Created attachment 220101 [details] .config While booting, UBSAN reports an index out of range use in drivers/usb/host/ehci-hub.c:877:47: [ 1.873691] ================================================================================ [ 1.875970] UBSAN: Undefined behaviour in /usr/local/src/kernel/linux-git/drivers/usb/host/ehci-hub.c:877:47 [ 1.878277] index -1 is out of range for type 'u32 [1]' [ 1.880549] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.7.0-rc3-00002-g44c5afa #1 [ 1.882811] Hardware name: Apple Inc. MacBookPro8,2/Mac-94245A3940C91C80, BIOS MBP81.88Z.0047.B27.1201241646 01/24/12 [ 1.885121] ffff880265158800 ffff88026610b388 ffffffff815c8665 ffffffff811b1994 [ 1.887428] ffff88026610b3b0 ffffffffffffffff ffff88026610b3a0 ffffffff8163e77d [ 1.889719] ffffffff826a2c60 ffff88026610b3f8 ffffffff8163ee95 0000000000000292 [ 1.892001] Call Trace: [ 1.894242] [<ffffffff815c8665>] dump_stack+0x68/0xa3 [ 1.896493] [<ffffffff811b1994>] ? console_unlock+0x284/0x6a0 [ 1.898751] [<ffffffff8163e77d>] ubsan_epilogue+0xd/0x40 [ 1.900984] [<ffffffff8163ee95>] __ubsan_handle_out_of_bounds+0x75/0xa0 [ 1.903227] [<ffffffff8184de06>] ehci_hub_control+0xde6/0xf80 [ 1.905473] [<ffffffff81828a22>] usb_hcd_submit_urb+0x822/0xcc0 [ 1.907710] [<ffffffff8182a6fd>] usb_submit_urb+0x29d/0x960 [ 1.909982] [<ffffffff811947b3>] ? lockdep_init_map+0x63/0x270 [ 1.912257] [<ffffffff8182b698>] usb_start_wait_urb+0x78/0x120 [ 1.914549] [<ffffffff8182b7f4>] usb_control_msg+0xb4/0xf0 [ 1.916826] [<ffffffff81823994>] hub_probe+0x4b4/0xfd0 [ 1.919045] [<ffffffff81b31a76>] ? _raw_spin_unlock_irqrestore+0x46/0x60 [ 1.921302] [<ffffffff8119758d>] ? trace_hardirqs_on+0xd/0x10 [ 1.923575] [<ffffffff81831a4e>] usb_probe_interface+0x13e/0x3f0 [ 1.925870] [<ffffffff8177373f>] driver_probe_device+0x10f/0x390 [ 1.928111] [<ffffffff81773b6e>] __device_attach_driver+0xbe/0x180 [ 1.930340] [<ffffffff81773ab0>] ? __driver_attach+0xf0/0xf0 [ 1.932540] [<ffffffff81770bd2>] bus_for_each_drv+0x72/0xd0 [ 1.934710] [<ffffffff817734f1>] __device_attach+0xc1/0x150 [ 1.936850] [<ffffffff81773c7e>] device_initial_probe+0xe/0x10 [ 1.938963] [<ffffffff81772273>] bus_probe_device+0xd3/0x130 [ 1.941046] [<ffffffff8176f2fb>] device_add+0x52b/0x720 [ 1.943098] [<ffffffff8182e716>] usb_set_configuration+0x566/0xb90 [ 1.945140] [<ffffffff81840971>] generic_probe+0x31/0xa0 [ 1.947156] [<ffffffff818318d6>] usb_probe_device+0x36/0x70 [ 1.949157] [<ffffffff8177373f>] driver_probe_device+0x10f/0x390 [ 1.951142] [<ffffffff81773b6e>] __device_attach_driver+0xbe/0x180 [ 1.953110] [<ffffffff81773ab0>] ? __driver_attach+0xf0/0xf0 [ 1.955076] [<ffffffff81770bd2>] bus_for_each_drv+0x72/0xd0 [ 1.957017] [<ffffffff817734f1>] __device_attach+0xc1/0x150 [ 1.958942] [<ffffffff81773c7e>] device_initial_probe+0xe/0x10 [ 1.960844] [<ffffffff81772273>] bus_probe_device+0xd3/0x130 [ 1.962766] [<ffffffff8176f2fb>] device_add+0x52b/0x720 [ 1.964702] [<ffffffff81820436>] usb_new_device+0x2d6/0x720 [ 1.966659] [<ffffffff81826f7b>] usb_add_hcd+0x5db/0x970 [ 1.968629] [<ffffffff81843e9a>] usb_hcd_pci_probe+0x4ba/0x760 [ 1.970619] [<ffffffff8119746c>] ? trace_hardirqs_on_caller+0x1ac/0x2c0 [ 1.972601] [<ffffffff81858371>] ehci_pci_probe+0x31/0x40 [ 