* Fw: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2
@ 2018-05-07 17:34 Stephen Hemminger
2018-05-08 4:12 ` David Miller
0 siblings, 1 reply; 9+ messages in thread
From: Stephen Hemminger @ 2018-05-07 17:34 UTC (permalink / raw)
To: netdev
Begin forwarded message:
Date: Mon, 07 May 2018 16:36:49 +0000
From: bugzilla-daemon@bugzilla.kernel.org
To: stephen@networkplumber.org
Subject: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2
https://bugzilla.kernel.org/show_bug.cgi?id=199643
Bug ID: 199643
Summary: UBSAN: Undefined behaviour in
./include/net/route.h:240:2
Product: Networking
Version: 2.5
Kernel Version: 4.16.7-CUSTOM
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Other
Assignee: stephen@networkplumber.org
Reporter: combuster@archlinux.us
Regression: No
After recompiling the 4.16.7 kernel with gcc 8.1, UBSAN reports the following:
[ 26.312176]
================================================================================
[ 26.312179] UBSAN: Undefined behaviour in ./include/net/route.h:240:2
[ 26.312180] member access within null pointer of type 'struct rtable'
[ 26.312183] CPU: 2 PID: 311 Comm: sd-resolve Not tainted 4.16.7-CUSTOM #1
[ 26.312185] Hardware name: Gigabyte Technology Co., Ltd.
H67MA-UD2H-B3/H67MA-UD2H-B3, BIOS F8 03/27/2012
[ 26.312186] Call Trace:
[ 26.312188] <IRQ>
[ 26.312194] dump_stack+0x62/0x9f
[ 26.312199] ubsan_epilogue+0x9/0x35
[ 26.312201] handle_null_ptr_deref+0x80/0x90
[ 26.312204] __ubsan_handle_type_mismatch_v1+0x6a/0x80
[ 26.312208] icmp_send+0xbb0/0xd90
[ 26.312218] __udp4_lib_rcv+0x760/0x1440
[ 26.312223] ? lock_acquire+0x69/0x100
[ 26.312226] ? ip_local_deliver_finish+0x62/0x4a0
[ 26.312229] ip_local_deliver_finish+0xf3/0x4a0
[ 26.312233] ip_local_deliver+0xa6/0x240
[ 26.312237] ip_rcv+0x33e/0x660
[ 26.312241] ? ip_local_deliver+0x240/0x240
[ 26.312246] __netif_receive_skb_core+0xaef/0x1bb0
[ 26.312254] ? process_backlog+0xcd/0x370
[ 26.312256] ? process_backlog+0xfd/0x370
[ 26.312258] process_backlog+0xfd/0x370
[ 26.312260] ? process_backlog+0xcd/0x370
[ 26.312264] net_rx_action+0x3cb/0xe40
[ 26.312270] ? __do_softirq+0x119/0x376
[ 26.312275] ? do_softirq_own_stack+0x2a/0x40
[ 26.312276] </IRQ>
[ 26.312280] ? do_softirq.part.1+0x21/0x30
[ 26.312282] ? __local_bh_enable_ip+0x4f/0x60
[ 26.312284] ? ip_finish_output2+0x3af/0x720
[ 26.312288] ? ip_output+0xdc/0x270
[ 26.312290] ? ip_output+0xdc/0x270
[ 26.312295] ? ip_send_skb+0x1c/0x80
[ 26.312297] ? udp_send_skb+0x1bf/0x480
[ 26.312301] ? udp_sendmsg+0xbb7/0x1020
[ 26.312304] ? ip_reply_glue_bits+0x60/0x60
[ 26.312308] ? rw_copy_check_uvector+0x5d/0x210
[ 26.312316] ? sock_sendmsg+0x49/0xb0
[ 26.312319] ? ___sys_sendmsg+0x194/0x3b0
[ 26.312323] ? __fget+0x125/0x290
[ 26.312330] ? __sys_sendmmsg+0xdd/0x180
[ 26.312337] ? SyS_sendmmsg+0x5/0x10
[ 26.312340] ? do_syscall_64+0xad/0x5cc
[ 26.312345] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 26.312349]
================================================================================
[ 26.312358]
================================================================================
[ 26.312359] UBSAN: Undefined behaviour in ./include/net/route.h:240:2
[ 26.312360] member access within null pointer of type 'struct rtable'
[ 26.312362] CPU: 2 PID: 311 Comm: sd-resolve Not tainted 4.16.7-CUSTOM #1
[ 26.312363] Hardware name: Gigabyte Technology Co., Ltd.
