UBSAN: array-index-out-of-bounds with kernel 6.5 on Mantic

Bug #2037082 reported by Danilo Egea Gondolfo
268
This bug affects 60 people
Affects Status Importance Assigned to Milestone
virtualbox (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

The kernel is emitting lots of array-index-out-of-bounds when loading the VirtualBox modules.

It's happening in many places in different files. But VirtualBox seems to work fine though.

Example:

[15644.412383] ================================================================================
[15644.413235] ================================================================================
[15644.413238] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/common/log/log.c:551:41
[15644.413241] index 344 is out of range for type 'uint32_t [1]'
[15644.413243] CPU: 5 PID: 40027 Comm: modprobe Tainted: P OE 6.5.0-5-generic #5-Ubuntu
[15644.413245] Hardware name: LENOVO 82MS/---, BIOS --- 06/08/2021
[15644.413246] Call Trace:
[15644.413248] <TASK>
[15644.413249] dump_stack_lvl+0x48/0x70
[15644.413254] dump_stack+0x10/0x20
[15644.413257] __ubsan_handle_out_of_bounds+0xc6/0x110
[15644.413261] VBoxHost_RTLogRelGetDefaultInstanceEx+0x9f/0xb0 [vboxdrv]
[15644.413294] VBoxNetFltLinuxInit+0x47/0xff0 [vboxnetflt]
[15644.413298] ? __pfx_VBoxNetFltLinuxInit+0x10/0x10 [vboxnetflt]
[15644.413302] do_one_initcall+0x5e/0x340
[15644.413307] do_init_module+0x68/0x260
[15644.413311] load_module+0xba1/0xcf0
[15644.413315] ? vfree+0xff/0x2d0
[15644.413319] ? srso_alias_return_thunk+0x5/0x7f
[15644.413322] init_module_from_file+0x96/0x100
[15644.413325] ? srso_alias_return_thunk+0x5/0x7f
[15644.413327] ? init_module_from_file+0x96/0x100
[15644.413332] idempotent_init_module+0x11c/0x2b0
[15644.413336] __x64_sys_finit_module+0x64/0xd0
[15644.413339] do_syscall_64+0x5c/0x90
[15644.413343] ? srso_alias_return_thunk+0x5/0x7f
[15644.413344] ? exit_to_user_mode_prepare+0x30/0xb0
[15644.413348] ? srso_alias_return_thunk+0x5/0x7f
[15644.413349] ? syscall_exit_to_user_mode+0x37/0x60
[15644.413352] ? srso_alias_return_thunk+0x5/0x7f
[15644.413354] ? do_syscall_64+0x68/0x90
[15644.413357] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[15644.413359] RIP: 0033:0x7f9192427c5d
[15644.413384] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8b 71 13 00 f7 d8 64 89 01 48
[15644.413385] RSP: 002b:00007ffd747c1748 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[15644.413388] RAX: ffffffffffffffda RBX: 00005573cdcef200 RCX: 00007f9192427c5d
[15644.413389] RDX: 0000000000000004 RSI: 00005573cbdf8727 RDI: 0000000000000003
[15644.413391] RBP: 00005573cbdf8727 R08: 0000000000000001 R09: ffffffffffffff88
[15644.413392] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000040000
[15644.413393] R13: 00005573cdced410 R14: 00005573cdce7d70 R15: 00005573cdcef3c0
[15644.413397] </TASK>
[15644.413398] ================================================================================
[15644.413400] ================================================================================

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

Vbox version?