1.974598] [<ffffffff81655519>] local_pci_probe+0x59/0xf0 [ 1.976577] [<ffffffff8165735b>] pci_device_probe+0x14b/0x1c0 [ 1.978580] [<ffffffff8177373f>] driver_probe_device+0x10f/0x390 [ 1.980606] [<ffffffff81773a74>] __driver_attach+0xb4/0xf0 [ 1.982647] [<ffffffff817739c0>] ? driver_probe_device+0x390/0x390 [ 1.984679] [<ffffffff81770afb>] bus_for_each_dev+0x6b/0xb0 [ 1.986697] [<ffffffff81772d42>] driver_attach+0x22/0x40 [ 1.988710] [<ffffffff8177264c>] bus_add_driver+0x15c/0x2b0 [ 1.990718] [<ffffffff82938493>] ? ehci_hcd_init+0x59/0x59 [ 1.992717] [<ffffffff81774568>] driver_register+0x78/0x130 [ 1.994719] [<ffffffff81654e02>] __pci_register_driver+0x72/0xb0 [ 1.996732] [<ffffffff829384f8>] ehci_pci_init+0x65/0x67 [ 1.998727] [<ffffffff8100044c>] do_one_initcall+0x5c/0x1e0 [ 2.000718] [<ffffffff828f270b>] kernel_init_freeable+0x33b/0x3d1 [ 2.002702] [<ffffffff81b2642a>] kernel_init+0xa/0x120 [ 2.004665] [<ffffffff81b3232f>] ret_from_fork+0x1f/0x40 [ 2.006615] [<ffffffff81b26420>] ? rest_init+0x170/0x170 [ 2.008558] ================================================================================
On Wed, Jun 15, 2016 at 12:30:27PM +0000, bugzilla-daemon@bugzilla.kernel.org wrote: > https://bugzilla.kernel.org/show_bug.cgi?id=120361 > > Bug ID: 120361 > Summary: UBSAN splat in drivers/usb/host/ehci-hub.c:877:47 > Product: Drivers > Version: 2.5 > Kernel Version: 4.7.0-rc3 Should be fixed in linux-next, can you verify?
Built linux-next-20160616, now there's a UBSAN splat in drivers/usb/host/ehci-hub.c:889:34 instead: [ 1.855916] ================================================================================ [ 1.858264] UBSAN: Undefined behaviour in /usr/local/src/kernel/linux-next/drivers/usb/host/ehci-hub.c:889:34 [ 1.860622] index 2 is out of range for type 'u32 [1]' [ 1.862935] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.7.0-rc3-next-20160616-00002-g9e3793c #1 [ 1.865284] Hardware name: Apple Inc. MacBookPro8,2/Mac-94245A3940C91C80, BIOS MBP81.88Z.0047.B27.1201241646 01/24/12 [ 1.867658] ffff8802662f9000 ffff88026610b2a0 ffffffffaa5ceb95 ffffffffaa1b2105 [ 1.870046] ffff88026610b2c8 0000000000000002 ffff88026610b2b8 ffffffffaa645e5d [ 1.872414] ffffffffab6a6a60 ffff88026610b310 ffffffffaa646575 0000000000000282 [ 1.874783] Call Trace: [ 1.877111] [<ffffffffaa5ceb95>] dump_stack+0x68/0xa3 [ 1.879445] [<ffffffffaa1b2105>] ? console_unlock+0x275/0x6e0 [ 1.881764] [<ffffffffaa645e5d>] ubsan_epilogue+0xd/0x40 [ 1.884089] [<ffffffffaa646575>] __ubsan_handle_out_of_bounds+0x75/0xa0 [ 1.886437] [<ffffffffaa855524>] ehci_hub_control+0xd94/0xef0 [ 1.888774] [<ffffffffaa82fd93>] usb_hcd_submit_urb+0x423/0xcc0 [ 1.891132] [<ffffffffaa831e6d>] usb_submit_urb+0x29d/0x960 [ 1.893508] [<ffffffffaa194bc3>] ? lockdep_init_map+0x63/0x270 [ 1.895906] [<ffffffffaa832e08>] usb_start_wait_urb+0x78/0x120 [ 1.898291] [<ffffffffaa832f64>] usb_control_msg+0xb4/0xf0 [ 1.900617] [<ffffffffaa820d9e>] set_port_feature+0x4e/0x80 [ 1.902963] [<ffffffffaa825ed2>] hub_power_on+0x32/0x120 [ 1.905322] [<ffffffffaa8264b2>] hub_activate+0x4f2/0x8a0 [ 1.907695] [<ffffffffaab37d85>] ? __mutex_unlock_slowpath+0x105/0x230 [ 1.910027] [<ffffffffaa82b6a4>] hub_probe+0xa54/0xfd0 [ 