H67MA-UD2H-B3/H67MA-UD2H-B3, BIOS F8 03/27/2012
[ 26.312364] Call Trace:
[ 26.312367] dump_stack+0x62/0x9f
[ 26.312370] ubsan_epilogue+0x9/0x35
[ 26.312372] handle_null_ptr_deref+0x80/0x90
[ 26.312375] __ubsan_handle_type_mismatch_v1+0x6a/0x80
[ 26.312378] udp_sendmsg+0xc37/0x1020
[ 26.312382] ? ip_reply_glue_bits+0x60/0x60
[ 26.312384] ? rw_copy_check_uvector+0x5d/0x210
[ 26.312391] sock_sendmsg+0x49/0xb0
[ 26.312394] ___sys_sendmsg+0x194/0x3b0
[ 26.312398] ? __fget+0x125/0x290
[ 26.312405] __sys_sendmmsg+0xdd/0x180
[ 26.312413] SyS_sendmmsg+0x5/0x10
[ 26.312415] do_syscall_64+0xad/0x5cc
[ 26.312420] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 26.312424]
================================================================================
[ 206.391361]
================================================================================
[ 206.391370] UBSAN: Undefined behaviour in ./include/net/route.h:240:2
[ 206.391372] member access within null pointer of type 'struct rtable'
[ 206.391376] CPU: 0 PID: 624 Comm: CompositorTileW Not tainted 4.16.7-CUSTOM
#1
[ 206.391378] Hardware name: Gigabyte Technology Co., Ltd.
H67MA-UD2H-B3/H67MA-UD2H-B3, BIOS F8 03/27/2012
[ 206.391381] Call Trace:
[ 206.391386] <IRQ>
[ 206.391398] dump_stack+0x62/0x9f
[ 206.391405] ubsan_epilogue+0x9/0x35
[ 206.391409] handle_null_ptr_deref+0x80/0x90
[ 206.391412] __ubsan_handle_type_mismatch_v1+0x6a/0x80
[ 206.391419] ip_send_unicast_reply+0x626/0x691
[ 206.391429] tcp_v4_send_reset+0x50f/0x990
[ 206.391433] ? inet_csk_destroy_sock+0xbe/0x180
[ 206.391439] ? tcp_v4_do_rcv+0x21a/0x2d0
[ 206.391442] tcp_v4_do_rcv+0x21a/0x2d0
[ 206.391447] ? _raw_spin_lock_nested+0x37/0x60
[ 206.391450] tcp_v4_rcv+0xd2f/0x1420
[ 206.391457] ? lock_acquire+0x69/0x100
[ 206.391460] ? ip_local_deliver_finish+0x62/0x4a0
[ 206.391464] ? ip_local_deliver_finish+0xf3/0x4a0
[ 206.391468] ? ip_local_deliver+0xa6/0x240
[ 206.391472] ? inet_add_protocol.cold.0+0x23/0x23
[ 206.391475] ? ip_rcv+0x33e/0x660
[ 206.391479] ? __local_bh_enable_ip+0x2e/0x60
[ 206.391482] ? ip_local_deliver_finish+0x4a0/0x4a0
[ 206.391485] ? ip_local_deliver+0x240/0x240
[ 206.391492] ? __netif_receive_skb_core+0xaef/0x1bb0
[ 206.391495] ? match_held_lock+0x1f0/0x280
[ 206.391502] ? netif_receive_skb_internal+0x7b/0x2b0
[ 206.391505] ? netif_receive_skb_internal+0x7b/0x2b0
[ 206.391509] ? napi_gro_receive+0x5d/0xe0
[ 206.391519] ? rtl8169_poll+0x224/0x880 [r8169]
[ 206.391524] ? net_rx_action+0x3cb/0xe40
[ 206.391530] ? __do_softirq+0x119/0x376
[ 206.391535] ? handle_irq+0x17e/0x31e
[ 206.391538] ? irq_exit+0x81/0xb0
[ 206.391541] ? do_IRQ+0x9f/0x140
[ 206.391545] ? common_interrupt+0xf/0xf
[ 206.391547] </IRQ>
[ 206.391551]
================================================================================
UBSAN reported nothing when the same kernel was compiled with gcc 7.3.1 from
Arch Linux repositories.
