Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtpengine/12.2.1.5/build/xt_RTPENGINE.c:5156:32 #1814

Closed
rrb3942 opened this issue Apr 2, 2024 · 0 comments
Closed

UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtpengine/12.2.1.5/build/xt_RTPENGINE.c:5156:32 #1814

rrb3942 opened this issue Apr 2, 2024 · 0 comments
Labels
bug

Comments

@rrb3942
Copy link

rrb3942 commented Apr 2, 2024

rtpengine version the issue has been seen with

12.2.1.5-1~bpo12+1

Used distribution and its version

Debian 12

Linux kernel version used

6.8.2-zabbly+

CPU architecture issue was seen on (see uname -m)

x86_64

Expected behaviour you didn't see

No response

Unexpected behaviour you saw

Every so often I see a UBSAN call trace in my kernel logs related to the rtpengine kernel module. Call trace is attached.

Steps to reproduce the problem

We see it happen occasionally when running production traffic. I have not determined a specific trigger.

Additional program output to the terminal or logs illustrating the issue

[Tue Apr  2 10:42:33 2024] ------------[ cut here ]------------
[Tue Apr  2 10:42:33 2024] UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtpengine/12.2.1.5/build/xt_RTPENGINE.c:5156:32
[Tue Apr  2 10:42:33 2024] index -1 is out of range for type 'rtpengine_pt_input [32]'
[Tue Apr  2 10:42:33 2024] CPU: 5 PID: 0 Comm: swapper/5 Tainted: G           OE      6.8.2-zabbly+ #debian12
[Tue Apr  2 10:42:33 2024] Hardware name: TYAN GT62F-B8026-LE/S8026-LE, BIOS V2.02.B40 03/19/2020
[Tue Apr  2 10:42:33 2024] Call Trace:
[Tue Apr  2 10:42:33 2024]  <IRQ>
[Tue Apr  2 10:42:33 2024]  dump_stack_lvl+0x48/0x70
[Tue Apr  2 10:42:33 2024]  dump_stack+0x10/0x20
[Tue Apr  2 10:42:33 2024]  __ubsan_handle_out_of_bounds+0xc6/0x110
[Tue Apr  2 10:42:33 2024]  rtpengine46+0x13d9/0x1430 [xt_RTPENGINE]
[Tue Apr  2 10:42:33 2024]  rtpengine4+0x13b/0x190 [xt_RTPENGINE]
[Tue Apr  2 10:42:33 2024]  nft_target_eval_xt+0x66/0xb0 [nft_compat]
[Tue Apr  2 10:42:33 2024]  nft_do_chain+0xf7/0x820 [nf_tables]
[Tue Apr  2 10:42:33 2024]  ? fib_validate_source+0x65/0x140
[Tue Apr  2 10:42:33 2024]  nft_do_chain_ipv4+0x6e/0x90 [nf_tables]
[Tue Apr  2 10:42:33 2024]  nf_hook_slow+0x43/0x120
[Tue Apr  2 10:42:33 2024]  ip_local_deliver+0xe3/0x120
[Tue Apr  2 10:42:33 2024]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[Tue Apr  2 10:42:33 2024]  ip_sublist_rcv_finish+0x6f/0x80
[Tue Apr  2 10:42:33 2024]  ip_sublist_rcv+0x178/0x230
[Tue Apr  2 10:42:33 2024]  ? __pfx_ip_rcv_finish+0x10/0x10
[Tue Apr  2 10:42:33 2024]  ip_list_rcv+0x102/0x140
[Tue Apr  2 10:42:33 2024]  __netif_receive_skb_list_core+0x22d/0x250
[Tue Apr  2 10:42:33 2024]  netif_receive_skb_list_internal+0x1a3/0x2d0
[Tue Apr  2 10:42:33 2024]  napi_complete_done+0x74/0x1c0
[Tue Apr  2 10:42:33 2024]  ixgbe_poll+0xf1d/0x1440 [ixgbe]
[Tue Apr  2 10:42:33 2024]  __napi_poll+0x30/0x1f0
[Tue Apr  2 10:42:33 2024]  net_rx_action+0x181/0x2e0
[Tue Apr  2 10:42:33 2024]  __do_softirq+0xde/0x363
[Tue Apr  2 10:42:33 2024]  __irq_exit_rcu+0x75/0xa0
[Tue Apr  2 10:42:33 2024]  irq_exit_rcu+0xe/0x20
[Tue Apr  2 10:42:33 2024]  common_interrupt+0xa4/0xb0
[Tue Apr  2 10:42:33 2024]  </IRQ>
[Tue Apr  2 10:42:33 2024]  <TASK>
[Tue Apr  2 10:42:33 2024]  asm_common_interrupt+0x27/0x40
[Tue Apr  2 10:42:33 2024] RIP: 0010:cpuidle_enter_state+0xda/0x720
[Tue Apr  2 10:42:33 2024] Code: 2c 04 ff e8 78 f3 ff ff 8b 53 04 49 89 c7 0f 1f 44 00 00 31 ff e8 d6 fe 02 ff 80 7d d0 00 0f 85 61 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 f7 01 00 00 4d 63 ee 49 83 fd 09 0f 87 19 05 00 00
[Tue Apr  2 10:42:33 2024] RSP: 0018:ffffab62800efe28 EFLAGS: 00000246
[Tue Apr  2 10:42:33 2024] RAX: 0000000000000000 RBX: ffff9c1944c6f800 RCX: 0000000000000000
[Tue Apr  2 10:42:33 2024] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000000
[Tue Apr  2 10:42:33 2024] RBP: ffffab62800efe78 R08: 0000000000000000 R09: 0000000000000000
[Tue Apr  2 10:42:33 2024] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffad8ebe40
[Tue Apr  2 10:42:33 2024] R13: 0000000000000001 R14: 0000000000000001 R15: 0000476ee70e9535
[Tue Apr  2 10:42:33 2024]  ? cpuidle_enter_state+0xca/0x720
[Tue Apr  2 10:42:33 2024]  cpuidle_enter+0x2e/0x50
[Tue Apr  2 10:42:33 2024]  call_cpuidle+0x23/0x60
[Tue Apr  2 10:42:33 2024]  do_idle+0x202/0x260
[Tue Apr  2 10:42:33 2024]  cpu_startup_entry+0x2a/0x30
[Tue Apr  2 10:42:33 2024]  start_secondary+0x129/0x160
[Tue Apr  2 10:42:33 2024]  secondary_startup_64_no_verify+0x184/0x18b
[Tue Apr  2 10:42:33 2024]  </TASK>
[Tue Apr  2 10:42:33 2024] ---[ end trace ]---

