** Description changed: + [Impact] + + Currently there are UBSAN warnings that show up when running bcache on + jammy HWE, Mantic and noble. For now no side effects have been observed + but such an issue could potentially cause a crash or corrupt data. + + [Fix] + + There is currently a fix upstream provided by the following patch: + + * 3a861560ccb3 "bcache: fix variable length array abuse in btree_iter" + + [Test Case] + + - Setup bcache on a jammy HWE kernel or mantic or noble machine. + This can be done following the steps in this wiki: https://wiki.ubuntu.com/ServerTeam/Bcache + - Restart the machine + - After restarting the machine UBSAN warnings and call traces can be seen in dmesg. + + [Where problems could occur] + + -The patch modifies the way bcache allocates space to the btree + iterator. The main problems that could occur are different UBSAN + warnings showing up that could possibly trigger a crash much easier than + the current array index-out-of-bounds being observed. + + + Thank you @illwieckz for the original bug report + [original description] + Since I upgraded from lunar to mantic I get a load of those errors (41 on a fresh boot) in dmesg: ``` [ 4.277343] UBSAN: array-index-out-of-bounds in /build/linux-D15vQj/linux-6.5.0/drivers/md/bcache/bset.c:1098:3 [ 4.277728] index 4 is out of range for type 'btree_iter_set [4]' [ 4.277925] CPU: 7 PID: 247 Comm: kworker/7:1 Not tainted 6.5.0-9-generic #9-Ubuntu [ 4.278132] Hardware name: Default string Default string/Default string, BIOS WRX80SU8-F6 06/08/2023 [ 4.278531] Workqueue: events register_cache_worker [bcache] [ 4.278754] Call Trace: [ 4.278949] <TASK> [ 4.279143] dump_stack_lvl+0x48/0x70 [ 4.279337] dump_stack+0x10/0x20 [ 4.279526] __ubsan_handle_out_of_bounds+0xc6/0x110 [ 4.279721] bch_btree_iter_push+0x4e6/0x4f0 [bcache] [ 4.279929] bch_btree_node_read_done+0xcb/0x410 [bcache] [ 4.280142] bch_btree_node_read+0xf8/0x1e0 [bcache] [ 4.280349] ? __pfx_closure_sync_fn+0x10/0x10 [bcache] [ 4.280557] bch_btree_node_get.part.0+0x15c/0x330 [bcache] [ 4.280764] ? __bch_btree_ptr_invalid+0x66/0xe0 [bcache] [ 4.280975] ? __pfx_up_write+0x10/0x10 [ 4.281170] bch_btree_node_get+0x16/0x30 [bcache] [ 4.281375] run_cache_set+0x596/0x850 [bcache] [ 4.281578] ? srso_return_thunk+0x5/0x10 [ 4.281773] register_cache_set+0x1a2/0x210 [bcache] [ 4.281984] register_cache+0x11a/0x1a0 [bcache] [ 4.282187] register_cache_worker+0x22/0x80 [bcache] [ 4.282387] process_one_work+0x223/0x440 [ 4.282573] worker_thread+0x4d/0x3f0 [ 4.282753] ? srso_return_thunk+0x5/0x10 [ 4.282931] ? _raw_spin_lock_irqsave+0xe/0x20 [ 4.283113] ? __pfx_worker_thread+0x10/0x10 [ 4.283286] kthread+0xf2/0x120 [ 4.283458] ? __pfx_kthread+0x10/0x10 [ 4.283631] ret_from_fork+0x47/0x70 [ 4.283800] ? __pfx_kthread+0x10/0x10 [ 4.283972] ret_from_fork_asm+0x1b/0x30 [ 4.284143] </TASK> ``` This system has 4 bcache backing devices and 4 bcache cache devices, though they are not associated for now and caching is disabled. It was already like that when I upgraded, so the kernel only uses the backing code, not the caching one. ProblemType: Bug DistroRelease: Ubuntu 23.10 Package: linux-image-6.5.0-9-generic 6.5.0-9.9 ProcVersionSignature: Ubuntu 6.5.0-9.9-generic 6.5.3 Uname: Linux 6.5.0-9-generic x86_64 ApportVersion: 2.27.0-0ubuntu5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: GNOME Date: Sat Oct 14 23:16:33 2023 HibernationDevice: RESUME=none MachineType: {report['dmi.sys.vendor']} {report['dmi.product.name']} ProcFB: - 0 amdgpudrmfb - 1 astdrmfb + 0 amdgpudrmfb + 1 astdrmfb ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-6.5.0-9-generic root=UUID=f35ecf77-511e-4dde-ac11-c1d848e97315 ro rootflags=subvol=@ amdgpu.si_support=1 radeon.si_support=0 amdgpu.cik_support=1 radeon.cik_support=0 amdgpu.exp_hw_support=1 amdgpu.gpu_recovery=1 amdgpu.ppfeaturemask=0xffffffff delayacct zswap.enabled=1 PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. RelatedPackageVersions: - linux-restricted-modules-6.5.0-9-generic N/A - linux-backports-modules-6.5.0-9-generic N/A - linux-firmware 20230919.git3672ccab-0ubuntu2.1 + linux-restricted-modules-6.5.0-9-generic N/A + linux-backports-modules-6.5.0-9-generic N/A + linux-firmware 20230919.git3672ccab-0ubuntu2.1 RfKill: - + SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 06/08/2023 dmi.bios.release: 5.23 dmi.bios.vendor: American Megatrends International, LLC. dmi.bios.version: WRX80SU8-F6 dmi.board.asset.tag: Default string dmi.board.name: Default string dmi.board.vendor: Default string dmi.board.version: Default string dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInternational,LLC.:bvrWRX80SU8-F6:bd06/08/2023:br5.23:svnDefaultstring:pnDefaultstring:pvrDefaultstring:rvnDefaultstring:rnDefaultstring:rvrDefaultstring:cvnDefaultstring:ct3:cvrDefaultstring:skuDefaultstring: dmi.product.family: Default string dmi.product.name: Default string dmi.product.sku: Default string dmi.product.version: Default string dmi.sys.vendor: Default string modified.conffile..etc.default.apport: [modified] mtime.conffile..etc.default.apport: 2018-06-16T17:39:00.798346
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2039368 Title: UBSAN: array-index-out-of-bounds in /build/linux-D15vQj/linux-6.5.0/drivers/md/bcache/bset.c:1098:3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039368/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
