[Kernel-packages] [Bug 2091984] [NEW] UBSAN: array-index-out-of-bounds in /build/linux-vCyKs5/linux-6.8.0/kernel/locking/qspinlock.c:131:9

Tue, 17 Dec 2024 16:11:40 -0800 

You have been subscribed to a public bug:

Hello,

I got the following UBSAN error on Ubuntu 24.04 linux (amd64) with
linux-image-6.8.0-51-generic kernel on system with heavy load:

[ 5928.780916] [T3994182] ------------[ cut here ]------------
[ 5928.780922] [T3994182] UBSAN: array-index-out-of-bounds in 
/build/linux-vCyKs5/linux-6.8.0/kernel/locking/qspinlock.c:131:9
[ 5928.791197] [T3994182] index 15548 is out of range for type 'long unsigned 
int [8192]'
[ 5928.798226] [T3994182] CPU: 113 PID: 3994182 Comm: kworker/113:2 Kdump: 
loaded Tainted: G           OE      6.8.0-51-generic #52-Ubuntu
[ 5928.798231] [T3994182] Hardware name: HPE ProLiant DL385 Gen10 Plus 
v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 02/10/2022
[ 5928.798235] [T3994182] Workqueue: cgroup_destroy css_free_rwork_fn
[ 5928.798245] [T3994182] Call Trace:
[ 5928.798248] [T3994182]  <TASK>
[ 5928.798257] [T3994182]  dump_stack_lvl+0x76/0xa0
[ 5928.798264] [T3994182]  dump_stack+0x10/0x20
[ 5928.798269] [T3994182]  __ubsan_handle_out_of_bounds+0xc6/0x110
[ 5928.798276] [T3994182]  native_queued_spin_lock_slowpath+0x2fb/0x300
[ 5928.798284] [T3994182]  __raw_spin_lock_irqsave+0x57/0x80
[ 5928.798290] [T3994182]  _raw_spin_lock_irqsave+0xe/0x20
[ 5928.798296] [T3994182]  remove_entity_load_avg+0x36/0x90
[ 5928.798302] [T3994182]  unregister_fair_sched_group+0x50/0x180
[ 5928.798309] [T3994182]  cpu_cgroup_css_free+0x12/0x40
[ 5928.798315] [T3994182]  css_free_rwork_fn+0x4a/0x1f0
[ 5928.798322] [T3994182]  process_one_work+0x178/0x350
[ 5928.798329] [T3994182]  worker_thread+0x306/0x440
[ 5928.798336] [T3994182]  ? __pfx_worker_thread+0x10/0x10
[ 5928.798341] [T3994182]  kthread+0xf2/0x120
[ 5928.798347] [T3994182]  ? __pfx_kthread+0x10/0x10
[ 5928.798352] [T3994182]  ret_from_fork+0x47/0x70
[ 5928.798358] [T3994182]  ? __pfx_kthread+0x10/0x10
[ 5928.798363] [T3994182]  ret_from_fork_asm+0x1b/0x30
[ 5928.798372] [T3994182]  </TASK>
[ 5928.798374] [T3994182] ---[ end trace ]---
[ 5928.798381] [T3994182] BUG: unable to handle page fault for address: 
ffffffff99f8fd40
[ 5928.805318] [T3994182] #PF: supervisor write access in kernel mode
[ 5928.810592] [T3994182] #PF: error_code(0x0003) - permissions violation
[ 5928.816215] [T3994182] PGD 579f041067 P4D 579f041067 PUD 579f042063 PMD 
800000579e8001a1
[ 5928.823508] [T3994182] Oops: 0003 [#1] PREEMPT SMP NOPTI
[ 5928.827911] [T3994182] CPU: 113 PID: 3994182 Comm: kworker/113:2 Kdump: 
loaded Tainted: G           OE      6.8.0-51-generic #52-Ubuntu
[ 5928.839227] [T3994182] Hardware name: HPE ProLiant DL385 Gen10 Plus 
v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 02/10/2022
[ 5928.849229] [T3994182] Workqueue: cgroup_destroy css_free_rwork_fn
[ 5928.854512] [T3994182] RIP: 0010:native_queued_spin_lock_slowpath+0x2ac/0x300
[ 5928.860755] [T3994182] Code: 41 89 d7 44 0f b7 f0 41 83 ef 01 49 c1 e6 05 4d 
63 ff 49 81 c6 80 59 03 00 49 81 ff 00 20 00 00 73 48 4e 03 34 fd 20 bd f3 99 
<4d> 89 26 41 8b 44 24 08 8
5 c0 75 0b f3 90 41 8b 44 24 08 85 c0 74
[ 5928.879684] [T3994182] RSP: 0018:ffffac34b6defd30 EFLAGS: 00010082
[ 5928.884962] [T3994182] RAX: 0000000000000000 RBX: ffff9a5ffd1b7ec0 RCX: 
0000000000000000
[ 5928.892162] [T3994182] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 
0000000000000000
[ 5928.899365] [T3994182] RBP: ffffac34b6defd58 R08: 0000000000000000 R09: 
0000000000000000
[ 5928.906565] [T3994182] R10: 0000000000000000 R11: 0000000000000000 R12: 
ffff9abcbf4b5980
[ 5928.913763] [T3994182] R13: 0000000001c80000 R14: ffffffff99f8fd40 R15: 
0000000000003cbc
