UBSAN: shift-out-of-bounds in hal/phydm/phydm_phystatus.c:1717

On **Raspberry Pi 5, Ubuntu Server 2024 10**, using **hostapd** to create and manage the wireless network.

The first time a station connects, the following error log appears from the kernel. But it seems to work fine, despite the error.

Dec 27 19:05:38 rpi-overlord-1 kernel: **UBSAN: shift-out-of-bounds in /var/lib/dkms/realtek-rtl8188eus/5.3.9~20200316/build/hal/phydm/phydm_phystatus.c:1717:69**
Dec 27 19:05:38 rpi-overlord-1 kernel: **shift exponent 63 is too large for 32-bit type 'int'**
Dec 27 19:05:38 rpi-overlord-1 kernel: CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G        WC OE      6.11.0-1005-raspi #5-Ubuntu
Dec 27 19:05:38 rpi-overlord-1 kernel: Tainted: [W]=WARN, [C]=CRAP, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Dec 27 19:05:38 rpi-overlord-1 kernel: Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
Dec 27 19:05:38 rpi-overlord-1 kernel: Call trace:
Dec 27 19:05:38 rpi-overlord-1 kernel:  dump_backtrace+0xdc/0x140
Dec 27 19:05:38 rpi-overlord-1 kernel:  show_stack+0x20/0x40
Dec 27 19:05:38 rpi-overlord-1 kernel:  dump_stack_lvl+0x98/0xd0
Dec 27 19:05:38 rpi-overlord-1 kernel:  dump_stack+0x18/0x30
Dec 27 19:05:38 rpi-overlord-1 kernel:  ubsan_epilogue+0x10/0x48
Dec 27 19:05:38 rpi-overlord-1 kernel:  __ubsan_handle_shift_out_of_bounds+0x118/0x170
Dec 27 19:05:38 rpi-overlord-1 kernel:  phydm_process_rssi_for_dm+0x1f8/0x370 [8188eu]
Dec 27 19:05:38 rpi-overlord-1 kernel:  odm_phy_status_query+0x124/0x180 [8188eu]
Dec 27 19:05:38 rpi-overlord-1 kernel:  rx_query_phy_status+0x1f4/0x388 [8188eu]
Dec 27 19:05:38 rpi-overlord-1 kernel:  pre_recv_entry+0x4c/0x98 [8188eu]
Dec 27 19:05:38 rpi-overlord-1 kernel:  recvbuf2recvframe+0x208/0x280 [8188eu]
Dec 27 19:05:38 rpi-overlord-1 kernel:  usb_recv_tasklet+0x7c/0xe8 [8188eu]
Dec 27 19:05:38 rpi-overlord-1 kernel:  tasklet_action_common.isra.0+0x1d0/0x400
Dec 27 19:05:38 rpi-overlord-1 kernel:  tasklet_action+0x38/0x50
Dec 27 19:05:38 rpi-overlord-1 kernel:  handle_softirqs+0x180/0x4a0
Dec 27 19:05:38 rpi-overlord-1 kernel:  __do_softirq+0x1c/0x28
Dec 27 19:05:38 rpi-overlord-1 kernel:  ____do_softirq+0x18/0x30
Dec 27 19:05:38 rpi-overlord-1 kernel:  call_on_irq_stack+0x24/0x58
Dec 27 19:05:38 rpi-overlord-1 kernel:  do_softirq_own_stack+0x24/0x50
Dec 27 19:05:38 rpi-overlord-1 kernel:  __irq_exit_rcu+0xe0/0x128
Dec 27 19:05:38 rpi-overlord-1 kernel:  irq_exit_rcu+0x18/0x50
Dec 27 19:05:38 rpi-overlord-1 kernel:  el1_interrupt+0x48/0xc8
Dec 27 19:05:38 rpi-overlord-1 kernel:  el1h_64_irq_handler+0x18/0x30
Dec 27 19:05:38 rpi-overlord-1 kernel:  el1h_64_irq+0x7c/0x80
Dec 27 19:05:38 rpi-overlord-1 kernel:  arch_local_irq_enable+0x8/0x20
Dec 27 19:05:38 rpi-overlord-1 kernel:  cpuidle_idle_call+0x16c/0x1c0
Dec 27 19:05:38 rpi-overlord-1 kernel:  do_idle+0x110/0x120
Dec 27 19:05:38 rpi-overlord-1 kernel:  cpu_startup_entry+0x3c/0x50
Dec 27 19:05:38 rpi-overlord-1 kernel:  rest_init+0x110/0x118
Dec 27 19:05:38 rpi-overlord-1 kernel:  start_kernel+0x424/0x430
Dec 27 19:05:38 rpi-overlord-1 kernel:  __primary_switched+0x80/0x90
Dec 27 19:05:38 rpi-overlord-1 kernel: ---[ end trace ]---
Dec 27 19:05:38 rpi-overlord-1 hostapd[868]: wlxd03745223e42: STA 4e:c5:24:bc:80:0e IEEE 802.11: associated
Dec 27 19:05:38 rpi-overlord-1 kernel: ------------[ cut here ]------------
