UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtpengine/12.2.1.5/build/xt_RTPENGINE.c:5156:32

rtpengine version the issue has been seen with

12.2.1.5-1~bpo12+1

Used distribution and its version

Debian 12

Linux kernel version used

6.8.2-zabbly+

CPU architecture issue was seen on (see `uname -m`)

x86_64

Expected behaviour you didn't see

No response

Unexpected behaviour you saw

Every so often I see a UBSAN call trace in my kernel logs related to the rtpengine kernel module. Call trace is attached.

Steps to reproduce the problem

We see it happen occasionally when running production traffic. I have not determined a specific trigger.

Additional program output to the terminal or logs illustrating the issue

[Tue Apr  2 10:42:33 2024] ------------[ cut here ]------------
[Tue Apr  2 10:42:33 2024] UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtpengine/12.2.1.5/build/xt_RTPENGINE.c:5156:32
[Tue Apr  2 10:42:33 2024] index -1 is out of range for type 'rtpengine_pt_input [32]'
[Tue Apr  2 10:42:33 2024] CPU: 5 PID: 0 Comm: swapper/5 Tainted: G           OE      6.8.2-zabbly+ #debian12
[Tue Apr  2 10:42:33 2024] Hardware name: TYAN GT62F-B8026-LE/S8026-LE, BIOS V2.02.B40 03/19/2020
[Tue Apr  2 10:42:33 2024] Call Trace:
[Tue Apr  2 10:42:33 2024]  <IRQ>
[Tue Apr  2 10:42:33 2024]  dump_stack_lvl+0x48/0x70
[Tue Apr  2 10:42:33 2024]  dump_stack+0x10/0x20
[Tue Apr  2 10:42:33 2024]  __ubsan_handle_out_of_bounds+0xc6/0x110
[Tue Apr  2 10:42:33 2024]  rtpengine46+0x13d9/0x1430 [xt_RTPENGINE]
[Tue Apr  2 10:42:33 2024]  rtpengine4+0x13b/0x190 [xt_RTPENGINE]
[Tue Apr  2 10:42:33 2024]  nft_target_eval_xt+0x66/0xb0 [nft_compat]
[Tue Apr  2 10:42:33 2024]  nft_do_chain+0xf7/0x820 [nf_tables]
[Tue Apr  2 10:42:33 2024]  ? fib_validate_source+0x65/0x140
[Tue Apr  2 10:42:33 2024]  nft_do_chain_ipv4+0x6e/0x90 [nf_tables]
[Tue Apr  2 10:42:33 2024]  nf_hook_slow+0x43/0x120
[Tue Apr  2 10:42:33 2024]  ip_local_deliver+0xe3/0x120
[Tue Apr  2 10:42:33 2024]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[Tue Apr  2 10:42:33 2024]  ip_sublist_rcv_finish+0x6f/0x80
[Tue Apr  2 10:42:33 2024]  ip_sublist_rcv+0x178/0x230
[Tue Apr  2 10:42:33 2024]  ? __pfx_ip_rcv_finish+0x10/0x10
[Tue Apr  2 10:42:33 2024]  ip_list_rcv+0x102/0x140
[Tue Apr  2 10:42:33 2024]  __netif_receive_skb_list_core+0x22d/0x250
[Tue Apr  2 10:42:33 2024]  netif_receive_skb_list_internal+0x1a3/0x2d0
[Tue Apr  2 10:42:33 2024]  napi_complete_done+0x74/0x1c0
[Tue Apr  2 10:42:33 2024]  ixgbe_poll+0xf1d/0x1440 [ixgbe]
[Tue Apr  2 10:42:33 2024]  __napi_poll+0x30/0x1f0
[Tue Apr  2 10:42:33 2024]  net_rx_action+0x181/0x2e0
[Tue Apr  2 10:42:33 2024]  __do_softirq+0xde/0x363
[Tue Apr  2 10:42:33 2024]  __irq_exit_rcu+0x75/0xa0
[Tue Apr  2 10:42:33 2024]  irq_exit_rcu+0xe/0x20
[Tue Apr  2 10:42:33 2024]  common_interrupt+0xa4/0xb0
[Tue Apr  2 10:42:33 2024]  </IRQ>
[Tue Apr  2 10:42:33 2024]  <TASK>
[Tue Apr  2 10:42:33 2024]  asm_common_interrupt+0x27/0x40
[Tue Apr  2 10:42:33 2024] RIP: 0010:cpuidle_enter_state+0xda/0x720
[Tue Apr  2 10:42:33 2024] Code: 2c 04 ff e8 78 f3 ff ff 8b 53 04 49 89 c7 0f 1f 44 00 00 31 ff e8 d6 fe 02 ff 80 7d d0 00 0f 85 61 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 f7 01 00 00 4d 63 ee 49 83 fd 09 0f 87 19 05 00 00
[Tue Apr  2 10:42:33 2024] RSP: 0018:ffffab62800efe28 EFLAGS: 00000246
[Tue Apr  2 10:42:33 2024] RAX: 0000000000000000 RBX: ffff9c1944c6f800 RCX: 0000000000000000
[Tue Apr  2 10:42:33 2024] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000000
[Tue Apr  2 10:42:33 2024] RBP: ffffab62800efe78 R08: 0000000000000000 R09: 0000000000000000
[Tue Apr  2 10:42:33 2024] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffad8ebe40
[Tue Apr  2 10:42:33 2024] R13: 0000000000000001 R14: 0000000000000001 R15: 0000476ee70e9535
[Tue Apr  2 10:42:33 2024]  ? cpuidle_enter_state+0xca/0x720
[Tue Apr  2 10:42:33 2024]  cpuidle_enter+0x2e/0x50
[Tue Apr  2 10:42:33 2024]  call_cpuidle+0x23/0x60
[Tue Apr  2 10:42:33 2024]  do_idle+0x202/0x260
[Tue Apr  2 10:42:33 2024]  cpu_startup_entry+0x2a/0x30
[Tue Apr  2 10:42:33 2024]  start_secondary+0x129/0x160
[Tue Apr  2 10:42:33 2024]  secondary_startup_64_no_verify+0x184/0x18b
[Tue Apr  2 10:42:33 2024]  </TASK>
[Tue Apr  2 10:42:33 2024] ---[ end trace ]---

Anything else?

Let me know if you need any further details.

sipwise / rtpengine

UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtpengine/12.2.1.5/build/xt_RTPENGINE.c:5156:32 #1814

rtpengine version the issue has been seen with

Used distribution and its version

Linux kernel version used

CPU architecture issue was seen on (see `uname -m`)

Expected behaviour you didn't see

Unexpected behaviour you saw

Steps to reproduce the problem

Additional program output to the terminal or logs illustrating the issue

Anything else?

sipwise / rtpengine

UBSAN: array-index-out-of-bounds in /var/lib/dkms/rtpengine/12.2.1.5/build/xt_RTPENGINE.c:5156:32 #1814

rtpengine version the issue has been seen with

Used distribution and its version

Linux kernel version used

CPU architecture issue was seen on (see uname -m)

Expected behaviour you didn't see

Unexpected behaviour you saw

Steps to reproduce the problem

Additional program output to the terminal or logs illustrating the issue

Anything else?

CPU architecture issue was seen on (see `uname -m`)