Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1778150imu; Tue, 6 Nov 2018 04:18:09 -0800 (PST) X-Google-Smtp-Source: AJdET5cUVPNsRMI2CyvfCwTmDve0LlvWP8T/x/6FcbfF+mnTiiaRUenz2BjXvtwq4hmF+dakF5HN X-Received: by 2002:a63:ee4c:: with SMTP id n12mr22805782pgk.21.1541506688932; Tue, 06 Nov 2018 04:18:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541506688; cv=none; d=google.com; s=arc-20160816; b=pThNjdJjYT01HY8rroc7/eUxD5gZU/t1kWM0WXHvX1GMr8SlbYfpiTur08lKfa6Mtu 7d0hwXnowIAtPdsA09aToOgj2I1GHmfXb9fKourN9rRWtqBH8h4JUPPFZulkJ4jJsMSS LYgwnj+sQH+GLEqc15flLktUxXhvQKEcG7uj43C0YZY7iOScm1tyEIOKEs3zSbqjtYoi Xuy3YZvZnZwki56FcLHgGT7U1CXTXRBXPES5bzEpSunyhBD6duJFaTYLmSPtfLq55Hvx CNy1dbyuZni2KTkUaxu48sQRByNi7+VyTNcVrgLYbr3eTTY0c9q1/ufYwmO11Zd0nxIH weUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:date:message-id:subject:from:cc:to; bh=FbKxqZeXafec4JhD6sfUbKO7L/HohRy6wO0m7he4CbU=; b=lXzFFgFCVy5NmjsJkQ/bgY0WhHVi2vflnMQG1WDD/LfSojzkN8LG32yk+00I5sxuxP +2YXcofQfdiA3WLDOxAo004FxwtnmfHGZOjfEzyWsHN2epD69I4hRTiA+u71cxu47UBh huvg1vkP6rk6cgoBOjnGAHIF9RbWAx8BB0B9tCakZ2ADfeBNoQYPj0nW4GloHbSeFHfA F3REew8sL6FXR5Tfav0ezNxBeDcJMw6mP+cjw6W5ybTyg++L5W6x8lZXTzjsOGrQCezr EpppEusmcadX1zF1kzrQLU1jh2TuVRjH9suAX6Cm+opq00Juuarf9ek0l5yvRxAfGEDQ FxEQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v13si35603382pgn.355.2018.11.06.04.17.54; Tue, 06 Nov 2018 04:18:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730726AbeKFVa0 (ORCPT + 99 others); Tue, 6 Nov 2018 16:30:26 -0500 Received: from szxga06-in.huawei.com ([45.249.212.32]:56335 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726976AbeKFVa0 (ORCPT ); Tue, 6 Nov 2018 16:30:26 -0500 Received: from DGGEMS407-HUB.china.huawei.com (unknown [172.30.72.59]) by Forcepoint Email with ESMTP id 1F05C3BCD9377; Tue, 6 Nov 2018 20:05:30 +0800 (CST) Received: from [127.0.0.1] (10.177.21.79) by DGGEMS407-HUB.china.huawei.com (10.3.19.207) with Microsoft SMTP Server id 14.3.408.0; Tue, 6 Nov 2018 20:05:24 +0800 To: CC: , "Leizhen (ThunderTown, Euler)" , "Libin (Huawei)" From: Tan Xiaojun Subject: [Question] A UBSAN problem in stable-4.4 Message-ID: <5BE18383.9040806@huawei.com> Date: Tue, 6 Nov 2018 20:05:23 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.177.21.79] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, all, I found the following problem (attached to the end) when testing stable-4.4 with Syzkaller. This is not an easy-to-trigger problem, so the tool does not generate code for recurring problems. From the call stack, it is because the first parameter in ktime_sub is large, and the second parameter offset is a negative number, causing the final result to overflow into the sign bit and become a large negative number. -------------- ... ktime_t expires = ktime_sub(hrtimer_get_expires(timer), base->offset); ... -------------- But I don't know how to fix this problem. The mainline code is also different from stable-4.4, and I have not found a patch to fix this problem in the mainline repository. So I am a bit confused about how to fix it. Can