linux icon indicating copy to clipboard operation
linux copied to clipboard
verified publisher icon openbmc

UBSAN: Undefined behaviour in percpu_ref_switch_to_atomic_rcu

Open shenki opened this issue 7 years ago • 0 comments

4.18.8-00344-gbb5e0c8 with UBSAN on ast2400

[   64.571124] ================================================================================
[   64.579700] UBSAN: Undefined behaviour in ./arch/arm/include/asm/atomic.h:235:1
[   64.587102] signed integer overflow:
[   64.590760] -2147483648 + -2147483646 cannot be represented in type 'int'
[   64.597669] CPU: 0 PID: 7 Comm: ksoftirqd/0 Tainted: G                T 4.18.8-00344-gbb5e0c8-dirty #21
[   64.607121] Hardware name: Generic DT based system
[   64.612140] [<8010c2cc>] (unwind_backtrace) from [<80108d70>] (show_stack+0x28/0x2c)
[   64.620083] [<80108d70>] (show_stack) from [<8088a518>] (dump_stack+0x24/0x2c)
[   64.627490] [<8088a518>] (dump_stack) from [<804852a0>] (ubsan_epilogue+0x18/0x4c)
[   64.635248] [<804852a0>] (ubsan_epilogue) from [<804858b0>] (handle_overflow+0x120/0x154)
[   64.643614] [<804858b0>] (handle_overflow) from [<80485914>] (__ubsan_handle_add_overflow+0x30/0x34)
[   64.652967] [<80485914>] (__ubsan_handle_add_overflow) from [<8044d148>] (percpu_ref_switch_to_atomic_rcu+0x124/0x1e0)
[   64.663889] [<8044d148>] (percpu_ref_switch_to_atomic_rcu) from [<8016e090>] (__rcu_process_callbacks+0xd0/0x104)
[   64.674354] [<8016e090>] (__rcu_process_callbacks) from [<8016e0ec>] (rcu_process_callbacks+0x28/0x58)
[   64.683850] [<8016e0ec>] (rcu_process_callbacks) from [<801022e4>] (__do_softirq+0xdc/0x420)
[   64.692480] [<801022e4>] (__do_softirq) from [<801206a8>] (run_ksoftirqd+0x44/0x5c)
[   64.700349] [<801206a8>] (run_ksoftirqd) from [<80148f88>] (smpboot_thread_fn+0x150/0x228)
[   64.708827] [<80148f88>] (smpboot_thread_fn) from [<80143158>] (kthread+0x12c/0x178)
[   64.716758] [<80143158>] (kthread) from [<801010e8>] (ret_from_fork+0x14/0x2c)
[   64.724068] Exception stack(0x9d4c3fb0 to 0x9d4c3ff8)
[   64.729251] 3fa0:                                     00000000 00000000 00000000 00000000
[   64.737589] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   64.745902] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[   64.752588] ================================================================================

0x8044d148 is arch/arm/include/asm/atomic.h:235

This line looks most suspicious:

        atomic_long_add((long)count - PERCPU_COUNT_BIAS, &ref->count);

shenki avatar Sep 15 '18 14:09 shenki