I saw the comment about dst_release but, if this is the intended behaviour, how
can we stop UBSAN from kicking in?
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2
2018-05-07 17:34 Fw: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2 Stephen Hemminger
@ 2018-05-08 4:12 ` David Miller
2018-05-08 14:52 ` David Ahern
0 siblings, 1 reply; 9+ messages in thread
From: David Miller @ 2018-05-08 4:12 UTC (permalink / raw)
To: stephen; +Cc: netdev
From: Stephen Hemminger <stephen@networkplumber.org>
Date: Mon, 7 May 2018 10:34:00 -0700
> Subject: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2
That's an empty line in both of my trees.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2
2018-05-08 4:12 ` David Miller
@ 2018-05-08 14:52 ` David Ahern
2018-06-08 0:06 ` Jakub Kicinski
0 siblings, 1 reply; 9+ messages in thread
From: David Ahern @ 2018-05-08 14:52 UTC (permalink / raw)
To: David Miller, stephen; +Cc: netdev
On 5/7/18 10:12 PM, David Miller wrote:
> From: Stephen Hemminger <stephen@networkplumber.org>
> Date: Mon, 7 May 2018 10:34:00 -0700
>
>> Subject: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2
>
> That's an empty line in both of my trees.
>
In 4.16.7 it is the dst_release in:
static inline void ip_rt_put(struct rtable *rt)
{
/* dst_release() accepts a NULL parameter.
* We rely on dst being first structure in struct rtable
*/
BUILD_BUG_ON(offsetof(struct rtable, dst) != 0);
---> dst_release(&rt->dst);
}
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2
2018-05-08 14:52 ` David Ahern
@ 2018-06-08 0:06 ` Jakub Kicinski
2018-06-08 0:11 ` David Miller
0 siblings, 1 reply; 9+ messages in thread
From: Jakub Kicinski @ 2018-06-08 0:06 UTC (permalink / raw)
To: David Ahern; +Cc: David Miller, stephen, netdev
On Tue, 8 May 2018 08:52:35 -0600, David Ahern wrote:
> On 5/7/18 10:12 PM, David Miller wrote:
> > From: Stephen Hemminger <stephen@networkplumber.org>
> > Date: Mon, 7 May 2018 10:34:00 -0700
> >
> >> Subject: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2
> >
> > That's an empty line in both of my trees.
> >
>
> In 4.16.7 it is the dst_release in:
>
> static inline void ip_rt_put(struct rtable *rt)
> {
> /* dst_release() accepts a NULL parameter.
> * We rely on dst being first structure in struct rtable
> */
> BUILD_BUG_ON(offsetof(struct rtable, dst) != 0);
> ---> dst_release(&rt->dst);
I'm seeing these on net-next as of yesterday, but admittedly I haven't
run with UBSAN enabled for a while :( Was it resolved?