Revision history for this message
Danilo Egea Gondolfo (danilogondolfo) wrote :

The version is 7.0.10-dfsg-3

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in virtualbox (Ubuntu):
status: New → Confirmed
Revision history for this message
A (zorn-v) wrote :
Download full text (8.4 KiB)

```
$ sudo dmesg -l err

[ 14.894850] ================================================================================
[ 14.894854] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/common/log/log.c:1791:41
[ 14.894857] index 1 is out of range for type 'uint32_t [1]'
[ 14.895124] ================================================================================
[ 14.895135] ================================================================================
[ 14.895136] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/r0drv/linux/memobj-r0drv-linux.c:399:33
[ 14.895139] index 1 is out of range for type 'page *[1]'
[ 14.895356] ================================================================================
[ 14.895357] ================================================================================
[ 14.895359] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/r0drv/linux/memobj-r0drv-linux.c:596:45
[ 14.895361] index 3 is out of range for type 'page *[1]'
[ 14.895571] ================================================================================
[ 14.895576] ================================================================================
[ 14.895578] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/SUPDrvGip.c:1956:44
[ 14.895580] index 2 is out of range for type 'SUPGIPCPU [1]'
[ 14.895723] ================================================================================
[ 14.912212] ================================================================================
[ 14.912216] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/SUPDrvGip.c:904:43
[ 14.912220] index 1 is out of range for type 'SUPGIPCPU [1]'
[ 14.912462] ================================================================================
[ 14.912536] ================================================================================
[ 14.912539] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/SUPDrvGip.c:1392:24
[ 14.912542] index 1 is out of range for type 'SUPGIPCPU [1]'
[ 14.913009] ================================================================================
[ 14.913013] ================================================================================
[ 14.913016] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/SUPDrvGip.c:1401:13
[ 14.913019] index 1 is out of range for type 'SUPGIPCPU [1]'
[ 14.913297] ================================================================================
[ 14.913299] ================================================================================
[ 14.913301] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/SUPDrvGip.c:1460:35
[ 14.913303] index 1 is out of range for type 'SUPGIPCPU [1]'
[ 14.913527] ================================================================================
[ 14.913528] ================================================================================
[ 14.913530] UBSAN: array-index-out-of-bounds in /var/lib/...

Read more...

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

Hello, can you please try the testbuilds available at
https://www.virtualbox.org/wiki/Testbuilds ?

Upstream did lots of changes in that kernel 6.5 compatibility area, and it should be fixed.

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :
Revision history for this message
Danilo Egea Gondolfo (danilogondolfo) wrote :

Hello. I see the same issues with version 7.0.12.

There are more reports about these issues in vbox 7.0.12 https://forums.virtualbox.org/viewtopic.php?t=110315

Revision history for this message
Daniel Tang (daniel-z-tg) wrote :

Duplicates:
- https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/2039703
- https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/2039807

In my dmesg, I see multiple occurrences of multiple different errors. This not only prints errors on startup, but it also occurs on shutdown.

In the meantime, I put `install vboxdrv /bin/false` in `/etc/modprobe.d/blacklist.conf` to disable VirtualBox until this is resolved or when I need it again.

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :
Revision history for this message
Paul Dufresne (dufresnep) wrote :

Still present with 7.0.12.

Revision history for this message
Paul Dufresne (dufresnep) wrote :
Revision history for this message
Paul Dufresne (dufresnep) wrote :

[ 54.327645] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.12/build/vboxdrv/common/log/log.c:1791:41
[ 54.328021] index 1 is out of range for type 'uint32_t [1]'
...
[ 54.720433] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.12/build/vboxdrv/common/log/log.c:551:41
[ 54.721956] index 344 is out of range for type 'uint32_t [1]'
...
[ 54.329518] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.12/build/vboxdrv/r0drv/linux/memobj-r0drv-linux.c:399:33
[ 54.329904] index 1 is out of range for type 'page *[1]'
...
[ 54.331377] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.12/build/vboxdrv/r0drv/linux/memobj-r0drv-linux.c:596:45
[ 54.331763] index 3 is out of range for type 'page *[1]'
...
[ 54.333243] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.12/build/vboxdrv/SUPDrvGip.c:1956:44
[ 54.333635] index 2 is out of range for type 'SUPGIPCPU [1]'
...
[ 54.368738] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.12/build/vboxdrv/SUPDrvGip.c:1457:40
[ 54.369099] index 2 is out of range for type 'SUPGIPCPU [1]'
...
[ 54.353135] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.12/build/vboxdrv/SUPDrvGip.c:904:43
[ 54.353529] index 1 is out of range for type 'SUPGIPCPU [1]'
(previous repeated many times)
...
[ 54.378684] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.12/build/vboxdrv/SUPDrvGip.c:4206:46
[ 54.379042] index 3 is out of range for type 'SUPGIPCPU [1]'

Revision history for this message
Paul Dufresne (dufresnep) wrote :

Some reported upstream: https://www.virtualbox.org/ticket/21877
(I don't have an account yet upstream)

Revision history for this message
Paul Dufresne (dufresnep) wrote :

And I don't intend to create an Oracle account because mandatory information about work is asked.

