Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp764334pxb; Mon, 16 Aug 2021 17:38:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwVQ4fQGn2uLmub0v+/omz+ayBG1Sw48dTlcweKbxkK8CtrqqKm8ojydXR9xp0xcEXz3vZj X-Received: by 2002:aa7:dcc2:: with SMTP id w2mr934942edu.192.1629160724191; Mon, 16 Aug 2021 17:38:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629160724; cv=none; d=google.com; s=arc-20160816; b=w/aANnYZvOO0Hi0wi3mHVbC++OxNCaXR8WuZkOn1GQJ+gA7qd+Hg5g3DkiNyx0ArI+ L4M2Lq4h1wCkZTWVyMpZZ12BaVmjkrdxi2GDhG6HnIYXtZctzUqHZ6FVwfp8i1dRBb+o RrjlCt1KlSD8VqL7s1fa2lJK5XbYRJHvS8o3pgvHJRz6BcFyVRH56E6WO0cs+s7GIOzT 6IK95QUNZJWU1dCosWVWA8ohI0owypXyLhVE6zwaGb6UIqYZfUiDCaAsnAhzBziDdNlV Gm8+Rs9UpIn2XlNJIwPZy/cr5iZ6wMqJNWjG8pQcsmFuX3YS8dXo6i5jpSmbdz+WdPol 9ycw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date; bh=QKd1xDG9LqIxa1xCRKqm1iBU1Zyt7PHqpZfJBc2hSTM=; b=0BGFZY3pu7CHHZY08Y6PsbK6r8H1tDEAXVd1jCemaiuM8mUZCHgIjbGDHOWHbjb3Zo ASuO5sC+b09d7tsFehVROKxeDseKQxHs9m9n68cR6PJTPQJITtCVCizQVSMxaThWZFem buL6TGjRwzY/IDN8GgEXjGL7F+22kUag6wUT2FeU47Lv7RejqaNrOPQP8KLgIvbuVWHQ T77FlKDmUckotVdKCYkm7MjewUCbODx45zzaG0MSG2OX6QVWe6mI0WfYkbAzaEsO7GMR dAb/Wp50FTPJ+lloCX5H5i30/j1MO9Pa0NQPn4uY3x5WBq2pSSbCLHVZISapl/9O1fJc zTDA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k23si513324edo.478.2021.08.16.17.38.15; Mon, 16 Aug 2021 17:38:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237130AbhHQAi3 (ORCPT + 99 others); Mon, 16 Aug 2021 20:38:29 -0400 Received: from mail001.nap.gsic.titech.ac.jp ([131.112.13.101]:42312 "HELO mail001.nap.gsic.titech.ac.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S237328AbhHQAh5 (ORCPT ); Mon, 16 Aug 2021 20:37:57 -0400 Received: from 172.22.40.203 by mail001.nap.gsic.titech.ac.jp with Mail2000 ESMTP Server V7.00(21081:0:AUTH_RELAY) (envelope-from ); Tue, 17 Aug 2021 09:37:04 +0900 (JST) Received: from mail001.nap.gsic.titech.ac.jp (mail001.nap.gsic.titech.ac.jp [131.112.13.101]) by drweb06.nap.gsic.titech.ac.jp (Postfix) with SMTP id 5BF789665; Tue, 17 Aug 2021 09:37:04 +0900 (JST) Received: from 153.240.174.134 by mail001.nap.gsic.titech.ac.jp with Mail2000 ESMTPA Server V7.00(21083:1:AUTH_LOGIN) (envelope-from ); Tue, 17 Aug 2021 09:37:03 +0900 (JST) Date: Tue, 17 Aug 2021 09:36:58 +0900 (JST) Message-Id: <20210817.093658.33467107987117119.ryutaroh@ict.e.titech.ac.jp> To: arend.vanspriel@broadcom.com Cc: linux-rpi-kernel@lists.infradead.org, linux-wireless@vger.kernel.org, brcm80211-dev-list.pdl@broadcom.com, SHA-cyfmac-dev-list@infineon.com, franky.lin@broadcom.com, hante.meuleman@broadcom.com, chi-hsien.lin@infineon.com, wright.feng@infineon.com, chung-hsien.hsu@infineon.com Subject: Re: 5.10.58 UBSAN from brcmf_sdio_dpc+0xa50/0x128c [brcmfmac] From: Ryutaroh Matsumoto In-Reply-To: <85b31c5a-eb4a-48a0-ad94-e46db00af016@broadcom.com> References: <20210816.084210.1700916388797835755.ryutaroh@ict.e.titech.ac.jp> <85b31c5a-eb4a-48a0-ad94-e46db00af016@broadcom.com> X-Mailer: Mew version 6.8 on Emacs 26.3 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Hi Arend, thank you for paying attention to this. > Line 2016 in skbuff.h is inline function __skb_queue_before() and as > far as I can tell brcmfmac is not using that direct or indirect. Maybe > I am reading the line info incorrectly? I am unsure of it. On the other hand, I