[ 293.130007] UBSAN: Undefined behaviour in ../include/net/route.h:239:2
[ 293.137408] member access within null pointer of type 'struct rtable'
[ 293.144716] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 4.17.0-rc7-debug-01088-g47bffcfef048 #9
[ 293.154374] Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.3.4 11/08/2016
[ 293.162866] Call Trace:
[ 293.165696] <IRQ>
[ 293.168045] dump_stack+0xe6/0x1a0
[ 293.171943] ? dump_stack_print_info.cold.0+0x1b/0x1b
[ 293.177699] ? do_raw_spin_lock+0xcf/0x220
[ 293.182379] ubsan_epilogue+0x9/0x7a
[ 293.186471] handle_null_ptr_deref+0x16b/0x1e0
[ 293.191535] ? ucs2_as_utf8+0x6b0/0x6b0
[ 293.195919] ? ip_mc_output+0x1610/0x1610
[ 293.200505] __ubsan_handle_type_mismatch_v1+0x16b/0x19e
[ 293.206543] ? ubsan_type_mismatch_common.part.5.cold.9+0x1bb/0x1bb
[ 293.213661] ip_send_unicast_reply+0x1b67/0x1d0e
[ 293.218935] ? ip_make_skb+0x410/0x410
[ 293.223232] ? lock_acquire+0x1a2/0x5a0
[ 293.227622] ? lock_release+0x980/0x980
[ 293.232011] ? free_user_ns+0x300/0x300
[ 293.236396] ? rcu_dynticks_curr_cpu_in_eqs+0xd6/0x1f0
[ 293.242239] ? rcu_bh_qs+0x500/0x500
[ 293.246342] tcp_v4_send_reset+0x13c6/0x29f0
[ 293.251224] ? tcp_v4_inbound_md5_hash+0x650/0x650
[ 293.256698] ? debug_check_no_locks_freed+0x260/0x260
[ 293.262453] ? rcu_lockdep_current_cpu_online+0x1e7/0x2c0
[ 293.268586] ? rcu_dynticks_curr_cpu_in_eqs+0xd6/0x1f0
[ 293.274430] ? rcu_start_gp_advanced+0x740/0x740
[ 293.279688] ? rcu_bh_qs+0x500/0x500
[ 293.283790] ? tcp_v4_rcv+0xf9f/0x3ec0
[ 293.288075] tcp_v4_rcv+0xf9f/0x3ec0
[ 293.292189] ? tcp_v4_early_demux+0xa70/0xa70
[ 293.297179] ? __isolate_free_page+0x890/0x890
[ 293.302258] ? __accumulate_pelt_segments+0x29/0x40
[ 293.307819] ? lock_acquire+0x1a2/0x5a0
[ 293.312204] ? ip_local_deliver_finish+0x189/0xcd0
[ 293.317661] ? raw_rcv+0x510/0x510
[ 293.321564] ? rcu_lockdep_current_cpu_online+0x1e7/0x2c0
[ 293.327700] ? rcu_dynticks_curr_cpu_in_eqs+0xd6/0x1f0
[ 293.333546] ? rcu_start_gp_advanced+0x740/0x740
[ 293.338808] ? rcu_bh_qs+0x500/0x500
[ 293.342913] ip_local_deliver_finish+0x475/0xcd0
[ 293.348180] ? inet_add_protocol.cold.0+0x28/0x28
[ 293.353538] ? rcu_read_lock_bh_held+0xc0/0xc0
[ 293.358607] ? rcu_dynticks_curr_cpu_in_eqs+0xd6/0x1f0
[ 293.364455] ip_local_deliver+0x1a1/0x680
[ 293.369039] ? ip_call_ra_chain+0x700/0x700
[ 293.373816] ? rcu_lockdep_current_cpu_online+0x1e7/0x2c0
[ 293.379950] ? rcu_dynticks_curr_cpu_in_eqs+0xd6/0x1f0
[ 293.385792] ? rcu_start_gp_advanced+0x740/0x740
[ 293.391050] ? rcu_bh_qs+0x500/0x500
[ 293.395143] ? rb_erase+0x3460/0x3460
[ 293.399342] ip_rcv_finish+0x727/0x25c0
[ 293.403733] ? ip_local_deliver_finish+0xcd0/0xcd0
[ 293.409218] ? print_irqtrace_events+0x280/0x280
[ 293.414478] ? print_irqtrace_events+0x280/0x280
[ 293.419746] ? tcp_v4_send_synack+0x450/0x450
[ 293.424721] ? print_irqtrace_events+0x280/0x280
[ 293.429982] ? enqueue_entity+0x3760/0x3760
[ 293.434760] ? print_irqtrace_events+0x280/0x280
[ 293.440028] ip_rcv+0x973/0x1758
