lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202407121652.69e657c5-oliver.sang@intel.com>
Date: Fri, 12 Jul 2024 16:17:21 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Nicolas Pitre <npitre@...libre.com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, Linux Memory Management List
	<linux-mm@...ck.org>, Andrew Morton <akpm@...ux-foundation.org>, Uwe
 Kleine-König <u.kleine-koenig@...libre.com>, Biju Das
	<biju.das.jz@...renesas.com>, <linux-kernel@...r.kernel.org>,
	<oliver.sang@...el.com>
Subject: [linux-next:master] [mul_u64_u64_div_u64] 1266b1896f:
 UBSAN:shift-out-of-bounds_in_lib/math/div64.c



Hello,

kernel test robot noticed "UBSAN:shift-out-of-bounds_in_lib/math/div64.c" on:

commit: 1266b1896f98fbe5733b16858cc042b729b52ece ("mul_u64_u64_div_u64: make it precise always")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master

[test failed on linux-next/master f477dd6eede3ecedc8963478571d99ec3bf3f762]

in testcase: trinity
version: trinity-static-i386-x86_64-f93256fb_2019-08-28
with following parameters:

	runtime: 300s
	group: group-03
	nr_groups: 5



compiler: gcc-13
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)



If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202407121652.69e657c5-oliver.sang@intel.com


