Mange/rtl8192eu-linux-driver

UBSAN: array-index-out-of-bounds

ianmccul opened this issue · 1 comments

Linux ryzen 6.5.0-14-generic #14~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Nov 20 18:15:30 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

Jan 18 14:36:32 hostname kernel: ================================================================================
Jan 18 14:36:32 hostname kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8192eu/1.0/build/core/rtw_wlan_util.c:1906:48
Jan 18 14:36:32 hostname kernel: index 1 is out of range for type 'u8 [1]'
Jan 18 14:36:32 hostname kernel: CPU: 14 PID: 2591 Comm: wpa_supplicant Tainted: P           OE      6.5.0-14-generic #14~22.04.1-Ubuntu
Jan 18 14:36:32 hostname kernel: Hardware name: ASUS System Product Name/PRIME Z690-P WIFI D4, BIOS 0407 09/13/2021
Jan 18 14:36:32 hostname kernel: Call Trace:
Jan 18 14:36:32 hostname kernel:  <TASK>
Jan 18 14:36:32 hostname kernel:  dump_stack_lvl+0x48/0x70
Jan 18 14:36:32 hostname kernel:  dump_stack+0x10/0x20
Jan 18 14:36:32 hostname kernel:  __ubsan_handle_out_of_bounds+0xc6/0x110
Jan 18 14:36:32 hostname kernel:  HT_caps_handler+0x2f2/0x300 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_check_beacon_data+0x706/0xf50 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_add_beacon+0x14d/0x270 [8192eu]
Jan 18 14:36:32 hostname kernel:  cfg80211_rtw_start_ap+0x69/0x1a0 [8192eu]
Jan 18 14:36:32 hostname kernel:  ? nl80211_calculate_ap_params+0x1fc/0x320 [cfg80211]
Jan 18 14:36:32 hostname kernel:  nl80211_start_ap+0x821/0xa90 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? rtnl_unlock+0xe/0x20
Jan 18 14:36:32 hostname kernel:  ? nl80211_pre_doit+0x225/0x2d0 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg_doit.isra.0+0xe5/0x150
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg+0x180/0x250
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_start_ap+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_rcv_msg+0x4c/0xb0
Jan 18 14:36:32 hostname kernel:  ? __pfx_genl_rcv_msg+0x10/0x10
Jan 18 14:36:32 hostname kernel:  netlink_rcv_skb+0x5a/0x110
Jan 18 14:36:32 hostname kernel:  genl_rcv+0x28/0x50
Jan 18 14:36:32 hostname kernel:  netlink_unicast+0x1ab/0x2a0
Jan 18 14:36:32 hostname kernel:  netlink_sendmsg+0x25e/0x4e0
Jan 18 14:36:32 hostname kernel:  sock_sendmsg+0xc9/0xd0
Jan 18 14:36:32 hostname kernel:  ____sys_sendmsg+0x2aa/0x370
Jan 18 14:36:32 hostname kernel:  ___sys_sendmsg+0x9a/0xf0
Jan 18 14:36:32 hostname kernel:  __sys_sendmsg+0x89/0xf0
Jan 18 14:36:32 hostname kernel:  __x64_sys_sendmsg+0x1d/0x30
Jan 18 14:36:32 hostname kernel:  do_syscall_64+0x58/0x90
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit_to_user_mode+0x17/0x20
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit+0x43/0x50
Jan 18 14:36:32 hostname kernel:  ? exc_page_fault+0x94/0x1b0
Jan 18 14:36:32 hostname kernel:  entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Jan 18 14:36:32 hostname kernel: RIP: 0033:0x7f3239b1e967
Jan 18 14:36:32 hostname kernel: Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
Jan 18 14:36:32 hostname kernel: RSP: 002b:00007ffd97028ad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
Jan 18 14:36:32 hostname kernel: RAX: ffffffffffffffda RBX: 000055b943d7ead0 RCX: 00007f3239b1e967
Jan 18 14:36:32 hostname kernel: RDX: 0000000000000000 RSI: 00007ffd97028b10 RDI: 0000000000000006
Jan 18 14:36:32 hostname kernel: RBP: 000055b943d7edb0 R08: 0000000000000004 R09: 000055b943ea5f00
Jan 18 14:36:32 hostname kernel: R10: 00007ffd97028bf0 R11: 0000000000000246 R12: 000055b943eaa280
Jan 18 14:36:32 hostname kernel: R13: 00007ffd97028b10 R14: 0000000000000000 R15: 0000000000000000
