Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp75146imu; Thu, 8 Nov 2018 05:16:20 -0800 (PST) X-Google-Smtp-Source: AJdET5fsLwJ6UU2x4YFfZkwESHo/gfM0ELfslXtLxUY/xxRKDw/DsSTnV3KVWlK1nrV3HkRLLOCW X-Received: by 2002:a62:2803:: with SMTP id o3-v6mr4594685pfo.57.1541682980837; Thu, 08 Nov 2018 05:16:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541682980; cv=none; d=google.com; s=arc-20160816; b=G9tCTXfs/+72eCzue9ofAVy6pyW2fqfTNNtbmrEs3wQrpLpfxO6sLfavoj9xvA3Qoo vycEgz679/nL0sVPBb/sBfwV8lqwJ0Df3vGK/KjDfrZlsW/3BuAwZh62pnX+byFPefId LFdQ4TdkdDP0bvAQSg0EKySpQyh5X4Wm5RV7Ey5saV7P1zJ4iJB9PoO8v6wlkIuFuu2k 22yk8pJHKXHWNmpPh9toci1tzhkF7h2+wy540fFBAkOce8HFaq2BxC5VO3O6sO3NOw0o AYXYTd8fjf2EAM2MV5TQrYqMeFkPtYV+zdwP87qoeA+HFTngx6cXs6+DFMD70WIz1PIh P30Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:date:message-id:subject:from:cc:to; bh=KoQQC7lOLvedUGhxiaHPteQxtfbDjWvhMgX+uHn7WR0=; b=zMEBOGJ2ueDO7IQo9z0sJK4zAdt2eve2xfk1eeYtGjCUGYe6lRFvL9cEQm+gIY3rwc EocUeeZHioxkam8lyoxvT+H8tUtAnFjSwnYiGYhZJmA7cPw0HpiNkVeQj3waz/c6bVDx sZr4DL+CJjQH1k4xjV4jKBFWiaVKP3G9/Ott50dxGGbpMKIa9ywNO4QQCoJp07mhZjUQ 6J3kEf6dtNnkFfIyif2NkLcMrT+Z+pdlr0chVvjZr6SY40GEWelCzljxd7vxX6c3wnG8 lnaxBBBzQBdfn4sE5itG3LaUboLv5nIXm658M1Vuy+djW2fBT2JbAEmRcpDGNRb8tFRQ KYZw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e17-v6si3302524pgb.19.2018.11.08.05.15.36; Thu, 08 Nov 2018 05:16:20 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726672AbeKHWsv (ORCPT + 99 others); Thu, 8 Nov 2018 17:48:51 -0500 Received: from szxga05-in.huawei.com ([45.249.212.191]:14638 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726375AbeKHWsv (ORCPT ); Thu, 8 Nov 2018 17:48:51 -0500 Received: from DGGEMS410-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id E6AFC4D53ECE4; Thu, 8 Nov 2018 21:13:20 +0800 (CST) Received: from [127.0.0.1] (10.177.21.79) by DGGEMS410-HUB.china.huawei.com (10.3.19.210) with Microsoft SMTP Server id 14.3.408.0; Thu, 8 Nov 2018 21:13:15 +0800 To: CC: , "Leizhen (ThunderTown, Euler)" , "Libin (Huawei)" From: Tan Xiaojun Subject: [Question] A UBSAN problem in stable-4.4 Message-ID: <5BE4366A.5020400@huawei.com> Date: Thu, 8 Nov 2018 21:13:14 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.177.21.79] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, all, I found the following problem (attached to the end) when testing stable-4.4 with Syzkaller. This is not an easy-to-trigger problem, so the tool does not generate code for recurring problems. >From the call stack, it is because the first parameter in ktime_sub is large, and the second parameter offset is a negative number, causing the final result to overflow into the sign bit and become a large negative number. -------------- ... ktime_t expires = ktime_sub(hrtimer_get_expires(timer), base->offset); ... -------------- But I don't know how to fix this problem. The mainline code is also different from stable-4.4, and I have not found a patch to fix this problem in the mainline repository. So I am a bit confused about how to fix it. Can anyone