CVE-2024-49866

ODEBUG: init active (active state 0) object: ffff888237c2e108 object type: hrtimer hint: timerlat_irq+0x0/0x220
WARNING: CPU: 0 PID: 426 at lib/debugobjects.c:518 debug_print_object+0x7d/0xb0
Modules linked in:
CPU: 0 UID: 0 PID: 426 Comm: timerlat/1 Not tainted 6.11.0-rc7+ #45
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:debug_print_object+0x7d/0xb0
...
Call Trace:
 <TASK>
 ? __warn+0x7c/0x110
 ? debug_print_object+0x7d/0xb0
 ? report_bug+0xf1/0x1d0
 ? prb_read_valid+0x17/0x20
 ? handle_bug+0x3f/0x70
 ? exc_invalid_op+0x13/0x60
 ? asm_exc_invalid_op+0x16/0x20
 ? debug_print_object+0x7d/0xb0
 ? debug_print_object+0x7d/0xb0
 ? __pfx_timerlat_irq+0x10/0x10
 __debug_object_init+0x110/0x150
 hrtimer_init+0x1d/0x60
 timerlat_main+0xab/0x2d0
 ? __pfx_timerlat_main+0x10/0x10
 kthread+0xb7/0xe0
 ? __pfx_kthread+0x10/0x10
 ret_from_fork+0x2d/0x40
 ? __pfx_kthread+0x10/0x10
 ret_from_fork_asm+0x1a/0x30
 </TASK>

After tracing the scheduling event, it was discovered that the migration of the "timerlat/1" thread was performed during thread creation. Further analysis confirmed that it is because the CPU online processing for osnoise is implemented through workers, which is asynchronous with the offline processing. When the worker was scheduled to create a thread, the CPU may has already been removed from the cpuonlinemask during the offline process, resulting in the inability to select the right CPU:

To fix this, skip online processing if the CPU is already offline.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c8895e271f7994a3ecb13b8a280e39aa53879545

Fixed

322920b53dc11f9c2b33397eb3ae5bc6a175b60d

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c8895e271f7994a3ecb13b8a280e39aa53879545

Fixed

ce25f33ba89d6eefef64157655d318444580fa14

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c8895e271f7994a3ecb13b8a280e39aa53879545

Fixed

a6e9849063a6c8f4cb2f652a437e44e3ed24356c

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c8895e271f7994a3ecb13b8a280e39aa53879545

Fixed

a0d9c0cd5856191e095cf43a2e141b73945b7716

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c8895e271f7994a3ecb13b8a280e39aa53879545

Fixed

f72b451dc75578f644a3019c1489e9ae2c14e6c4

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c8895e271f7994a3ecb13b8a280e39aa53879545

