rtl8852au
rtl8852au copied to clipboard
lwfinger
UBSAN: array-index-out-of-bounds
Hi!
I am using a usb wifi TP-link TX20UH to connect to a gopro 6. It has worked flawlessly for several months. But I have now noticed random disconnects (wpa_supplicant[2632]: wlp0s20f0u1: CTRL-EVENT-DISCONNECTED bssid=06:41:69:8c:58:a3 reason=0). I don't known if this is related to the array-index-out-of-bounds issues.
from journalctl -b -1 i see two UBSAN: array-index-out-of-bounds with latest commit 865ab0fa91471d595c283d2f3db323f7f15455f5
https://github.com/lwfinger/rtl8852au/blob/865ab0fa91471d595c283d2f3db323f7f15455f5/os_dep/linux/ioctl_cfg80211.c#L1836
aug. 16 07:26:29 sol wpa_supplicant[1424]: wlp0s20f0u1: Trying to associate with 06:41:69:8c:58:a3 (SSID='GP26341904' freq=2412 MHz) aug. 16 07:26:29 sol NetworkManager[1355]:
[1723785989.5995] device (wlp0s20f0u1): supplicant interface state: disconnected -> associating aug. 16 07:26:29 sol NetworkManager[1355]: [1723785989.5995] device (p2p-dev-wlp0s20f0u1): supplicant management interface state: disconnected -> a> aug. 16 07:26:29 sol wpa_supplicant[1424]: wlp0s20f0u1: Associated with 06:41:69:8c:58:a3 aug. 16 07:26:29 sol wpa_supplicant[1424]: wlp0s20f0u1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 aug. 16 07:26:29 sol NetworkManager[1355]: [1723785989.9703] device (wlp0s20f0u1): supplicant interface state: associating -> associated aug. 16 07:26:29 sol NetworkManager[1355]: [1723785989.9705] device (p2p-dev-wlp0s20f0u1): supplicant management interface state: associating -> as> aug. 16 07:26:30 sol NetworkManager[1355]: [1723785990.7867] device (wlp0s20f0u1): supplicant interface state: associated -> 4way_handshake aug. 16 07:26:30 sol NetworkManager[1355]: [1723785990.7869] device (p2p-dev-wlp0s20f0u1): supplicant management interface state: associated -> 4wa> aug. 16 07:26:30 sol kernel: ------------[ cut here ]------------ aug. 16 07:26:30 sol kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8852au/1.15.0.1/build/os_dep/linux/ioctl_cfg80211.c:1836:110 aug. 16 07:26:30 sol kernel: index 16 is out of range for type 'u8 []' aug. 16 07:26:30 sol kernel: CPU: 3 PID: 1424 Comm: wpa_supplicant Tainted: G O 6.10.4-200.fc40.x86_64 #1 aug. 16 07:26:30 sol kernel: Hardware name: Dell Inc. Latitude E5470/0J9K9V, BIOS 1.34.3 11/20/2022 aug. 16 07:26:30 sol kernel: Call Trace: aug. 16 07:26:30 sol kernel: <TASK> aug. 16 07:26:30 sol kernel: dump_stack_lvl+0x5d/0x80 aug. 16 07:26:30 sol kernel: ubsan_epilogue+0x5/0x30 aug. 16 07:26:30 sol kernel: __ubsan_handle_out_of_bounds.cold+0x46/0x4b aug. 16 07:26:30 sol kernel: rtw_cfg80211_set_encryption+0x27b/0xa80 [8852au] aug. 16 07:26:30 sol kernel: cfg80211_rtw_add_key+0x446/0xf30 [8852au] aug. 16 07:26:30 sol kernel: nl80211_new_key+0x165/0x380 [cfg80211] aug. 16 07:26:30 sol kernel: genl_family_rcv_msg_doit+0xef/0x150 aug. 16 07:26:30 sol kernel: genl_rcv_msg+0x1b7/0x2c0 aug. 16 07:26:30 sol kernel: ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211] aug. 