Revision history for this message
fr4ctal (fr4ctal) wrote :
Download full text (4.2 KiB)

everything is working on virtualbox except it can't enumerate USB devices.

vbox version:
Version 7.0.12 r159484 (Qt5.15.3)

[22430.933885] ================================================================================
[22430.933886] ================================================================================
[22430.933888] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/SUPDrvGip.c:1465:16
[22430.933890] index 1 is out of range for type 'SUPGIPCPU [1]'
[22430.933893] CPU: 8 PID: 31845 Comm: com.github.dona Tainted: G W OE 6.6.6-76060606-generic #202312111032~1702306143~22.04~d28ffec
[22430.933895] Hardware name: System76 Lemur Pro/Lemur Pro, BIOS 2023-09-08
[22430.933897] Call Trace:
[22430.933898] <TASK>
[22430.933899] dump_stack_lvl+0x48/0x70
[22430.933903] dump_stack+0x10/0x20
[22430.933906] __ubsan_handle_out_of_bounds+0xc6/0x110
[22430.933912] supdrvGipMpEventOnlineOrInitOnCpu+0x3e6/0x4e0 [vboxdrv]
[22430.933973] ? __pfx_rtmpLinuxAllWrapper+0x10/0x10 [vboxdrv]
[22430.934036] supdrvGipInitOnCpu+0x15/0x30 [vboxdrv]
[22430.934097] rtmpLinuxAllWrapper+0x5e/0x90 [vboxdrv]
[22430.934159] __flush_smp_call_function_queue+0x107/0x450
[22430.934163] ? switch_fpu_return+0x55/0xf0
[22430.934168] generic_smp_call_function_single_interrupt+0x13/0x20
[22430.934172] __sysvec_call_function+0x1c/0xd0
[22430.934176] sysvec_call_function+0x3b/0xd0
[22430.934182] asm_sysvec_call_function+0x1b/0x20
[22430.934185] RIP: 0033:0x7cffee753437
[22430.934193] Code: 00 00 00 44 8b 04 87 e9 47 ff ff ff 0f 1f 80 00 00 00 00 f3 0f 1e fa 89 f8 c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 0f be 17 <b8> 05 15 00 00 84 d2 74 18 89 c1 48 83 c7 01 c1 e1 05 01 c8 01 d0
[22430.934195] RSP: 002b:00007ffc24f06568 EFLAGS: 00000206
[22430.934198] RAX: 0000000000000000 RBX: 000057a392c29b20 RCX: 0000000000000001
[22430.934199] RDX: 0000000000000066 RSI: 00007cffef06e9a4 RDI: 00007cffef06e9a4
[22430.934201] RBP: 00007cffef06e9a4 R08: 0000000000000001 R09: 0000000000000000
[22430.934203] R10: 000057a392b81d50 R11: e3d76bdaa925aa4b R12: 0000000000000000
[22430.934205] R13: 000057a3929cf000 R14: 00007cffef4b7110 R15: 000057a393002580
[22430.934208] </TASK>
[22430.934209] ================================================================================
[22430.934211] ================================================================================
[22430.934213] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.10/build/vboxdrv/SUPDrvGip.c:1491:5
[22430.934215] index 1 is out of range for type 'SUPGIPCPU [1]'
[22430.934218] CPU: 8 PID: 31845 Comm: com.github.dona Tainted: G W OE 6.6.6-76060606-generic #202312111032~1702306143~22.04~d28ffec
[22430.934220] Hardware name: System76 Lemur Pro/Lemur Pro, BIOS 2023-09-08 09/08/2023
[22430.934222] Call Trace:
[22430.934223] <TASK>
[22430.934224] dump_stack_lvl+0x48/0x70
[22430.934228] dump_stack+0x10/0x20
[22430.934231] __ubsan_handle_out_of_bounds+0xc6/0x110
[22430.934237] supdrvGipMpEventOnlineOrInitOnCpu+0x44a/0x4e0 [vboxdrv]
[22430.934299] ? __pfx_rtmpLinuxAllWrapper+0x10/0x10 [vboxdrv]
[22430.934361] supdrvGipInitOnCpu+0x15/0x30 [vboxdrv]
[2...

Read more...

Revision history for this message
Francois Thirioux (fthx) wrote :

Same here in Noble dev, 6.6 or newest 6.7 kernel, VB 7.0.12

Revision history for this message
Emanem (em4n3m) wrote :

Hi, can confirm the same is happening with Ubuntu 22.04: Linux scv 6.5.0-14-generic #14~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Nov 20 18:15:30 UTC 2 x86_64 x86_64 x86_64 GNU/Linux and VirtualBox 7.0.12 r159484.

Revision history for this message
ls (litos) wrote :

virtualbox 6.1.48-dfsg-1~ubuntu1.22.04.1 also has this issue

Revision history for this message
ls (litos) wrote :
Revision history for this message
Michael Mikowski (kfocus) wrote :

## Overview
I have also confirmed the error as shown in comment 15 for VirtualBox on
22.04, 6.1.48-dfsg-1~ubuntu1.22.04.1, kernel 6.5.0-14-generic.

## USB Device Test (pass)
USB device enumeration did work when using both the 6.2.0-35-generic and
6.5.0-14-generic kernels. I think why Fr4ctal may have thought that was broken is
because there are at least 4 steps to see them, as shown here:
https://askubuntu.com/a/1379515, or possibly because virtual box 7.x has an
issue.

## KVM Image Test (pass)
I also checked the KVM using an exported version of the virtualbox image. This
too passed on a host machine running 6.5.0-14

```bash
# Export OVA and Convert
tar xvf kfocus-test.ova;
qemu-img convert kfocus-test-disk001.vmdk kfocus-test.qcow2 -O qcow2;
file kfocus-test.qcow2;
#> kfocus-test.qcow2: QEMU QCOW2 Image (v3), 34359738368 bytes

# Create a VM
qemu-system-x86_64 -enable-kvm -m 4096M -vga virtio \
  -drive file=kfocus-test.qcow2,if=virtio -boot c;
```

Revision history for this message
Michael Mikowski (kfocus) wrote :

To reproduce the Call Trace error as shown in the original post:

1. Run `tail -f /var/log/syslog`
2. Open VirtualBox
3. Launch a VM with a guest OS installed
4. View the syslog. I am seeing two faults per VM launch.

There is no UBSAN errors shown when starting qemu.

In summary, this appears to be an upstream bug that show false positives. I have yet to see a concrete issue with this outside of log noise. If someone has, please let me know.

Revision history for this message
- (norritt) wrote :
Download full text (65.0 KiB)

I see the issue as well on two different systems. It is not necessary to start VirtualBox, the error messages already show up during boot. On one of the two systems *this prevented the desktop from loading (black screen)*. I logged in via ssh and uninstalled virtualbox and virtualbox-dkms and performed an `apt autoremove --purge`. Once the virtualbox packages were uninstalled the desktop showed immediately (no reboot required). Here are some log entries from the other system where virtualbox is still installed. The log was obtained via `sudo dmesg -T` after boot.

[Mon Jan 29 08:30:21 2024] ================================================================================
[Mon Jan 29 08:30:21 2024] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/6.1.48/build/vboxdrv/common/log/log.c:1728:38
[Mon Jan 29 08:30:21 2024] index 1 is out of range for type 'uint32_t [1]'
[Mon Jan 29 08:30:21 2024] CPU: 22 PID: 1887 Comm: modprobe Tainted: P OE 6.5.0-15-generic #15~22.04.1-Ubuntu
[Mon Jan 29 08:30:21 2024] Hardware name: Micro-Star International Co., Ltd. MS-7D50/MEG X570S ACE MAX (MS-7D50), BIOS 1.60 03/08/2023
[Mon Jan 29 08:30:21 2024] Call Trace:
[Mon Jan 29 08:30:21 2024] <TASK>
[Mon Jan 29 08:30:21 2024] dump_stack_lvl+0x48/0x70
[Mon Jan 29 08:30:21 2024] dump_stack+0x10/0x20
[Mon Jan 29 08:30:21 2024] __ubsan_handle_out_of_bounds+0xc6/0x110
[Mon Jan 29 08:30:21 2024] VBoxHost_RTLogGroupSettings+0x456/0x480 [vboxdrv]
[Mon Jan 29 08:30:21 2024] VBoxHost_RTLogCreateExV+0x1e0/0x2e0 [vboxdrv]
[Mon Jan 29 08:30:21 2024] VBoxHost_RTLogCreate+0x5b/0x90 [vboxdrv]
[Mon Jan 29 08:30:21 2024] ? srso_alias_return_thunk+0x5/0x7f
[Mon Jan 29 08:30:21 2024] ? VBoxHost_RTMemAllocTag+0x2f/0x70 [vboxdrv]
[Mon Jan 29 08:30:21 2024] supdrvInitDevExt+0x59/0x330 [vboxdrv]
[Mon Jan 29 08:30:21 2024] VBoxDrvLinuxInit+0x67/0xff0 [vboxdrv]
[Mon Jan 29 08:30:21 2024] ? __pfx_VBoxDrvLinuxInit+0x10/0x10 [vboxdrv]
[Mon Jan 29 08:30:21 2024] do_one_initcall+0x5e/0x340
[Mon Jan 29 08:30:21 2024] do_init_module+0x68/0x260
[Mon Jan 29 08:30:21 2024] load_module+0xb85/0xcd0
[Mon Jan 29 08:30:21 2024] init_module_from_file+0x96/0x100
[Mon Jan 29 08:30:21 2024] ? srso_alias_return_thunk+0x5/0x7f
[Mon Jan 29 08:30:21 2024] ? init_module_from_file+0x96/0x100
[Mon Jan 29 08:30:21 2024] idempotent_init_module+0x11c/0x2b0
[Mon Jan 29 08:30:21 2024] __x64_sys_finit_module+0x64/0xd0
[Mon Jan 29 08:30:21 2024] do_syscall_64+0x5b/0x90
[Mon Jan 29 08:30:21 2024] ? srso_alias_return_thunk+0x5/0x7f
[Mon Jan 29 08:30:21 2024] ? do_syscall_64+0x67/0x90
[Mon Jan 29 08:30:21 2024] ? exc_page_fault+0x94/0x1b0
[Mon Jan 29 08:30:21 2024] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[Mon Jan 29 08:30:21 2024] RIP: 0033:0x7f7fbff1e88d
[Mon Jan 29 08:30:21 2024] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48
[Mon Jan 29 08:30:21 2024] RSP: 002b:00007ffd83482358 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[Mon Jan 29 08:30:21 2024] RAX: ffffffffffffffda RBX: 000055a3d32c1ee0 RCX: 00007f7fbff1e88d
[Mon Jan 2...

Revision history for this message
Michael Mikowski (kfocus) wrote :

> On one of the two systems *this prevented the desktop from loading (black screen)*.

Thanks, that's good to know.

Revision history for this message
Daniel Tang (daniel-z-tg) wrote :

> On one of the two systems *this prevented the desktop from loading (black screen)*.

Here's another report of this blocking boot: https://askubuntu.com/q/1502103/1004020 . The asker said "Until few weeks ago". Perhaps something changed recently that made this bug worse?

Anyway, the VirtualBox problems have remained unfixed for so long that I found it easier to just use KVM instead.

Revision history for this message
Michael Mikowski (kfocus) wrote (last edit ):

> Here's another report of this blocking boot ...

We have tested 12 models at Kubuntu Focus (kfocus.org) for 6.5.0-14. While the log spamming does occur on all systems, it does not block boot nor affect performance, both of which are substantially checked. Here are some possible reasons:

1. Is this a red herring? We have often seen where log noise is misinterpreted as the source of an issue.
2. Is the issue more severe for other VBox versions? We are using the 22.04 LTS default, 6.1.48-dfsg-1~ubuntu1.22.04.1.
3. Is some hardware is more trouble than others? The tested CPUs include i9-9900, i7-9750H, i7-10750H, i7-11800H, i7-12700H, i9-13900HX, i5-1135G7, i5-12450, i7-1165G7 (x2), i7-1260p (x2). All dGPUs are Nvidia. These date from 2019 into 2024.
4. Maybe this be caused by attached peripherals not included in our validations, or not attached during boot?

As a result of this testing, we no longer consider this a blocking issue for 6.5.0-14 release for these systems. I hope that is useful.

