Public bug reported:
Bug Description:
Summary: UBSAN detected a shift-out-of-bounds error in the Linux kernel source
file sound/soc/soc-dapm.c at line 814.
Issue Details: The code attempts a bit-shift operation with an exponent
of 16384 on a 32-bit unsigned int type, which exceeds the maximum
allowable range (0–31). This triggers undefined behavior and may result
in unpredictable system behavior.
Reproducibility: Consistently observed during boot initialization,
specifically while udev-worker was running.
Hardware: Google Reks/Reks (Chromebox BIOS MrChromebox-2408.1, dated
09/14/2024).
Kernel Version: 6.8.0-51-generic #52-Ubuntu.
Steps to Reproduce:
1) Boot a system with indicated Google Chromebook hardware and coreboot BIOS
with Ubuntu LTS 24.04.1 and kernel version 6.8.0-51-generic.
2) Monitor dmesg logs for UBSAN warnings.
Observed Behavior:
The system logs the following error in dmesg:
UBSAN: shift-out-of-bounds in
/build/linux-vCyKs5/linux-6.8.0/sound/soc/soc-dapm.c:814:15
shift exponent 16384 is too large for 32-bit type 'unsigned int'
Expected Behavior:
No UBSAN warnings or undefined behavior in kernel operations during boot.
Additional Information:
Log Snippet:
[ 14.206658] UBSAN: shift-out-of-bounds in
/build/linux-vCyKs5/linux-6.8.0/sound/soc/soc-dapm.c:814:15
[ 14.206671] shift exponent 16384 is too large for 32-bit type 'unsigned int'
[ 14.206678] CPU: 0 PID: 380 Comm: (udev-worker) Not tainted 6.8.0-51-generic
#52-Ubuntu
[ 14.206683] Hardware name: GOOGLE Reks/Reks, BIOS MrChromebox-2408.1
09/14/2024
Potential Impact: Undefined behavior in kernel modules can lead to
system instability or incorrect operation.
Suggested Fix:
Review and modify the bit-shift logic in soc-dapm.c to ensure the shift
exponent remains within the valid range for the data type. Consider masking or
clamping the exponent to a value between 0 and 31 for 32-bit integers.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linux-image-6.8.0-51-generic 6.8.0-51.52
ProcVersionSignature: Ubuntu 6.8.0-51.52-generic 6.8.12
Uname: Linux 6.8.0-51-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.3
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/seq: chris 1567 F.... pipewire
/dev/snd/controlC1: chris 1567 F.... pipewire
chris 1570 F.... wireplumber
CRDA: N/A
CasperMD5CheckResult: unknown
CurrentDesktop: LXQt
Date: Sat Jan 4 08:43:20 2025
InstallationDate: Installed on 2024-12-23 (12 days ago)
InstallationMedia: Lubuntu 24.04.1 LTS "Noble Numbat" - Release amd64 (20240827)
Lsusb:
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 046d:c52f Logitech, Inc. Unifying Receiver
Bus 001 Device 003: ID 0408:2040 Quanta Computer, Inc. Lenovo EasyCamera
Bus 001 Device 004: ID 8087:0a2a Intel Corp. Bluetooth wireless interface
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
MachineType: GOOGLE Reks
ProcFB: 0 i915drmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.8.0-51-generic
root=UUID=a7cf1589-b7fe-4151-a70b-4ef90c746255 ro quiet splash vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-6.8.0-51-generic N/A
linux-backports-modules-6.8.0-51-generic N/A
linux-firmware 20240318.git3b128b60-0ubuntu2.6
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 09/14/2024
dmi.bios.release: 24.8
dmi.bios.vendor: coreboot
dmi.bios.version: MrChromebox-2408.1
dmi.board.name: Reks
dmi.board.vendor: GOOGLE
dmi.board.version: 1.0
dmi.chassis.type: 9
dmi.chassis.vendor: GOOGLE
dmi.ec.firmware.release: 0.0
dmi.modalias:
dmi:bvncoreboot:bvrMrChromebox-2408.1:bd09/14/2024:br24.8:efr0.0:svnGOOGLE:pnReks:pvr1.0:rvnGOOGLE:rnReks:rvr1.0:cvnGOOGLE:ct9:cvr:sku:
dmi.product.family: Intel_Strago
dmi.product.name: Reks
dmi.product.version: 1.0
dmi.sys.vendor: GOOGLE
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug noble
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2092985
Title:
UBSAN: Shift-Out-of-Bounds in soc-dapm.c (Linux Kernel 6.8.0 on Ubuntu
24.04)
Status in linux package in Ubuntu:
New
Bug description:
Bug Description:
Summary: UBSAN detected a shift-out-of-bounds error in the Linux kernel
source file sound/soc/soc-dapm.c at line 814.