[ 293.443738] ? ip_local_deliver+0x680/0x680
[ 293.448513] ? print_irqtrace_events+0x280/0x280
[ 293.453771] ? print_irqtrace_events+0x280/0x280
[ 293.459021] ? print_irqtrace_events+0x280/0x280
[ 293.464283] ? print_irqtrace_events+0x280/0x280
[ 293.469549] ? rcu_lockdep_current_cpu_online+0x1e7/0x2c0
[ 293.475681] ? rcu_dynticks_curr_cpu_in_eqs+0xd6/0x1f0
[ 293.481526] ? rcu_start_gp_advanced+0x740/0x740
[ 293.486785] ? rcu_bh_qs+0x500/0x500
[ 293.490883] ? ip_local_deliver+0x680/0x680
[ 293.495659] __netif_receive_skb_core+0x23e7/0x5a80
[ 293.501244] ? debug_check_no_locks_freed+0x1e0/0x260
[ 293.506996] ? netif_schedule_queue+0x2c0/0x2c0
[ 293.512159] ? __lock_acquire+0x6ad/0x3b10
[ 293.516860] ? rcu_start_gp_advanced+0x740/0x740
[ 293.522122] ? debug_check_no_locks_freed+0x260/0x260
[ 293.527872] ? rcu_read_lock_sched_held+0x107/0x120
[ 293.533437] ? nfp_net_poll+0x87/0x1a0 [nfp]
[ 293.538306] ? module_assert_mutex_or_preempt+0x41/0x70
[ 293.544244] ? __module_address+0xb4/0x860
[ 293.548935] ? unwind_next_frame+0x12e5/0x24d0
[ 293.554002] ? gfp_pfmemalloc_allowed+0x1d0/0x1d0
[ 293.559361] ? deref_stack_reg+0xa4/0x120
[ 293.563943] ? get_stack_info+0x3f/0x320
[ 293.568433] ? unwind_next_frame+0x500/0x24d0
[ 293.573406] ? start_secondary+0x539/0x760
[ 293.578087] ? deref_stack_reg+0x120/0x120
[ 293.582762] ? __module_text_address+0x13/0x140
[ 293.587929] ? nfp_net_poll+0x87/0x1a0 [nfp]
[ 293.592803] ? nfp_net_poll+0x1/0x1a0 [nfp]
[ 293.597576] ? is_module_text_address+0x2b/0x50
[ 293.602745] ? nfp_net_poll+0x87/0x1a0 [nfp]
[ 293.607616] ? kernel_text_address+0x71/0x140
[ 293.612590] ? inet_gro_receive+0x3ac/0x15c0
[ 293.617463] ? inet_gro_receive+0x239/0x15c0
[ 293.622335] ? lock_downgrade+0x750/0x750
[ 293.626920] ? rcu_read_lock_bh_held+0xc0/0xc0
[ 293.631987] ? rcu_dynticks_curr_cpu_in_eqs+0xd6/0x1f0
[ 293.637836] ? nfp_net_rx+0xafb/0x4920 [nfp]
[ 293.642721] ? netif_receive_skb_internal+0x92/0x690
[ 293.648375] ? rcu_read_lock_bh_held+0xc0/0xc0
[ 293.653438] ? lock_release+0x980/0x980
[ 293.657829] ? rcu_dynticks_curr_cpu_in_eqs+0xd6/0x1f0
[ 293.663673] ? rcu_bh_qs+0x500/0x500
[ 293.667773] ? netif_receive_skb_internal+0xea/0x690
[ 293.673424] netif_receive_skb_internal+0xea/0x690
[ 293.678879] ? dev_cpu_dead+0xd00/0xd00
[ 293.683266] ? net_rx_action+0xf70/0xf70
[ 293.687748] ? rcu_lockdep_current_cpu_online+0x1e7/0x2c0
[ 293.693880] ? rcu_dynticks_curr_cpu_in_eqs+0xd6/0x1f0
[ 293.699726] ? rcu_start_gp_advanced+0x740/0x740
[ 293.704989] ? rcu_bh_qs+0x500/0x500
[ 293.709099] napi_gro_receive+0x400/0x5c0
[ 293.713681] ? dev_gro_receive+0x3180/0x3180
[ 293.718553] ? __alloc_pages_nodemask+0x3f30/0x3f30
[ 293.724106] ? swiotlb_tbl_unmap_single+0x4c0/0x4c0
[ 293.729659] ? eth_mac_addr+0x200/0x200
[ 293.734046] ? nfp_net_dma_map_rx+0x183/0x250 [nfp]
[ 293.739605] ? nfp_net_rx_give_one+0x1a4/0x720 [nfp]
[ 293.745288] ? nfp_net_napi_alloc_one+0x17a/0x3c0 [nfp]
[ 293.751238] nfp_net_rx+0x10bf/0x4920 [nfp]
[ 293.766283] ? __lock_acquire+0x6ad/0x3b10
