netbsd boot error: MSan: Uninitialized Memory in bus_dmamap_sync
1 view
Skip to first unread message
syzbot
Jan 28, 2022, 12:12:18 AM1/28/22
to syzkaller-...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 18e3a769564f numEntries can vary
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1273d9c0700000
kernel config: https://syzkaller.appspot.com/x/.config?x=739e57438eb9ed9e
dashboard link: https://syzkaller.appspot.com/bug?extid=f91ba3ad8983b7f1611a
compiler: Debian clang version 11.0.1-2
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f91ba3...@syzkaller.appspotmail.com
[ 2.7225943] panic: MSan: Uninitialized Stack Memory In LinearDmaSyncOp At Offset 20, Variable 'replun.i' From scsi_probe_bus()
[ 2.7307115] cpu1: Begin traceback...
[ 2.7507160] vpanic() at netbsd:vpanic+0x9ec
[ 2.8007157] panic() at netbsd:panic+0x1b3 sys/kern/subr_prf.c:209
[ 2.8407133] kmsan_report_hook() at netbsd:kmsan_report_hook+0x184 sys/kern/subr_msan.c:178
[ 2.8907116] bus_dmamap_sync() at netbsd:bus_dmamap_sync+0x10b
[ 2.9507255] vioscsi_scsipi_request() at netbsd:vioscsi_scsipi_request+0x1839
[ 3.0007163] scsipi_run_queue() at netbsd:scsipi_run_queue+0x2011 scsipi_adapter_request sys/dev/scsipi/scsipi_base.c:2832 [inline]
[ 3.0007163] scsipi_run_queue() at netbsd:scsipi_run_queue+0x2011 sys/dev/scsipi/scsipi_base.c:2183
[ 3.0507157] scsipi_execute_xs() at netbsd:scsipi_execute_xs+0xe7e sys/dev/scsipi/scsipi_base.c:2204
[ 3.1007139] scsipi_command() at netbsd:scsipi_command+0x386
[ 3.1407117] scsi_probe_bus() at netbsd:scsi_probe_bus+0xdd1 scsi_report_luns sys/dev/scsipi/scsiconf.c:428 [inline]
[ 3.1407117] scsi_probe_bus() at netbsd:scsi_probe_bus+0xdd1 sys/dev/scsipi/scsiconf.c:520
[ 3.1907126] scsibus_config() at netbsd:scsibus_config+0x349 sys/dev/scsipi/scsiconf.c:325
[ 3.2507140] scsibus_discover_thread() at netbsd:scsibus_discover_thread+0x28 sys/dev/scsipi/scsiconf.c:291
[ 3.2607103] cpu1: End traceback...
[ 3.2707116] fatal breakpoint trap in supervisor mode
[ 3.2707116] trap type 1 code 0 rip 0xffffffff8022288d cs 0x8 rflags 0x286 cr2 0 ilevel 0 rsp 0xffffe0806f0b8480
[ 3.2807027] curlwp 0xffffe080117ff6c0 pid 0.30 lowest kstack 0xffffe0806f0b12c0
Stopped in pid 0.30 (system) at netbsd:breakpoint+0x5: leave
breakpoint() at netbsd:breakpoint+0x5
vpanic() at netbsd:vpanic+0x9ec
panic() at netbsd:panic+0x1b3 sys/kern/subr_prf.c:209
kmsan_report_hook() at netbsd:kmsan_report_hook+0x184 sys/kern/subr_msan.c:178
bus_dmamap_sync() at netbsd:bus_dmamap_sync+0x10b
vioscsi_scsipi_request() at netbsd:vioscsi_scsipi_request+0x1839
scsipi_run_queue() at netbsd:scsipi_run_queue+0x2011 scsipi_adapter_request sys/dev/scsipi/scsipi_base.c:2832 [inline]
scsipi_run_queue() at netbsd:scsipi_run_queue+0x2011 sys/dev/scsipi/scsipi_base.c:2183
scsipi_execute_xs() at netbsd:scsipi_execute_xs+0xe7e sys/dev/scsipi/scsipi_base.c:2204
scsipi_command() at netbsd:scsipi_command+0x386
scsi_probe_bus() at netbsd:scsi_probe_bus+0xdd1 scsi_report_luns sys/dev/scsipi/scsiconf.c:428 [inline]
scsi_probe_bus() at netbsd:scsi_probe_bus+0xdd1 sys/dev/scsipi/scsiconf.c:520
scsibus_config() at netbsd:scsibus_config+0x349 sys/dev/scsipi/scsiconf.c:325
scsibus_discover_thread() at netbsd:scsibus_discover_thread+0x28 sys/dev/scsipi/scsiconf.c:291
ds a918
es bcd3
fs 8470
gs 0
rdi 5
rsi 0
rbp ffffe0806f0b8480
rbx 0
rdx 1
rcx ffffe080117ff6c0
--db_more--
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 18e3a769564f numEntries can vary
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1273d9c0700000
kernel config: https://syzkaller.appspot.com/x/.config?x=739e57438eb9ed9e
dashboard link: https://syzkaller.appspot.com/bug?extid=f91ba3ad8983b7f1611a
compiler: Debian clang version 11.0.1-2
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f91ba3...@syzkaller.appspotmail.com
[ 2.7225943] panic: MSan: Uninitialized Stack Memory In LinearDmaSyncOp At Offset 20, Variable 'replun.i' From scsi_probe_bus()
[ 2.7307115] cpu1: Begin traceback...
