3

I installed a btrfs filesystem relying on two devices (for btrfs raid1) that are mappers (cryptsetup luksOpen) of bcache devices (NVME + HDD).

This btrfs filesystem seems to work perfectly.

However, at every boot, I have a lot of (section of) messages of this kind:

2023-12-19T23:21:41.595579+01:00 HostName kernel: [    4.042319] ================================================================================
2023-12-19T23:21:41.595580+01:00 HostName kernel: [    4.042327] UBSAN: array-index-out-of-bounds in /build/linux-SXblTa/linux-6.5.0/drivers/md/bcache/bset.c:1098:3
2023-12-19T23:21:41.595580+01:00 HostName kernel: [    4.042338] index 4 is out of range for type 'btree_iter_set [4]'
2023-12-19T23:21:41.595580+01:00 HostName kernel: [    4.042344] CPU: 6 PID: 133 Comm: kworker/6:1 Not tainted 6.5.0-14-generic #14-Ubuntu
2023-12-19T23:21:41.595581+01:00 HostName kernel: [    4.042346] Hardware name: ASUS System Product Name/PRIME X670E-PRO WIFI, BIOS 1813 10/13/2023
2023-12-19T23:21:41.595581+01:00 HostName kernel: [    4.042347] Workqueue: events register_cache_worker [bcache]
2023-12-19T23:21:41.595581+01:00 HostName kernel: [    4.042355] Call Trace:
2023-12-19T23:21:41.595581+01:00 HostName kernel: [    4.042356]  <TASK>
2023-12-19T23:21:41.595582+01:00 HostName kernel: [    4.042357]  dump_stack_lvl+0x48/0x70
2023-12-19T23:21:41.595582+01:00 HostName kernel: [    4.042359]  dump_stack+0x10/0x20
2023-12-19T23:21:41.595582+01:00 HostName kernel: [    4.042361]  __ubsan_handle_out_of_bounds+0xc6/0x110
2023-12-19T23:21:41.595582+01:00 HostName kernel: [    4.042364]  bch_btree_iter_push+0x2d3/0x4f0 [bcache]
2023-12-19T23:21:41.595583+01:00 HostName kernel: [    4.042373]  bch_btree_node_read_done+0xcb/0x410 [bcache]
2023-12-19T23:21:41.595583+01:00 HostName kernel: [    4.042382]  bch_btree_node_read+0xf8/0x1e0 [bcache]
2023-12-19T23:21:41.595583+01:00 HostName kernel: [    4.042391]  ? __pfx_closure_sync_fn+0x10/0x10 [bcache]
2023-12-19T23:21:41.595584+01:00 HostName kernel: [    4.042400]  bch_btree_node_get.part.0+0x15c/0x330 [bcache]
2023-12-19T23:21:41.595584+01:00 HostName kernel: [    4.042408]  ? __bch_btree_ptr_invalid+0x66/0xe0 [bcache]
2023-12-19T23:21:41.595584+01:00 HostName kernel: [    4.042416]  ? __pfx_up_write+0x10/0x10
2023-12-19T23:21:41.595584+01:00 HostName kernel: [    4.042419]  bch_btree_node_get+0x16/0x30 [bcache]
2023-12-19T23:21:41.595585+01:00 HostName kernel: [    4.042427]  run_cache_set+0x596/0x850 [bcache]
2023-12-19T23:21:41.595585+01:00 HostName kernel: [    4.042435]  ? srso_alias_return_thunk+0x5/0x7f
2023-12-19T23:21:41.595586+01:00 HostName kernel: [    4.042439]  register_cache_set+0x1a2/0x210 [bcache]
2023-12-19T23:21:41.595587+01:00 HostName kernel: [    4.042448]  register_cache+0x11a/0x1a0 [bcache]
2023-12-19T23:21:41.595587+01:00 HostName kernel: [    4.042456]  register_cache_worker+0x22/0x80 [bcache]
2023-12-19T23:21:41.595587+01:00 HostName kernel: [    4.042464]  process_one_work+0x220/0x440
2023-12-19T23:21:41.595587+01:00 HostName kernel: [    4.042467]  worker_thread+0x4d/0x3f0
2023-12-19T23:21:41.595588+01:00 HostName kernel: [    4.042468]  ? srso_alias_return_thunk+0x5/0x7f
2023-12-19T23:21:41.595588+01:00 HostName kernel: [    4.042470]  ? _raw_spin_lock_irqsave+0xe/0x20
2023-12-19T23:21:41.595588+01:00 HostName kernel: [    4.042472]  ? __pfx_worker_thread+0x10/0x10
2023-12-19T23:21:41.595588+01:00 HostName kernel: [    4.042474]  kthread+0xef/0x120
2023-12-19T23:21:41.595589+01:00 HostName kernel: [    4.042476]  ? __pfx_kthread+0x10/0x10
2023-12-19T23:21:41.595589+01:00 HostName kernel: [    4.042478]  ret_from_fork+0x44/0x70
2023-12-19T23:21:41.595590+01:00 HostName kernel: [    4.042480]  ? __pfx_kthread+0x10/0x10
2023-12-19T23:21:41.595590+01:00 HostName kernel: [    4.042482]  ret_from_fork_asm+0x1b/0x30
2023-12-19T23:21:41.595590+01:00 HostName kernel: [    4.042485]  </TASK>
2023-12-19T23:21:41.595590+01:00 HostName kernel: [    4.042486] ================================================================================

Followed by

2023-12-19T23:21:41.598663+01:00 HostName kernel: [    4.091709] bcache: bch_journal_replay() journal replay done, 0 keys in 2 entries, seq 140818

Those messages are displayed at boot time, interrupting the nice graphic display so they are maybe very important.

What do you think about that?

Fade
  • 31

2 Answers2

0

I had this problem today and I went to grub menu and use older kernel version After that i free some space and check update and reboot and it seems fine with kernel 6.5

AmirParsa Shokouhi
  • 1
0

This is UBSAN complaining about an apparently out-of-bounds array access in bcache's1 code. However, as far as I understand it, it is a false-positive. See below for more information.

There is a discussion around this on the bcache mailing list, that concluded with https://lore.kernel.org/all/8BFD4A3C-1F0A-4693-B6CA-4D560FDB4125@suse.de/.

I have the following error since I updated to kernel 6.8.9.

UBSAN: array-index-out-of-bounds in drivers/md/bcache/bset.c:1098:3 [ 7.138127] index 4 is out of range for type 'btree_iter_set [4]'

The fix is in linux-next and will be in 6.10 as expecting.

Thank you Coly!

Two questions:

  • What is the commit hash for this fix?

It is commit 3a861560ccb3 (“ bcache: fix variable length array abuse in btree_iter”) from Linus tree.

  • Does it need to be backported to older kernels?

This is a patch to moving warning, the original code works fine. IMHO it is not mandatory to backport to elder kernels, but good to have if UBSAN also complains in that kernel version.

The mentioned commit is 3a861560ccb3 ("bcache: fix variable length array abuse in btree_iter") and its commit message reads:

btree_iter is used in two ways: either allocated on the stack with a fixed size MAX_BSETS, or from a mempool with a dynamic size based on the specific cache set. Previously, the struct had a fixed-length array of size MAX_BSETS which was indexed out-of-bounds for the dynamically-sized iterators, which causes UBSAN to complain.

As far as I understand it, UBSAN (incorrectly) assumes the fixed size MAX_BSETS when determining that the dynamic-sized array is accessed out of its bounds.

1: Note: not bcachefs

Flow
  • 117