Hello ! We have lengthily worked on this problem with a friend to be better efficient (thanks to him) !
To limit the compilation time, we have installed the Ubuntu compiled kernel from : https://kernel.ubuntu.com/mainline/ By bisecting using those versions, here is what we have : ``` v5.15.191 GOOD v6.0.19 GOOD v6.1.150 GOOD v6.2 GOOD v6.4 GOOD v6.5.5 GOOD with new error in logs [1] v6.5.11 GOOD with new error in logs [1] v6.6.10 GOOD with new error in logs [1] v6.6.10 GOOD with new error in logs [1] v6.6.15 GOOD with new error in logs [1] v6.6.20 BAD with new error in logs [1] v6.6.30 BAD with new error in logs [1] v6.6.60 BAD with new error in logs [1] v6.6.81 BAD with new error in logs [1] v6.6.104 BAD with new error in logs [1] v6.8.12 BAD with new error in logs [1] ``` So, we built Linux with gregkh tree : https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/gregkh.git/refs/tags We have seen in `git log` output : 9b4a8eac17f0 Linux 6.6.20 51f354b815c4 Linux 6.6.15 We used `git bisect`. After a lot of time lost by compiling and bisecting (the problem was always here or never here incoherently) using .config from ubuntu kernel, vanilla kernel or "localmodconfig", we found that may the problem is with a .config option and not a kernel code commit. The `diff config-6.6.15-060615-generic config-6.6.20-060620-generic` is small and after some tests, we found where is the problem. Ubuntu added in 6.6.20 : ``` CONFIG_INTEL_IOMMU_DEFAULT_ON=y CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON=y ``` And this is what broke the `broadcom-sta-dkms`. Temporary working solutions : - Compiling the kernel without those options solves the problem. - Adding `GRUB_CMDLINE_LINUX_DEFAULT="intel_iommu=off"` to `/etc/default/grub` solves the problem. - Adding `GRUB_CMDLINE_LINUX_DEFAULT="iommu=pt"` to `/etc/default/grub` solves the problem. [1]: The error message : ``` kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/wl/sys/wl_linux.c:1939:4 kernel: index 2 is out of range for type 'ether_addr [1]' ``` -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to broadcom-sta in Ubuntu. https://bugs.launchpad.net/bugs/2078697 Title: Ubuntu 24.04.1 (kernel ?) freeze/crashes when downloading using broadcom-sta package Status in broadcom-sta package in Ubuntu: Confirmed Bug description: I just updated my computer from Ubuntu 22.04 to Ubuntu 24.04. I observe that my PC started freezing. I need to reboot it to make it works again. The freeze/crash appears when I download something (updates from Ubuntu, file on the internet, or just navigating on the internet). This problem never occurs in 22.04. When the crash occurs, there is no log. The screen stays frozen. But in logs, I have found this but I don't know if it is related (8 times) : sept. 02 12:15:55 kernel: ------------[ cut here ]------------ sept. 02 12:15:55 kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/wl/sys/wl_linux.c:1935:4 sept. 02 12:15:55 kernel: