: link is not ready
[ 14.735926] Bluetooth: RFCOMM TTY layer initialized
[ 14.735932] Bluetooth: RFCOMM socket layer initialized
[ 14.735936] Bluetooth: RFCOMM ver 1.11
[ 14.798449] dell_smbios: No dell-smbios drivers are loaded
[ 14.798453] dell_smbios: No dell-smbios drivers are loaded
[ 14.798454] dell_smbios: No dell-smbios drivers are loaded
[ 14.992246] dell_smbios: No dell-smbios drivers are loaded
[ 14.992251] dell_smbios: No dell-smbios drivers are loaded
[ 14.992253] dell_smbios: No dell-smbios drivers are loaded
[ 22.098621] dell_smbios: No dell-smbios drivers are loaded
[ 22.098626] dell_smbios: No dell-smbios drivers are loaded
[ 22.098628] dell_smbios: No dell-smbios drivers are loaded
[ 24.180874] wlp58s0: authenticate with 6c:f3:7f:10:ae:18
[ 24.226177] wlp58s0: send auth to 6c:f3:7f:10:ae:18 (try 1/3)
[ 24.228204] wlp58s0: authenticated
[ 24.232029] wlp58s0: associate with 6c:f3:7f:10:ae:18 (try 1/3)
[ 24.235150] wlp58s0: RX AssocResp from 6c:f3:7f:10:ae:18 (capab=0x411
status=0 aid=1)
[ 24.237366] wlp58s0: associated
[ 29.242550] IPv6: ADDRCONF(NETDEV_CHANGE): wlp58s0: link becomes ready
[ 54.426485]
================================================================================
[ 54.426491] UBSAN: Undefined behaviour in net/wireless/nl80211.c:718:4
[ 54.426492] signed integer overflow:
[ 54.426493] -1665903437 * 100 cannot be represented in type 'int'
[ 54.426496] CPU: 2 PID: 423 Comm: kworker/2:2 Not tainted 4.15.0-rc6+ #36
[ 54.426497] Hardware name: Dell Inc. XPS 13 9360/0839Y6, BIOS 2.4.2
11/21/2017
[ 54.426516] Workqueue: events reg_todo [cfg80211]
[ 54.426517] Call Trace:
[ 54.426524] dump_stack+0x70/0xb2
[ 54.426526] ubsan_epilogue+0x9/0x40
[ 54.426528] handle_overflow+0xce/0xf0
[ 54.426531] ? __nla_put+0xc/0x20
[ 54.426532] ? nla_put+0x59/0xe0
[ 54.426541] nl80211_msg_put_channel+0x304/0x320 [cfg80211]
[ 54.426551] nl80211_send_beacon_hint_event+0x13a/0x2c0 [cfg80211]
[ 54.426560] handle_reg_beacon+0x135/0x250 [cfg80211]
[ 54.426562] ? dequeue_entity+0x123/0x790
[ 54.426564] ? __switch_to+0x12b/0x7d0
[ 54.426572] reg_todo+0x257/0x500 [cfg80211]
[ 54.426575] process_one_work+0x267/0x840
[ 54.426577] worker_thread+0x70/0x620
[ 54.426578] ? process_one_work+0x840/0x840
[ 54.426580] kthread+0x158/0x230
[ 54.426581] ? kthread_associate_blkcg+0x160/0x160
[ 54.426583] ? do_group_exit+0x45/0x130
[ 54.426585] ret_from_fork+0x1f/0x30
[ 54.426586]
================================================================================
[ 110.966580] acpi INT3400:00: Unsupported event [0x86]
[ 119.866923] dell_smbios: No dell-smbios drivers are loaded
[ 119.866930] dell_smbios: No dell-smbios drivers are loaded
[ 119.866932] dell_smbios: No dell-smbios drivers are loaded
[ 119.866937] dell_smbios: No dell-smbios drivers are loaded
[ 119.866939] dell_smbios: No dell-smbios drivers are loaded
[ 119.866941] dell_smbios: No dell-smbios drivers are loaded
[ 120.767721] dell_smbios: No dell-smbios drivers are loaded
[ 120.767729] dell_smbios: No dell-smbios drivers are loaded
[ 120.767731] dell_smbios: No dell-smbios drivers are loaded
[ 120.767736] dell_smbios: No dell-smbios drivers are loaded
[ 120.767738] dell_smbios: No dell-smbios drivers are loaded
[ 120.767740] dell_smbios: No dell-smbios drivers are loaded
[ 121.075387] dell_smbios: No dell-smbios drivers are loaded
[ 121.075394] dell_smbios: No dell-smbios drivers are loaded
[ 121.075396] dell_smbios: No dell-smbios drivers are loaded
[ 121.075401] dell_smbios: No dell-smbios drivers are loaded
[ 121.075403] dell_smbios: No dell-smbios drivers are loaded
[ 121.075405] dell_smbios: No dell-smbios drivers are loaded
```
Please tell me, if I can provide more information.