Jan 18 14:36:32 hostname kernel:  </TASK>
Jan 18 14:36:32 hostname kernel: ================================================================================
Jan 18 14:36:32 hostname kernel: ================================================================================
Jan 18 14:36:32 hostname kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8192eu/1.0/build/core/rtw_wlan_util.c:1911:75
Jan 18 14:36:32 hostname kernel: index 2 is out of range for type 'u8 [1]'
Jan 18 14:36:32 hostname kernel: CPU: 14 PID: 2591 Comm: wpa_supplicant Tainted: P           OE      6.5.0-14-generic #14~22.04.1-Ubuntu
Jan 18 14:36:32 hostname kernel: Hardware name: ASUS System Product Name/PRIME Z690-P WIFI D4, BIOS 0407 09/13/2021
Jan 18 14:36:32 hostname kernel: Call Trace:
Jan 18 14:36:32 hostname kernel:  <TASK>
Jan 18 14:36:32 hostname kernel:  dump_stack_lvl+0x48/0x70
Jan 18 14:36:32 hostname kernel:  dump_stack+0x10/0x20
Jan 18 14:36:32 hostname kernel:  __ubsan_handle_out_of_bounds+0xc6/0x110
Jan 18 14:36:32 hostname kernel:  HT_caps_handler+0x1d2/0x300 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_check_beacon_data+0x706/0xf50 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_add_beacon+0x14d/0x270 [8192eu]
Jan 18 14:36:32 hostname kernel:  cfg80211_rtw_start_ap+0x69/0x1a0 [8192eu]
Jan 18 14:36:32 hostname kernel:  ? nl80211_calculate_ap_params+0x1fc/0x320 [cfg80211]
Jan 18 14:36:32 hostname kernel:  nl80211_start_ap+0x821/0xa90 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? rtnl_unlock+0xe/0x20
Jan 18 14:36:32 hostname kernel:  ? nl80211_pre_doit+0x225/0x2d0 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg_doit.isra.0+0xe5/0x150
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg+0x180/0x250
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_start_ap+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_rcv_msg+0x4c/0xb0
Jan 18 14:36:32 hostname kernel:  ? __pfx_genl_rcv_msg+0x10/0x10
Jan 18 14:36:32 hostname kernel:  netlink_rcv_skb+0x5a/0x110
Jan 18 14:36:32 hostname kernel:  genl_rcv+0x28/0x50
Jan 18 14:36:32 hostname kernel:  netlink_unicast+0x1ab/0x2a0
Jan 18 14:36:32 hostname kernel:  netlink_sendmsg+0x25e/0x4e0
Jan 18 14:36:32 hostname kernel:  sock_sendmsg+0xc9/0xd0
Jan 18 14:36:32 hostname kernel:  ____sys_sendmsg+0x2aa/0x370
Jan 18 14:36:32 hostname kernel:  ___sys_sendmsg+0x9a/0xf0
Jan 18 14:36:32 hostname kernel:  __sys_sendmsg+0x89/0xf0
Jan 18 14:36:32 hostname kernel:  __x64_sys_sendmsg+0x1d/0x30
Jan 18 14:36:32 hostname kernel:  do_syscall_64+0x58/0x90
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit_to_user_mode+0x17/0x20
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit+0x43/0x50
Jan 18 14:36:32 hostname kernel:  ? exc_page_fault+0x94/0x1b0
Jan 18 14:36:32 hostname kernel:  entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Jan 18 14:36:32 hostname kernel: RIP: 0033:0x7f3239b1e967
Jan 18 14:36:32 hostname kernel: Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
Jan 18 14:36:32 hostname kernel: RSP: 002b:00007ffd97028ad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
Jan 18 14:36:32 hostname kernel: RAX: ffffffffffffffda RBX: 000055b943d7ead0 RCX: 00007f3239b1e967
Jan 18 14:36:32 hostname kernel: RDX: 0000000000000000 RSI: 00007ffd97028b10 RDI: 0000000000000006
Jan 18 14:36:32 hostname kernel: RBP: 000055b943d7edb0 R08: 0000000000000004 R09: 000055b943ea5f00
Jan 18 14:36:32 hostname kernel: R10: 00007ffd97028bf0 R11: 0000000000000246 R12: 000055b943eaa280
Jan 18 14:36:32 hostname kernel: R13: 00007ffd97028b10 R14: 0000000000000000 R15: 0000000000000000
Jan 18 14:36:32 hostname kernel:  </TASK>
