On Wed, Oct 21, 2020 at 10:57:02AM +0000, Johannes Thumshirn wrote:
> Hi Willy,
>
> I've encountered a USBSN [1] splat when running xfstests (hit it with generic/091)
> on the latest iteration of our btrfs-zoned patchset.
>
> It doesn't look related to our patchset but it looks reproducible:
Seems pretty easy to understand ...
static unsigned long get_init_ra_size(unsigned long size, unsigned long max)
{
unsigned long newsize = roundup_pow_of_two(size);
if you pass in a 'size' of 0:
unsigned long __roundup_pow_of_two(unsigned long n)
{
return 1UL << fls_long(n - 1);
}
fls_long of ~0UL will return 64, and will produce the UBSAN splat.
Of course, this isn't the only value for which roundup_pow_of_two() will
produce an invalid result. Anything with the top bit set will also produce
UB. But it's the only one we care about, so just doing something like this:
- unsigned long newsize = roundup_pow_of_two(size);
+ unsigned long newsize = size ? roundup_pow_of_two(size) : size;
would fix the ubsan splat. Or maybe you should stop passing 0 to
get_init_ra_size()? ;-)