Kind regards,
Paul
PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBQYXVsIE1lbnplbCBbbWFpbHRv
OnBtZW56ZWwrbGludXgtd2lyZWxlc3NAbW9sZ2VuLm1wZy5kZV0NCj4gU2VudDogV2VkbmVzZGF5
LCBKYW51YXJ5IDMsIDIwMTggMTA6MjAgQU0NCj4gVG86IEpvaGFubmVzIEJlcmcgPGpvaGFubmVz
QHNpcHNvbHV0aW9ucy5uZXQ+DQo+IENjOiBsaW51eC13aXJlbGVzc0B2Z2VyLmtlcm5lbC5vcmc7
IGxpbnV4LWtlcm5lbEB2Z2VyLmtlcm5lbC5vcmc7IGl0K2xpbnV4LQ0KPiB3aXJlbGVzc0Btb2xn
ZW4ubXBnLmRlOyBMaW1vbmNpZWxsbywgTWFyaW8gPE1hcmlvX0xpbW9uY2llbGxvQERlbGwuY29t
PjsNCj4gVGhvcnN0ZW4gTGVlbWh1aXMgPGxpbnV4QGxlZW1odWlzLmluZm8+DQo+IFN1YmplY3Q6
IFVCU0FOOiBVbmRlZmluZWQgYmVoYXZpb3VyIGluIG5ldC93aXJlbGVzcy9ubDgwMjExLmM6NzE4
OjQ6IC0NCj4gMTY2NTkwMzQzNyAqIDEwMCBjYW5ub3QgYmUgcmVwcmVzZW50ZWQgaW4gdHlwZSAn
aW50Jw0KDQo8c25pcD4NCg0KPiBbICAxMTkuODY2OTIzXSBkZWxsX3NtYmlvczogTm8gZGVsbC1z
bWJpb3MgZHJpdmVycyBhcmUgbG9hZGVkDQo+IFsgIDExOS44NjY5MzBdIGRlbGxfc21iaW9zOiBO
byBkZWxsLXNtYmlvcyBkcml2ZXJzIGFyZSBsb2FkZWQNCj4gWyAgMTE5Ljg2NjkzMl0gZGVsbF9z
bWJpb3M6IE5vIGRlbGwtc21iaW9zIGRyaXZlcnMgYXJlIGxvYWRlZA0KPiBbICAxMTkuODY2OTM3
XSBkZWxsX3NtYmlvczogTm8gZGVsbC1zbWJpb3MgZHJpdmVycyBhcmUgbG9hZGVkDQo+IFsgIDEx
OS44NjY5MzldIGRlbGxfc21iaW9zOiBObyBkZWxsLXNtYmlvcyBkcml2ZXJzIGFyZSBsb2FkZWQN
Cj4gWyAgMTE5Ljg2Njk0MV0gZGVsbF9zbWJpb3M6IE5vIGRlbGwtc21iaW9zIGRyaXZlcnMgYXJl
IGxvYWRlZA0KPiBbICAxMjAuNzY3NzIxXSBkZWxsX3NtYmlvczogTm8gZGVsbC1zbWJpb3MgZHJp
dmVycyBhcmUgbG9hZGVkDQo+IFsgIDEyMC43Njc3MjldIGRlbGxfc21iaW9zOiBObyBkZWxsLXNt
YmlvcyBkcml2ZXJzIGFyZSBsb2FkZWQNCj4gWyAgMTIwLjc2NzczMV0gZGVsbF9zbWJpb3M6IE5v
IGRlbGwtc21iaW9zIGRyaXZlcnMgYXJlIGxvYWRlZA0KPiBbICAxMjAuNzY3NzM2XSBkZWxsX3Nt
YmlvczogTm8gZGVsbC1zbWJpb3MgZHJpdmVycyBhcmUgbG9hZGVkDQo+IFsgIDEyMC43Njc3Mzhd
IGRlbGxfc21iaW9zOiBObyBkZWxsLXNtYmlvcyBkcml2ZXJzIGFyZSBsb2FkZWQNCj4gWyAgMTIw
Ljc2Nzc0MF0gZGVsbF9zbWJpb3M6IE5vIGRlbGwtc21iaW9zIGRyaXZlcnMgYXJlIGxvYWRlZA0K
PiBbICAxMjEuMDc1Mzg3XSBkZWxsX3NtYmlvczogTm8gZGVsbC1zbWJpb3MgZHJpdmVycyBhcmUg
bG9hZGVkDQo+IFsgIDEyMS4wNzUzOTRdIGRlbGxfc21iaW9zOiBObyBkZWxsLXNtYmlvcyBkcml2
ZXJzIGFyZSBsb2FkZWQNCj4gWyAgMTIxLjA3NTM5Nl0gZGVsbF9zbWJpb3M6IE5vIGRlbGwtc21i
aW9zIGRyaXZlcnMgYXJlIGxvYWRlZA0KPiBbICAxMjEuMDc1NDAxXSBkZWxsX3NtYmlvczogTm8g
ZGVsbC1zbWJpb3MgZHJpdmVycyBhcmUgbG9hZGVkDQo+IFsgIDEyMS4wNzU0MDNdIGRlbGxfc21i
aW9zOiBObyBkZWxsLXNtYmlvcyBkcml2ZXJzIGFyZSBsb2FkZWQNCj4gWyAgMTIxLjA3NTQwNV0g
ZGVsbF9zbWJpb3M6IE5vIGRlbGwtc21iaW9zIGRyaXZlcnMgYXJlIGxvYWRlZA0KDQpJIGtub3cg
dGhpcyBpc24ndCB0aGUgZm9jYWwgcG9pbnQgb2YgeW91ciBtZXNzYWdlLCBidXQgdGhlc2UgYXJl
IA0KZXhwZWN0ZWQgbWVzc2FnZXMgaWYgeW91IGRvbid0IGhhdmUgZGVsbC1zbWJpb3Mtc21tIG9y