Dec 27 19:05:38 rpi-overlord-1 kernel: **UBSAN: shift-out-of-bounds in /var/lib/dkms/realtek-rtl8188eus/5.3.9~20200316/build/hal/phydm/phydm_phystatus.c:1754:67**
Dec 27 19:05:38 rpi-overlord-1 kernel: **shift exponent 63 is too large for 32-bit type 'int'**
Dec 27 19:05:38 rpi-overlord-1 kernel: CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G        WC OE      6.11.0-1005-raspi #5-Ubuntu
Dec 27 19:05:38 rpi-overlord-1 kernel: Tainted: [W]=WARN, [C]=CRAP, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Dec 27 19:05:38 rpi-overlord-1 kernel: Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
Dec 27 19:05:38 rpi-overlord-1 kernel: Call trace:
Dec 27 19:05:38 rpi-overlord-1 kernel:  dump_backtrace+0xdc/0x140
Dec 27 19:05:38 rpi-overlord-1 kernel:  show_stack+0x20/0x40
Dec 27 19:05:38 rpi-overlord-1 kernel:  dump_stack_lvl+0x98/0xd0
Dec 27 19:05:38 rpi-overlord-1 kernel:  dump_stack+0x18/0x30
Dec 27 19:05:38 rpi-overlord-1 kernel:  ubsan_epilogue+0x10/0x48
Dec 27 19:05:38 rpi-overlord-1 kernel:  __ubsan_handle_shift_out_of_bounds+0x118/0x170
Dec 27 19:05:38 rpi-overlord-1 kernel:  phydm_process_rssi_for_dm+0x254/0x370 [8188eu]
Dec 27 19:05:38 rpi-overlord-1 kernel:  odm_phy_status_query+0x124/0x180 [8188eu]
Dec 27 19:05:38 rpi-overlord-1 kernel:  rx_query_phy_status+0x1f4/0x388 [8188eu]
Dec 27 19:05:38 rpi-overlord-1 kernel:  pre_recv_entry+0x4c/0x98 [8188eu]
Dec 27 19:05:38 rpi-overlord-1 kernel:  recvbuf2recvframe+0x208/0x280 [8188eu]
Dec 27 19:05:38 rpi-overlord-1 kernel:  usb_recv_tasklet+0x7c/0xe8 [8188eu]
Dec 27 19:05:38 rpi-overlord-1 kernel:  tasklet_action_common.isra.0+0x1d0/0x400
Dec 27 19:05:38 rpi-overlord-1 kernel:  tasklet_action+0x38/0x50
Dec 27 19:05:38 rpi-overlord-1 kernel:  handle_softirqs+0x180/0x4a0
Dec 27 19:05:38 rpi-overlord-1 kernel:  __do_softirq+0x1c/0x28
Dec 27 19:05:38 rpi-overlord-1 kernel:  ____do_softirq+0x18/0x30
Dec 27 19:05:38 rpi-overlord-1 kernel:  call_on_irq_stack+0x24/0x58
Dec 27 19:05:38 rpi-overlord-1 kernel:  do_softirq_own_stack+0x24/0x50
Dec 27 19:05:38 rpi-overlord-1 kernel:  __irq_exit_rcu+0xe0/0x128
Dec 27 19:05:38 rpi-overlord-1 kernel:  irq_exit_rcu+0x18/0x50
Dec 27 19:05:38 rpi-overlord-1 kernel:  el1_interrupt+0x48/0xc8
Dec 27 19:05:38 rpi-overlord-1 kernel:  el1h_64_irq_handler+0x18/0x30
Dec 27 19:05:38 rpi-overlord-1 kernel:  el1h_64_irq+0x7c/0x80
Dec 27 19:05:38 rpi-overlord-1 kernel:  arch_local_irq_enable+0x8/0x20
Dec 27 19:05:38 rpi-overlord-1 kernel:  cpuidle_idle_call+0x16c/0x1c0
Dec 27 19:05:38 rpi-overlord-1 kernel:  do_idle+0x110/0x120
Dec 27 19:05:38 rpi-overlord-1 kernel:  cpu_startup_entry+0x3c/0x50
Dec 27 19:05:38 rpi-overlord-1 kernel:  rest_init+0x110/0x118
Dec 27 19:05:38 rpi-overlord-1 kernel:  start_kernel+0x424/0x430
Dec 27 19:05:38 rpi-overlord-1 kernel:  __primary_switched+0x80/0x90
Dec 27 19:05:38 rpi-overlord-1 kernel: ---[ end trace ]---
Dec 27 19:05:38 rpi-overlord-1 hostapd[868]: wlxd03745223e42: STA 4e:c5:24:bc:80:0e RADIUS: starting accounting session 854E52B0F7B5553F
Dec 27 19:05:38 rpi-overlord-1 hostapd[868]: wlxd03745223e42: STA 4e:c5:24:bc:80:0e WPA: pairwise key handshake completed (RSN)
Dec 27 19:05:39 rpi-overlord-1 dhcpd[825]: DHCPREQUEST for 192.168.23.10 from 4e:c5:24:bc:80:0e (OPPO-A54s) via wlxd03745223e42
Dec 27 19:05:39 rpi-overlord-1 dhcpd[825]: DHCPACK on 192.168.23.10 to 4e:c5:24:bc:80:0e (OPPO-A54s) via wlxd03745223e42