[ 293.770985] ? nfp_net_open_alloc_all+0x480/0x480 [nfp]
[ 293.776944] ? debug_check_no_locks_freed+0x1e0/0x260
[ 293.782690] ? debug_check_no_locks_freed+0x260/0x260
[ 293.788435] ? print_irqtrace_events+0x280/0x280
[ 293.793700] ? print_irqtrace_events+0x280/0x280
[ 293.798959] ? task_prio+0x60/0x60
[ 293.802857] ? dummy_propagate+0x10/0x10
[ 293.807345] ? print_irqtrace_events+0x280/0x280
[ 293.812606] ? kick_ilb+0x2d6/0x3f0
[ 293.816604] ? update_sysctl+0x90/0x90
[ 293.820892] ? rcu_read_lock_bh_held+0xc0/0xc0
[ 293.825976] ? swap_slot_free_notify+0x47a/0x780
[ 293.831237] ? trigger_load_balance+0x3de/0xe20
[ 293.836404] ? print_irqtrace_events+0x280/0x280
[ 293.841666] ? print_irqtrace_events+0x280/0x280
[ 293.846925] ? print_irqtrace_events+0x280/0x280
[ 293.852194] nfp_net_poll+0x87/0x1a0 [nfp]
[ 293.856891] napi_poll+0x344/0xd10
[ 293.860794] ? napi_complete_done+0x590/0x590
[ 293.865764] ? debug_check_no_locks_freed+0x260/0x260
[ 293.871518] ? debug_check_no_locks_freed+0x260/0x260
[ 293.877294] ? lock_downgrade+0x750/0x750
[ 293.881882] ? __lock_acquire+0x6ad/0x3b10
[ 293.886567] ? net_rx_action+0x424/0xf70
[ 293.891056] net_rx_action+0x4b7/0xf70
[ 293.895347] ? napi_poll+0xd10/0xd10
[ 293.899443] ? rcu_lockdep_current_cpu_online+0x1e7/0x2c0
[ 293.905575] ? rcu_dynticks_curr_cpu_in_eqs+0xd6/0x1f0
[ 293.911422] ? rcu_lockdep_current_cpu_online+0x1e7/0x2c0
[ 293.917555] ? rcu_dynticks_curr_cpu_in_eqs+0xd6/0x1f0
[ 293.923399] ? rcu_start_gp_advanced+0x740/0x740
[ 293.928670] ? rcu_read_lock_sched_held+0x107/0x120
[ 293.934228] ? credit_entropy_bits+0x76b/0x940
[ 293.939298] ? crng_reseed+0x7f0/0x7f0
[ 293.943588] ? lock_downgrade+0x750/0x750
[ 293.948169] ? do_raw_spin_unlock+0xc2/0x370
[ 293.953044] ? do_raw_spin_trylock+0x1d0/0x1d0
[ 293.958110] ? init_std_data+0x360/0x360
[ 293.962594] ? do_raw_spin_trylock+0x114/0x1d0
[ 293.967671] ? rcu_dynticks_curr_cpu_in_eqs+0xd6/0x1f0
[ 293.973514] ? rcu_start_gp_advanced+0x740/0x740
[ 293.978772] ? rcu_bh_qs+0x500/0x500
[ 293.982867] __do_softirq+0x2e0/0xdff
[ 293.987069] ? __irqentry_text_end+0x1f894f/0x1f894f
[ 293.992720] ? lock_downgrade+0x750/0x750
[ 293.997309] ? handle_irq_event_percpu+0x165/0x1b0
[ 294.002769] ? do_raw_spin_unlock+0xc2/0x370
[ 294.007641] ? do_raw_spin_trylock+0x1d0/0x1d0
[ 294.012706] ? do_raw_spin_lock+0xcf/0x220
[ 294.017390] ? handle_edge_irq+0x21a/0xca0
[ 294.022073] ? _raw_spin_unlock+0x37/0x70
[ 294.026652] ? handle_irq+0x2e2/0x5fd
[ 294.030851] irq_exit+0x12d/0x1a0
[ 294.034654] do_IRQ+0x123/0x240
[ 294.038264] common_interrupt+0xf/0xf
[ 294.042452] </IRQ>
[ 294.044908] RIP: 0010:cpuidle_enter_state+0x1a9/0xa00
[ 294.050653] RSP: 0018:ffff88036c80fc30 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffdd
[ 294.059336] RAX: 0000000000000007 RBX: ffffe8faff903800 RCX: 0000000000000000
[ 294.067417] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88036c800804
[ 294.075500] RBP: 0000000000000004 R08: 1ffff1006d901f6c R09: 0000000000000000
[ 294.083582] R10: 0000000000000000 R11: 0000000000000000 R12: 000000443f5128f8
