From: kernel test robot <oliver.sang@intel.com>
To: Kees Cook <keescook@chromium.org>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>,
Justin Stitt <justinstitt@google.com>,
Miguel Ojeda <ojeda@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
"Peter Zijlstra" <peterz@infradead.org>,
Marco Elver <elver@google.com>, Hao Luo <haoluo@google.com>,
Przemek Kitszel <przemyslaw.kitszel@intel.com>,
<workflows@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<linux-kbuild@vger.kernel.org>, <oliver.sang@intel.com>
Subject: [kees:devel/overflow/sanitizers] [overflow] 660787b56e: UBSAN:signed-integer-overflow_in_lib/test_memcat_p.c
Date: Tue, 30 Jan 2024 22:52:56 +0800 [thread overview]
Message-ID: <202401302219.db90a6d5-oliver.sang@intel.com> (raw)
Hello,
kernel test robot noticed "UBSAN:signed-integer-overflow_in_lib/test_memcat_p.c" on:
commit: 660787b56e6e97ddc34c7882cbe1228f4040ef74 ("overflow: Reintroduce signed and unsigned overflow sanitizers")
https://git.kernel.org/cgit/linux/kernel/git/kees/linux.git devel/overflow/sanitizers
in testcase: boot
compiler: gcc-11
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
we noticed this commit is reintroducing "signed and unsigned overflow
sanitizers", there is below config diff between parent and this commit in our
buildings:
--- ea804316c9db5148d2bb0c1f40f70d7a83404638/.config 2024-01-26 22:09:35.046768122 +0800
+++ 660787b56e6e97ddc34c7882cbe1228f4040ef74/.config 2024-01-26 19:53:20.693434428 +0800
@@ -6706,6 +6706,7 @@ CONFIG_UBSAN_BOUNDS_STRICT=y
CONFIG_UBSAN_SHIFT=y
# CONFIG_UBSAN_DIV_ZERO is not set
CONFIG_UBSAN_UNREACHABLE=y
+CONFIG_UBSAN_SIGNED_WRAP=y
# CONFIG_UBSAN_BOOL is not set
# CONFIG_UBSAN_ENUM is not set
# CONFIG_UBSAN_ALIGNMENT is not set
while testing, we observed below different (and same part) between parent and
this commit:
ea804316c9db5148 660787b56e6e97ddc34c7882cbe
---------------- ---------------------------
fail:runs %reproduction fail:runs
| | |
6:6 0% 6:6 dmesg.UBSAN:shift-out-of-bounds_in_arch/x86/kernel/cpu/intel.c
6:6 0% 6:6 dmesg.UBSAN:shift-out-of-bounds_in_arch/x86/kernel/cpu/topology.c
6:6 0% 6:6 dmesg.UBSAN:shift-out-of-bounds_in_fs/namespace.c
6:6 0% 6:6 dmesg.UBSAN:shift-out-of-bounds_in_fs/read_write.c
6:6 0% 6:6 dmesg.UBSAN:shift-out-of-bounds_in_include/linux/rhashtable.h
6:6 0% 6:6 dmesg.UBSAN:shift-out-of-bounds_in_include/net/tcp.h
:6 100% 6:6 dmesg.UBSAN:signed-integer-overflow_in_lib/test_memcat_p.c
this looks like the commit uncovered issue. but since it's hard for us to back
port this commit to each commit while bisecting, we cannot capture the real
first bad commit. not sure if this report could help somebody to investigate
the real issue?
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202401302219.db90a6d5-oliver.sang@intel.com
[ 42.894536][ T1] ------------[ cut here ]------------
[ 42.895474][ T1] UBSAN: signed-integer-overflow in lib/test_memcat_p.c:47:10
[ 42.897128][ T1] 6570 * 725861 cannot be represented in type 'int'
[ 42.898391][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1-00007-g660787b56e6e #1
[ 42.899962][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 42.901661][ T1] Call Trace:
[ 42.902009][ T1] dump_stack_lvl (??:?)
[ 42.902009][ T1] dump_stack (??:?)
[ 42.902009][ T1] handle_overflow (ubsan.c:?)
[ 42.902009][ T1] ? kmemleak_alloc (??:?)
[ 42.902009][ T1] ? kmalloc_trace (??:?)
[ 42.902009][ T1] ? test_memcat_p_init (test_memcat_p.c:?)
[ 42.902009][ T1] __ubsan_handle_mul_overflow (??:?)
[ 42.902009][ T1] test_memcat_p_init (test_memcat_p.c:?)
[ 42.902009][ T1] ? trace_hardirqs_on (??:?)
[ 42.902009][ T1] ? _raw_spin_unlock_irqrestore (??:?)
[ 42.902009][ T1] ? test_string_helpers_init (test_memcat_p.c:?)
[ 42.902009][ T1] do_one_initcall (??:?)
[ 42.902009][ T1] ? parameq (??:?)
[ 42.902009][ T1] ? parse_args (??:?)
[ 42.902009][ T1] do_initcalls (main.c:?)
[ 42.902009][ T1] ? rdinit_setup (main.c:?)
[ 42.902009][ T1] kernel_init_freeable (main.c:?)
[ 42.902009][ T1] ? rest_init (main.c:?)
[ 42.902009][ T1] kernel_init (main.c:?)
[ 42.902009][ T1] ? schedule_tail (??:?)
[ 42.902009][ T1] ret_from_fork (??:?)
[ 42.902009][ T1] ? rest_init (main.c:?)
[ 42.902009][ T1] ret_from_fork_asm (??:?)
[ 42.902009][ T1] entry_INT80_32 (??:?)
[ 42.924183][ T1] ---[ end trace ]---
[ 42.925743][ T1] test_memcat_p: test passed
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240130/202401302219.db90a6d5-oliver.sang@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2024-01-30 14:53 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-30 14:52 kernel test robot [this message]
2024-01-31 0:23 ` [kees:devel/overflow/sanitizers] [overflow] 660787b56e: UBSAN:signed-integer-overflow_in_lib/test_memcat_p.c Kees Cook
2024-01-31 1:34 ` Oliver Sang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202401302219.db90a6d5-oliver.sang@intel.com \
--to=oliver.sang@intel.com \
--cc=elver@google.com \
--cc=haoluo@google.com \
--cc=justinstitt@google.com \
--cc=keescook@chromium.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=oe-lkp@lists.linux.dev \
--cc=ojeda@kernel.org \
--cc=peterz@infradead.org \
--cc=przemyslaw.kitszel@intel.com \
--cc=workflows@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.