[  181.992621][ T3569] ------------[ cut here ]------------
[  181.993267][ T3569] UBSAN: shift-out-of-bounds in lib/math/div64.c:219:35
[  181.994037][ T3569] shift exponent 64 is too large for 64-bit type 'long long unsigned int'
[  181.994783][ T3569] CPU: 0 UID: 65534 PID: 3569 Comm: trinity-main Tainted: G S      W          6.10.0-rc6-00123-g1266b1896f98 #1
[  181.995795][ T3569] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN
[  181.996338][ T3569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  181.997262][ T3569] Call Trace:
[ 181.997559][ T3569] dump_stack_lvl (lib/dump_stack.c:122) 
[ 181.998005][ T3569] dump_stack (lib/dump_stack.c:129) 
[ 181.998376][ T3569] __ubsan_handle_shift_out_of_bounds (lib/ubsan.c:232 lib/ubsan.c:468) 
[ 181.998960][ T3569] ? __lock_acquire (kernel/locking/lockdep.c:5137 (discriminator 1)) 
[ 181.999435][ T3569] ? lock_acquire (kernel/locking/lockdep.c:467 (discriminator 4) kernel/locking/lockdep.c:5756 (discriminator 4) kernel/locking/lockdep.c:5719 (discriminator 4)) 
[ 181.999878][ T3569] mul_u64_u64_div_u64.cold (lib/math/div64.c:219 (discriminator 4)) 
[ 182.000403][ T3569] cputime_adjust (kernel/sched/cputime.c:604) 
[ 182.000854][ T3569] ? cputime_adjust (kernel/sched/cputime.c:604) 
[ 182.001298][ T3569] thread_group_cputime_adjusted (kernel/sched/cputime.c:635) 
[ 182.001753][ T3569] do_task_stat (fs/proc/array.c:582) 
[ 182.002166][ T3569] ? get_pid_task (include/linux/rcupdate.h:338 include/linux/rcupdate.h:811 kernel/pid.c:468) 
[ 182.002587][ T3569] ? proc_tid_stat (fs/proc/array.c:679) 
[ 182.003001][ T3569] proc_tgid_stat (fs/proc/array.c:681) 
[ 182.003401][ T3569] proc_single_show (include/linux/sched/task.h:127 fs/proc/base.c:780) 
[ 182.003827][ T3569] seq_read_iter (fs/seq_file.c:230) 
[ 182.004259][ T3569] seq_read (fs/seq_file.c:163) 
[ 182.004629][ T3569] ? seq_read_iter (fs/seq_file.c:152) 
[ 182.005057][ T3569] vfs_read (fs/read_write.c:474) 
[ 182.005419][ T3569] ? __task_pid_nr_ns (include/linux/rcupdate.h:338 include/linux/rcupdate.h:811 kernel/pid.c:514) 
[ 182.005862][ T3569] ? lock_release (kernel/locking/lockdep.c:467 (discriminator 4) kernel/locking/lockdep.c:5776 (discriminator 4)) 
[ 182.006285][ T3569] ? mutex_lock_nested (kernel/locking/mutex.c:805) 
[ 182.006741][ T3569] ksys_read (fs/read_write.c:620) 
[ 182.007147][ T3569] __ia32_sys_read (fs/read_write.c:627) 
[ 182.007590][ T3569] ia32_sys_call (arch/x86/entry/syscall_32.c:42) 
[ 182.008041][ T3569] do_int80_syscall_32 (arch/x86/entry/common.c:165 (discriminator 1) arch/x86/entry/common.c:339 (discriminator 1)) 
[ 182.008510][ T3569] ? syscall_exit_to_user_mode_prepare (kernel/entry/common.c:199 (discriminator 1)) 
[ 182.009087][ T3569] ? syscall_exit_to_user_mode (kernel/entry/common.c:221) 
[ 182.009588][ T3569] ? do_int80_syscall_32 (arch/x86/entry/common.c:343) 
[ 182.010049][ T3569] ? mutex_unlock (kernel/locking/mutex.c:549) 
[ 182.010449][ T3569] ? __f_unlock_pos (fs/file.c:1199) 
[ 182.010861][ T3569] ? ksys_read (include/linux/file.h:47 include/linux/file.h:83 fs/read_write.c:622) 
[ 182.011238][ T3569] ? syscall_exit_to_user_mode_prepare (kernel/entry/common.c:199 (discriminator 1)) 
[ 182.011844][ T3569] ? syscall_exit_to_user_mode (kernel/entry/common.c:221) 
[ 182.016479][ T3569] ? do_int80_syscall_32 (arch/x86/entry/common.c:343) 
[ 182.016985][ T3569] ? __lock_acquire (kernel/locking/lockdep.c:5137 (discriminator 1)) 
[ 182.017435][ T3569] ? __lock_acquire (kernel/locking/lockdep.c:5137 (discriminator 1)) 
[ 182.017885][ T3569] ? __lock_acquire (kernel/locking/lockdep.c:5137 (discriminator 1)) 
[ 182.018322][ T3569] ? lock_acquire (kernel/locking/lockdep.c:467 (discriminator 4) kernel/locking/lockdep.c:5756 (discriminator 4) kernel/locking/lockdep.c:5719 (discriminator 4)) 
[ 182.018725][ T3569] ? find_held_lock (kernel/locking/lockdep.c:5244 (discriminator 1)) 
[ 182.019160][ T3569] ? __lock_release+0x43/0x130 
[ 182.019647][ T3569] ? do_perf_sw_event+0xe3/0x1e0 
[ 182.020221][ T3569] ? do_perf_sw_event+0xe3/0x1e0 
[ 182.020740][ T3569] ? lock_release (kernel/locking/lockdep.c:467 (discriminator 4) kernel/locking/lockdep.c:5776 (discriminator 4)) 