[ 294.091662] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000000000180
[ 294.099767] ? cpuidle_enter_s2idle+0x260/0x260
[ 294.104951] ? tsc_verify_tsc_adjust+0x16a/0x440
[ 294.110217] ? mark_tsc_async_resets+0x30/0x30
[ 294.115291] ? tick_nohz_idle_got_tick+0x17/0x160
[ 294.120653] do_idle+0x3c4/0x540
[ 294.124364] ? arch_cpu_idle_exit+0x40/0x40
[ 294.129145] ? _raw_spin_unlock_irqrestore+0x66/0xa0
[ 294.134798] ? trace_hardirqs_on_caller+0x3d0/0x630
[ 294.140353] cpu_startup_entry+0xf8/0x11b
[ 294.144955] ? cpu_in_idle+0x20/0x20
[ 294.149065] start_secondary+0x539/0x760
[ 294.153549] ? set_cpu_sibling_map+0x3250/0x3250
[ 294.158825] secondary_startup_64+0xa5/0xb0
[ 294.163616] ================================================================================
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2
2018-06-08 0:06 ` Jakub Kicinski
@ 2018-06-08 0:11 ` David Miller
2018-06-08 0:28 ` Eric Dumazet
0 siblings, 1 reply; 9+ messages in thread
From: David Miller @ 2018-06-08 0:11 UTC (permalink / raw)
To: jakub.kicinski; +Cc: dsahern, stephen, netdev
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Thu, 7 Jun 2018 17:06:23 -0700
> [ 293.213661] ip_send_unicast_reply+0x1b67/0x1d0e
This calls ip_setup_cork() which can NULL out the 'rt' route
pointer. Hmmm... :-/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2
2018-06-08 0:11 ` David Miller
@ 2018-06-08 0:28 ` Eric Dumazet
2018-06-08 0:49 ` Jakub Kicinski
0 siblings, 1 reply; 9+ messages in thread
From: Eric Dumazet @ 2018-06-08 0:28 UTC (permalink / raw)
To: David Miller, jakub.kicinski; +Cc: dsahern, stephen, netdev
On 06/07/2018 05:11 PM, David Miller wrote:
> From: Jakub Kicinski <jakub.kicinski@netronome.com>
> Date: Thu, 7 Jun 2018 17:06:23 -0700
>
>> [ 293.213661] ip_send_unicast_reply+0x1b67/0x1d0e
>
> This calls ip_setup_cork() which can NULL out the 'rt' route
> pointer. Hmmm... :-/
>
UBSAN seems unhappy with dst being NULL in :
dst_release(&rt->dst);
But the code obviously is ready for dst being NULL, it is even documented :)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2
2018-06-08 0:28 ` Eric Dumazet
@ 2018-06-08 0:49 ` Jakub Kicinski
2018-06-08 0:53 ` David Ahern
0 siblings, 1 reply; 9+ messages in thread
From: Jakub Kicinski @ 2018-06-08 0:49 UTC (permalink / raw)
To: Eric Dumazet; +Cc: David Miller, dsahern, stephen, netdev
On Thu, 7 Jun 2018 17:28:59 -0700, Eric Dumazet wrote:
> On 06/07/2018 05:11 PM, David Miller wrote:
> > From: Jakub Kicinski <jakub.kicinski@netronome.com>
> > Date: Thu, 7 Jun 2018 17:06:23 -0700
> >
> >> [ 293.213661] ip_send_unicast_reply+0x1b67/0x1d0e
> >
> > This calls ip_setup_cork() which can NULL out the 'rt' route
> > pointer. Hmmm... :-/
> >
>
>
> UBSAN seems unhappy with dst being NULL in :
>
> dst_release(&rt->dst);
>
> But the code obviously is ready for dst being NULL, it is even documented :)
Oh, so the code depends on dst being the first member? Would it make
sense to just cast the pointer instead?
