675106 – kernel 4.19.8: Undefined behaviour in net/netfilter/xt_tcpudp.c:96:4

Bug 675106 - kernel 4.19.8: Undefined behaviour in net/netfilter/xt_tcpudp.c:96:4

Summary: kernel 4.19.8: Undefined behaviour in net/netfilter/xt_tcpudp.c:96:4

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	AMD64 Linux

Importance:	Normal normal
Assignee:	Gentoo Kernel Bug Wranglers and Kernel Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2019-01-10 13:06 UTC by segmentation fault
Modified:	2019-06-11 11:48 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description segmentation fault 2019-01-10 13:06:48 UTC

From dmesg:

[ 1604.040803] ================================================================================
[ 1604.040804] UBSAN: Undefined behaviour in net/netfilter/xt_tcpudp.c:96:4
[ 1604.040805] member access within misaligned address 000000004afcfbcc for type 'const struct tcphdr'
[ 1604.040805] which requires 4 byte alignment
[ 1604.040807] CPU: 4 PID: 0 Comm: swapper/4 Tainted: P           O    T 4.19.8-gentoo #4
[ 1604.040807] Hardware name: ASUSTeK COMPUTER INC. G752VY/G752VY, BIOS G752VY.304 06/29/2017
[ 1604.040807] Call Trace:
[ 1604.040808]  <IRQ>
[ 1604.040810]  dump_stack+0xa1/0x11b
[ 1604.040812]  ubsan_epilogue+0x9/0x40
[ 1604.040813]  ubsan_type_mismatch_common+0x17b/0x190
[ 1604.040815]  __ubsan_handle_type_mismatch+0x43/0x60
[ 1604.040817]  tcp_mt+0x490/0x6f0 [xt_tcpudp]
[ 1604.040819]  ipt_do_table+0x575/0x1620 [ip_tables]
[ 1604.040822]  nf_hook_slow+0x61/0x120
[ 1604.040824]  ip_local_deliver+0x12a/0x1c0
[ 1604.040825]  ? ip_sublist_rcv+0x7f0/0x7f0
[ 1604.040826]  ip_rcv+0x7b/0x100
[ 1604.040828]  ? nf_hook.constprop.9+0x2f0/0x2f0
[ 1604.040829]  ? ip_local_deliver+0x1c0/0x1c0
[ 1604.040830]  __netif_receive_skb_one_core+0x6b/0xd0
[ 1604.040832]  ? swiotlb_sync_single_for_cpu+0x10/0x10
[ 1604.040833]  netif_receive_skb_internal+0x42/0x180
[ 1604.040834]  napi_gro_receive+0x13e/0x1d0
[ 1604.040836]  ? swiotlb_sync_single_for_cpu+0x10/0x10
[ 1604.040838]  rtl8169_poll+0x3a2/0x1630 [r8169]
[ 1604.040840]  net_rx_action+0x39b/0x11d0
[ 1604.040842]  __do_softirq+0x1ee/0x86e
[ 1604.040844]  irq_exit+0xae/0x110
[ 1604.040845]  smp_apic_timer_interrupt+0xb3/0x270
[ 1604.040847]  apic_timer_interrupt+0xf/0x20
[ 1604.040848]  </IRQ>
[ 1604.040849] RIP: 0010:cpuidle_enter_state+0x116/0x650
[ 1604.040850] Code: 48 c7 44 24 18 00 00 00 00 0f 1f 44 00 00 31 ff e8 9f 82 ba fe 45 84 ff 0f 85 5d 02 00 00 e8 61 2d d6 fe fb 66 0f 1f 44 00 00 <4c> 8b 2c 24 4d 29 f5 0f 80 fa 02 00 00 4c 89 e8 48 ba cf f7 53 e3
[ 1604.040851] RSP: 0018:ffffb716000d7e48 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[ 1604.040852] RAX: 0000000000000000 RBX: ffffd715ffd08a00 RCX: 000000000000001f
[ 1604.040852] RDX: 00000000000000c5 RSI: 000000003161f9ae RDI: 0000000000000000
[ 1604.040853] RBP: ffffffff96b9b438 R08: 0000000000000000 R09: 0000000000000000
[ 1604.040854] R10: ffffb716000d7e08 R11: ffffa4454dc82ef0 R12: 0000000000000008
[ 1604.040854] R13: 0000000000000004 R14: 000001757813c43f R15: 0000000000000000
[ 1604.040856]  ? cpuidle_enter_state+0x10f/0x650
[ 1604.040857]  do_idle+0x1ec/0x2c0
[ 1604.040859]  cpu_startup_entry+0x77/0x90
[ 1604.040860]  start_secondary+0x206/0x2e0
[ 1604.040862]  secondary_startup_64+0xb6/0xc0
[ 1604.040862] ================================================================================