### Environment
$ uname -a
Linux rpi-overlord-1 6.11.0-1005-raspi #5-Ubuntu SMP PREEMPT_DYNAMIC Fri Nov 22 13:24:30 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux

$ lsusb
Bus 002 Device 002: ID 2357:010c TP-Link TL-WN722N v2/v3 [Realtek RTL8188EUS]

$ sudo lshw -C network
  *-network                 
       description: Ethernet controller
       product: RP1 PCIe 2.0 South Bridge
       vendor: Raspberry Pi Ltd
       physical id: 0
       bus info: pci@0000:01:00.0
       version: 00
       width: 32 bits
       clock: 33MHz
       capabilities: pm pciexpress msix bus_master cap_list
       configuration: driver=rp1 latency=0
       resources: irq:41 memory:1f00410000-1f00413fff memory:1f00000000-1f003fffff memory:1f00400000-1f0040ffff
  *-interface:0
       description: Wireless interface
       product: 4345
       vendor: Broadcom
       physical id: 1
       bus info: mmc@1:0001:1
       logical name: mmc1:0001:1
       logical name: wlan0
       serial: 2c:cf:67:4b:90:62
       capabilities: ethernet physical wireless
       configuration: broadcast=yes driver=brcmfmac driverversion=7.45.234 firmware=01-996384e2 ip=192.168.1.123 multicast=yes wireless=IEEE 802.11
  *-network:0
       description: Ethernet interface
       physical id: 10
       logical name: eth0
       serial: 2c:cf:67:4b:90:61
       capacity: 1Gbit/s
       capabilities: ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegotiation
       configuration: autonegotiation=on broadcast=yes driver=macb driverversion=6.11.0-1005-raspi link=no multicast=yes port=twisted pair
  ***-network:1**
       description: Wireless interface
       physical id: 11
       bus info: usb@2:1
       logical name: **wlxd03745223e42**
       serial: d0:37:45:22:3e:42
       capabilities: ethernet physical wireless
       configuration: broadcast=yes driver=8188eu driverversion=6.11.0-1005-raspi ip=192.168.23.1 multicast=yes wireless=IEEE 802.11bgn


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

UBSAN: shift-out-of-bounds in hal/phydm/phydm_phystatus.c:1717 #15

Environment

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

UBSAN: shift-out-of-bounds in hal/phydm/phydm_phystatus.c:1717 #15

Description

Environment

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions