lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <22378.1520883323@turing-police.cc.vt.edu>
Date:   Mon, 12 Mar 2018 15:35:23 -0400
From:   valdis.kletnieks@...edu
To:     Andrew Morton <akpm@...ux-foundation.org>,
        Matthew Wilcox <mawilcox@...rosoft.com>
Cc:     linux-kernel@...r.kernel.org,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org
Subject: linux-next 20180307 - UBSAN whine in lib/radix-tree.c

Seen in the dmesg:

[    0.000000] ================================================================================
[    0.000000] UBSAN: Undefined behaviour in lib/radix-tree.c:123:14
[    0.000000] member access within null pointer of type 'const struct radix_tree_node'
[    0.000000] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G                T 4.16.0-rc4-next-20180307-dirty #559
[    0.000000] Hardware name: Dell Inc. Latitude E6530/07Y85M, BIOS A20 05/08/2017
[    0.000000] Call Trace:
[    0.000000]  dump_stack+0x83/0xca
[    0.000000]  ubsan_epilogue+0xd/0x3a
[    0.000000]  handle_null_ptr_deref+0x85/0x90
[    0.000000]  __ubsan_handle_type_mismatch_v1+0x5e/0x70
[    0.000000]  __radix_tree_replace+0x1e4/0x1f0
[    0.000000]  radix_tree_iter_replace+0x25/0x50
[    0.000000]  idr_alloc_u32+0x166/0x1f0
[    0.000000]  idr_alloc+0x7e/0xd0
[    0.000000]  worker_pool_assign_id+0x61/0xd0
[    0.000000]  ? mutex_lock_nested+0x1b/0x20
[    0.000000]  workqueue_init_early+0x58a/0xc3f
[    0.000000]  start_kernel+0x4f7/0x809
[    0.000000]  x86_64_start_reservations+0x40/0x61
[    0.000000]  x86_64_start_kernel+0x7b/0x9e
[    0.000000]  secondary_startup_64+0xa5/0xb0
[    0.000000] ================================================================================

not sure why a null 'parent' value got passed to get_slot_offset() in the first place, but it sounds
like something is missing an 'if (NULL)' test...

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