====================================== | [ 19.708905] ata10: SATA link down (SStatus 0 SControl 300) | [ 19.842928] ------------[ cut here ]------------ | [ 19.849293] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/broadcom/bnxt/bnxt.c:2588:26 | [ 19.860054] index 12 is out of range for type 'bnxt_bs_trace_info [11]' | [ 19.868281] CPU: 0 UID: 0 PID: 262 Comm: kworker/0:2 Not tainted 7.0.0-rc3-vbbt-g96e41a3b44f8 #1 PREEMPT(full) [ 19.868285] Hardware name: Giga Computing E163-Z34-AAH1-000/MZ33-DC1-000, BIOS R30_F44 12/24/2025 [ 19.868287] Workqueue: sync_wq local_pci_probe_callback [ 19.868296] Call Trace: [ 19.868298] [ 19.868301] dump_stack_lvl+0x6f/0xa0 [ 19.868308] ubsan_epilogue+0x5/0x2b [ 19.868311] __ubsan_handle_out_of_bounds.cold+0x54/0x59 [ 19.868315] bnxt_backing_store_cfg_v2+0x8d5/0xa00 [ 19.868323] bnxt_alloc_ctx_mem+0x610/0x970 [ 19.868328] bnxt_hwrm_func_qcaps.part.0+0x62f/0xb20 [ 19.868332] ? __bnxt_hwrm_func_qcaps+0xe15/0x1c30 [ 19.868337] ? bnxt_hwrm_func_resc_qcaps+0x1040/0x1040 [ 19.868343] bnxt_fw_init_one_p2+0x89/0xda0 [ 19.868346] ? bnxt_hwrm_func_qcaps.part.0+0xb20/0xb20 [ 19.868348] ? trace_kmalloc+0x107/0x130 [ 19.868352] ? __kasan_kmalloc+0x7b/0x90 [ 19.868355] ? __kmalloc_noprof+0x30c/0x7e0 [ 19.868360] bnxt_init_one+0x55b/0x29b0 [ 19.868365] ? bnxt_set_dflt_rings.constprop.0+0xdd0/0xdd0 [ 19.868369] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160 [ 19.868373] ? lockdep_hardirqs_on+0x84/0x130 [ 19.868377] ? _raw_spin_unlock_irqrestore+0x53/0x80 [ 19.868380] ? _raw_spin_unlock_irqrestore+0x40/0x80 [ 19.868383] ? bnxt_set_dflt_rings.constprop.0+0xdd0/0xdd0 [ 19.868385] local_pci_probe+0xcc/0x170 [ 19.868389] local_pci_probe_callback+0x35/0x80 [ 19.868390] ? process_one_work+0xd30/0x1390 [ 19.868393] process_one_work+0xd57/0x1390 [ 19.868400] ? pwq_dec_nr_in_flight+0x700/0x700 [ 19.868402] ? lock_acquire.part.0+0xbc/0x260 [ 19.868409] worker_thread+0x4d6/0xd40 [ 19.868413] ? rescuer_thread+0x1330/0x1330 [ 19.868415] ? __kthread_parkme+0xb3/0x200 [ 19.868419] ? rescuer_thread+0x1330/0x1330 [ 19.868421] kthread+0x30f/0x3f0 [ 19.868423] ? trace_irq_enable.constprop.0+0x13c/0x190 [ 19.868426] ? kthread_affine_node+0x150/0x150 [ 19.868429] ret_from_fork+0x4a2/0x720 [ 19.868432] ? arch_exit_to_user_mode_prepare.isra.0+0xb0/0xb0 [ 19.868436] ? __switch_to+0x538/0xcf0 [ 19.868439] ? kthread_affine_node+0x150/0x150 [ 19.868441] ret_from_fork_asm+0x11/0x20 | [ 20.040955] ================================================================== | [ 20.040956] BUG: KASAN: slab-out-of-bounds in bnxt_backing_store_cfg_v2+0x88b/0xa00 | [ 20.041952] Write of size 2 at addr ff11000120f9eb86 by task kworker/0:2/262 | [ 20.041952] | [ 20.041952] CPU: 0 UID: 0 PID: 262 Comm: kworker/0:2 Not tainted 7.0.0-rc3-vbbt-g96e41a3b44f8 #1 PREEMPT(full) [ 20.041952] Hardware name: Giga Computing E163-Z34-AAH1-000/MZ33-DC1-000, BIOS R30_F44 12/24/2025 [ 20.041952] Workqueue: sync_wq local_pci_probe_callback [ 20.041952] Call Trace: [ 20.041952] [ 20.041952] dump_stack_lvl+0x6f/0xa0 [ 20.041952] print_address_description.constprop.0+0x6e/0x300 [ 20.041952] print_report+0xfc/0x1fb [ 20.041952] ? bnxt_backing_store_cfg_v2+0x88b/0xa00 [ 20.041952] ? __virt_addr_valid+0x1da/0x430 [ 20.041952] ? bnxt_backing_store_cfg_v2+0x88b/0xa00 [ 20.041952] kasan_report+0xe8/0x120 [ 20.041952] ? bnxt_backing_store_cfg_v2+0x88b/0xa00 [ 20.041952] bnxt_backing_store_cfg_v2+0x88b/0xa00 [ 20.041952] bnxt_alloc_ctx_mem+0x610/0x970 [ 20.041952] bnxt_hwrm_func_qcaps.part.0+0x62f/0xb20 [ 20.041952] ? __bnxt_hwrm_func_qcaps+0xe15/0x1c30 [ 20.041952] ? bnxt_hwrm_func_resc_qcaps+0x1040/0x1040 [ 20.041952] bnxt_fw_init_one_p2+0x89/0xda0 [ 20.041952] ? bnxt_hwrm_func_qcaps.part.0+0xb20/0xb20 [ 20.041952] ? trace_kmalloc+0x107/0x130 [ 20.041952] ? __kasan_kmalloc+0x7b/0x90 [ 20.041952] ? __kmalloc_noprof+0x30c/0x7e0 [ 20.041952] bnxt_init_one+0x55b/0x29b0 [ 20.041952] ? bnxt_set_dflt_rings.constprop.0+0xdd0/0xdd0 [ 20.041952] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160 [ 20.041952] ? lockdep_hardirqs_on+0x84/0x130 [ 20.041952] ? _raw_spin_unlock_irqrestore+0x53/0x80 [ 20.041952] ? _raw_spin_unlock_irqrestore+0x40/0x80 [ 20.041952] ? bnxt_set_dflt_rings.constprop.0+0xdd0/0xdd0 [ 20.041952] local_pci_probe+0xcc/0x170 [ 20.041952] local_pci_probe_callback+0x35/0x80 [ 20.041952] ? process_one_work+0xd30/0x1390 [ 20.041952] process_one_work+0xd57/0x1390 [ 20.041952] ? pwq_dec_nr_in_flight+0x700/0x700 [ 20.041952] ? lock_acquire.part.0+0xbc/0x260 [ 20.041952] worker_thread+0x4d6/0xd40 [ 20.041952] ? rescuer_thread+0x1330/0x1330 [ 20.041952] ? __kthread_parkme+0xb3/0x200 [ 20.041952] ? rescuer_thread+0x1330/0x1330 [ 20.041952] kthread+0x30f/0x3f0 [ 20.041952] ? trace_irq_enable.constprop.0+0x13c/0x190 [ 20.041952] ? kthread_affine_node+0x150/0x150 [ 20.041952] ret_from_fork+0x4a2/0x720 [ 20.041952] ? arch_exit_to_user_mode_prepare.isra.0+0xb0/0xb0 [ 20.041952] ? __switch_to+0x538/0xcf0 [ 20.041952] ? kthread_affine_node+0x150/0x150 [ 20.041952] ret_from_fork_asm+0x11/0x20 | [ 20.642443] ------------[ cut here ]------------ | [ 20.648422] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/broadcom/bnxt/bnxt.c:9202:27 | [ 20.659172] index 12 is