Re: 5.1-rc6: UBSAN: Undefined behaviour in mm/compaction.c:1167:30
From: Mel Gorman
Date: Tue Apr 23 2019 - 06:20:23 EST
On Mon, Apr 22, 2019 at 12:14:57PM +0300, Meelis Roos wrote:
> The warning UBSAN: Undefined behaviour in mm/compaction.c:1167:30 happened with 5.1-rc6 on UP 32-bit P4 PC with highmem.
>
> [ 95.135408] ================================================================================
> [ 95.135478] UBSAN: Undefined behaviour in mm/compaction.c:1167:30
> [ 95.135528] shift exponent 32 is too large for 32-bit type 'long unsigned int'
> [ 95.135579] CPU: 0 PID: 13 Comm: kcompactd0 Not tainted 5.1.0-rc6 #71
> [ 95.135626] Hardware name: MSI MS-6547 /MS-6547 , BIOS 07.00T
> [ 95.135681] Call Trace:
> [ 95.135742] dump_stack+0x16/0x1e
> [ 95.135791] ubsan_epilogue+0xb/0x29
> [ 95.135836] __ubsan_handle_shift_out_of_bounds.cold.14+0x20/0x6a
> [ 95.135887] ? page_vma_mapped_walk+0x125/0x410
> [ 95.135935] ? page_counter_cancel+0x16/0x30
> [ 95.135984] compaction_alloc.cold.43+0x56/0xbc
> [ 95.136033] ? free_unref_page_commit.isra.95+0x7a/0x80
> [ 95.136082] migrate_pages+0x99/0x732
> [ 95.136127] ? isolate_migratepages_block+0x940/0x940
> [ 95.136172] ? __ClearPageMovable+0x10/0x10
> [ 95.136217] compact_zone+0x7e2/0xb70
> [ 95.136262] ? compaction_suitable+0x49/0x60
> [ 95.136306] kcompactd_do_work+0xdb/0x1d0
> [ 95.136389] ? __switch_to_asm+0x26/0x4c
> [ 95.136470] kcompactd+0x4f/0x110
> [ 95.136550] ? wait_woken+0x60/0x60
> [ 95.136630] kthread+0xe5/0x100
> [ 95.136709] ? kcompactd_do_work+0x1d0/0x1d0
> [ 95.136789] ? kthread_create_worker_on_cpu+0x20/0x20
> [ 95.136870] ret_from_fork+0x2e/0x38
> [ 95.136949] ================================================================================
>
> It is not reproducible at will - did not happen on 2 next reboots, so it probably originates
> from an earlier version.
>
A fix for this is waiting in Andrew's tree
mm-compaction-fix-an-undefined-behaviour.patch . I expect it'll be merged
during the next merge window as the issue is not severe. Once merged,
it should be picked up for 5.1-stable.
Thanks.
---8<---
From: Qian Cai <cai@xxxxxx>
Subject: mm/compaction.c: fix an undefined behaviour
In a low-memory situation, cc->fast_search_fail can keep increasing as it
is unable to find an available page to isolate in
fast_isolate_freepages(). As the result, it could trigger an error below,
so just compare with the maximum bits can be shifted first.
UBSAN: Undefined behaviour in mm/compaction.c:1160:30
shift exponent 64 is too large for 64-bit type 'unsigned long'
CPU: 131 PID: 1308 Comm: kcompactd1 Kdump: loaded Tainted: G
W L 5.0.0+ #17
Call trace:
dump_backtrace+0x0/0x450
show_stack+0x20/0x2c
dump_stack+0xc8/0x14c
__ubsan_handle_shift_out_of_bounds+0x7e8/0x8c4
compaction_alloc+0x2344/0x2484
unmap_and_move+0xdc/0x1dbc
migrate_pages+0x274/0x1310
compact_zone+0x26ec/0x43bc
kcompactd+0x15b8/0x1a24
kthread+0x374/0x390
ret_from_fork+0x10/0x18
Link: http://lkml.kernel.org/r/20190320203338.53367-1-cai@xxxxxx
Fixes: 70b44595eafe ("mm, compaction: use free lists to quickly locate a migration source")
Signed-off-by: Qian Cai <cai@xxxxxx>
Acked-by: Vlastimil Babka <vbabka@xxxxxxx>
Acked-by: Mel Gorman <mgorman@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/compaction.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/mm/compaction.c~mm-compaction-fix-an-undefined-behaviour
+++ a/mm/compaction.c
@@ -1164,7 +1164,9 @@ static bool suitable_migration_target(st
static inline unsigned int
freelist_scan_limit(struct compact_control *cc)
{
- return (COMPACT_CLUSTER_MAX >> cc->fast_search_fail) + 1;
+ return (COMPACT_CLUSTER_MAX >>
+ min((unsigned short)(BITS_PER_LONG - 1), cc->fast_search_fail))
+ + 1;
}
/*
_