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2
2018-06-08 0:49 ` Jakub Kicinski
@ 2018-06-08 0:53 ` David Ahern
2018-06-08 1:02 ` Jakub Kicinski
0 siblings, 1 reply; 9+ messages in thread
From: David Ahern @ 2018-06-08 0:53 UTC (permalink / raw)
To: Jakub Kicinski, Eric Dumazet; +Cc: David Miller, stephen, netdev
On 6/7/18 5:49 PM, Jakub Kicinski wrote:
> On Thu, 7 Jun 2018 17:28:59 -0700, Eric Dumazet wrote:
>> On 06/07/2018 05:11 PM, David Miller wrote:
>>> From: Jakub Kicinski <jakub.kicinski@netronome.com>
>>> Date: Thu, 7 Jun 2018 17:06:23 -0700
>>>
>>>> [ 293.213661] ip_send_unicast_reply+0x1b67/0x1d0e
>>>
>>> This calls ip_setup_cork() which can NULL out the 'rt' route
>>> pointer. Hmmm... :-/
>>>
>>
>>
>> UBSAN seems unhappy with dst being NULL in :
>>
>> dst_release(&rt->dst);
>>
>> But the code obviously is ready for dst being NULL, it is even documented :)
>
> Oh, so the code depends on dst being the first member? Would it make
> sense to just cast the pointer instead?
>
I've been going the other way with 'rt to dst' and 'dst to rt'
transformations.
Perhaps UBSAN should be updated to understand that NULL + 0 is ok.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2
2018-06-08 0:53 ` David Ahern
@ 2018-06-08 1:02 ` Jakub Kicinski
0 siblings, 0 replies; 9+ messages in thread
From: Jakub Kicinski @ 2018-06-08 1:02 UTC (permalink / raw)
To: Andrey Ryabinin; +Cc: David Ahern, Eric Dumazet, David Miller, stephen, netdev
CC: Andrey
On Thu, 7 Jun 2018 17:53:35 -0700, David Ahern wrote:
> On 6/7/18 5:49 PM, Jakub Kicinski wrote:
> > On Thu, 7 Jun 2018 17:28:59 -0700, Eric Dumazet wrote:
> >> On 06/07/2018 05:11 PM, David Miller wrote:
> >>> From: Jakub Kicinski <jakub.kicinski@netronome.com>
> >>> Date: Thu, 7 Jun 2018 17:06:23 -0700
> >>>
> >>>> [ 293.213661] ip_send_unicast_reply+0x1b67/0x1d0e
> >>>
> >>> This calls ip_setup_cork() which can NULL out the 'rt' route
> >>> pointer. Hmmm... :-/
> >>
> >> UBSAN seems unhappy with dst being NULL in :
> >>
> >> dst_release(&rt->dst);
> >>
> >> But the code obviously is ready for dst being NULL, it is even documented :)
> >
> > Oh, so the code depends on dst being the first member? Would it make
> > sense to just cast the pointer instead?
> >
>
> I've been going the other way with 'rt to dst' and 'dst to rt'
> transformations.
>
> Perhaps UBSAN should be updated to understand that NULL + 0 is ok.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2018-06-08 1:02 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-07 17:34 Fw: [Bug 199643] New: UBSAN: Undefined behaviour in ./include/net/route.h:240:2 Stephen Hemminger
2018-05-08 4:12 ` David Miller
2018-05-08 14:52 ` David Ahern
2018-06-08 0:06 ` Jakub Kicinski
2018-06-08 0:11 ` David Miller
2018-06-08 0:28 ` Eric Dumazet
2018-06-08 0:49 ` Jakub Kicinski
2018-06-08 0:53 ` David Ahern
2018-06-08 1:02 ` Jakub Kicinski
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.