Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp175238pxb;
        Mon, 16 Aug 2021 02:55:15 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJylAsyp/ES3CSeRhPpGiHGhZ3+kno1kyeo55aruJKFGzanlIOCItXRXeDYWIAe8/JCOzti7
X-Received: by 2002:a92:bf0c:: with SMTP id z12mr11218626ilh.19.1629107715456;
        Mon, 16 Aug 2021 02:55:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1629107715; cv=none;
        d=google.com; s=arc-20160816;
        b=yPVyaPjdqGDKgt2rX3Zkski7DrRWWmwE0klSVyoplIMwBYyYjldKDiYs/bJAdItg+1
         myu6FhfOcXKH+uK5M+n4Rh0VTmuQPc8xiAk7FNwEjVEFQpM3Esoz3XyjyNAwCP+TyOhO
         Y+BQ1eQ8hntcD7C4UAjjfbBAgsiM5WqzHK+BYHURii5uFFvof8lsEIU+2HqKNGsi7r4e
         o6JR9YJ6ZX+FJy2rNIzimaDlNc7tmwvNwTXpd5UAmrbeW7pGtMdGxdYKZ00ixsz4TkAE
         N9zSMFtRBNjFR/8WtRLXS6Fi3ExEJnzibdP5Fa4YL6WfChVLUst93l8ntjueDovUos1Z
         XMFQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :to:subject:dkim-signature:dkim-filter;
        bh=zvbd+kwJ7Wz9v7wk/xx7ATmxRV7OUSZupxJlUdWSWbw=;
        b=IZgkqQmcJdfqseFW7S9r85+SUzDfWBkxhghWnjQmLY22UxugWMJbO4xt62ZS8D9Zos
         QZnCH6f5HxAj6/1AIYLfMJHZX4hnrREXlgh3mrKYsUUeqCEyne0WAYRkjjz51qEfWA2h
         FZTgUoNqCuqjTVbCbttAYDAvVvO7ITihQQl1JJQxwaq/MWjLbOJPV7SJaBcyCjI4eYHk
         0MCVjMY7BGtNH3stsNxEPvJmj6mcK4eJErxSkApOdcPUtGbRSgGnGRmEPpF+l67QU7g2
         38cc73PZfA/ndgD8BlxLL/olniv0uTQUnZTURkt9T87ErA3sNk9GFZ4Qr2H8DWuYUT3D
         CUPg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@broadcom.com header.s=dkimrelay header.b=cL4DgYMf;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com
Return-Path: <linux-wireless-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id p1si10394032ios.38.2021.08.16.02.54.58;
        Mon, 16 Aug 2021 02:55:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@broadcom.com header.s=dkimrelay header.b=cL4DgYMf;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235539AbhHPJzP (ORCPT <rfc822;messat.profen@gmail.com>
        + 99 others); Mon, 16 Aug 2021 05:55:15 -0400
Received: from lpdvacalvio01.broadcom.com ([192.19.166.228]:44100 "EHLO
        relay.smtp-ext.broadcom.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S235336AbhHPJzP (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Mon, 16 Aug 2021 05:55:15 -0400
Received: from bld-lvn-bcawlan-34.lvn.broadcom.net (bld-lvn-bcawlan-34.lvn.broadcom.net [10.75.138.137])
        by relay.smtp-ext.broadcom.com (Postfix) with ESMTP id 8450180C2;
        Mon, 16 Aug 2021 02:54:43 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 relay.smtp-ext.broadcom.com 8450180C2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=broadcom.com;
        s=dkimrelay; t=1629107683;
        bh=Aj2VaZcpOH4Bg0zUIiSMcLLwUhPDKPLUYkCL/ibAG5s=;
        h=Subject:To:References:From:Date:In-Reply-To:From;
        b=cL4DgYMfLhxcHzkRuddbo/o/Xqy4EbL0iokgieCFiWE9Cf+MIm5UpDPzI3k5TqR+K
         rBHLZStO1E5WDYf1NvxiQjMlFiwtcLMuCX1soEJKSqK3TtZ+FKVE+ZGcWdaPVmT9Fl
         Az6z/sRGjB6LtIqnEMUmVkLVKgW6l9bqaf22VC3w=
Received: from [10.176.51.53] (d581793.dhcp.broadcom.net [10.176.51.53])
        by bld-lvn-bcawlan-34.lvn.broadcom.net (Postfix) with ESMTPSA id A27981874BD;
        Mon, 16 Aug 2021 02:54:41 -0700 (PDT)
Subject: Re: 5.10.58 UBSAN from brcmf_sdio_dpc+0xa50/0x128c [brcmfmac]
To:     Ryutaroh Matsumoto <ryutaroh@ict.e.titech.ac.jp>,
        linux-rpi-kernel@lists.infradead.org,
        linux-wireless@vger.kernel.org,
        brcm80211-dev-list.pdl@broadcom.com,
        SHA-cyfmac-dev-list@infineon.com, franky.lin@broadcom.com,
        hante.meuleman@broadcom.com, chi-hsien.lin@infineon.com,
        wright.feng@infineon.com, chung-hsien.hsu@infineon.com
References: <20210816.084210.1700916388797835755.ryutaroh@ict.e.titech.ac.jp>
From:   Arend van Spriel <arend.vanspriel@broadcom.com>
Message-ID: <85b31c5a-eb4a-48a0-ad94-e46db00af016@broadcom.com>
Date:   Mon, 16 Aug 2021 11:54:31 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.12.0
MIME-Version: 1.0
In-Reply-To: <20210816.084210.1700916388797835755.ryutaroh@ict.e.titech.ac.jp>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

