* [freescale-fslc:pr/562] [mm] 31df8bc4d3: UBSAN:signed-integer-overflow_in_include/linux/atomic-arch-fallback.h
@ 2024-11-12 14:32 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2024-11-12 14:32 UTC (permalink / raw)
To: Otavio Salvador; +Cc: oe-lkp, lkp, oliver.sang
Hello,
kernel test robot noticed "UBSAN:signed-integer-overflow_in_include/linux/atomic-arch-fallback.h" on:
commit: 31df8bc4d3feca9f9c6b2cd06fd64a111ae1a0e6 ("mm: memcontrol: slab: fix obtain a reference to a freeing memcg")
https://github.com/Freescale/linux-fslc pr/562
in testcase: boot
config: i386-randconfig-011-20241105
compiler: clang-19
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+-----------------------------------------------------------------------+------------+------------+
| | 2e95bc6cfe | 31df8bc4d3 |
+-----------------------------------------------------------------------+------------+------------+
| UBSAN:null-ptr-deref_in_drivers/acpi/acpica/tbfadt.c | 6 | 6 |
| UBSAN:array-index-out-of-bounds_in_mm/memcontrol.c | 6 | 6 |
| UBSAN:array-index-out-of-bounds_in_net/core/net_namespace.c | 6 | 6 |
| UBSAN:array-index-out-of-bounds_in_include/net/netns/generic.h | 6 | 6 |
| UBSAN:array-index-out-of-bounds_in_drivers/acpi/pci_link.c | 6 | 6 |
| UBSAN:array-index-out-of-bounds_in_include/linux/memcontrol.h | 6 | 6 |
| UBSAN:array-index-out-of-bounds_in_net/ipv4/fib_trie.c | 6 | 6 |
| UBSAN:array-index-out-of-bounds_in_mm/mmu_gather.c | 6 | 6 |
| UBSAN:signed-integer-overflow_in_include/linux/atomic-arch-fallback.h | 0 | 6 |
+-----------------------------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202411122156.5144de50-lkp@intel.com
[ OK ] Finished Helper to synchronize boot up for ifupdown.
Starting Raise network interfaces...
[ 12.786427][ C0] ================================================================================
[ 12.787953][ C0] UBSAN: signed-integer-overflow in include/linux/atomic-arch-fallback.h:1093:45
[ 12.789450][ C0] 2147483647 + 1 cannot be represented in type 'int'
[ 12.790363][ C0] CPU: 0 PID: 194 Comm: ifup Not tainted 5.10.36-00517-g31df8bc4d3fe #1
[ 12.791536][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 12.792961][ C0] Call Trace:
[ 12.793478][ C0] <SOFTIRQ>
[ 12.794000][ C0] dump_stack (arch/x86/include/asm/atomic.h:41 include/asm-generic/atomic-instrumented.h:46 lib/dump_stack.c:121)
[ 12.794622][ C0] ? handle_overflow (lib/ubsan.c:183)
[ 12.795336][ C0] handle_overflow (lib/ubsan.c:149 lib/ubsan.c:189)
[ 12.796024][ C0] ? lock_acquire (kernel/locking/lockdep.c:5444)
[ 12.796725][ C0] ? memcg_free_shrinker_map_rcu (include/linux/rcupdate.h:255)
[ 12.797534][ C0] ? memcg_free_shrinker_map_rcu (include/linux/rcupdate.h:255)
[ 12.798340][ C0] __ubsan_handle_add_overflow (lib/ubsan.c:196)
[ 12.799140][ C0] percpu_ref_tryget (include/linux/atomic-arch-fallback.h:1093 include/linux/atomic-arch-fallback.h:1113 include/asm-generic/atomic-instrumented.h:789 include/asm-generic/atomic-long.h:985 include/linux/percpu-refcount.h:247 include/linux/percpu-refcount.h:266)
[ 12.799861][ C0] drain_obj_stock (mm/memcontrol.c:3170)
[ 12.800557][ C0] refill_obj_stock (mm/memcontrol.c:3227)
[ 12.801271][ C0] obj_cgroup_uncharge (mm/memcontrol.c:3275)
[ 12.801984][ C0] memcg_slab_free_hook (mm/slab.h:383)
[ 12.802733][ C0] ? sock_free_inode (net/socket.c:275)
[ 12.803439][ C0] kmem_cache_free (mm/slub.c:3095)
[ 12.804136][ C0] sock_free_inode (net/socket.c:275)
[ 12.804824][ C0] i_callback (fs/inode.c:226)
[ 12.805450][ C0] rcu_core (kernel/rcu/tree.c:2486)
[ 12.806085][ C0] rcu_core_si (kernel/rcu/tree.c:2733)
[ 12.806707][ C0] __do_softirq (kernel/softirq.c:298 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)
[ 12.807369][ C0] ? do_softirq_own_stack (arch/x86/kernel/irq_32.c:59 arch/x86/kernel/irq_32.c:148)