Revision history for this message
Jeffrey Walton (noloader) wrote :

> Daniel Tang (daniel-z-tg) wrote on 2024-02-01:
>
> Anyway, the VirtualBox problems have remained unfixed for so long that I found it easier to just use KVM instead.

Yes, this. KVM/QEMU/libvirt is so much better than Virtual Box (and I am a fan of Vitual Box).

KVM/QEMU/libvirt is maintained by the kernel and foss folks. There's always a package ready for the kernel you are running. You don't to wait for a third party to release an update.

In fact, I switched to KVM/QEMU/libvirt on Fedora 39 because Oracle did not release a version of Virtual Box that supports F39. And the experimental build of Virtual Box just crashed on F39. I have been pleasantly surprised with the switch.

Revision history for this message
Gordon Lack (gordon-lack) wrote :

>> Yes, this. KVM/QEMU/libvirt is so much better than Virtual Box (and I am a fan of Vitual Box).

Which has nothing to do with this bug, which remains a bug.

Revision history for this message
Akila Induranga (akila-i) wrote :

Encountered same issue today with a friends laptop (black screen error) with virtualbox 6.X version. removed virtualbox package and was able to get the usual login screen afterwards. Posting here for reference.

Revision history for this message
Gordon Lack (gordon-lack) wrote (last edit ):

If you look at the source (its a DKMS module) then you'll see (source/vboxdrv/common/log/log.c:253, for v7.0.14)

    /** Group flags array - RTLOGGRPFLAGS.
     * This member have variable length and may extend way beyond
     * the declared size of 1 entry. */
    RT_FLEXIBLE_ARRAY_EXTENSION
    uint32_t afGroups[RT_FLEXIBLE_ARRAY];

(this produces the warning:
[ 10.485586] UBSAN: array-index-out-of-bounds in /var/lib/dkms/virtualbox/7.0.14/build/vboxdrv/common/log/log.c:1791:41
[ 10.485589] index 1 is out of range for type 'uint32_t [1]'
plus warnings about index 345 at lines 551 and 4161
)

So it appears to be intentional.

What is odd (to me) is where the message actually comes from, as it isn't in the vboxdrv code.

The offending arrays (there are others) are defined as array[1]. Would it help if they were defined as array[]? Or *array?

Revision history for this message
Gordon Lack (gordon-lack) wrote :

Indeed. Just found a similar Launchpad report for a different kernel module with the same issue.

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039926

And the fix there is to change the [1] defined arrays to [].

https://patchwork.freedesktop.org/patch/564786/ (in #6 in the bug report)

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package virtualbox - 7.0.14-dfsg-2

---------------
virtualbox (7.0.14-dfsg-2) unstable; urgency=medium

  * Cherry-pick upstream fixes for kernel 6.8 and USBSAN (LP: #2053024
    LP: #2037082, Closes: #1061917)
  * debian/patches:
    - 102989.patch
    - 102990.patch
    - 102992.patch
    - 102993.patch
    - 102994.patch
    - 102999.patch
    - 103024.patch
    - 103066.patch
    - 103067.patch

 -- Gianfranco Costamagna <email address hidden> Mon, 19 Feb 2024 16:43:37 +0100

Changed in virtualbox (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Mark Kendall (markk) wrote (last edit ):
Download full text (4.8 KiB)

I had this problem with Ubuntu 24.04 with VirtualBox 7.0.14-dfsg-4 on my computer
Thought it was fixed by installing Oracle test 7.0.15 test build https://www.virtualbox.org/download/testcase/VirtualBox-7.0.15-162366-Linux_amd64.run from https://www.virtualbox.org/wiki/Testbuilds