index 2 is out of range for type 'ether_addr [1]' sept. 02 12:15:55 kernel: CPU: 2 PID: 943 Comm: wpa_supplicant Tainted: P OE 6.8.0-41-generic #41-Ubuntu sept. 02 12:15:55 kernel: Hardware name: ASUSTeK COMPUTER INC. G750JX/G750JX, BIOS G750JX.209 11/18/2013 sept. 02 12:15:55 kernel: Call Trace: sept. 02 12:15:55 kernel: <TASK> sept. 02 12:15:55 kernel: dump_stack_lvl+0x76/0xa0 sept. 02 12:15:55 kernel: dump_stack+0x10/0x20 sept. 02 12:15:55 kernel: __ubsan_handle_out_of_bounds+0xc6/0x110 sept. 02 12:15:55 kernel: _wl_set_multicast_list+0x211/0x230 [wl] sept. 02 12:15:55 kernel: wl_set_multicast_list+0x3a/0xa0 [wl] sept. 02 12:15:55 kernel: __dev_set_rx_mode+0x79/0xe0 sept. 02 12:15:55 kernel: __dev_mc_add+0x94/0xa0 sept. 02 12:15:55 kernel: dev_mc_add+0x10/0x20 sept. 02 12:15:55 kernel: igmp6_group_added+0xe0/0x100 sept. 02 12:15:55 kernel: ipv6_mc_up+0xa2/0xd0 sept. 02 12:15:55 kernel: ipv6_find_idev+0x47/0xb0 sept. 02 12:15:55 kernel: addrconf_add_dev+0x24/0xd0 sept. 02 12:15:55 kernel: addrconf_init_auto_addrs+0xe7/0x3c0 sept. 02 12:15:55 kernel: addrconf_notify+0x4c3/0x560 sept. 02 12:15:55 kernel: notifier_call_chain+0x61/0xe0 sept. 02 12:15:55 kernel: raw_notifier_call_chain+0x16/0x30 sept. 02 12:15:55 kernel: call_netdevice_notifiers_info+0x52/0xa0 sept. 02 12:15:55 kernel: netdev_state_change+0x7b/0xa0 sept. 02 12:15:55 kernel: set_operstate+0x5c/0xb0 sept. 02 12:15:55 kernel: do_setlink+0x504/0xe70 sept. 02 12:15:55 kernel: ? __nla_validate_parse+0x151/0x1e0 sept. 02 12:15:55 kernel: rtnl_setlink+0x12f/0x1f0 sept. 02 12:15:55 kernel: ? try_to_wake_up+0x227/0x700 sept. 02 12:15:55 kernel: ? security_capable+0x47/0x80 sept. 02 12:15:55 kernel: rtnetlink_rcv_msg+0x170/0x430 sept. 02 12:15:55 kernel: ? ep_poll_callback+0x23f/0x290 sept. 02 12:15:55 kernel: ? __pfx_rtnetlink_rcv_msg+0x10/0x10 sept. 02 12:15:55 kernel: netlink_rcv_skb+0x5d/0x110 sept. 02 12:15:55 kernel: rtnetlink_rcv+0x15/0x30 sept. 02 12:15:55 kernel: netlink_unicast+0x24d/0x390 sept. 02 12:15:55 kernel: netlink_sendmsg+0x214/0x470 sept. 02 12:15:55 kernel: __sys_sendto+0x21e/0x230 sept. 02 12:15:55 kernel: __x64_sys_sendto+0x24/0x40 sept. 02 12:15:55 kernel: x64_sys_call+0x1c33/0x25c0 sept. 02 12:15:55 kernel: do_syscall_64+0x7f/0x180 sept. 02 12:15:55 kernel: ? syscall_exit_to_user_mode+0x89/0x260 sept. 02 12:15:55 kernel: ? do_syscall_64+0x8c/0x180 sept. 02 12:15:55 kernel: ? sock_def_readable+0x52/0xf0 sept. 02 12:15:55 kernel: ? unix_dgram_sendmsg+0x667/0xab0 sept. 02 12:15:55 kernel: ? __sys_sendto+0x21e/0x230 sept. 02 12:15:55 kernel: ? syscall_exit_to_user_mode+0x89/0x260 sept. 02 12:15:55 kernel: ? do_syscall_64+0x8c/0x180 sept. 02 12:15:55 kernel: ? do_user_addr_fault+0x21a/0x670 sept. 02 12:15:55 kernel: ? irqentry_exit_to_user_mode+0x7e/0x260 sept. 02 12:15:55 kernel: ? irqentry_exit+0x43/0x50 sept. 02 12:15:55 kernel: ? exc_page_fault+0x94/0x1b0 sept. 02 12:15:55 kernel: entry_SYSCALL_64_after_hwframe+0x78/0x80 