[ 12.808086][ C0] ? __entry_text_end (kernel/softirq.c:256)
[ 12.808765][ C0] do_softirq_own_stack (arch/x86/kernel/irq_32.c:59 arch/x86/kernel/irq_32.c:148)
[ 12.809481][ C0] </SOFTIRQ>
[ 12.809996][ C0] ? sysvec_call_function_single (arch/x86/kernel/apic/apic.c:1095)
[ 12.810833][ C0] __irq_exit_rcu (kernel/softirq.c:395 kernel/softirq.c:423)
[ 12.811527][ C0] irq_exit_rcu (kernel/softirq.c:437)
[ 12.812160][ C0] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1095)
[ 12.812988][ C0] handle_exception (arch/x86/entry/entry_32.S:1172)
[ 12.813702][ C0] EIP: _raw_spin_unlock_irqrestore (arch/x86/include/asm/preempt.h:84 include/linux/spinlock_api_smp.h:161 kernel/locking/spinlock.c:191)
[ 12.814549][ C0] Code: 89 d6 8b 55 c0 10 e8 eb c0 10 e8 eb f8 e8 44 83 f8 e8 44 83 00 02 00 00 00 02 00 00 b4 5a ff 89 b4 5a ff 89 f4 9d 64 ff f4 9d <64> ff c2 83 c4 04 c2 83 c4 04 66 90 55 89 66 90 55 89 04 89 c6 83
All code
========
0: 89 d6 mov %edx,%esi
2: 8b 55 c0 mov -0x40(%rbp),%edx
5: 10 e8 adc %ch,%al
7: eb c0 jmp 0xffffffffffffffc9
9: 10 e8 adc %ch,%al
b: eb f8 jmp 0x5
d: e8 44 83 f8 e8 call 0xffffffffe8f88356
12: 44 83 00 02 rex.R addl $0x2,(%rax)
16: 00 00 add %al,(%rax)
18: 00 02 add %al,(%rdx)
1a: 00 00 add %al,(%rax)
1c: b4 5a mov $0x5a,%ah
1e: ff 89 b4 5a ff 89 decl -0x7600a54c(%rcx)
24: f4 hlt
25: 9d popf
26: 64 ff f4 fs push %rsp
29: 9d popf
2a:* 64 ff c2 fs inc %edx <-- trapping instruction
2d: 83 c4 04 add $0x4,%esp
30: c2 83 c4 ret $0xc483
33: 04 66 add $0x66,%al
35: 90 nop
36: 55 push %rbp
37: 89 66 90 mov %esp,-0x70(%rsi)
3a: 55 push %rbp
3b: 89 04 89 mov %eax,(%rcx,%rcx,4)
3e: c6 .byte 0xc6
3f: 83 .byte 0x83
Code starting with the faulting instruction
===========================================
0: 64 ff c2 fs inc %edx
3: 83 c4 04 add $0x4,%esp
6: c2 83 c4 ret $0xc483
9: 04 66 add $0x66,%al
b: 90 nop
c: 55 push %rbp
d: 89 66 90 mov %esp,-0x70(%rsi)
10: 55 push %rbp
11: 89 04 89 mov %eax,(%rcx,%rcx,4)
14: c6 .byte 0xc6
15: 83 .byte 0x83
[ 12.817126][ C0] EAX: 000020b9 EBX: c3a88040 ECX: 00000000 EDX: 00000000
[ 12.818119][ C0] ESI: 00200206 EDI: c30b65f8 EBP: ecdb3e88 ESP: ecdb3e7c
[ 12.819126][ C0] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00200206
[ 12.820214][ C0] ? sysvec_call_function_single (arch/x86/kernel/apic/apic.c:1095)
[ 12.821044][ C0] ? sysvec_call_function_single (arch/x86/kernel/apic/apic.c:1095)
[ 12.821853][ C0] ? _raw_spin_unlock_irqrestore (arch/x86/include/asm/preempt.h:84 include/linux/spinlock_api_smp.h:161 kernel/locking/spinlock.c:191)
[ 12.822674][ C0] debug_check_no_obj_freed (lib/debugobjects.c:997)
[ 12.823470][ C0] slab_free_freelist_hook (mm/slub.c:1533 mm/slub.c:1574)
[ 12.824257][ C0] ? putname (fs/namei.c:260)
[ 12.824893][ C0] kmem_cache_free (mm/slub.c:3139)
[ 12.825584][ C0] putname (fs/namei.c:260)
[ 12.826185][ C0] do_execveat_common (fs/exec.c:1922)
[ 12.826886][ C0] ? getname_flags (fs/namei.c:149)
[ 12.827536][ C0] __ia32_sys_execve (fs/exec.c:2054)
[ 12.828185][ C0] __do_fast_syscall_32 (arch/x86/entry/common.c:77 arch/x86/entry/common.c:140)
[ 12.828908][ C0] do_fast_syscall_32 (arch/x86/entry/common.c:165)
[ 12.829624][ C0] do_SYSENTER_32 (arch/x86/entry/common.c:208)
[ 12.830296][ C0] entry_SYSENTER_32 (arch/x86/entry/entry_32.S:953)
[ 12.830974][ C0] EIP: 0xb7fba0b0
[ 12.831528][ C0] Code: Unable to access opcode bytes at RIP 0xb7fba086.
Code starting with the faulting instruction
===========================================
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241112/202411122156.5144de50-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-11-12 14:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-12 14:32 [freescale-fslc:pr/562] [mm] 31df8bc4d3: UBSAN:signed-integer-overflow_in_include/linux/atomic-arch-fallback.h kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.