[ 1604.040863] ================================================================================
[ 1604.040864] UBSAN: Undefined behaviour in net/netfilter/xt_tcpudp.c:100:4
[ 1604.040864] member access within misaligned address 000000004afcfbcc for type 'const struct tcphdr'
[ 1604.040865] which requires 4 byte alignment
[ 1604.040866] CPU: 4 PID: 0 Comm: swapper/4 Tainted: P           O    T 4.19.8-gentoo #4
[ 1604.040866] Hardware name: ASUSTeK COMPUTER INC. G752VY/G752VY, BIOS G752VY.304 06/29/2017
[ 1604.040867] Call Trace:
[ 1604.040867]  <IRQ>
[ 1604.040869]  dump_stack+0xa1/0x11b
[ 1604.040870]  ubsan_epilogue+0x9/0x40
[ 1604.040872]  ubsan_type_mismatch_common+0x17b/0x190
[ 1604.040873]  __ubsan_handle_type_mismatch+0x43/0x60
[ 1604.040875]  tcp_mt+0x6d9/0x6f0 [xt_tcpudp]
[ 1604.040877]  ipt_do_table+0x575/0x1620 [ip_tables]
[ 1604.040879]  nf_hook_slow+0x61/0x120
[ 1604.040881]  ip_local_deliver+0x12a/0x1c0
[ 1604.040882]  ? ip_sublist_rcv+0x7f0/0x7f0
[ 1604.040883]  ip_rcv+0x7b/0x100
[ 1604.040885]  ? nf_hook.constprop.9+0x2f0/0x2f0
[ 1604.040886]  ? ip_local_deliver+0x1c0/0x1c0
[ 1604.040887]  __netif_receive_skb_one_core+0x6b/0xd0
[ 1604.040889]  ? swiotlb_sync_single_for_cpu+0x10/0x10
[ 1604.040890]  netif_receive_skb_internal+0x42/0x180
[ 1604.040891]  napi_gro_receive+0x13e/0x1d0
[ 1604.040892]  ? swiotlb_sync_single_for_cpu+0x10/0x10
[ 1604.040895]  rtl8169_poll+0x3a2/0x1630 [r8169]
[ 1604.040896]  net_rx_action+0x39b/0x11d0
[ 1604.040898]  __do_softirq+0x1ee/0x86e
[ 1604.040900]  irq_exit+0xae/0x110
[ 1604.040901]  smp_apic_timer_interrupt+0xb3/0x270
[ 1604.040903]  apic_timer_interrupt+0xf/0x20
[ 1604.040904]  </IRQ>
[ 1604.040905] RIP: 0010:cpuidle_enter_state+0x116/0x650
[ 1604.040906] Code: 48 c7 44 24 18 00 00 00 00 0f 1f 44 00 00 31 ff e8 9f 82 ba fe 45 84 ff 0f 85 5d 02 00 00 e8 61 2d d6 fe fb 66 0f 1f 44 00 00 <4c> 8b 2c 24 4d 29 f5 0f 80 fa 02 00 00 4c 89 e8 48 ba cf f7 53 e3
[ 1604.040906] RSP: 0018:ffffb716000d7e48 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[ 1604.040907] RAX: 0000000000000000 RBX: ffffd715ffd08a00 RCX: 000000000000001f
[ 1604.040908] RDX: 00000000000000c5 RSI: 000000003161f9ae RDI: 0000000000000000
[ 1604.040909] RBP: ffffffff96b9b438 R08: 0000000000000000 R09: 0000000000000000
[ 1604.040909] R10: ffffb716000d7e08 R11: ffffa4454dc82ef0 R12: 0000000000000008
[ 1604.040910] R13: 0000000000000004 R14: 000001757813c43f R15: 0000000000000000
[ 1604.040911]  ? cpuidle_enter_state+0x10f/0x650
[ 1604.040913]  do_idle+0x1ec/0x2c0
[ 1604.040914]  cpu_startup_entry+0x77/0x90
[ 1604.040915]  start_secondary+0x206/0x2e0
[ 1604.040917]  secondary_startup_64+0xb6/0xc0
[ 1604.040917] ================================================================================

Comment 1 segmentation fault 2019-01-10 13:07:24 UTC

System info:

Portage 2.3.51 (python 3.6.5-final-0, hardened/linux/amd64, gcc-7.3.0, glibc-2.27-r6, 4.19.8-gentoo x86_64)
=================================================================
System uname: Linux-4.19.8-gentoo-x86_64-Intel-R-_Core-TM-_i7-6700HQ_CPU_@_2.60GHz-with-gentoo-2.6
KiB Mem:    40976340 total,  16220132 free
KiB Swap:          0 total,         0 free
Timestamp of repository gentoo: Thu, 13 Dec 2018 12:15:01 +0000
Head commit of repository gentoo: 057645ffcdb86bd24e7c965f6e1aa03db33abb4c
sh bash 4.4_p12
ld GNU ld (Gentoo 2.30 p5) 2.30.0
app-shells/bash:          4.4_p12::gentoo
dev-java/java-config:     2.2.0-r4::gentoo
dev-lang/perl:            5.26.2::gentoo
dev-lang/python:          2.7.15::gentoo, 3.4.8::gentoo, 3.5.5::gentoo, 3.6.5::gentoo
dev-util/cmake:           3.12.3::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.6-r1::gentoo
sys-apps/openrc:          0.38.3-r1::gentoo
sys-apps/sandbox:         2.13::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r4::gentoo
sys-devel/automake:       1.11.6-r3::gentoo, 1.12.6::gentoo, 1.13.4-r2::gentoo, 1.14.1::gentoo, 1.15.1-r2::gentoo
sys-devel/binutils:       2.30-r4::gentoo
sys-devel/gcc:            7.3.0-r3::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1-r4::gentoo
sys-kernel/linux-headers: 4.13::gentoo (virtual/os-headers)
sys-libs/glibc:           2.27-r6::gentoo

Comment 2 Mike Pagano gentoo-dev

2019-06-11 11:48:09 UTC

Detection of undefined behavior via the UndefinedBehaviorSanitizer can be reported upstream at https://bugzilla.kernel.org