IA0KZGVsbC1zbWJpb3Mtd21pIGxvYWRlZC4gIFRoYXQgbWVhbnMgdGhhdCBhbm90aGVyIG1vZHVs
ZSBpbiB0aGUNCmtlcm5lbCBpcyB0cnlpbmcgdG8gcnVuIGEgU01CSU9TIGNhbGwgYnV0IGNhbid0
IGR1ZSB0byBubyBkaXNwYXRjaGVyLg0KDQo=
On Wed, 2018-01-17 at 13:22 +0100, Paul Menzel wrote:
>
> Yes it does. Thank you. Rebuilding Linux 4.15-rc8+ with this patch
> applied, the UBSAN doesn’t report this issue anymore.
Thanks for testing, the patch is on its way to get to 4.15 (hopefully)
johannes
Dear Johannes,
On 01/04/18 16:08, Johannes Berg wrote:
> Hi,
>
> Can you reproduce this?
>
>> [ 54.426491] UBSAN: Undefined behaviour in net/wireless/nl80211.c:718:4
>> [ 54.426492] signed integer overflow:
>> [ 54.426493] -1665903437 * 100 cannot be represented in type 'int'
>
> Obviously.
>
> However, it looks like the real reason is that there's some garbage (-
> 1665903437) in chan->max_power, which is just stack memory being leaked
> out...
>
> This should help?
>
> diff --git a/net/wireless/reg.c b/net/wireless/reg.c
> index 78e71b0390be..7b42f0bacfd8 100644
> --- a/net/wireless/reg.c
> +++ b/net/wireless/reg.c
> @@ -1769,8 +1769,7 @@ static void handle_reg_beacon(struct wiphy *wiphy, unsigned int chan_idx,
> if (wiphy->regulatory_flags & REGULATORY_DISABLE_BEACON_HINTS)
> return;
>
> - chan_before.center_freq = chan->center_freq;
> - chan_before.flags = chan->flags;
> + chan_before = *chan;
>
> if (chan->flags & IEEE80211_CHAN_NO_IR) {
> chan->flags &= ~IEEE80211_CHAN_NO_IR;
Yes it does. Thank you. Rebuilding Linux 4.15-rc8+ with this patch
applied, the UBSAN doesn’t report this issue anymore.
Kind regards,
Paul
Hi,
Can you reproduce this?
> [ 54.426491] UBSAN: Undefined behaviour in net/wireless/nl80211.c:718:4
> [ 54.426492] signed integer overflow:
> [ 54.426493] -1665903437 * 100 cannot be represented in type 'int'
Obviously.
However, it looks like the real reason is that there's some garbage (-
1665903437) in chan->max_power, which is just stack memory being leaked
out...
This should help?
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 78e71b0390be..7b42f0bacfd8 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -1769,8 +1769,7 @@ static void handle_reg_beacon(struct wiphy *wiphy, unsigned int chan_idx,
if (wiphy->regulatory_flags & REGULATORY_DISABLE_BEACON_HINTS)
return;
- chan_before.center_freq = chan->center_freq;
- chan_before.flags = chan->flags;
+ chan_before = *chan;
if (chan->flags & IEEE80211_CHAN_NO_IR) {
chan->flags &= ~IEEE80211_CHAN_NO_IR;
johannes