give me some advice? Thanks. Xiaojun. ================================================================================ UBSAN: Undefined behaviour in kernel/time/hrtimer.c:615:20 signed integer overflow: 9223372036854775807 - -495588161 cannot be represented in type 'long long int' CPU: 0 PID: 4542 Comm: syz-executor0 Not tainted 4.4.156-514.55.6.9.x86_64+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014 1ffff100391dbf45 ad071d3307b76e03 ffff8801c8edfab0 ffffffff81c9f586 0000000041b58ab3 ffffffff831fd4e6 ffffffff81c9f478 ffff8801c8edfad8 ffff8801c8edfa78 00000000000014a9 ad071d3307b76e03 ffffffff837fd660 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x10e/0x1a8 lib/dump_stack.c:51 [] ubsan_epilogue+0x12/0x8f lib/ubsan.c:164 [] handle_overflow+0x23e/0x299 lib/ubsan.c:195 [] __ubsan_handle_sub_overflow+0x2a/0x31 lib/ubsan.c:211 [] hrtimer_reprogram kernel/time/hrtimer.c:615 [inline] [] hrtimer_start_range_ns+0x1083/0x1580 kernel/time/hrtimer.c:1024 [] hrtimer_start include/linux/hrtimer.h:393 [inline] [] alarm_start+0xcf/0x130 kernel/time/alarmtimer.c:328 [] alarm_timer_set+0x296/0x4a0 kernel/time/alarmtimer.c:632 [] SYSC_timer_settime kernel/time/posix-timers.c:914 [inline] [] SyS_timer_settime+0x2be/0x3d0 kernel/time/posix-timers.c:885 [] entry_SYSCALL_64_fastpath+0x1e/0x9e ================================================================================ ================================================================================ UBSAN: Undefined behaviour in kernel/time/hrtimer.c:490:13 signed integer overflow: 9223372036854775807 - -495588161 cannot be represented in type 'long long int' CPU: 0 PID: 4542 Comm: syz-executor0 Not tainted 4.4.156-514.55.6.9.x86_64+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014 1ffff1003ed40f8b ad071d3307b76e03 ffff8801f6a07ce0 ffffffff81c9f586 0000000041b58ab3 ffffffff831fd4e6 ffffffff81c9f478 ffff8801f6a07d08 ffff8801f6a07ca8 000000000000000a ad071d3307b76e03 ffffffff837fd660 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x10e/0x1a8 lib/dump_stack.c:51 [] ubsan_epilogue+0x12/0x8f lib/ubsan.c:164 [] handle_overflow+0x23e/0x299 lib/ubsan.c:195 [] __ubsan_handle_sub_overflow+0x2a/0x31 lib/ubsan.c:211 [] __hrtimer_get_next_event+0x1da/0x2b0 kernel/time/hrtimer.c:490 [] hrtimer_interrupt+0x202/0x580 kernel/time/hrtimer.c:1361 [] local_apic_timer_interrupt+0x9d/0x150 arch/x86/kernel/apic/apic.c:901 [] smp_apic_timer_interrupt+0x80/0xb0 arch/x86/kernel/apic/apic.c:925 [] apic_timer_interrupt+0xa5/0xb0 arch/x86/entry/entry_64.S:563 [] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:812 [inline] [] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] [] ? _raw_spin_unlock_irqrestore+0x3b/0x60 kernel/locking/spinlock.c:191 [] unlock_timer include/linux/spinlock.h:362 [inline] [] SYSC_timer_settime kernel/time/posix-timers.c:916 [inline] [] SyS_timer_settime+0x2cf/0x3d0 kernel/time/posix-timers.c:885 [] entry_SYSCALL_64_fastpath+0x1e/0x9e ================================================================================