linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Toralf Förster" <toralf.foerster@gmx.de>
To: Randy Dunlap <rdunlap@infradead.org>, jgg@ziepe.ca
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
	Linux MM <linux-mm@kvack.org>
Subject: Re: 5.10.1: UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:1
Date: Fri, 18 Dec 2020 11:20:47 +0100	[thread overview]
Message-ID: <43d52285-a10e-692d-daa6-6f5eb07e3132@gmx.de> (raw)
In-Reply-To: <5c172fad-a9cf-c29d-0a27-f2b0505dc33d@infradead.org>

On 12/18/20 7:54 AM, Randy Dunlap wrote:
> Hi,
>
> [adding linux-mm]
>
> On 12/16/20 1:54 AM, Toralf Förster wrote:
>> Hi,
>>
>> I got this recently at this hardened Gentoo Linux server:
>>
>> Linux mr-fox 5.10.1 #1 SMP Tue Dec 15 22:09:42 CET 2020 x86_64 Intel(R)
>> Xeon(R) CPU E5-1650 v3 @ 3.50GHz GenuineIntel GNU/Linux
>>
>>
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.206972]
>> ================================================================================
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.206977] UBSAN: shift-out-of-bounds
>> in ./include/linux/log2.h:57:13
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.206980] shift exponent 64 is too
>> large for 64-bit type 'long unsigned int'
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.206982] CPU: 11 PID: 21051 Comm:
>> cc1 Tainted: G                T 5.10.1 #1
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.206984] Hardware name: ASUSTeK
>> COMPUTER INC. Z10PA-U8 Series/Z10PA-U8 Series, BIOS 3703 08/02/2018
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.206985] Call Trace:
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.206993]  dump_stack+0x57/0x6a
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.206996]  ubsan_epilogue+0x5/0x40
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.206999]
>> __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207002]
>> ondemand_readahead.cold+0x16/0x21
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207007]
>> generic_file_buffered_read+0x452/0x890
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207011]  new_sync_read+0x156/0x200
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207014]  vfs_read+0xf8/0x190
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207016]  ksys_read+0x65/0xe0
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207018]  do_syscall_64+0x33/0x40
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207021]
>> entry_SYSCALL_64_after_hwframe+0x44/0xa9
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207024] RIP: 0033:0x7f01b2df198e
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207026] Code: c0 e9 b6 fe ff ff 50
>> 48 8d 3d 66 c3 09 00 e8 59 e2 01 00 66 0f 1f 84 00 00 00 00 00 64 8b 04
>> 25 18 00 00 00 85 c0 75 14 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 66 0f 1f
>> 84 00 00 00 00 00 48 83 ec 28
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207028] RSP: 002b:00007fff2167e998
>> EFLAGS: 00000246 ORIG_RAX: 0000000000000000
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207030] RAX: ffffffffffffffda RBX:
>> 0000000000000000 RCX: 00007f01b2df198e
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207032] RDX: 0000000000000000 RSI:
>> 00000000054dcc50 RDI: 0000000000000004
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207033] RBP: 00000000054dcc50 R08:
>> 00000000054dcc50 R09: 0000000000000000
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207034] R10: 0000000000000000 R11:
>> 0000000000000246 R12: 00000000054dc3b0
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207035] R13: 0000000000008000 R14:
>> 00000000054c9800 R15: 0000000000000000
>> Dec 15 23:31:51 mr-fox kernel: [ 1974.207037]
>> ================================================================================
>>
>>
>> Known issue ?
>
> Not that I have heard about, but that's not conclusive.
>
> Looks to me like this is in mm/readahead.c:
>
> static unsigned long get_init_ra_size(unsigned long size, unsigned long max)
> {
> 	unsigned long newsize = roundup_pow_of_two(size);
>
>
> What filesystem?  What workload?

/ is a 32 GB ext4 filesystem.
Data are at 3 BTRFS filesystems, 1x 500 GB and 2x 1.6TB.

2 Tor relays run at 100% each and utilizes the 1 GBit/s by 50%-60% [1]

7 build bots are running over the Gentoo software repostory [2]
1 AFL bot fuzzies the Tor sources.
Those 8 jobs are contained by a cgroup of 9 CPUs and 120 GB RAM [3],
each job is contained further by an own sub cgroup of 1.5 CPU and 20 GB
RAM [4]

The host is monitored using sysstat, the load is about 11.8, CPU[all] at
80%, proc/s at 1800, cswchs/s at 20000 and so on.


[1] https://metrics.torproject.org/rs.html#search/zwiebeltoralf
[2] https://zwiebeltoralf.de/tinderbox.html
[3] https://github.com/toralf/tinderbox/blob/master/bin/cgroup.sh
[4] https://github.com/toralf/tinderbox/blob/master/bin/bwrap.sh#L15

--
Toralf

  reply	other threads:[~2020-12-18 10:22 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-16  9:54 5.10.1: UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:1 Toralf Förster
2020-12-18  6:54 ` Randy Dunlap
2020-12-18 10:20   ` Toralf Förster [this message]
2020-12-20  1:09     ` Randy Dunlap
2020-12-20 10:34       ` Toralf Förster

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43d52285-a10e-692d-daa6-6f5eb07e3132@gmx.de \
    --to=toralf.foerster@gmx.de \
    --cc=jgg@ziepe.ca \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=rdunlap@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).