[ 5928.920964] [T3994182] FS:  0000000000000000(0000) GS:ffff9abcbf480000(0000) 
knlGS:0000000000000000
[ 5928.929128] [T3994182] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5928.934927] [T3994182] CR2: ffffffff99f8fd40 CR3: 000000579f03c002 CR4: 
0000000000f70ef0
[ 5928.942130] [T3994182] PKRU: 55555554
[ 5928.944868] [T3994182] Call Trace:
[ 5928.947341] [T3994182]  <TASK>
[ 5928.949463] [T3994182]  ? show_regs+0x6d/0x80
[ 5928.952900] [T3994182]  ? __die+0x24/0x80
[ 5928.955983] [T3994182]  ? page_fault_oops+0x99/0x1b0
[ 5928.960032] [T3994182]  ? kernelmode_fixup_or_oops.isra.0+0x69/0x90
[ 5928.965390] [T3994182]  ? __bad_area_nosemaphore+0x19d/0x2c0
[ 5928.970136] [T3994182]  ? bad_area_nosemaphore+0x16/0x30
[ 5928.974528] [T3994182]  ? do_kern_addr_fault+0x7b/0xa0
[ 5928.978748] [T3994182]  ? exc_page_fault+0x1a4/0x1b0
[ 5928.982795] [T3994182]  ? asm_exc_page_fault+0x27/0x30
[ 5928.987021] [T3994182]  ? native_queued_spin_lock_slowpath+0x2ac/0x300
[ 5928.992643] [T3994182]  __raw_spin_lock_irqsave+0x57/0x80
[ 5928.997127] [T3994182]  _raw_spin_lock_irqsave+0xe/0x20
[ 5929.001435] [T3994182]  remove_entity_load_avg+0x36/0x90
[ 5929.005829] [T3994182]  unregister_fair_sched_group+0x50/0x180
[ 5929.010749] [T3994182]  cpu_cgroup_css_free+0x12/0x40
[ 5929.015408] [T3994182]  css_free_rwork_fn+0x4a/0x1f0
[ 5929.019957] [T3994182]  process_one_work+0x178/0x350
[ 5929.024481] [T3994182]  worker_thread+0x306/0x440
[ 5929.028720] [T3994182]  ? __pfx_worker_thread+0x10/0x10
[ 5929.033427] [T3994182]  kthread+0xf2/0x120
[ 5929.036985] [T3994182]  ? __pfx_kthread+0x10/0x10
[ 5929.041097] [T3994182]  ret_from_fork+0x47/0x70
[ 5929.053388] [T3994182]  </TASK>
[ 5929.055932] [T3994182] Modules linked in: nvidia_modeset(OE) video wmi 
nvidia_uvm(OE) nvidia(OE) cmac nls_utf8 cifs cifs_arc4 nls_ucs2_utils cifs_md4 
ecc nfsv3 nfs_acl xfrm_user xfrm
_algo ipt_rpfilter xt_set xt_multiport ip6t_rpfilter ip_set_hash_net 
ip_set_hash_ip ip_set veth wireguard curve25519_x86_64 libchacha20poly1305 
chacha_x86_64 poly1305_x86_64 libcurve255
19_generic libchacha ip6_udp_tunnel udp_tunnel ip6t_REJECT nf_reject_ipv6 
nf_conntrack_netlink xt_recent xt_statistic xt_nat xt_MASQUERADE xt_mark 
xt_nfacct xt_addrtype ipt_REJECT nf_re
ject_ipv4 xt_tcpudp nft_chain_nat xt_conntrack xt_comment nft_compat 
ip6table_filter ip6table_nat ip6_tables iptable_filter iptable_nat nf_nat 
nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4
 nfnetlink_acct overlay br_netfilter bridge nf_tables rbd libceph nfs(OE) lockd 
grace sunrpc netfs 8021q garp mrp stp llc bonding tls cfg80211 binfmt_misc 
nls_iso8859_1 xfs intel_rapl_m
sr intel_rapl_common edac_mce_amd kvm_amd kvm irqbypass rapl ipmi_ssif ses 
enclosure mgag200 ccp hpilo joydev input_leds
[ 5929.056060] [T3994182]  k10temp ptdma i2c_piix4 ipmi_si acpi_power_meter 
acpi_tad acpi_ipmi ipmi_devintf ipmi_msghandler mac_hid sch_fq_codel msr 
efi_pstore nfnetlink dmi_sysfs ip_ta
bles x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov 
async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid0 raid1 
hid_generic crct10dif_pclmul crc
32_pclmul usbhid polyval_clmulni qede hid polyval_generic igb smartpqi 
ghash_clmulni_intel i2c_algo_bit qed sha256_ssse3 xhci_pci scsi_transport_sas 
sha1_ssse3 dca crc8 xhci_pci_renesas
 aesni_intel crypto_simd cryptd [last unloaded: iommufd]
[ 5929.204064] [T3994182] CR2: ffffffff99f8fd40

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

-- 
UBSAN: array-index-out-of-bounds in 
/build/linux-vCyKs5/linux-6.8.0/kernel/locking/qspinlock.c:131:9
https://bugs.launchpad.net/bugs/2091984
You received this bug notification because you are a member of Kernel Packages, 
which is subscribed to linux in Ubuntu.

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to