Begin forwarded message:
Date: Mon, 07 May 2018 16:36:49 +0000 From: bugzilla-dae...@bugzilla.kernel.org To: step...@networkplumber.org Subject: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2 https://bugzilla.kernel.org/show_bug.cgi?id=199643 Bug ID: 199643 Summary: UBSAN: Undefined behaviour in ./include/net/route.h:240:2 Product: Networking Version: 2.5 Kernel Version: 4.16.7-CUSTOM Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: Other Assignee: step...@networkplumber.org Reporter: combus...@archlinux.us Regression: No After recompiling the 4.16.7 kernel with gcc 8.1, UBSAN reports the following: [ 26.312176] ================================================================================ [ 26.312179] UBSAN: Undefined behaviour in ./include/net/route.h:240:2 [ 26.312180] member access within null pointer of type 'struct rtable' [ 26.312183] CPU: 2 PID: 311 Comm: sd-resolve Not tainted 4.16.7-CUSTOM #1 [ 26.312185] Hardware name: Gigabyte Technology Co., Ltd. H67MA-UD2H-B3/H67MA-UD2H-B3, BIOS F8 03/27/2012 [ 26.312186] Call Trace: [ 26.312188] <IRQ> [ 26.312194] dump_stack+0x62/0x9f [ 26.312199] ubsan_epilogue+0x9/0x35 [ 26.312201] handle_null_ptr_deref+0x80/0x90 [ 26.312204] __ubsan_handle_type_mismatch_v1+0x6a/0x80 [ 26.312208] icmp_send+0xbb0/0xd90 [ 26.312218] __udp4_lib_rcv+0x760/0x1440 [ 26.312223] ? lock_acquire+0x69/0x100 [ 26.312226] ? ip_local_deliver_finish+0x62/0x4a0 [ 26.312229] ip_local_deliver_finish+0xf3/0x4a0 [ 26.312233] ip_local_deliver+0xa6/0x240 [ 26.312237] ip_rcv+0x33e/0x660 [ 26.312241] ? ip_local_deliver+0x240/0x240 [ 26.312246] __netif_receive_skb_core+0xaef/0x1bb0 [ 26.312254] ? process_backlog+0xcd/0x370 [ 26.312256] ? process_backlog+0xfd/0x370 [ 26.312258] process_backlog+0xfd/0x370 [ 26.312260] ? process_backlog+0xcd/0x370 [ 26.312264] net_rx_action+0x3cb/0xe40 [ 26.312270] ? __do_softirq+0x119/0x376 [ 26.312275] ? do_softirq_own_stack+0x2a/0x40 [ 26.312276] </IRQ> [ 26.312280] ? do_softirq.part.1+0x21/0x30 [ 26.312282] ? __local_bh_enable_ip+0x4f/0x60 [ 26.312284] ? ip_finish_output2+0x3af/0x720 [ 26.312288] ? ip_output+0xdc/0x270 [ 26.312290] ? ip_output+0xdc/0x270 [ 26.312295] ? ip_send_skb+0x1c/0x80 [ 26.312297] ? udp_send_skb+0x1bf/0x480 [ 26.312301] ? udp_sendmsg+0xbb7/0x1020 [ 26.312304] ? ip_reply_glue_bits+0x60/0x60 [ 26.312308] ? rw_copy_check_uvector+0x5d/0x210 [ 26.312316] ? sock_sendmsg+0x49/0xb0 [ 26.312319] ? ___sys_sendmsg+0x194/0x3b0 [ 26.312323] ? __fget+0x125/0x290 [ 26.312330] ? __sys_sendmmsg+0xdd/0x180 [ 26.312337] ? SyS_sendmmsg+0x5/0x10 [ 26.312340] ? do_syscall_64+0xad/0x5cc [ 26.312345] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 26.312349] ================================================================================ [ 26.312358] ================================================================================ [ 26.312359] UBSAN: Undefined behaviour in ./include/net/route.h:240:2 [ 26.312360] member access within null pointer of type 'struct rtable' [ 26.312362] CPU: 2 PID: 311 Comm: sd-resolve Not tainted 4.16.7-CUSTOM #1 [ 26.312363] Hardware name: Gigabyte Technology Co., Ltd. H67MA-UD2H-B3/H67MA-UD2H-B3, BIOS F8 03/27/2012 [ 26.312364] Call Trace: [ 26.312367] dump_stack+0x62/0x9f [ 26.312370] ubsan_epilogue+0x9/0x35 [ 26.312372] handle_null_ptr_deref+0x80/0x90 [ 26.312375] __ubsan_handle_type_mismatch_v1+0x6a/0x80 [ 26.312378] udp_sendmsg+0xc37/0x1020 [ 26.312382] ? ip_reply_glue_bits+0x60/0x60 [ 26.312384] ? rw_copy_check_uvector+0x5d/0x210 [ 26.312391] sock_sendmsg+0x49/0xb0 [ 26.312394] ___sys_sendmsg+0x194/0x3b0 [ 26.312398] ? __fget+0x125/0x290 [ 26.312405] __sys_sendmmsg+0xdd/0x180 [ 26.312413] SyS_sendmmsg+0x5/0x10 [ 26.312415] do_syscall_64+0xad/0x5cc [ 26.312420] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 26.312424] ================================================================================ [ 206.391361] ================================================================================ [ 206.391370] UBSAN: Undefined behaviour in ./include/net/route.h:240:2 [ 206.391372] member access within null pointer of type 'struct rtable' [ 206.391376] CPU: 0 PID: 624 Comm: CompositorTileW Not tainted 4.16.7-CUSTOM #1 [ 206.391378] Hardware name: Gigabyte Technology Co., Ltd. H67MA-UD2H-B3/H67MA-UD2H-B3, BIOS F8 03/27/2012 [ 206.391381] Call Trace: [ 206.391386] <IRQ> [ 206.391398] dump_stack+0x62/0x9f [ 206.391405] ubsan_epilogue+0x9/0x35 [ 206.391409] handle_null_ptr_deref+0x80/0x90 [ 206.391412] __ubsan_handle_type_mismatch_v1+0x6a/0x80 [ 206.391419] ip_send_unicast_reply+0x626/0x691 [ 206.391429] tcp_v4_send_reset+0x50f/0x990 [ 206.391433] ? inet_csk_destroy_sock+0xbe/0x180 [ 206.391439] ? tcp_v4_do_rcv+0x21a/0x2d0 [ 206.391442] tcp_v4_do_rcv+0x21a/0x2d0 [ 206.391447] ? _raw_spin_lock_nested+0x37/0x60 [ 206.391450] tcp_v4_rcv+0xd2f/0x1420 [ 206.391457] ? lock_acquire+0x69/0x100 [ 206.391460] ? ip_local_deliver_finish+0x62/0x4a0 [ 206.391464] ? ip_local_deliver_finish+0xf3/0x4a0 [ 206.391468] ? ip_local_deliver+0xa6/0x240 [ 206.391472] ? inet_add_protocol.cold.0+0x23/0x23 [ 206.391475] ? ip_rcv+0x33e/0x660 [ 206.391479] ? __local_bh_enable_ip+0x2e/0x60 [ 206.391482] ? ip_local_deliver_finish+0x4a0/0x4a0 [ 206.391485] ? ip_local_deliver+0x240/0x240 [ 206.391492] ? __netif_receive_skb_core+0xaef/0x1bb0 [ 206.391495] ? match_held_lock+0x1f0/0x280 [ 206.391502] ? netif_receive_skb_internal+0x7b/0x2b0 [ 206.391505] ? netif_receive_skb_internal+0x7b/0x2b0 [ 206.391509] ? napi_gro_receive+0x5d/0xe0 [ 206.391519] ? rtl8169_poll+0x224/0x880 [r8169] [ 206.391524] ? net_rx_action+0x3cb/0xe40 [ 206.391530] ? __do_softirq+0x119/0x376 [ 206.391535] ? handle_irq+0x17e/0x31e [ 206.391538] ? irq_exit+0x81/0xb0 [ 206.391541] ? do_IRQ+0x9f/0x140 [ 206.391545] ? common_interrupt+0xf/0xf [ 206.391547] </IRQ> [ 206.391551] ================================================================================ UBSAN reported nothing when the same kernel was compiled with gcc 7.3.1 from Arch Linux repositories. I saw the comment about dst_release but, if this is the intended behaviour, how can we stop UBSAN from kicking in? -- You are receiving this mail because: You are the assignee for the bug.