sept. 02 12:15:55 kernel: RIP: 0033:0x7d75e912bead sept. 02 12:15:55 kernel: Code: c3 ff ff ff ff 64 89 02 eb b9 0f 1f 00 f3 0f 1e fa 80 3d a5 f1 0d 00 00 41 89 ca 74 20 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 6b c3 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 sept. 02 12:15:55 kernel: RSP: 002b:00007ffdae4c9758 EFLAGS: 00000246 ORIG_RAX: 000000000000002c sept. 02 12:15:55 kernel: RAX: ffffffffffffffda RBX: 00005f2d57d40b40 RCX: 00007d75e912bead sept. 02 12:15:55 kernel: RDX: 0000000000000028 RSI: 00007ffdae4c9770 RDI: 0000000000000005 sept. 02 12:15:55 kernel: RBP: 00007ffdae4c97c0 R08: 0000000000000000 R09: 0000000000000000 sept. 02 12:15:55 kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 sept. 02 12:15:55 kernel: R13: 0000000000000001 R14: 00005f2d57dd2990 R15: 00005f2d57dbb290 sept. 02 12:15:55 kernel: </TASK> sept. 02 12:15:55 kernel: ---[ end trace ]--- Also this (1 time) : 2024-09-02T13:29:20.830667+02:00 NetworkManager[943]: <info> [1725276560.8304] device (wlp3s0): supplicant interface state: disconnected -> associating 2024-09-02T13:29:20.963109+02:00 kernel: ------------[ cut here ]------------ 2024-09-02T13:29:20.963132+02:00 kernel: UBSAN: array-index-out-of-bounds in /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/wl/sys/wl_cfg80211_hybrid.c:2394:26 2024-09-02T13:29:20.963135+02:00 kernel: index 1 is out of range for type 'uint8 [1]' 2024-09-02T13:29:20.963137+02:00 kernel: CPU: 6 PID: 556 Comm: wl_event_handle Tainted: P OE 6.8.0-41-generic #41-Ubuntu 2024-09-02T13:29:20.963139+02:00 kernel: Hardware name: ASUSTeK COMPUTER INC. G750JX/G750JX, BIOS G750JX.209 11/18/2013 2024-09-02T13:29:20.963140+02:00 kernel: Call Trace: 2024-09-02T13:29:20.963143+02:00 kernel: <TASK> 2024-09-02T13:29:20.963144+02:00 kernel: dump_stack_lvl+0x76/0xa0 2024-09-02T13:29:20.963146+02:00 kernel: dump_stack+0x10/0x20 2024-09-02T13:29:20.963147+02:00 kernel: __ubsan_handle_out_of_bounds+0xc6/0x110 2024-09-02T13:29:20.963149+02:00 kernel: wl_update_bss_info+0x10f/0x370 [wl] 2024-09-02T13:29:20.963150+02:00 kernel: wl_bss_connect_done.isra.0+0x170/0x2a0 [wl] 2024-09-02T13:29:20.963151+02:00 kernel: wl_notify_connect_status+0xdf/0x450 [wl] 2024-09-02T13:29:20.963152+02:00 kernel: wl_event_handler+0x7b/0x240 [wl] 2024-09-02T13:29:20.963154+02:00 kernel: ? __pfx_wl_event_handler+0x10/0x10 [wl] 2024-09-02T13:29:20.963155+02:00 kernel: kthread+0xf2/0x120 2024-09-02T13:29:20.963157+02:00 kernel: ? __pfx_kthread+0x10/0x10 2024-09-02T13:29:20.963158+02:00 kernel: ret_from_fork+0x47/0x70 2024-09-02T13:29:20.963159+02:00 kernel: ? __pfx_kthread+0x10/0x10 2024-09-02T13:29:20.963161+02:00 kernel: ret_from_fork_asm+0x1b/0x30 2024-09-02T13:29:20.963163+02:00 kernel: </TASK> 2024-09-02T13:29:20.963164+02:00 kernel: ---[ end trace ]--- What can I do do correct this ? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/broadcom-sta/+bug/2078697/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
