XPost: linux.debian.bugs.dist
From: vdanjean@debian.org
Package: src:linux
Version: 6.16.3-1~bpo13+1
Severity: normal
X-Debbugs-Cc: debian-amd64@lists.debian.org
User: debian-amd64@lists.debian.org
Usertags: amd64
Hi,
The ath5k driver seems to do an array-index-out-of-bounds access
as shown by the UBSAN kernel message.
[ 17.954484] ------------[ cut here ]------------
[ 17.954487] UBSAN: array-index-out-of-bounds in /build/reprod
cible-path/linux-6.16.3/drivers/net/wireless/ath/ath5k/base.c:1741:20
[ 17.955289] index 4 is out of range for type 'ieee80211_tx_rate [4]'
[ 17.956134] CPU: 1 UID: 0 PID: 1745 Comm: 16 Not tainted 6.16.3+deb13-amd64
#1 PREEMPT(lazy) Debian 6.16.3-1~bpo13+1
[ 17.956137] Hardware name: Gigabyte Technology Co., Ltd. H67A
UD3H-B3/H67A-UD3H-B3, BIOS F8 03/27/2012
[ 17.956139] Call Trace:
[ 17.956142]
[ 17.956145] dump_stack_lvl+0x5d/0x80
[ 17.956154] ubsan_epilogue+0x5/0x2b
[ 17.956158] __ubsan_handle_out_of_bounds.cold+0x46/0x4b
[ 17.956162] ath5k_tasklet_tx+0x4e0/0x560 [ath5k]
[ 17.956173] tasklet_action_common+0xb5/0x1c0
[ 17.956178] handle_softirqs+0xdf/0x320
[ 17.956181] __irq_exit_rcu+0xbc/0xe0
[ 17.956184] common_interrupt+0x47/0xa0
[ 17.956188] asm_common_interrupt+0x26/0x40
[ 17.956191] RIP: 0033:0x7f4fa439067d
[ 17.956204] Code: 0f b6 14 16 45 85 c0 74 01 92 29 d0 c3 48 8d 3c 07 48 8d
34 0e 45 85 c0 74 03 48 87 f7 48 0f bc d2 49 29 d3 76 0b 0f b6 0c 16 <0f> b6
04 17 29 c8 c3 31 c0 c3 66 0f 1f 84 00 00 00 00 00 0f b6 0e
[ 17.956206] RSP: 002b:00007ffd8cc32f08 EFLAGS: 00000212
[ 17.956209] RAX: 0000000000000020 RBX: 0000556dfab414a0 RCX:
000000000000070
[ 17.956210] RDX: 000000000000000d RSI: 00007f4fa4b7a05f RDI:
000556dfab414a0
[ 17.956211] RBP: 00007f4fa4b7a05f R08: 0000000000000400 R09:
000000000000008
[ 17.956213] R10: fffffffffffff4b8 R11: 000000000000000e R12:
00000000000001b
[ 17.956214] R13: 0000556dfab412c0 R14: 00007ffd8cc32f80 R15:
0007f4fa4b79eaf
[ 17.956217]
[ 17.956217] ---[ end trace ]---
It occurs once at each boot.
According to
https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/
inux-stable/+blame/master/drivers/net/wireless/ath/ath5k/base.c
the line of code has not changed for about 15 years.
And I'm using this driver for more than 10 years.
So, the array-index-out-of-bounds does not seem to
have hard consequences for now (by luck?)