The spamming error doesn't appear after booting but does start again after I start a VM, although problem is with a vboxnet file now

2024-03-23T09:31:31.897711+13:00 nas kernel: UBSAN: array-index-out-of-bounds in /tmp/vbox.0/linux/VBoxNetFlt-linux.c:1228:13
2024-03-23T09:31:31.897711+13:00 nas kernel: index 19 is out of range for type 'INTNETSEG [1]'
2024-03-23T09:31:31.897712+13:00 nas kernel: CPU: 2 PID: 0 Comm: swapper/2 Tainted: G OE 6.8.0-11-generic #11-Ubuntu
2024-03-23T09:31:31.897713+13:00 nas kernel: Hardware name: ASUS All Series/H87-PRO, BIOS 1105 05/16/2014
2024-03-23T09:31:31.897714+13:00 nas kernel: Call Trace:
2024-03-23T09:31:31.897715+13:00 nas kernel: <IRQ>
2024-03-23T09:31:31.897716+13:00 nas kernel: dump_stack_lvl+0x48/0x70
2024-03-23T09:31:31.897716+13:00 nas kernel: dump_stack+0x10/0x20
2024-03-23T09:31:31.897717+13:00 nas kernel: __ubsan_handle_out_of_bounds+0xc6/0x110
2024-03-23T09:31:31.897718+13:00 nas kernel: vboxNetFltLinuxDestroySG+0x131/0x150 [vboxnetflt]
2024-03-23T09:31:31.897719+13:00 nas kernel: vboxNetFltLinuxForwardAsGso.isra.0+0xec/0x180 [vboxnetflt]
2024-03-23T09:31:31.897719+13:00 nas kernel: vboxNetFltLinuxPacketHandler+0x296/0x520 [vboxnetflt]
2024-03-23T09:31:31.897720+13:00 nas kernel: __netif_receive_skb_core.constprop.0+0x880/0x10c0
2024-03-23T09:31:31.897721+13:00 nas kernel: ? ip_list_rcv+0x102/0x140
2024-03-23T09:31:31.897722+13:00 nas kernel: __netif_receive_skb_list_core+0xfd/0x250
2024-03-23T09:31:31.897722+13:00 nas kernel: netif_receive_skb_list_internal+0x1a3/0x2d0
2024-03-23T09:31:31.897723+13:00 nas kernel: ? tcp_gro_receive+0x209/0x380
2024-03-23T09:31:31.897724+13:00 nas kernel: napi_gro_complete.constprop.0+0x145/0x1a0
2024-03-23T09:31:31.897724+13:00 nas kernel: dev_gro_receive+0x1dd/0x340
2024-03-23T09:31:31.897725+13:00 nas kernel: napi_gro_receive+0x6d/0x230
2024-03-23T09:31:31.897726+13:00 nas kernel: rtl_rx+0x1bf/0x330 [r8169]
2024-03-23T09:31:31.897727+13:00 nas kernel: rtl8169_poll+0x37/0x90 [r8169]
2024-03-23T09:31:31.897727+13:00 nas kernel: __napi_poll+0x33/0x200
2024-03-23T09:31:31.897728+13:00 nas kernel: net_rx_action+0x181/0x2e0
2024-03-23T09:31:31.897729+13:00 nas kernel: ? ktime_get+0x48/0xc0
2024-03-23T09:31:31.897730+13:00 nas kernel: ? lapic_next_deadline+0x2c/0x50
2024-03-23T09:31:31.897730+13:00 nas kernel: __do_softirq+0xe1/0x363
2024-03-23T09:31:31.897731+13:00 nas kernel: ? hrtimer_interrupt+0x11f/0x250
2024-03-23T09:31:31.897732+13:00 nas kernel: __irq_exit_rcu+0x75/0xa0
2024-03-23T09:31:31.897732+13:00 nas kernel: irq_exit_rcu+0xe/0x20
2024-03-23T09:31:31.897733+13:00 nas kernel: sysvec_apic_timer_interrupt+0x92/0xd0
2024-03-23T09:31:31.897734+13:00 nas kernel: </IRQ>
2024-03-23T09:31:31.897735+13:00 nas kernel: <TASK>
2024-03-23T09:31:31.897736+13:00 nas kernel: asm_sysvec_apic_timer_interrupt+0x1b/0x20
2024-03-23T09:31:31.897737+13:0...

Read more...

Revision history for this message
Joseph Sible (josephcsible) wrote :

Either this bug needs to be reopened, or bug #2037082 needs to be unmarked as a duplicate of it, because it also affects Ubuntu 22.04 with VirtualBox 6.1.50-dfsg-1~ubuntu1.22.04.1 on the 6.5.0-28-generic HWE kernel, but no fix was released there.

Revision history for this message
Joseph Sible (josephcsible) wrote :

Correction, bug #2049562 is the duplicate I meant.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.