Issue Details: The code attempts a bit-shift operation with an
exponent of 16384 on a 32-bit unsigned int type, which exceeds the
maximum allowable range (0–31). This triggers undefined behavior and
may result in unpredictable system behavior.
Reproducibility: Consistently observed during boot initialization,
specifically while udev-worker was running.
Hardware: Google Reks/Reks (Chromebox BIOS MrChromebox-2408.1, dated
09/14/2024).
Kernel Version: 6.8.0-51-generic #52-Ubuntu.
Steps to Reproduce:
1) Boot a system with indicated Google Chromebook hardware and coreboot BIOS
with Ubuntu LTS 24.04.1 and kernel version 6.8.0-51-generic.
2) Monitor dmesg logs for UBSAN warnings.
Observed Behavior:
The system logs the following error in dmesg:
UBSAN: shift-out-of-bounds in
/build/linux-vCyKs5/linux-6.8.0/sound/soc/soc-dapm.c:814:15
shift exponent 16384 is too large for 32-bit type 'unsigned int'
Expected Behavior:
No UBSAN warnings or undefined behavior in kernel operations during boot.
Additional Information:
Log Snippet:
[ 14.206658] UBSAN: shift-out-of-bounds in
/build/linux-vCyKs5/linux-6.8.0/sound/soc/soc-dapm.c:814:15
[ 14.206671] shift exponent 16384 is too large for 32-bit type 'unsigned
int'
[ 14.206678] CPU: 0 PID: 380 Comm: (udev-worker) Not tainted
6.8.0-51-generic #52-Ubuntu
[ 14.206683] Hardware name: GOOGLE Reks/Reks, BIOS MrChromebox-2408.1
09/14/2024
Potential Impact: Undefined behavior in kernel modules can lead to
system instability or incorrect operation.
Suggested Fix:
Review and modify the bit-shift logic in soc-dapm.c to ensure the shift
exponent remains within the valid range for the data type. Consider masking or
clamping the exponent to a value between 0 and 31 for 32-bit integers.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linux-image-6.8.0-51-generic 6.8.0-51.52
ProcVersionSignature: Ubuntu 6.8.0-51.52-generic 6.8.12
Uname: Linux 6.8.0-51-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.3
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/seq: chris 1567 F.... pipewire
/dev/snd/controlC1: chris 1567 F.... pipewire
chris 1570 F.... wireplumber
CRDA: N/A
CasperMD5CheckResult: unknown
CurrentDesktop: LXQt
Date: Sat Jan 4 08:43:20 2025
InstallationDate: Installed on 2024-12-23 (12 days ago)
InstallationMedia: Lubuntu 24.04.1 LTS "Noble Numbat" - Release amd64
(20240827)
Lsusb:
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 046d:c52f Logitech, Inc. Unifying Receiver
Bus 001 Device 003: ID 0408:2040 Quanta Computer, Inc. Lenovo EasyCamera
Bus 001 Device 004: ID 8087:0a2a Intel Corp. Bluetooth wireless interface
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
MachineType: GOOGLE Reks
ProcFB: 0 i915drmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.8.0-51-generic
root=UUID=a7cf1589-b7fe-4151-a70b-4ef90c746255 ro quiet splash vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-6.8.0-51-generic N/A
linux-backports-modules-6.8.0-51-generic N/A
linux-firmware 20240318.git3b128b60-0ubuntu2.6
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 09/14/2024
dmi.bios.release: 24.8
dmi.bios.vendor: coreboot
dmi.bios.version: MrChromebox-2408.1
dmi.board.name: Reks
dmi.board.vendor: GOOGLE
dmi.board.version: 1.0
dmi.chassis.type: 9
dmi.chassis.vendor: GOOGLE
dmi.ec.firmware.release: 0.0
dmi.modalias:
dmi:bvncoreboot:bvrMrChromebox-2408.1:bd09/14/2024:br24.8:efr0.0:svnGOOGLE:pnReks:pvr1.0:rvnGOOGLE:rnReks:rvr1.0:cvnGOOGLE:ct9:cvr:sku:
dmi.product.family: Intel_Strago
dmi.product.name: Reks
dmi.product.version: 1.0
dmi.sys.vendor: GOOGLE
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2092985/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
