** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Canonical Kernel Team (canonical-kernel-team)
** Changed in: linux (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2098081
Title:
UBSAN: array-index-out-of-bounds in /build/linux-
NDxcjp/linux-6.12.0/drivers/accessibility/speakup/main.c:825:6
Status in linux package in Ubuntu:
Triaged
Bug description:
With Linux 6.12.0-15-generic the following errors occured
[Feb12 10:03] nvme nvme1: controller is down; will reset: CSTS=0xffffffff,
PCI_STATUS=0x11
[ +0,000006] nvme nvme1: Does your device have a faulty power saving mode
enabled?
[ +0,000003] nvme nvme1: Try "nvme_core.default_ps_max_latency_us=0
pcie_aspm=off pcie_port_pm=off" and report a bug
[ +0,047499] nvme 0000:05:00.0: enabling device (0000 -> 0002)
[ +0,000095] nvme nvme1: Disabling device after reset failure: -19
[ +0,166531] nvme nvme1: Identify namespace failed (-5)
[ +31,988357] ------------[ cut here ]------------
[ +0,000003] UBSAN: array-index-out-of-bounds in
/build/linux-NDxcjp/linux-6.12.0/drivers/accessibility/speakup/main.c:825:6
[ +0,000041] index 256 is out of range for type 'u16 [256]'
[ +0,000019] CPU: 20 UID: 0 PID: 0 Comm: swapper/20 Tainted: P O
6.12.0-15-generic #15-Ubuntu
[ +0,000005] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE
[ +0,000001] Hardware name: System manufacturer System Product Name/PRIME
X570-PRO, BIOS 5021 09/29/2024
[ +0,000003] Call Trace:
[ +0,000002] <IRQ>
[ +0,000003] show_stack+0x49/0x60
[ +0,000008] dump_stack_lvl+0x5f/0x90
[ +0,000007] dump_stack+0x10/0x18
[ +0,000004] ubsan_epilogue+0x9/0x40
[ +0,000003] __ubsan_handle_out_of_bounds.cold+0x44/0x49
[ +0,000005] say_from_to+0x26a/0x330 [speakup]
[ +0,000009] say_line_from_to+0x55/0xd0 [speakup]
[ +0,000005] ? srso_alias_return_thunk+0x5/0xfbef5
[ +0,000003] ? speakup_date+0x143/0x240 [speakup]
[ +0,000006] cursor_done+0x159/0x210 [speakup]
[ +0,000005] ? __pfx_cursor_done+0x10/0x10 [speakup]
[ +0,000005] call_timer_fn+0x2f/0x150
[ +0,000004] ? __pfx_cursor_done+0x10/0x10 [speakup]
[ +0,000005] __run_timers+0x238/0x2d0
[ +0,000006] run_timer_softirq+0x8a/0x100
[ +0,000004] handle_softirqs+0xe7/0x340
[ +0,000005] __irq_exit_rcu+0xce/0xf0
[ +0,000003] irq_exit_rcu+0xe/0x20
[ +0,000004] sysvec_apic_timer_interrupt+0xa0/0xc0
[ +0,000003] </IRQ>
[ +0,000001] <TASK>
[ +0,000002] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ +0,000003] RIP: 0010:cpuidle_enter_state+0xd4/0x700
[ +0,000004] Code: 00 e8 90 37 ea fe e8 2b ef ff ff 49 89 c7 0f 1f 44 00 00
31 ff e8 5c 6d e8 fe 80 7d d0 00 0f 85 25 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6
0f 88 f5 01 00 00 4d 63 ee 49 83 fd 0a 0f 83 a8 04 00 00
[ +0,000003] RSP: 0018:ffffa30f0023fe00 EFLAGS: 00000246
[ +0,000003] RAX: 0000000000000000 RBX: ffff8d2d41f8dc00 RCX:
0000000000000000
[ +0,000002] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
0000000000000000
[ +0,000002] RBP: ffffa30f0023fe50 R08: 0000000000000000 R09:
0000000000000000
[ +0,000002] R10: 0000000000000000 R11: 0000000000000000 R12:
ffffffffa8b106e0
[ +0,000001] R13: 0000000000000001 R14: 0000000000000001 R15:
0000001ae4ce6453
[ +0,000005] ? tick_nohz_stop_tick+0x61/0x280
[ +0,000005] cpuidle_enter+0x2e/0x50
[ +0,000004] call_cpuidle+0x22/0x60
[ +0,000003] cpuidle_idle_call+0x117/0x190
[ +0,000004] do_idle+0x82/0xe0
[ +0,000003] cpu_startup_entry+0x29/0x30
[ +0,000003] start_secondary+0x129/0x160
[ +0,000004] common_startup_64+0x13e/0x141
[ +0,000007] </TASK>
[ +0,000001] ---[ end trace ]---
[ +0,000006] ------------[ cut here ]------------
[ +0,000001] UBSAN: array-index-out-of-bounds in
/build/linux-NDxcjp/linux-6.12.0/drivers/accessibility/speakup/main.c:831:10
[ +0,000035] index 383 is out of range for type 'u16 [256]'
[ +0,000017] CPU: 20 UID: 0 PID: 0 Comm: swapper/20 Tainted: P O
6.12.0-15-generic #15-Ubuntu
[ +0,000004] Tainted: [P]=PROPRIETARY_MODULE, [O]=OOT_MODULE