Fixed

829e0c9f0855f26b3ae830d17b24aec103f7e915

Affected versions

v5.*

v5.13

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.100

v5.15.101

v5.15.102

v5.15.103

v5.15.104

v5.15.105

v5.15.106

v5.15.107

v5.15.108

v5.15.109

v5.15.11

v5.15.110

v5.15.111

v5.15.112

v5.15.113

v5.15.114

v5.15.115

v5.15.116

v5.15.117

v5.15.118

v5.15.119

v5.15.12

v5.15.120

v5.15.121

v5.15.122

v5.15.123

v5.15.124

v5.15.125

v5.15.126

v5.15.127

v5.15.128

v5.15.129

v5.15.13

v5.15.130

v5.15.131

v5.15.132

v5.15.133

v5.15.134

v5.15.135

v5.15.136

v5.15.137

v5.15.138

v5.15.139

v5.15.14

v5.15.140

v5.15.141

v5.15.142

v5.15.143

v5.15.144

v5.15.145

v5.15.146

v5.15.147

v5.15.148

v5.15.149

v5.15.15

v5.15.150

v5.15.151

v5.15.152

v5.15.153

v5.15.154

v5.15.155

v5.15.156

v5.15.157

v5.15.158

v5.15.159

v5.15.16

v5.15.160

v5.15.161

v5.15.162

v5.15.163

v5.15.164

v5.15.165

v5.15.166

v5.15.167

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.34

v5.15.35

v5.15.36

v5.15.37

v5.15.38

v5.15.39

v5.15.4

v5.15.40

v5.15.41

v5.15.42

v5.15.43

v5.15.44

v5.15.45

v5.15.46

v5.15.47

v5.15.48

v5.15.49

v5.15.5

v5.15.50

v5.15.51

v5.15.52

v5.15.53

v5.15.54

v5.15.55

v5.15.56

v5.15.57

v5.15.58

v5.15.59

v5.15.6

v5.15.60

v5.15.61

v5.15.62

v5.15.63

v5.15.64

v5.15.65

v5.15.66

v5.15.67

v5.15.68

v5.15.69

v5.15.7

v5.15.70

v5.15.71

v5.15.72

v5.15.73

v5.15.74

v5.15.75

v5.15.76

v5.15.77

v5.15.78

v5.15.79

v5.15.8

v5.15.80

v5.15.81

v5.15.82

v5.15.83

v5.15.84

v5.15.85

v5.15.86

v5.15.87

v5.15.88

v5.15.89

v5.15.9

v5.15.90

v5.15.91

v5.15.92

v5.15.93

v5.15.94

v5.15.95

v5.15.96

v5.15.97

v5.15.98

v5.15.99

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.100

v6.1.101

v6.1.102

v6.1.103

v6.1.104

v6.1.105

v6.1.106

v6.1.107

v6.1.108

v6.1.109

v6.1.11

v6.1.110

v6.1.111

v6.1.112

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.20

v6.1.21

v6.1.22

v6.1.23

v6.1.24

v6.1.25

v6.1.26

v6.1.27

v6.1.28

v6.1.29

v6.1.3

v6.1.30

v6.1.31

v6.1.32

v6.1.33

v6.1.34

v6.1.35

v6.1.36

v6.1.37

v6.1.38

v6.1.39

v6.1.4

v6.1.40

v6.1.41

v6.1.42

v6.1.43

v6.1.44

v6.1.45

v6.1.46

v6.1.47

v6.1.48

v6.1.49

v6.1.5

v6.1.50

v6.1.51

v6.1.52

v6.1.53

v6.1.54

v6.1.55

v6.1.56

v6.1.57

v6.1.58

v6.1.59

v6.1.6

v6.1.60

v6.1.61

v6.1.62

v6.1.63

v6.1.64

v6.1.65

v6.1.66

v6.1.67

v6.1.68

v6.1.69

v6.1.7

v6.1.70

v6.1.71

v6.1.72

v6.1.73

v6.1.74

v6.1.75

v6.1.76

v6.1.77

v6.1.78

v6.1.79

v6.1.8

v6.1.80

v6.1.81

v6.1.82

v6.1.83

v6.1.84

v6.1.85

v6.1.86

v6.1.87

v6.1.88

v6.1.89

v6.1.9

v6.1.90

v6.1.91

v6.1.92

v6.1.93

v6.1.94

v6.1.95

v6.1.96

v6.1.97

v6.1.98

v6.1.99

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.10.1

v6.10.10

v6.10.11

v6.10.12

v6.10.13

v6.10.2

v6.10.3

v6.10.4

v6.10.5

v6.10.6

v6.10.7

v6.10.8

v6.10.9

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.11.1

v6.11.2

v6.12-rc1

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.54

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2024-49866-1a24ae84",
            "signature_type": "Function",
            "target": {
                "file": "kernel/trace/trace_osnoise.c",
                "function": "osnoise_hotplug_workfn"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a6e9849063a6c8f4cb2f652a437e44e3ed24356c",
            "digest": {
                "function_hash": "23371142171245139830937009162153589666",
                "length": 402.0
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-49866-5e60f16d",
            "signature_type": "Line",
            "target": {
                "file": "kernel/trace/trace_osnoise.c"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ce25f33ba89d6eefef64157655d318444580fa14",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "198054442509677178462659679434350680572",
                    "247848521844309742148779226801301083012",
                    "34367597096675662170107298983143538996"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-49866-84af13ee",
            "signature_type": "Function",
            "target": {
                "file": "kernel/trace/trace_osnoise.c",
                "function": "osnoise_hotplug_workfn"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@322920b53dc11f9c2b33397eb3ae5bc6a175b60d",
            "digest": {
                "function_hash": "265009266345209956677767057251337202819",
                "length": 501.0
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-49866-8eb7fcfc",
            "signature_type": "Function",
            "target": {
                "file": "kernel/trace/trace_osnoise.c",
