From: Stephen Hemminger <stephen@networkplumber.org>
To: trond.myklebust@hammerspace.com, anna.schumaker@netapp.com,
jlayton@kernel.org
Cc: linux-nfs@vger.kernel.org
Subject: Fw: [Bug 200187] New: UBSAN: Undefined behaviour in net/sunrpc/xprt.c:568
Date: Fri, 22 Jun 2018 09:53:57 -0700 [thread overview]
Message-ID: <20180622095357.3969e951@xeon-e3> (raw)
Begin forwarded message:
Date: Fri, 22 Jun 2018 15:09:48 +0000
From: bugzilla-daemon@bugzilla.kernel.org
To: stephen@networkplumber.org
Subject: [Bug 200187] New: UBSAN: Undefined behaviour in net/sunrpc/xprt.c:568
https://bugzilla.kernel.org/show_bug.cgi?id=200187
Bug ID: 200187
Summary: UBSAN: Undefined behaviour in net/sunrpc/xprt.c:568
Product: Networking
Version: 2.5
Kernel Version: v4.18-rc2
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Other
Assignee: stephen@networkplumber.org
Reporter: icytxw@gmail.com
Regression: No
It seems like that to->to_retries to large while shift exponent.
if (to->to_exponential)
req->rq_majortimeo <<= to->to_retries;
else
================================================================================
UBSAN: Undefined behaviour in net/sunrpc/xprt.c:568:22
shift exponent 536870976 is too large for 64-bit type 'long unsigned int'
CPU: 0 PID: 21219 Comm: syz-executor1 Not tainted 4.18.0-rc1 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x122/0x1c8 lib/dump_stack.c:113
ubsan_epilogue+0x12/0x86 lib/ubsan.c:159
__ubsan_handle_shift_out_of_bounds+0x29a/0x2ff lib/ubsan.c:425
xprt_reset_majortimeo+0x323/0x440 net/sunrpc/xprt.c:568
xprt_request_init+0x4d2/0x730 net/sunrpc/xprt.c:1330
call_reserveresult+0x9d/0x240 net/sunrpc/clnt.c:1549
__rpc_execute+0x23a/0xc20 net/sunrpc/sched.c:784
rpc_execute+0xf5/0x250 net/sunrpc/sched.c:852
rpc_run_task+0x4a1/0x9f0 net/sunrpc/clnt.c:1053
rpc_call_sync+0xcf/0x1a0 net/sunrpc/clnt.c:1082
rpc_ping+0xde/0x140 net/sunrpc/clnt.c:2514
rpc_create_xprt+0x1e8/0x590 net/sunrpc/clnt.c:479
rpc_create+0x3a9/0x600 net/sunrpc/clnt.c:587
nfs_create_rpc_client+0x3a1/0x4d0 fs/nfs/client.c:523
nfs_init_client+0x7b/0x100 fs/nfs/client.c:634
nfs_get_client+0xa74/0x1440 fs/nfs/client.c:425
nfs_init_server+0x236/0xdf0 fs/nfs/client.c:670
nfs_create_server+0x9a/0x750 fs/nfs/client.c:953
nfs_try_mount+0x270/0xaf0 fs/nfs/super.c:1884
nfs_fs_mount+0x151f/0x30e0 fs/nfs/super.c:2695
mount_fs+0xaf/0x330 fs/super.c:1277
vfs_kern_mount+0xfc/0x4d0 fs/namespace.c:1037
do_new_mount fs/namespace.c:2518 [inline]
do_mount+0x46f/0x2fa0 fs/namespace.c:2848
ksys_mount+0xb0/0x120 fs/namespace.c:3064
__do_sys_mount fs/namespace.c:3078 [inline]
__se_sys_mount fs/namespace.c:3075 [inline]
__x64_sys_mount+0xcc/0x170 fs/namespace.c:3075
do_syscall_64+0xb8/0x3a0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x455a09
Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83
eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f11c724ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f11c724b6d4 RCX: 0000000000455a09
RDX: 00000000200001c0 RSI: 0000000020000100 RDI: 0000000020000200
RBP: 000000000072bea0 R08: 0000000020000180 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000004d1 R14: 00000000006fc438 R15: 0000000000000000
================================================================================
rpcbind: RPC call returned error 22
rpcbind: RPC call returned error 22
rpcbind: RPC call returned error 22
rpcbind: RPC call returned error 22
rpcbind: RPC call returned error 22
FAT-fs (loop1): bogus number of reserved sectors
FAT-fs (loop1): Can't find a valid FAT filesystem
FAT-fs (loop1): bogus number of reserved sectors
FAT-fs (loop1): Can't find a valid FAT filesystem
FAT-fs (loop1): bogus number of reserved sectors
FAT-fs (loop1): Can't find a valid FAT filesystem
FAT-fs (loop1): bogus number of reserved sectors
FAT-fs (loop1): Can't find a valid FAT filesystem
FAT-fs (loop1): bogus number of reserved sectors
FAT-fs (loop1): Can't find a valid FAT filesystem
EXT4-fs (sda): re-mounted. Opts:
EXT4-fs (sda): re-mounted. Opts:
EXT4-fs (sda): re-mounted. Opts:
EXT4-fs (sda): re-mounted. Opts:
EXT4-fs (sda): re-mounted. Opts:
--
You are receiving this mail because:
You are the assignee for the bug.
next reply other threads:[~2018-06-22 16:54 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-22 16:53 Stephen Hemminger [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-07-06 21:21 Fw: [Bug 200187] New: UBSAN: Undefined behaviour in net/sunrpc/xprt.c:568 Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180622095357.3969e951@xeon-e3 \
--to=stephen@networkplumber.org \
--cc=anna.schumaker@netapp.com \
--cc=jlayton@kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.