Anything else?

Let me know if you need any further details.
@rrb3942 rrb3942 added the bug label Apr 2, 2024
sipwise-jenkins pushed a commit that referenced this issue Apr 16, 2024
@rfuchs
MT#55283 fix array out of bounds access
c356402 
The PT index can be -1 or -2. Ignore RTP stats in this case.

fixes #1814

Change-Id: Ifdcdbccad592fd1a27d2b31359861ecb3e725546
sipwise-jenkins pushed a commit that referenced this issue Apr 16, 2024
@rfuchs
MT#55283 fix array out of bounds access
ee162f4 
The PT index can be -1 or -2. Ignore RTP stats in this case.

fixes #1814

Change-Id: Ifdcdbccad592fd1a27d2b31359861ecb3e725546
sipwise-jenkins pushed a commit that referenced this issue Apr 16, 2024
@rfuchs
MT#55283 fix array out of bounds access
f4db62c 
The PT index can be -1 or -2. Ignore RTP stats in this case.

fixes #1814

Change-Id: Ifdcdbccad592fd1a27d2b31359861ecb3e725546
sipwise-jenkins pushed a commit that referenced this issue Apr 16, 2024
@rfuchs
MT#55283 fix array out of bounds access
c6f3647 
The PT index can be -1 or -2. Ignore RTP stats in this case.

fixes #1814

Change-Id: Ifdcdbccad592fd1a27d2b31359861ecb3e725546
(cherry picked from commit c356402)
sipwise-jenkins pushed a commit that referenced this issue Apr 16, 2024
@rfuchs
MT#55283 fix array out of bounds access
9a73123 
The PT index can be -1 or -2. Ignore RTP stats in this case.

fixes #1814

Change-Id: Ifdcdbccad592fd1a27d2b31359861ecb3e725546
(cherry picked from commit ee162f4)
sipwise-jenkins pushed a commit that referenced this issue Apr 16, 2024
@rfuchs
MT#55283 fix array out of bounds access
87f3a15 
The PT index can be -1 or -2. Ignore RTP stats in this case.

fixes #1814

Change-Id: Ifdcdbccad592fd1a27d2b31359861ecb3e725546
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rrb3942