[ +0,000001] Hardware name: System manufacturer System Product Name/PRIME
X570-PRO, BIOS 5021 09/29/2024
[ +0,000002] Call Trace:
[ +0,000001] <IRQ>
[ +0,000002] show_stack+0x49/0x60
[ +0,000004] dump_stack_lvl+0x5f/0x90
[ +0,000004] dump_stack+0x10/0x18
[ +0,000003] ubsan_epilogue+0x9/0x40
[ +0,000004] __ubsan_handle_out_of_bounds.cold+0x44/0x49
[ +0,000004] say_from_to+0x282/0x330 [speakup]
[ +0,000007] say_line_from_to+0x55/0xd0 [speakup]
[ +0,000005] ? srso_alias_return_thunk+0x5/0xfbef5
[ +0,000002] ? speakup_date+0x143/0x240 [speakup]
[ +0,000006] cursor_done+0x159/0x210 [speakup]
[ +0,000005] ? __pfx_cursor_done+0x10/0x10 [speakup]
[ +0,000005] call_timer_fn+0x2f/0x150
[ +0,000003] ? __pfx_cursor_done+0x10/0x10 [speakup]
[ +0,000005] __run_timers+0x238/0x2d0
[ +0,000006] run_timer_softirq+0x8a/0x100
[ +0,000004] handle_softirqs+0xe7/0x340
[ +0,000005] __irq_exit_rcu+0xce/0xf0
[ +0,000003] irq_exit_rcu+0xe/0x20
[ +0,000003] sysvec_apic_timer_interrupt+0xa0/0xc0
[ +0,000003] </IRQ>
[ +0,000002] <TASK>
[ +0,000002] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ +0,000002] RIP: 0010:cpuidle_enter_state+0xd4/0x700
[ +0,000004] Code: 00 e8 90 37 ea fe e8 2b ef ff ff 49 89 c7 0f 1f 44 00 00
31 ff e8 5c 6d e8 fe 80 7d d0 00 0f 85 25 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6
0f 88 f5 01 00 00 4d 63 ee 49 83 fd 0a 0f 83 a8 04 00 00
[ +0,000002] RSP: 0018:ffffa30f0023fe00 EFLAGS: 00000246
[ +0,000003] RAX: 0000000000000000 RBX: ffff8d2d41f8dc00 RCX:
0000000000000000
[ +0,000001] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
0000000000000000
[ +0,000002] RBP: ffffa30f0023fe50 R08: 0000000000000000 R09:
0000000000000000
[ +0,000002] R10: 0000000000000000 R11: 0000000000000000 R12:
ffffffffa8b106e0
[ +0,000001] R13: 0000000000000001 R14: 0000000000000001 R15:
0000001ae4ce6453
[ +0,000005] ? tick_nohz_stop_tick+0x61/0x280
[ +0,000004] cpuidle_enter+0x2e/0x50
[ +0,000003] call_cpuidle+0x22/0x60
[ +0,000003] cpuidle_idle_call+0x117/0x190
[ +0,000004] do_idle+0x82/0xe0
[ +0,000003] cpu_startup_entry+0x29/0x30
[ +0,000004] start_secondary+0x129/0x160
[ +0,000003] common_startup_64+0x13e/0x141
[ +0,000006] </TASK>
[ +0,000001] ---[ end trace ]---
---
ProblemType: Bug
ApportVersion: 2.31.0-0ubuntu5
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: KDE
DistroRelease: Ubuntu 25.04
MachineType: System manufacturer System Product Name
NonfreeKernelModules: zfs
Package: linux (not installed)
ProcFB: 0 amdgpudrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.12.0-15-generic
root=/dev/mapper/vgkubuntu-root ro
ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No
PulseAudio daemon running, or not running as session daemon.
RelatedPackageVersions:
linux-restricted-modules-6.12.0-15-generic N/A
linux-backports-modules-6.12.0-15-generic N/A
linux-firmware 20250204.git0fd450ee-0ubuntu1
Tags: plucky
Uname: Linux 6.12.0-15-generic x86_64
UpgradeStatus: Upgraded to plucky on 2024-11-09 (95 days ago)
UserGroups: N/A
_MarkForUpload: True
dmi.bios.date: 09/29/2024
dmi.bios.release: 5.17
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 5021
dmi.board.asset.tag: Default string
dmi.board.name: PRIME X570-PRO
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: Rev X.0x
dmi.chassis.asset.tag: Default string
dmi.chassis.type: 3
dmi.chassis.vendor: Default string
dmi.chassis.version: Default string
dmi.modalias:
dmi:bvnAmericanMegatrendsInc.:bvr5021:bd09/29/2024:br5.17:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnPRIMEX570-PRO:rvrRevX.0x:cvnDefaultstring:ct3:cvrDefaultstring:skuSKU:
dmi.product.family: To be filled by O.E.M.
dmi.product.name: System Product Name
dmi.product.sku: SKU
dmi.product.version: System Version
dmi.sys.vendor: System manufacturer
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2098081/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
