Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp2238757pxb; Wed, 30 Mar 2022 20:20:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxC2RyWTADGqAyeNDvlEeMP+2a6u8iC3RGfkqeIkiKueXZhxzO30veEjcjkw4vZgdMyP7wq X-Received: by 2002:a17:90a:d154:b0:1c6:64a5:a413 with SMTP id t20-20020a17090ad15400b001c664a5a413mr3736496pjw.6.1648696842572; Wed, 30 Mar 2022 20:20:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648696842; cv=none; d=google.com; s=arc-20160816; b=nkNGgp5yIYl255KOoWWG2ln1ENQuo6mWEVzN485+eICzjBVwgzbf7tzlGqDlKEA74w NjZ9lXCCVTQiN9hRM84BSrkdQoyg3sHpxE5aRv7EF8W46AWelIZAVguV8MkbD+gfkiyN mZPO1KdMO/Fco+KQXxdMgFZDXZaQvSzmKzTi0k5P8jzEmVYYf6zJfe7mCOepujkOO7FB eK97YjGf9BFMO0scIJY1h54EzzpceeUcMZpX6zMpMzt/X7VJ3DUWNZvJtN+BIpSl2h/M RcJ/T4yrszL7EWKriAEN2cuqnfJ7xbZsxd8HtDe7/B+0yZChF0zrIsSU05frePu6oCJi Fk7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:dkim-signature; bh=eLaIWlVraYrzqJO20OFbs4aqtDs0LbbZo1X56L7veGw=; b=wZXRy1AfVuavhHDRuRhcaRuqy9hyaN/DJQqjchmNShmtWAohkwUO8wOcWggALco7zp xYO6VosAmhdDvLUCCd/eMm/SZ+BSGmu1xItbt9OKq9IgVuDoBeDNh49HWbJZ2kgECRk9 BmVJLLuvGUI68vcU0VrLe6O/b3uayy8d+okuiO1xXfg39kWvyJkLJsbA3scvL7cug56p XrOX1TsesDGdX+YHaC2y+cWMyoIeK2dfBIyNdbls4IxTNqmDviGhnjImKI5BO3AXbpAz 3ZXTdnAqjIn6TtOzhMDKpmnHp89g58VyOQNdomFme/iZWhjhlqZbpwjlQoxx4W9Pv9Mm vniw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=VN7BmB8U; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id m2-20020a6545c2000000b003821688f7b8si22693030pgr.748.2022.03.30.20.20.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Mar 2022 20:20:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=VN7BmB8U; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9377210C523; Wed, 30 Mar 2022 19:51:52 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346301AbiC3NsR (ORCPT + 68 others); Wed, 30 Mar 2022 09:48:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43786 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237381AbiC3NsP (ORCPT ); Wed, 30 Mar 2022 09:48:15 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E17DAA27C6 for ; Wed, 30 Mar 2022 06:46:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1648647988; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=eLaIWlVraYrzqJO20OFbs4aqtDs0LbbZo1X56L7veGw=; b=VN7BmB8UpzzktEljPsAxZVUjXLJocd+CuyPskIKsqYE1+/b25wIN1MMxmQL2HJ2erPhEX5 pEGMOTognU+ttcbcZNw9B5PXyFXnqYeaxKhE0nwZ/lbRFQJTmL4RLJnexOaeRvAdCimmNG 3Tg6I7zwfOcK5AIxtdnte0AhiSKida4= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-110-rSIj0iqTMi2WADb_ncnc_A-1; Wed, 30 Mar 2022 09:46:26 -0400 X-MC-Unique: rSIj0iqTMi2WADb_ncnc_A-1 Received: by mail-ej1-f72.google.com with SMTP id nd34-20020a17090762a200b006e0ef16745cso4458355ejc.20 for ; Wed, 30 Mar 2022 06:46:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=eLaIWlVraYrzqJO20OFbs4aqtDs0LbbZo1X56L7veGw=; b=d/WSavbHK79LYTQ3yqEHtYgyDKGBQZ8qr1tbcPBd443sLD7tKTUYBsl8/TRUo3pD+3 zDjEIk7JcDVp4ht3A9V2MpoZTVVX8P+uPvjsaHcPRVWCDLoBeDJVo/OcRlpeE5d3Aeuk mER0UwNVrIPxyGOpw2NhEKDclWpTnrCpkras579EQXdVGv4l+dvYbRVtwT7ApCA4yMEx HDy2aT6UOKT+IleSQKTOLi46kfNPX13opxVCpV07vrO330FZJzow+MhyYXc3hjyHJCXp JY5VV9IBHe7f7wcAUwsMshr/mIH32qTkl16CpSV/hLvy3t16L1ElLEWTWiuzlkWWgTls Yi9Q== X-Gm-Message-State: AOAM532uhEL8HhTqn1YYMfav9qjE4ZZvm0am5nJuY2FWgP+fdL9ySvnB ydh6Z0gelhYcxToFQhwQhH2m8dN3wyKaXeh9DtgfbrHIsgsYMcJxQgfp/03Djr5ewgS6TRC7TNW bqJWw6Gnijon1zy3GuVWeMKcKSjk= X-Received: by 2002:a17:907:3e94:b0:6d1:d64e:3141 with SMTP id hs20-20020a1709073e9400b006d1d64e3141mr38837468ejc.213.1648647983277; Wed, 30 Mar 2022 06:46:23 -0700 (PDT) X-Received: by 2002:a17:907:3e94:b0:6d1:d64e:3141 with SMTP id hs20-20020a1709073e9400b006d1d64e3141mr38837371ejc.213.1648647982108; Wed, 30 Mar 2022 06:46:22 -0700 (PDT) Received: from alrua-x1.borgediget.toke.dk ([2a0c:4d80:42:443::2]) by smtp.gmail.com with ESMTPSA id jg22-20020a170907971600b006df9ff416ccsm8073801ejc.137.2022.03.30.06.46.