out of range for type 'bnxt_bs_trace_info [11]' | [ 20.667389] CPU: 0 UID: 0 PID: 262 Comm: kworker/0:2 Tainted: G B 7.0.0-rc3-vbbt-g96e41a3b44f8 #1 PREEMPT(full) | [ 20.667392] Tainted: [B]=BAD_PAGE [ 20.667393] Hardware name: Giga Computing E163-Z34-AAH1-000/MZ33-DC1-000, BIOS R30_F44 12/24/2025 [ 20.667394] Workqueue: sync_wq local_pci_probe_callback [ 20.667396] Call Trace: [ 20.667397] [ 20.667398] dump_stack_lvl+0x6f/0xa0 [ 20.667400] ubsan_epilogue+0x5/0x2b [ 20.667402] __ubsan_handle_out_of_bounds.cold+0x54/0x59 [ 20.667404] bnxt_hwrm_func_backing_store_cfg_v2+0xad0/0xb80 [ 20.667406] ? bnxt_request_irq+0x8c0/0x8c0 [ 20.667409] bnxt_backing_store_cfg_v2+0x4d7/0xa00 [ 20.667411] bnxt_alloc_ctx_mem+0x610/0x970 [ 20.667414] bnxt_hwrm_func_qcaps.part.0+0x62f/0xb20 [ 20.667416] ? __bnxt_hwrm_func_qcaps+0xe15/0x1c30 [ 20.667418] ? bnxt_hwrm_func_resc_qcaps+0x1040/0x1040 [ 20.667421] bnxt_fw_init_one_p2+0x89/0xda0 [ 20.667423] ? bnxt_hwrm_func_qcaps.part.0+0xb20/0xb20 [ 20.667425] ? trace_kmalloc+0x107/0x130 [ 20.667427] ? __kasan_kmalloc+0x7b/0x90 [ 20.667429] ? __kmalloc_noprof+0x30c/0x7e0 [ 20.667431] bnxt_init_one+0x55b/0x29b0 [ 20.667433] ? bnxt_set_dflt_rings.constprop.0+0xdd0/0xdd0 [ 20.667436] ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160 [ 20.667438] ? lockdep_hardirqs_on+0x84/0x130 [ 20.667440] ? _raw_spin_unlock_irqrestore+0x53/0x80 [ 20.667442] ? _raw_spin_unlock_irqrestore+0x40/0x80 [ 20.667443] ? bnxt_set_dflt_rings.constprop.0+0xdd0/0xdd0 [ 20.667445] local_pci_probe+0xcc/0x170 [ 20.667447] local_pci_probe_callback+0x35/0x80 [ 20.667449] ? process_one_work+0xd30/0x1390 [ 20.667451] process_one_work+0xd57/0x1390 [ 20.667453] ? pwq_dec_nr_in_flight+0x700/0x700 [ 20.667455] ? lock_acquire.part.0+0xbc/0x260 [ 20.667458] worker_thread+0x4d6/0xd40 [ 20.667460] ? rescuer_thread+0x1330/0x1330 [ 20.667462] ? __kthread_parkme+0xb3/0x200 [ 20.667464] ? rescuer_thread+0x1330/0x1330 [ 20.667465] kthread+0x30f/0x3f0 [ 20.667467] ? trace_irq_enable.constprop.0+0x13c/0x190 [ 20.667468] ? kthread_affine_node+0x150/0x150 [ 20.667470] ret_from_fork+0x4a2/0x720 [ 20.667471] ? arch_exit_to_user_mode_prepare.isra.0+0xb0/0xb0 [ 20.667473] ? __switch_to+0x538/0xcf0 [ 20.667475] ? kthread_affine_node+0x150/0x150 [ 20.667476] ret_from_fork_asm+0x11/0x20 Finger prints: ubsan_epilogue:bnxt_hwrm_func_backing_store_cfg_v2:bnxt_backing_store_cfg_v2:bnxt_alloc_ctx_mem:bnxt_fw_init_one_p2 print_report:kasan_report:bnxt_backing_store_cfg_v2:bnxt_alloc_ctx_mem:bnxt_fw_init_one_p2 ubsan_epilogue:bnxt_backing_store_cfg_v2:bnxt_alloc_ctx_mem:bnxt_fw_init_one_p2:bnxt_init_one