Jan 18 14:36:32 hostname kernel: ================================================================================
Jan 18 14:36:32 hostname kernel: ================================================================================
Jan 18 14:36:32 hostname kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8192eu/1.0/build/core/rtw_wlan_util.c:1917:76
Jan 18 14:36:32 hostname kernel: index 2 is out of range for type 'u8 [1]'
Jan 18 14:36:32 hostname kernel: CPU: 14 PID: 2591 Comm: wpa_supplicant Tainted: P           OE      6.5.0-14-generic #14~22.04.1-Ubuntu
Jan 18 14:36:32 hostname kernel: Hardware name: ASUS System Product Name/PRIME Z690-P WIFI D4, BIOS 0407 09/13/2021
Jan 18 14:36:32 hostname kernel: Call Trace:
Jan 18 14:36:32 hostname kernel:  <TASK>
Jan 18 14:36:32 hostname kernel:  dump_stack_lvl+0x48/0x70
Jan 18 14:36:32 hostname kernel:  dump_stack+0x10/0x20
Jan 18 14:36:32 hostname kernel:  __ubsan_handle_out_of_bounds+0xc6/0x110
Jan 18 14:36:32 hostname kernel:  HT_caps_handler+0x220/0x300 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_check_beacon_data+0x706/0xf50 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_add_beacon+0x14d/0x270 [8192eu]
Jan 18 14:36:32 hostname kernel:  cfg80211_rtw_start_ap+0x69/0x1a0 [8192eu]
Jan 18 14:36:32 hostname kernel:  ? nl80211_calculate_ap_params+0x1fc/0x320 [cfg80211]
Jan 18 14:36:32 hostname kernel:  nl80211_start_ap+0x821/0xa90 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? rtnl_unlock+0xe/0x20
Jan 18 14:36:32 hostname kernel:  ? nl80211_pre_doit+0x225/0x2d0 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg_doit.isra.0+0xe5/0x150
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg+0x180/0x250
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_start_ap+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_rcv_msg+0x4c/0xb0
Jan 18 14:36:32 hostname kernel:  ? __pfx_genl_rcv_msg+0x10/0x10
Jan 18 14:36:32 hostname kernel:  netlink_rcv_skb+0x5a/0x110
Jan 18 14:36:32 hostname kernel:  genl_rcv+0x28/0x50
Jan 18 14:36:32 hostname kernel:  netlink_unicast+0x1ab/0x2a0
Jan 18 14:36:32 hostname kernel:  netlink_sendmsg+0x25e/0x4e0
Jan 18 14:36:32 hostname kernel:  sock_sendmsg+0xc9/0xd0
Jan 18 14:36:32 hostname kernel:  ____sys_sendmsg+0x2aa/0x370
Jan 18 14:36:32 hostname kernel:  ___sys_sendmsg+0x9a/0xf0
Jan 18 14:36:32 hostname kernel:  __sys_sendmsg+0x89/0xf0
Jan 18 14:36:32 hostname kernel:  __x64_sys_sendmsg+0x1d/0x30
Jan 18 14:36:32 hostname kernel:  do_syscall_64+0x58/0x90
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit_to_user_mode+0x17/0x20
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit+0x43/0x50
Jan 18 14:36:32 hostname kernel:  ? exc_page_fault+0x94/0x1b0
Jan 18 14:36:32 hostname kernel:  entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Jan 18 14:36:32 hostname kernel: RIP: 0033:0x7f3239b1e967
Jan 18 14:36:32 hostname kernel: Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
Jan 18 14:36:32 hostname kernel: RSP: 002b:00007ffd97028ad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
Jan 18 14:36:32 hostname kernel: RAX: ffffffffffffffda RBX: 000055b943d7ead0 RCX: 00007f3239b1e967
Jan 18 14:36:32 hostname kernel: RDX: 0000000000000000 RSI: 00007ffd97028b10 RDI: 0000000000000006
Jan 18 14:36:32 hostname kernel: RBP: 000055b943d7edb0 R08: 0000000000000004 R09: 000055b943ea5f00
Jan 18 14:36:32 hostname kernel: R10: 00007ffd97028bf0 R11: 0000000000000246 R12: 000055b943eaa280
Jan 18 14:36:32 hostname kernel: R13: 00007ffd97028b10 R14: 0000000000000000 R15: 0000000000000000
Jan 18 14:36:32 hostname kernel:  </TASK>
Jan 18 14:36:32 hostname kernel: ================================================================================