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Mar 2022 06:46:21 -0700 (PDT) Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000) id E1D9A240E87; Wed, 30 Mar 2022 15:46:20 +0200 (CEST) From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= To: Johannes Berg , Bagas Sanjaya , 'Linux Kernel' Cc: "David S. Miller" , Jakub Kicinski , linux-wireless@vger.kernel.org, netdev@vger.kernel.org, Kurt Cancemi , Andrew Lunn Subject: Re: UBSAN: invalid-load in net/mac80211/status.c:1164:21 In-Reply-To: <892635fbacdc171baba2cba1b501f30b6a4faeca.camel@sipsolutions.net> References: <395d9e22-8b28-087a-5c5d-61a43db527ac@gmail.com> <892635fbacdc171baba2cba1b501f30b6a4faeca.camel@sipsolutions.net> X-Clacks-Overhead: GNU Terry Pratchett Date: Wed, 30 Mar 2022 15:46:20 +0200 Message-ID: <87bkxn4kpf.fsf@toke.dk> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Johannes Berg writes: > On Wed, 2022-03-30 at 18:49 +0700, Bagas Sanjaya wrote: >> >> [ 1152.928312] UBSAN: invalid-load in net/mac80211/status.c:1164:21 >> [ 1152.928318] load of value 255 is not a valid value for type '_Bool' > > > That's loading status->is_valid_ack_signal, it seems. > > Note how that's in a union, shadowed by the 0x00ff0000'00000000 byte of > the control.vif pointer (if I'm counting bytes correctly). That's kind > of expected to be 0xff. > >> [ 1152.928323] CPU: 1 PID: 857 Comm: rs:main Q:Reg Not tainted 5.17.1-kernelorg-stable-generic #1 >> [ 1152.928329] Hardware name: Acer Aspire E5-571/EA50_HB , BIOS V1.04 05/06/2014 >> [ 1152.928331] Call Trace: >> [ 1152.928334] >> [ 1152.928338] dump_stack_lvl+0x4c/0x63 >> [ 1152.928350] dump_stack+0x10/0x12 >> [ 1152.928354] ubsan_epilogue+0x9/0x45 >> [ 1152.928359] __ubsan_handle_load_invalid_value.cold+0x44/0x49 >> [ 1152.928365] ieee80211_tx_status_ext.cold+0xa3/0xb8 [mac80211] >> [ 1152.928467] ieee80211_tx_status+0x7d/0xa0 [mac80211] >> [ 1152.928535] ath_txq_unlock_complete+0x15c/0x170 [ath9k] >> [ 1152.928553] ath_tx_edma_tasklet+0xe5/0x4c0 [ath9k] >> [ 1152.928567] ath9k_tasklet+0x14e/0x280 [ath9k] > > Which sort of means that ath9k isn't setting up the status area > correctly? Yeah, it seems to be only setting fields individually, so AFAICT it's skipping 'antenna' and 'flags' in info->status. >> The bisection process, starting from v5.17 (the first tag with the warning), >> found first 'oops' commit at 837d9e49402eaf (net: phy: marvell: Fix invalid >> comparison in the resume and suspend functions, 2022-03-12). However, since >> the commit didn't touch net/mac80211/status.c, it wasn't the root cause >> commit. > > Well you'd look for something in ath9k, I guess. But you didn't limit > the bisect, so not sure why it went off into the weeds. Maybe you got > one of them wrong. > >> The latest commit that touch the file in question is commit >> ea5907db2a9ccf (mac80211: fix struct ieee80211_tx_info size, 2022-02-02). > > That's after 5.17 though, and it replaced the bool by just a flag. > > > Seems to me ath9k should use something like > ieee80211_tx_info_clear_status() or do the memset by itself? This bug > would now not be reported, but it might report the flag erroneously. So something like the below, maybe? -Toke diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c index d0caf1de2bde..425fe0df7d62 100644 --- a/drivers/net/wireless/ath/ath9k/xmit.c +++ b/drivers/net/wireless/ath/ath9k/xmit.c @@ -2553,6 +2553,8 @@ static void ath_tx_rc_status(struct ath_softc *sc, struct ath_buf *bf, struct ath_hw *ah = sc->sc_ah; u8 i, tx_rateindex; + ieee80211_tx_info_clear_status(tx_info); + if (txok) tx_info->status.ack_signal = ts->ts_rssi;