On 8/16/2021 1:42 AM, Ryutaroh Matsumoto wrote:
> Dear Maintainers of the drivers/net/wireless/broadcom/brcm80211/brcmfmac driver,
> 
> I found the following UBSAN error in kernel 5.10.58 compiled with CLang 12.0.1
> with integrated assembler (make LLVM=1 LLVM_IAS=1).
> It always happens when iwd starts an access point, where /etc/iwd/main.conf
> looks as follows:
> [General]
> UseDefaultInterface=true
> DisableANQP=false
> 
> I do not observe the following error if
> * kernel is compiled with gcc 10, or
> * kernel version is 5.13.9 or 5.14rc5.
> 
> The reported UBSAN error is only seen with 5.10 series compiled with CLang 12.
> UBSAN looks as follows. The hardware is Raspberry Pi 4B with 8GB RAM.
> 
> Aug 16 08:11:21 raspi4b-router systemd[1]: systemd-rfkill.service: Succeeded.
> Aug 16 08:11:21 raspi4b-router kernel: IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
> Aug 16 08:11:21 raspi4b-router systemd[1]: iwd_start_ap@Yamashita_guest.service: Succeeded.
> Aug 16 08:11:21 raspi4b-router systemd[1]: Finished iwd starting Yamashita_guest access point.
> Aug 16 08:11:21 raspi4b-router kernel: ================================================================================
> Aug 16 08:11:21 raspi4b-router kernel: UBSAN: object-size-mismatch in ./include/linux/skbuff.h:2016:28

Line 2016 in skbuff.h is inline function __skb_queue_before() and as far 
as I can tell brcmfmac is not using that direct or indirect. Maybe I am 
reading the line info incorrectly?

> Aug 16 08:11:21 raspi4b-router kernel: member access within address 000000002d0b610c with insufficient space
> Aug 16 08:11:21 raspi4b-router kernel: for an object of type 'struct sk_buff'
> Aug 16 08:11:21 raspi4b-router kernel: CPU: 1 PID: 295 Comm: kworker/u8:3 Tainted: G         C        5.10.58-clang12a #1
> Aug 16 08:11:21 raspi4b-router kernel: Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)
> Aug 16 08:11:21 raspi4b-router kernel: Workqueue: brcmf_wq/mmc0:0001:1 brcmf_sdio_dataworker [brcmfmac]
> Aug 16 08:11:21 raspi4b-router kernel: Call trace:
> Aug 16 08:11:21 raspi4b-router kernel:  dump_backtrace+0x0/0x1e4
> Aug 16 08:11:21 raspi4b-router kernel:  show_stack+0x18/0x24
> Aug 16 08:11:21 raspi4b-router kernel:  dump_stack+0xac/0x104
> Aug 16 08:11:21 raspi4b-router kernel:  ubsan_type_mismatch_common+0x198/0x298
> Aug 16 08:11:21 raspi4b-router kernel:  __ubsan_handle_type_mismatch_v1+0x40/0x50
> Aug 16 08:11:21 raspi4b-router kernel:  brcmf_sdio_dpc+0xa50/0x128c [brcmfmac]

Would you be able to provide information as to what line 
brcmf_sdio_dpc+0xa50 refers to.

Regards,
Arend