16 07:26:30 sol kernel: ? __pfx_nl80211_new_key+0x10/0x10 [cfg80211] aug. 16 07:26:30 sol kernel: ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211] aug. 16 07:26:30 sol kernel: ? __pfx_genl_rcv_msg+0x10/0x10 aug. 16 07:26:30 sol kernel: netlink_rcv_skb+0x50/0x100 aug. 16 07:26:30 sol kernel: genl_rcv+0x28/0x40 aug. 16 07:26:30 sol kernel: netlink_unicast+0x240/0x370 aug. 16 07:26:30 sol kernel: netlink_sendmsg+0x21b/0x470 aug. 16 07:26:30 sol kernel: ____sys_sendmsg+0x396/0x3d0 aug. 16 07:26:30 sol kernel: ___sys_sendmsg+0x9a/0xe0 aug. 16 07:26:30 sol kernel: ? do_syscall_64+0x8e/0x160 aug. 16 07:26:30 sol kernel: __sys_sendmsg+0xcc/0x100 aug. 16 07:26:30 sol kernel: do_syscall_64+0x82/0x160 aug. 16 07:26:30 sol kernel: ? dev_get_by_name_rcu+0x67/0x80 aug. 16 07:26:30 sol kernel: ? __check_object_size+0x58/0x230 aug. 16 07:26:30 sol kernel: ? _copy_to_user+0x24/0x40 aug. 16 07:26:30 sol kernel: ? put_user_ifreq+0x49/0x60 aug. 16 07:26:30 sol kernel: ? sock_do_ioctl+0x107/0x130 aug. 16 07:26:30 sol kernel: ? syscall_exit_to_user_mode+0x72/0x220 aug. 16 07:26:30 sol kernel: ? do_syscall_64+0x8e/0x160 aug. 16 07:26:30 sol kernel: ? __irq_exit_rcu+0x4a/0xb0 aug. 16 07:26:30 sol kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e aug. 16 07:26:30 sol kernel: RIP: 0033:0x7fbf5af2ca14 aug. 16 07:26:30 sol kernel: Code: 15 09 94 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bf 0f 1f 44 00 00 f3 0f 1e fa 80 3d 35 16 0d 00 00 74 13 b8 2e 00 00 00 > aug. 16 07:26:30 sol kernel: RSP: 002b:00007ffd1c9257b8 EFLAGS: 00000202 ORIG_RAX: 000000000000002e aug. 16 07:26:30 sol kernel: RAX: ffffffffffffffda RBX: 000055d02c121920 RCX: 00007fbf5af2ca14 aug. 16 07:26:30 sol kernel: RDX: 0000000000000000 RSI: 00007ffd1c9257f0 RDI: 0000000000000006 aug. 16 07:26:30 sol kernel: RBP: 00007ffd1c9257e0 R08: 0000000000000004 R09: 0000000000000001 aug. 16 07:26:30 sol kernel: R10: 00007ffd1c9258fc R11: 0000000000000202 R12: 000055d02c1c9c10 aug. 16 07:26:30 sol kernel: R13: 000055d02c121830 R14: 00007ffd1c9257f0 R15: 0000000000000000 aug. 16 07:26:30 sol kernel: </TASK> aug. 16 07:26:30 sol kernel: ---[ end trace ]--- aug. 16 07:26:30 sol kernel: ------------[ cut here ]------------ aug. 16 07:26:30 sol kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8852au/1.15.0.1/build/os_dep/linux/ioctl_cfg80211.c:1837:110 aug. 16 07:26:30 sol kernel: index 24 is out of range for type 'u8 []' aug. 16 07:26:30 sol kernel: CPU: 3 PID: 1424 Comm: wpa_supplicant Tainted: G O 6.10.4-200.fc40.x86_64 #1 aug. 16 07:26:30 sol kernel: Hardware name: Dell Inc. Latitude E5470/0J9K9V, BIOS 1.34.3 11/20/2022 aug. 16 07:26:30 sol kernel: Call Trace: aug. 16 07:26:30 sol kernel: <TASK> aug. 16 07:26:30 sol kernel: dump_stack_lvl+0x5d/0x80 aug. 16 07:26:30 sol kernel: ubsan_epilogue+0x5/0x30 aug. 16 07:26:30 sol kernel: __ubsan_handle_out_of_bounds.cold+0x46/0x4b aug. 16 07:26:30 sol kernel: rtw_cfg80211_set_encryption+0x2c0/0xa80 [8852au] aug. 16 07:26:30 sol kernel: cfg80211_rtw_add_key+0x446/0xf30 [8852au] aug. 16 07:26:30 sol kernel: nl80211_new_key+0x165/0x380 [cfg80211] aug. 16 07:26:30 sol kernel: genl_family_rcv_msg_doit+0xef/0x150 aug. 16 07:26:30 sol kernel: genl_rcv_msg+0x1b7/0x2c0 aug. 16 07:26:30 sol kernel: ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211] aug. 16 07:26:30 sol kernel: ? __pfx_nl80211_new_key+0x10/0x10 [cfg80211] aug. 16 07:26:30 sol kernel: ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211] aug. 16 07:26:30 sol kernel: ? __pfx_genl_rcv_msg+0x10/0x10 aug. 16 07:26:30 sol kernel: netlink_rcv_skb+0x50/0x100 aug. 16 07:26:30 sol kernel: genl_rcv+0x28/0x40 aug. 16 07:26:30 sol kernel: netlink_unicast+0x240/0x370 aug. 16 07:26:30 sol kernel: netlink_sendmsg+0x21b/0x470 aug. 16 07:26:30 sol kernel: ____sys_sendmsg+0x396/0x3d0 aug. 16 07:26:30 sol kernel: ___sys_sendmsg+0x9a/0xe0 aug. 16 07:26:30 sol kernel: ? do_syscall_64+0x8e/0x160 aug. 16 07:26:30 sol kernel: __sys_sendmsg+0xcc/0x100 aug. 16 07:26:30 sol kernel: do_syscall_64+0x82/0x160 aug. 16 07:26:30 sol kernel: ? dev_get_by_name_rcu+0x67/0x80 aug. 16 07:26:30 sol kernel: ? __check_object_size+0x58/0x230 aug. 16 07:26:30 sol kernel: ? _copy_to_user+0x24/0x40 aug. 16 07:26:30 sol kernel: ? put_user_ifreq+0x49/0x60 aug. 16 07:26:30 sol kernel: ? sock_do_ioctl+0x107/0x130 aug. 16 07:26:30 sol kernel: ? syscall_exit_to_user_mode+0x72/0x220 aug. 16 07:26:30 sol kernel: ? do_syscall_64+0x8e/0x160 aug. 16 07:26:30 sol kernel: ? __irq_exit_rcu+0x4a/0xb0 aug. 16 07:26:30 sol kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e aug. 16 07:26:30 sol kernel: RIP: 0033:0x7fbf5af2ca14 aug. 16 07:26:30 sol kernel: Code: 15 09 94 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bf 0f 1f 44 00 00 f3 0f 1e fa 80 3d 35 16 0d 00 00 74 13 b8 2e 00 00 00 > aug. 16 07:26:30 sol kernel: RSP: 002b:00007ffd1c9257b8 EFLAGS: 00000202 ORIG_RAX: 000000000000002e aug. 16 07:26:30 sol kernel: RAX: ffffffffffffffda RBX: 000055d02c121920 RCX: 00007fbf5af2ca14 aug. 16 07:26:30 sol kernel: RDX: 0000000000000000 RSI: 00007ffd1c9257f0 RDI: 0000000000000006 aug. 16 07:26:30 sol kernel: RBP: 00007ffd1c9257e0 R08: 0000000000000004 R09: 0000000000000001 aug. 16 07:26:30 sol kernel: R10: 00007ffd1c9258fc R11: 0000000000000202 R12: 000055d02c1c9c10 aug. 16 07:26:30 sol kernel: R13: 000055d02c121830 R14: 00007ffd1c9257f0 R15: 0000000000000000 aug. 16 07:26:30 sol kernel: </TASK> aug. 16 07:26:30 sol kernel: ---[ end trace ]--- aug. 16 07:26:30 sol wpa_supplicant[1424]: wlp0s20f0u1: WPA: Key negotiation completed with 06:41:69:8c:58:a3 [PTK=CCMP GTK=CCMP] aug. 16 07:26:30 sol NetworkManager[1355]: [1723785990.8506] device (wlp0s20f0u1): supplicant interface state: 4way_handshake -> completed aug. 16 07:26:30 sol wpa_supplicant[1424]: wlp0s20f0u1: CTRL-EVENT-CONNECTED - Connection to 06:41:69:8c:58:a3 completed [id=0 id_str=] aug. 16 07:26:30 sol NetworkManager[1355]: [1723785990.8507] device (wlp0s20f0u1): Activation: (wifi) Stage 2 of 5 (Device Configure) successful.