1.912341] [<ffffffffaab3b556>] ? _raw_spin_unlock_irqrestore+0x46/0x60 [ 1.914647] [<ffffffffaa19799d>] ? trace_hardirqs_on+0xd/0x10 [ 1.916923] [<ffffffffaa8391be>] usb_probe_interface+0x13e/0x3f0 [ 1.919174] [<ffffffffaa77b0ff>] driver_probe_device+0x10f/0x390 [ 1.921392] [<ffffffffaa77b52e>] __device_attach_driver+0xbe/0x180 [ 1.923585] [<ffffffffaa77b470>] ? __driver_attach+0xf0/0xf0 [ 1.925748] [<ffffffffaa778592>] bus_for_each_drv+0x72/0xd0 [ 1.927884] [<ffffffffaa77aeb1>] __device_attach+0xc1/0x150 [ 1.929996] [<ffffffffaa77b63e>] device_initial_probe+0xe/0x10 [ 1.932090] [<ffffffffaa779c33>] bus_probe_device+0xd3/0x130 [ 1.934164] [<ffffffffaa776cbb>] device_add+0x52b/0x720 [ 1.936210] [<ffffffffaa835e86>] usb_set_configuration+0x566/0xb90 [ 1.938268] [<ffffffffaa8480e1>] generic_probe+0x31/0xa0 [ 1.940299] [<ffffffffaa839046>] usb_probe_device+0x36/0x70 [ 1.942316] [<ffffffffaa77b0ff>] driver_probe_device+0x10f/0x390 [ 1.944317] [<ffffffffaa77b52e>] __device_attach_driver+0xbe/0x180 [ 1.946342] [<ffffffffaa77b470>] ? __driver_attach+0xf0/0xf0 [ 1.948384] [<ffffffffaa778592>] bus_for_each_drv+0x72/0xd0 [ 1.950443] [<ffffffffaa77aeb1>] __device_attach+0xc1/0x150 [ 1.952522] [<ffffffffaa77b63e>] device_initial_probe+0xe/0x10 [ 1.954622] [<ffffffffaa779c33>] bus_probe_device+0xd3/0x130 [ 1.956699] [<ffffffffaa776cbb>] device_add+0x52b/0x720 [ 1.958789] [<ffffffffaa827bc6>] usb_new_device+0x2d6/0x720 [ 1.960861] [<ffffffffaa82e6eb>] usb_add_hcd+0x5db/0x970 [ 1.962947] [<ffffffffaa84b60a>] usb_hcd_pci_probe+0x4ba/0x760 [ 1.965055] [<ffffffffaa19787c>] ? trace_hardirqs_on_caller+0x1ac/0x2c0 [ 1.967197] [<ffffffffaa85fa61>] ehci_pci_probe+0x31/0x40 [ 1.969322] [<ffffffffaa65cc69>] local_pci_probe+0x59/0xf0 [ 1.971434] [<ffffffffaa65eaab>] pci_device_probe+0x14b/0x1c0 [ 1.973548] [<ffffffffaa77b0ff>] driver_probe_device+0x10f/0x390 [ 1.975661] [<ffffffffaa77b434>] __driver_attach+0xb4/0xf0 [ 1.977766] [<ffffffffaa77b380>] ? driver_probe_device+0x390/0x390 [ 1.979878] [<ffffffffaa7784bb>] bus_for_each_dev+0x6b/0xb0 [ 1.981993] [<ffffffffaa77a702>] driver_attach+0x22/0x40 [ 1.984086] [<ffffffffaa77a00c>] bus_add_driver+0x15c/0x2b0 [ 1.986174] [<ffffffffab93c7e8>] ? ehci_hcd_init+0x59/0x59 [ 1.988245] [<ffffffffaa77bf28>] driver_register+0x78/0x130 [ 1.990291] [<ffffffffaa65c552>] __pci_register_driver+0x72/0xb0 [ 1.992325] [<ffffffffab93c84d>] ehci_pci_init+0x65/0x67 [ 1.994356] [<ffffffffaa00044c>] do_one_initcall+0x5c/0x1e0 [ 1.996397] [<ffffffffab8f670b>] kernel_init_freeable+0x33b/0x3d1 [ 1.998411] [<ffffffffaab2fe3a>] kernel_init+0xa/0x120 [ 2.000377] [<ffffffffaab3bdef>] ret_from_fork+0x1f/0x40 [ 2.002304] [<ffffffffaab2fe30>] ? rest_init+0x170/0x170 [ 2.004194] ================================================================================
On Fri, Jun 17, 2016 at 04:33:05AM +0000, bugzilla-daemon@bugzilla.kernel.org wrote: > https://bugzilla.kernel.org/show_bug.cgi?id=120361 > > --- Comment #2 from Wilfried Klaebe <linux-kernel@lebenslange-mailadresse.de> > --- > Built linux-next-20160616, now there's a UBSAN splat in > drivers/usb/host/ehci-hub.c:889:34 instead: Please send to the linux-usb@vger.kernel.org mailing list.
Seems to be fixed, does not appear in (at least) 4.10 anymore.