have also seen somewhat similar UBSAN from a header file "include/net/flow.h" as reported at https://lore.kernel.org/netdev/20210813.081908.1574714532738245424.ryutaroh@ict.e.titech.ac.jp/ All UBSANs that I have seen come from *.h compiled with clang... > Would you be able to provide information as to what line > brcmf_sdio_dpc+0xa50 refers to. I'd like to do, but I do not know how to let kernel UBSAN include a line number, though I know it with user-space applications... Best regards, Ryutaroh From: Arend van Spriel Subject: Re: 5.10.58 UBSAN from brcmf_sdio_dpc+0xa50/0x128c [brcmfmac] Date: Mon, 16 Aug 2021 11:54:31 +0200 > On 8/16/2021 1:42 AM, Ryutaroh Matsumoto wrote: >> Dear Maintainers of the >> drivers/net/wireless/broadcom/brcm80211/brcmfmac driver, >> I found the following UBSAN error in kernel 5.10.58 compiled with >> CLang 12.0.1 >> with integrated assembler (make LLVM=1 LLVM_IAS=1). >> It always happens when iwd starts an access point, where >> /etc/iwd/main.conf >> looks as follows: >> [General] >> UseDefaultInterface=true >> DisableANQP=false >> I do not observe the following error if >> * kernel is compiled with gcc 10, or >> * kernel version is 5.13.9 or 5.14rc5. >> The reported UBSAN error is only seen with 5.10 series compiled with >> CLang 12. >> UBSAN looks as follows. The hardware is Raspberry Pi 4B with 8GB RAM. >> Aug 16 08:11:21 raspi4b-router systemd[1]: systemd-rfkill.service: >> Succeeded. >> Aug 16 08:11:21 raspi4b-router kernel: IPv6: ADDRCONF(NETDEV_CHANGE): >> wlan0: link becomes ready >> Aug 16 08:11:21 raspi4b-router systemd[1]: >> iwd_start_ap@Yamashita_guest.service: Succeeded. >> Aug 16 08:11:21 raspi4b-router systemd[1]: Finished iwd starting >> Yamashita_guest access point. >> Aug 16 08:11:21 raspi4b-router kernel: >> ================================================================================ >> Aug 16 08:11:21 raspi4b-router kernel: UBSAN: object-size-mismatch in >> ./include/linux/skbuff.h:2016:28 > > Line 2016 in skbuff.h is inline function __skb_queue_before() and as > far as I can tell brcmfmac is not using that direct or indirect. Maybe > I am reading the line info incorrectly? > >> Aug 16 08:11:21 raspi4b-router kernel: member access within address >> 000000002d0b610c with insufficient space >> Aug 16 08:11:21 raspi4b-router kernel: for an object of type 'struct >> sk_buff' >> Aug 16 08:11:21 raspi4b-router kernel: CPU: 1 PID: 295 Comm: >> kworker/u8:3 Tainted: G C 5.10.58-clang12a #1 >> Aug 16 08:11:21 raspi4b-router kernel: Hardware name: Raspberry Pi 4 >> Model B Rev 1.4 (DT) >> Aug 16 08:11:21 raspi4b-router kernel: Workqueue: brcmf_wq/mmc0:0001:1 >> brcmf_sdio_dataworker [brcmfmac] >> Aug 16 08:11:21 raspi4b-router kernel: Call trace: >> Aug 16 08:11:21 raspi4b-router kernel: dump_backtrace+0x0/0x1e4 >> Aug 16 08:11:21 raspi4b-router kernel: show_stack+0x18/0x24 >> Aug 16 08:11:21 raspi4b-router kernel: dump_stack+0xac/0x104 >> Aug 16 08:11:21 raspi4b-router kernel: >> ubsan_type_mismatch_common+0x198/0x298 >> Aug 16 08:11:21 raspi4b-router kernel: >> __ubsan_handle_type_mismatch_v1+0x40/0x50 >> Aug 16 08:11:21 raspi4b-router kernel: brcmf_sdio_dpc+0xa50/0x128c >> [brcmfmac] > > Would you be able to provide information as to what line > brcmf_sdio_dpc+0xa50 refers to. > > Regards, > Arend