[ 182.021151][ T3569] ? do_perf_sw_event+0xf2/0x1e0 
[ 182.021666][ T3569] ? ___perf_sw_event (kernel/events/core.c:9986) 
[ 182.022090][ T3569] ? look_up_lock_class (kernel/locking/lockdep.c:926 (discriminator 28)) 
[ 182.022552][ T3569] ? register_lock_class (kernel/locking/lockdep.c:1284) 
[ 182.023023][ T3569] ? __lock_acquire (kernel/locking/lockdep.c:5137 (discriminator 1)) 
[ 182.023470][ T3569] ? lock_acquire (kernel/locking/lockdep.c:467 (discriminator 4) kernel/locking/lockdep.c:5756 (discriminator 4) kernel/locking/lockdep.c:5719 (discriminator 4)) 
[ 182.023891][ T3569] ? __lock_acquire (kernel/locking/lockdep.c:5137 (discriminator 1)) 
[ 182.024353][ T3569] ? find_held_lock (kernel/locking/lockdep.c:5244 (discriminator 1)) 
[ 182.024766][ T3569] ? __lock_release+0x43/0x130 
[ 182.025263][ T3569] ? __f_unlock_pos (fs/file.c:1199) 
[ 182.025688][ T3569] ? __f_unlock_pos (fs/file.c:1199) 
[ 182.026126][ T3569] ? lock_release (kernel/locking/lockdep.c:467 (discriminator 4) kernel/locking/lockdep.c:5776 (discriminator 4)) 
[ 182.026538][ T3569] ? __mutex_unlock_slowpath (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/atomic/atomic-long.h:40 include/linux/atomic/atomic-instrumented.h:3189 kernel/locking/mutex.c:921) 
[ 182.027023][ T3569] ? seq_list_next_rcu (fs/seq_file.c:309) 
[ 182.027477][ T3569] ? mutex_unlock (kernel/locking/mutex.c:549) 
[ 182.027901][ T3569] ? __f_unlock_pos (fs/file.c:1199) 
[ 182.028416][ T3569] ? __ia32_sys_llseek (include/linux/file.h:47 include/linux/file.h:83 fs/read_write.c:350 fs/read_write.c:325 fs/read_write.c:325) 
[ 182.028892][ T3569] ? syscall_exit_to_user_mode_prepare (kernel/entry/common.c:199 (discriminator 1)) 
[ 182.029473][ T3569] ? syscall_exit_to_user_mode (kernel/entry/common.c:221) 
[ 182.029984][ T3569] ? do_int80_syscall_32 (arch/x86/entry/common.c:343) 
[ 182.030447][ T3569] ? up_read (kernel/locking/rwsem.c:1623) 
[ 182.030816][ T3569] ? irqentry_exit_to_user_mode (kernel/entry/common.c:234) 
[ 182.031338][ T3569] ? irqentry_exit (kernel/entry/common.c:367) 
[ 182.031743][ T3569] ? exc_page_fault (arch/x86/mm/fault.c:1543) 
[ 182.032174][ T3569] entry_INT80_32 (arch/x86/entry/entry_32.S:944) 
[  182.032569][ T3569] EIP: 0x8097522
[ 182.032881][ T3569] Code: 89 c8 c3 90 8d 74 26 00 85 c0 c7 01 01 00 00 00 75 d8 a1 cc 3c ad 08 eb d1 66 90 66 90 66 90 66 90 66 90 66 90 66 90 90 cd 80 <c3> 8d b6 00 00 00 00 8d bc 27 00 00 00 00 8b 10 a3 f4 3c ad 08 85
All code
========
   0:	89 c8                	mov    %ecx,%eax
   2:	c3                   	ret
   3:	90                   	nop
   4:	8d 74 26 00          	lea    0x0(%rsi,%riz,1),%esi
   8:	85 c0                	test   %eax,%eax
   a:	c7 01 01 00 00 00    	movl   $0x1,(%rcx)
  10:	75 d8                	jne    0xffffffffffffffea
  12:	a1 cc 3c ad 08 eb d1 	movabs 0x9066d1eb08ad3ccc,%eax
  19:	66 90 
  1b:	66 90                	xchg   %ax,%ax
  1d:	66 90                	xchg   %ax,%ax
  1f:	66 90                	xchg   %ax,%ax
  21:	66 90                	xchg   %ax,%ax
  23:	66 90                	xchg   %ax,%ax
  25:	66 90                	xchg   %ax,%ax
  27:	90                   	nop
  28:	cd 80                	int    $0x80
  2a:*	c3                   	ret		<-- trapping instruction
  2b:	8d b6 00 00 00 00    	lea    0x0(%rsi),%esi
  31:	8d bc 27 00 00 00 00 	lea    0x0(%rdi,%riz,1),%edi
  38:	8b 10                	mov    (%rax),%edx
  3a:	a3                   	.byte 0xa3
  3b:	f4                   	hlt
  3c:	3c ad                	cmp    $0xad,%al
  3e:	08                   	.byte 0x8
  3f:	85                   	.byte 0x85

Code starting with the faulting instruction
===========================================
   0:	c3                   	ret
   1:	8d b6 00 00 00 00    	lea    0x0(%rsi),%esi
   7:	8d bc 27 00 00 00 00 	lea    0x0(%rdi,%riz,1),%edi
   e:	8b 10                	mov    (%rax),%edx
  10:	a3                   	.byte 0xa3
  11:	f4                   	hlt
  12:	3c ad                	cmp    $0xad,%al
  14:	08                   	.byte 0x8
  15:	85                   	.byte 0x85


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240712/202407121652.69e657c5-oliver.sang@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