                "function": "osnoise_hotplug_workfn"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a0d9c0cd5856191e095cf43a2e141b73945b7716",
            "digest": {
                "function_hash": "23371142171245139830937009162153589666",
                "length": 402.0
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-49866-a1875370",
            "signature_type": "Line",
            "target": {
                "file": "kernel/trace/trace_osnoise.c"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a0d9c0cd5856191e095cf43a2e141b73945b7716",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "198054442509677178462659679434350680572",
                    "247848521844309742148779226801301083012",
                    "34367597096675662170107298983143538996"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-49866-a8c86086",
            "signature_type": "Line",
            "target": {
                "file": "kernel/trace/trace_osnoise.c"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@829e0c9f0855f26b3ae830d17b24aec103f7e915",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "198054442509677178462659679434350680572",
                    "247848521844309742148779226801301083012",
                    "34367597096675662170107298983143538996"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-49866-b213f190",
            "signature_type": "Line",
            "target": {
                "file": "kernel/trace/trace_osnoise.c"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a6e9849063a6c8f4cb2f652a437e44e3ed24356c",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "198054442509677178462659679434350680572",
                    "247848521844309742148779226801301083012",
                    "34367597096675662170107298983143538996"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-49866-c1132069",
            "signature_type": "Function",
            "target": {
                "file": "kernel/trace/trace_osnoise.c",
                "function": "osnoise_hotplug_workfn"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f72b451dc75578f644a3019c1489e9ae2c14e6c4",
            "digest": {
                "function_hash": "23371142171245139830937009162153589666",
                "length": 402.0
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-49866-c7c90a72",
            "signature_type": "Line",
            "target": {
                "file": "kernel/trace/trace_osnoise.c"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@322920b53dc11f9c2b33397eb3ae5bc6a175b60d",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "198054442509677178462659679434350680572",
                    "247848521844309742148779226801301083012",
                    "38337715940054114082929767336525223316"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-49866-e1d46cdb",
            "signature_type": "Function",
            "target": {
                "file": "kernel/trace/trace_osnoise.c",
                "function": "osnoise_hotplug_workfn"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@829e0c9f0855f26b3ae830d17b24aec103f7e915",
            "digest": {
                "function_hash": "23371142171245139830937009162153589666",
                "length": 402.0
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-49866-f10cb65e",
            "signature_type": "Line",
            "target": {
                "file": "kernel/trace/trace_osnoise.c"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f72b451dc75578f644a3019c1489e9ae2c14e6c4",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "198054442509677178462659679434350680572",
                    "247848521844309742148779226801301083012",
                    "34367597096675662170107298983143538996"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2024-49866-f44fedec",
            "signature_type": "Function",
            "target": {
                "file": "kernel/trace/trace_osnoise.c",
                "function": "osnoise_hotplug_workfn"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ce25f33ba89d6eefef64157655d318444580fa14",
            "digest": {
                "function_hash": "23371142171245139830937009162153589666",
                "length": 402.0
            },
            "deprecated": false,
            "signature_version": "v1"
        }
    ]
}

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.14.0

Fixed

5.15.168

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.113

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.55

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.10.14

Type: ECOSYSTEM
Events: Introduced

6.11.0

Fixed

6.11.3