Jan 18 14:36:32 hostname kernel: ================================================================================
Jan 18 14:36:32 hostname kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtl8192eu/1.0/build/core/rtw_wlan_util.c:1920:34
Jan 18 14:36:32 hostname kernel: index 2 is out of range for type 'u8 [1]'
Jan 18 14:36:32 hostname kernel: CPU: 14 PID: 2591 Comm: wpa_supplicant Tainted: P           OE      6.5.0-14-generic #14~22.04.1-Ubuntu
Jan 18 14:36:32 hostname kernel: Hardware name: ASUS System Product Name/PRIME Z690-P WIFI D4, BIOS 0407 09/13/2021
Jan 18 14:36:32 hostname kernel: Call Trace:
Jan 18 14:36:32 hostname kernel:  <TASK>
Jan 18 14:36:32 hostname kernel:  dump_stack_lvl+0x48/0x70
Jan 18 14:36:32 hostname kernel:  dump_stack+0x10/0x20
Jan 18 14:36:32 hostname kernel:  __ubsan_handle_out_of_bounds+0xc6/0x110
Jan 18 14:36:32 hostname kernel:  HT_caps_handler+0x240/0x300 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_check_beacon_data+0x706/0xf50 [8192eu]
Jan 18 14:36:32 hostname kernel:  rtw_add_beacon+0x14d/0x270 [8192eu]
Jan 18 14:36:32 hostname kernel:  cfg80211_rtw_start_ap+0x69/0x1a0 [8192eu]
Jan 18 14:36:32 hostname kernel:  ? nl80211_calculate_ap_params+0x1fc/0x320 [cfg80211]
Jan 18 14:36:32 hostname kernel:  nl80211_start_ap+0x821/0xa90 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? rtnl_unlock+0xe/0x20
Jan 18 14:36:32 hostname kernel:  ? nl80211_pre_doit+0x225/0x2d0 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg_doit.isra.0+0xe5/0x150
Jan 18 14:36:32 hostname kernel:  genl_family_rcv_msg+0x180/0x250
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_start_ap+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211]
Jan 18 14:36:32 hostname kernel:  genl_rcv_msg+0x4c/0xb0
Jan 18 14:36:32 hostname kernel:  ? __pfx_genl_rcv_msg+0x10/0x10
Jan 18 14:36:32 hostname kernel:  netlink_rcv_skb+0x5a/0x110
Jan 18 14:36:32 hostname kernel:  genl_rcv+0x28/0x50
Jan 18 14:36:32 hostname kernel:  netlink_unicast+0x1ab/0x2a0
Jan 18 14:36:32 hostname kernel:  netlink_sendmsg+0x25e/0x4e0
Jan 18 14:36:32 hostname kernel:  sock_sendmsg+0xc9/0xd0
Jan 18 14:36:32 hostname kernel:  ____sys_sendmsg+0x2aa/0x370
Jan 18 14:36:32 hostname kernel:  ___sys_sendmsg+0x9a/0xf0
Jan 18 14:36:32 hostname kernel:  __sys_sendmsg+0x89/0xf0
Jan 18 14:36:32 hostname kernel:  __x64_sys_sendmsg+0x1d/0x30
Jan 18 14:36:32 hostname kernel:  do_syscall_64+0x58/0x90
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit_to_user_mode+0x17/0x20
Jan 18 14:36:32 hostname kernel:  ? irqentry_exit+0x43/0x50
Jan 18 14:36:32 hostname kernel:  ? exc_page_fault+0x94/0x1b0
Jan 18 14:36:32 hostname kernel:  entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Jan 18 14:36:32 hostname kernel: RIP: 0033:0x7f3239b1e967
Jan 18 14:36:32 hostname kernel: Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
Jan 18 14:36:32 hostname kernel: RSP: 002b:00007ffd97028ad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
Jan 18 14:36:32 hostname kernel: RAX: ffffffffffffffda RBX: 000055b943d7ead0 RCX: 00007f3239b1e967
Jan 18 14:36:32 hostname kernel: RDX: 0000000000000000 RSI: 00007ffd97028b10 RDI: 0000000000000006
Jan 18 14:36:32 hostname kernel: RBP: 000055b943d7edb0 R08: 0000000000000004 R09: 000055b943ea5f00
Jan 18 14:36:32 hostname kernel: R10: 00007ffd97028bf0 R11: 0000000000000246 R12: 000055b943eaa280
Jan 18 14:36:32 hostname kernel: R13: 00007ffd97028b10 R14: 0000000000000000 R15: 0000000000000000
Jan 18 14:36:32 hostname kernel:  </TASK>
Jan 18 14:36:32 hostname kernel: ================================================================================

Fixed by #340