anyone give me some advice? Thanks. Xiaojun. ================================================================================ UBSAN: Undefined behaviour in kernel/time/hrtimer.c:615:20 signed integer overflow: 9223372036854775807 - -495588161 cannot be represented in type 'long long int' CPU: 0 PID: 4542 Comm: syz-executor0 Not tainted 4.4.156-514.55.6.9.x86_64+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014 1ffff100391dbf45 ad071d3307b76e03 ffff8801c8edfab0 ffffffff81c9f586 0000000041b58ab3 ffffffff831fd4e6 ffffffff81c9f478 ffff8801c8edfad8 ffff8801c8edfa78 00000000000014a9 ad071d3307b76e03 ffffffff837fd660 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x10e/0x1a8 lib/dump_stack.c:51 [] ubsan_epilogue+0x12/0x8f lib/ubsan.c:164 [] handle_overflow+0x23e/0x299 lib/ubsan.c:195 [] __ubsan_handle_sub_overflow+0x2a/0x31 lib/ubsan.c:211 [] hrtimer_reprogram kernel/time/hrtimer.c:615 [inline] [] hrtimer_start_range_ns+0x1083/0x1580 kernel/time/hrtimer.c:1024 [] hrtimer_start include/linux/hrtimer.h:393 [inline] [] alarm_start+0xcf/0x130 kernel/time/alarmtimer.c:328 [] alarm_timer_set+0x296/0x4a0 kernel/time/alarmtimer.c:632 [] SYSC_timer_settime kernel/time/posix-timers.c:914 [inline] [] SyS_timer_settime+0x2be/0x3d0 kernel/time/posix-timers.c:885 [] entry_SYSCALL_64_fastpath+0x1e/0x9e ================================================================================ ================================================================================ UBSAN: Undefined behaviour in kernel/time/hrtimer.c:490:13 signed integer overflow: 9223372036854775807 - -495588161 cannot be represented in type 'long long int' CPU: 0 PID: 4542 Comm: syz-executor0 Not tainted 4.4.156-514.55.6.9.x86_64+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014 1ffff1003ed40f8b ad071d3307b76e03 ffff8801f6a07ce0 ffffffff81c9f586 0000000041b58ab3 ffffffff831fd4e6 ffffffff81c9f478 ffff8801f6a07d08 ffff8801f6a07ca8 000000000000000a ad071d3307b76e03 ffffffff837fd660 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x10e/0x1a8 lib/dump_stack.c:51 [] ubsan_epilogue+0x12/0x8f lib/ubsan.c:164 [] handle_overflow+0x23e/0x299 lib/ubsan.c:195 [] __ubsan_handle_sub_overflow+0x2a/0x31 lib/ubsan.c:211 [] __hrtimer_get_next_event+0x1da/0x2b0 kernel/time/hrtimer.c:490 [] hrtimer_interrupt+0x202/0x580 kernel/time/hrtimer.c:1361 [] local_apic_timer_interrupt+0x9d/0x150 arch/x86/kernel/apic/apic.c:901 [] smp_apic_timer_interrupt+0x80/0xb0 arch/x86/kernel/apic/apic.c:925 [] apic_timer_interrupt+0xa5/0xb0 arch/x86/entry/entry_64.S:563 [] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:812 [inline] [] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] [] ? _raw_spin_unlock_irqrestore+0x3b/0x60 kernel/locking/spinlock.c:191 [] unlock_timer include/linux/spinlock.h:362 [inline] [] SYSC_timer_settime kernel/time/posix-timers.c:916 [inline] [] SyS_timer_settime+0x2cf/0x3d0 kernel/time/posix-timers.c:885 [] entry_SYSCALL_64_fastpath+0x1e/0x9e ================================================================================