| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210907132336.GB17617@xsang-OptiPlex-9020>
Date: Tue, 7 Sep 2021 21:23:36 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Vincent Guittot <vincent.guittot@...aro.org>
Cc: Peter Zijlstra <peterz@...radead.org>,
Valentin Schneider <valentin.schneider@....com>,
Mel Gorman <mgorman@...e.de>,
LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org,
lkp@...el.com, aubrey.li@...ux.intel.com, yu.c.chen@...el.com
Subject: [sched/fair] e9b9734b74:
UBSAN:shift-out-of-bounds_in_kernel/sched/fair.c
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: e9b9734b74656abb585a7f6fabf1d30ce00e51ea ("sched/fair: Reduce cases for active balance")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 32.516177][ C1] ================================================================================
[ 32.518142][ C1] UBSAN: shift-out-of-bounds in kernel/sched/fair.c:7741:14
[ 32.519764][ C1] shift exponent 111 is too large for 64-bit type 'long unsigned int'
[ 32.521337][ C1] CPU: 1 PID: 337 Comm: (sd-executor) Not tainted 5.11.0-rc2-00009-ge9b9734b7465 #1
[ 32.522980][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 32.528699][ C1] Call Trace:
[ 32.529366][ C1] <IRQ>
[ 32.529950][ C1] dump_stack+0xac/0xe3
[ 32.530839][ C1] ubsan_epilogue+0xa/0x4e
[ 32.531685][ C1] __ubsan_handle_shift_out_of_bounds+0x162/0x17d
[ 32.532878][ C1] ? can_migrate_task+0x4f2/0x890
[ 32.533859][ C1] load_balance.cold+0x17/0x25
[ 32.534738][ C1] ? lock_acquire+0xaf/0x400
[ 32.535586][ C1] rebalance_domains+0x351/0x550
[ 32.536587][ C1] __do_softirq+0xd3/0x558
[ 32.537417][ C1] asm_call_irq_on_stack+0xf/0x20
[ 32.538396][ C1] </IRQ>
[ 32.539033][ C1] do_softirq_own_stack+0x9d/0xb0
[ 32.539962][ C1] irq_exit_rcu+0xe0/0xf0
[ 32.540798][ C1] sysvec_apic_timer_interrupt+0x71/0xf0
[ 32.541805][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 32.542893][ C1] RIP: 0010:__slab_alloc+0x14/0x60
[ 32.543848][ C1] Code: ff ff ff e9 47 fa ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 53 48 83 ec 20 9c 5b fa f6 c7 02 75 0d e8 4e f7 ff ff 53 9d <48> 83 c4 20 5b c3 4c 89 44 24 18 48 89 4c 24 10 89 54 24 0c 89 74
[ 32.547146][ C1] RSP: 0018:ffffc90001cbfbc8 EFLAGS: 00000282
[ 32.548300][ C1] RAX: ffff8881456e27d8 RBX: 0000000000000282 RCX: 0000000000000006
[ 32.549836][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff813c4939
[ 32.551308][ C1] RBP: ffff8881008b11c0 R08: 0000000000000001 R09: 0000000000000001
[ 32.553506][ C1] R10: 0000000000000001 R11: 0000000000080000 R12: 0000000000000001
[ 32.555016][ C1] R13: 0000000000000000 R14: 0000000000002800 R15: ffffffff8139ae1c
[ 32.560568][ C1] ? anon_vma_clone+0x6c/0x2b0
[ 32.561556][ C1] ? __slab_alloc+0x59/0x60
[ 32.562394][ C1] ? anon_vma_clone+0x6c/0x2b0
[ 32.563296][ C1] kmem_cache_alloc+0x33a/0x3c0
[ 32.564252][ C1] anon_vma_clone+0x6c/0x2b0
[ 32.565132][ C1] anon_vma_fork+0x38/0x150
[ 32.565964][ C1] dup_mmap+0x449/0x620
[ 32.566798][ C1] dup_mm+0x63/0x120
[ 32.567639][ C1] copy_process+0x1b7e/0x2050
[ 32.568586][ C1] ? kvm_sched_clock_read+0x14/0x30
[ 32.569524][ C1] ? sched_clock+0x5/0x10
[ 32.570386][ C1] ? sched_clock_cpu+0x11e/0x150
[ 32.571321][ C1] kernel_clone+0xb8/0xa20
[ 32.572206][ C1] ? kvm_sched_clock_read+0x14/0x30
[ 32.573140][ C1] ? sched_clock+0x5/0x10
[ 32.573943][ C1] ? sched_clock_cpu+0x11e/0x150
[ 32.574845][ C1] ? __might_fault+0x47/0xa0
[ 32.575711][ C1] __do_sys_clone+0x66/0x80
[ 32.580655][ C1] do_syscall_64+0x52/0x60
[ 32.581569][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 32.582621][ C1] RIP: 0033:0x7fa44a0ae7be
[ 32.583445][ C1] Code: db 0f 85 25 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 b6 00 00 00 41 89 c4 85 c0 0f 85 c3 00 00
[ 32.586835][ C1] RSP: 002b:00007ffce49cc6f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 32.588340][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa44a0ae7be
[ 32.589777][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 32.591207][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fa448f21940
[ 32.592654][ C1] R10: 00007fa448f21c10 R11: 0000000000000246 R12: 0000000000000020
[ 32.594231][ C1] R13: 00007fa449f1741c R14: 00007ffce49cc8b8 R15: 0000000000000001
[ 32.595648][ C1] ================================================================================
To reproduce:
# build kernel
cd linux
cp config-5.11.0-rc2-00009-ge9b9734b7465 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.11.0-rc2-00009-ge9b9734b7465" of type "text/plain" (134619 bytes)
View attachment "job-script" of type "text/plain" (4683 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (18420 bytes)
Powered by blists - more mailing lists