Regards,
Vincent
-- Package-specific info:
** Version:
Linux version 6.16.3+deb13-amd64 (debian-kernel@lists.debian.org)
(x86_64-linux-gnu-gcc-14 (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for
Debian) 2.44) #1 SMP PREEMPT_DYNAMIC Debian 6.16.3-1~bpo13+1 (2025-09-06)
** Command line:
BOOT_IMAGE=/vmlinuz-6.16.3+deb13-amd64 root=/dev/mapper/titi+raid1-root ro
apparmor=0 intel_iommu=on iommu=pt quiet
** Not tainted
** Kernel log:
[ 11.948106] RAPL PMU: hw unit of domain pp1-gpu 2^-16 Joules
[ 11.948734] iTCO_vendor_support: vendor-support=0
[ 11.971235] i801_smbus 0000:00:1f.3: SMBus using PCI interrupt
[ 11.989717] usbcore: registered new interface driver uas
[ 11.996991] r8169 0000:03:00.0: can't disable ASPM; OS doesn't have ASPM
control
[ 12.016068] iTCO_wdt iTCO_wdt.1.auto: Found a Cougar Point TCO device
(Version=2, TCOBASE=0x0460)
[ 12.016508] iTCO_wdt iTCO_wdt.1.auto: initialized. heartbeat=30 sec
(nowayout=0)
[ 12.024328] firewire_ohci 0000:05:03.0: added OHCI v1.10 device as card 0,
4 IR + 8 IT contexts, quirks 0x2
[ 12.029094] usb 2-1.3: Found UVC 1.00 device (046d:0802)
[ 12.040780] r8169 0000:03:00.0 eth0: RTL8168e/8111e, 1c:6f:65:c6:0f:ea, XID
2c2, IRQ 33
[ 12.040789] r8169 0000:03:00.0 eth0: jumbo features [frames: 9194 bytes, tx
checksumming: ko]
[ 12.093664] usbcore: registered new interface driver uvcvideo
[ 12.094063] r8169 0000:03:00.0 enp3s0: renamed from eth0
[ 12.216780] ath5k 0000:05:01.0: registered as 'phy0'
[ 12.238852] snd_hda_intel 0000:00:1b.0: bound 0000:00:02.0 (ops
intel_audio_component_bind_ops [i915])
[ 12.248393] sr 7:0:0:0: [sr0] scsi3-mmc drive: 40x/40x writer dvd-ram cd/rw
xa/form2 cdda tray
[ 12.248400] cdrom: Uniform CD-ROM driver Revision: 3.20
[ 12.312870] sr 7:0:0:0: Attached scsi CD-ROM sr0
[ 12.347666] snd_hda_codec_realtek hdaudioC1D2: autoconfig for ALC889:
line_outs=4 (0x14/0x15/0x16/0x17/0x0) type:line
[ 12.347675] snd_hda_codec_realtek hdaudioC1D2: speaker_outs=0
(0x0/0x0/0x0/0x0/0x0)
[ 12.347678] snd_hda_codec_realtek hdaudioC1D2: hp_outs=1 (
x1b/0x0/0x0/0x0/0x0)
[ 12.347680] snd_hda_codec_realtek hdaudioC1D2: mono: mono_out=0x0
[ 12.347682] snd_hda_codec_realtek hdaudioC1D2: dig-out=0x11/0x1e
[ 12.347683] snd_hda_codec_realtek hdaudioC1D2: inputs:
[ 12.347685] snd_hda_codec_realtek hdaudioC1D2: Rear Mic=0x18
[ 12.347687] snd_hda_codec_realtek hdaudioC1D2: Front Mic=0x19
[ 12.347689] snd_hda_codec_realtek hdaudioC1D2: Line=0x1a
[ 12.373225] sr 8:0:0:0: [sr1] scsi3-mmc drive: 48x/48x writer dvd-ram cd/rw
xa/form2 cdda tray
[ 12.399873] usb 2-1.3: Warning! Unlikely big volume range (=6144),
cval->res is probably wrong.
[ 12.399879] usb 2-1.3: [5] FU [Mic Capture Volume] ch = 1, val = 1536/7680/1
[ 12.400143] usbcore: registered new interface driver snd-usb-audio
[ 12.434625] input: HDA Intel PCH Rear Mic as /devices/pci0000
00/0000:00:1b.0/sound/card1/input7
[ 12.434692] input: HDA Intel PCH Front Mic as /devices/pci000
:00/0000:00:1b.0/sound/card1/input8
[ 12.434749] input: HDA Intel PCH Line as /devices/pci0000:00/
000:00:1b.0/sound/card1/input9
[ 12.434808] input: HDA Intel PCH Line Out Front as /devices/p
i0000:00/0000:00:1b.0/sound/card1/input10
[ 12.442370] input: HDA Intel PCH Line Out Surround as /device
/pci0000:00/0000:00:1b.0/sound/card1/input11
[ 12.442483] input: HDA Intel PCH Line Out CLFE as /devices/pc
0000:00/0000:00:1b.0/sound/card1/input12
[ 12.454599] input: HDA Intel PCH Line Out Side as /devices/pc
0000:00/0000:00:1b.0/sound/card1/input13
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