[ 2.7507160] vpanic() at netbsd:vpanic+0x9ec
[ 2.8007157] panic() at netbsd:panic+0x1b3 sys/kern/subr_prf.c:209
[ 2.8407133] kmsan_report_hook() at netbsd:kmsan_report_hook+0x184 sys/kern/subr_msan.c:178
[ 2.8907116] bus_dmamap_sync() at netbsd:bus_dmamap_sync+0x10b
[ 2.9507255] vioscsi_scsipi_request() at netbsd:vioscsi_scsipi_request+0x1839
[ 3.0007163] scsipi_run_queue() at netbsd:scsipi_run_queue+0x2011 scsipi_adapter_request sys/dev/scsipi/scsipi_base.c:2832 [inline]
[ 3.0007163] scsipi_run_queue() at netbsd:scsipi_run_queue+0x2011 sys/dev/scsipi/scsipi_base.c:2183
[ 3.0507157] scsipi_execute_xs() at netbsd:scsipi_execute_xs+0xe7e sys/dev/scsipi/scsipi_base.c:2204
[ 3.1007139] scsipi_command() at netbsd:scsipi_command+0x386
[ 3.1407117] scsi_probe_bus() at netbsd:scsi_probe_bus+0xdd1 scsi_report_luns sys/dev/scsipi/scsiconf.c:428 [inline]
[ 3.1407117] scsi_probe_bus() at netbsd:scsi_probe_bus+0xdd1 sys/dev/scsipi/scsiconf.c:520
[ 3.1907126] scsibus_config() at netbsd:scsibus_config+0x349 sys/dev/scsipi/scsiconf.c:325
[ 3.2507140] scsibus_discover_thread() at netbsd:scsibus_discover_thread+0x28 sys/dev/scsipi/scsiconf.c:291
[ 3.2607103] cpu1: End traceback...
[ 3.2707116] fatal breakpoint trap in supervisor mode
[ 3.2707116] trap type 1 code 0 rip 0xffffffff8022288d cs 0x8 rflags 0x286 cr2 0 ilevel 0 rsp 0xffffe0806f0b8480
[ 3.2807027] curlwp 0xffffe080117ff6c0 pid 0.30 lowest kstack 0xffffe0806f0b12c0
Stopped in pid 0.30 (system) at netbsd:breakpoint+0x5: leave
breakpoint() at netbsd:breakpoint+0x5
vpanic() at netbsd:vpanic+0x9ec
panic() at netbsd:panic+0x1b3 sys/kern/subr_prf.c:209
kmsan_report_hook() at netbsd:kmsan_report_hook+0x184 sys/kern/subr_msan.c:178
bus_dmamap_sync() at netbsd:bus_dmamap_sync+0x10b
vioscsi_scsipi_request() at netbsd:vioscsi_scsipi_request+0x1839
scsipi_run_queue() at netbsd:scsipi_run_queue+0x2011 scsipi_adapter_request sys/dev/scsipi/scsipi_base.c:2832 [inline]
scsipi_run_queue() at netbsd:scsipi_run_queue+0x2011 sys/dev/scsipi/scsipi_base.c:2183
scsipi_execute_xs() at netbsd:scsipi_execute_xs+0xe7e sys/dev/scsipi/scsipi_base.c:2204
scsipi_command() at netbsd:scsipi_command+0x386
scsi_probe_bus() at netbsd:scsi_probe_bus+0xdd1 scsi_report_luns sys/dev/scsipi/scsiconf.c:428 [inline]
scsi_probe_bus() at netbsd:scsi_probe_bus+0xdd1 sys/dev/scsipi/scsiconf.c:520
scsibus_config() at netbsd:scsibus_config+0x349 sys/dev/scsipi/scsiconf.c:325
scsibus_discover_thread() at netbsd:scsibus_discover_thread+0x28 sys/dev/scsipi/scsiconf.c:291
ds a918
es bcd3
fs 8470
gs 0
rdi 5
rsi 0
rbp ffffe0806f0b8480
rbx 0
rdx 1
rcx ffffe080117ff6c0
--db_more--
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Reply all
Reply to author
Forward
0 new messages