UBSan: Undefined Behavior in db_nextframe
0 views
Skip to first unread message
syzbot
Feb 9, 2022, 1:54:21 AM2/9/22
to syzkaller-...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 90fa6fd83126 Use a variable to store command line to be fi..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1320bed8700000
kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=f3e3884f7c1d9681de7e
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f3e388...@syzkaller.appspotmail.com
[ 79.6835108] panic: LOCKDEBUG: Kernel lock error: _kernel_lock,239: spinout
[ 79.6903547] cpu0: Begin traceback...
[ 79.6983015] vpanic() at netbsd:vpanic+0x2d0 sys/kern/subr_prf.c:290
[ 79.7483024] panic() at netbsd:panic+0x49 sys/kern/subr_prf.c:1221
[ 79.7783017] lockdebug_abort1() at netbsd:lockdebug_abort1+0x194 lockdebug_abort1 sys/kern/subr_lockdebug.c:790 [inline]
[ 79.7783017] lockdebug_abort1() at netbsd:lockdebug_abort1+0x194 sys/kern/subr_lockdebug.c:772
[ 79.8183003] _kernel_lock() at netbsd:_kernel_lock+0x47c sys/kern/kern_lock.c:239
[ 79.8483003] intr_biglock_wrapper() at netbsd:intr_biglock_wrapper+0x19 sys/arch/x86/x86/intr.c:660
[ 79.8782999] Xhandle_ioapic_edge19() at netbsd:Xhandle_ioapic_edge19+0x74
[ 79.8909183] --- interrupt ---
[ 79.9283004] kcov_silence_leave() at netbsd:kcov_silence_leave+0x96 sys/kern/subr_kcov.c:584
[ 79.9682978] ip_slowtimo() at netbsd:ip_slowtimo+0x1f sys/netinet/ip_input.c:828
[ 79.9982994] pfslowtimo() at netbsd:pfslowtimo+0xc6 sys/kern/uipc_domain.c:745
[ 80.0382997] callout_softclock() at netbsd:callout_softclock+0x24d sys/kern/kern_timeout.c:786
[ 80.0683001] softint_dispatch() at netbsd:softint_dispatch+0x3b4 x86_curcpu sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:56 [inline]
[ 80.0683001] softint_dispatch() at netbsd:softint_dispatch+0x3b4 softint_execute sys/kern/kern_softint.c:573 [inline]
[ 80.0683001] softint_dispatch() at netbsd:softint_dispatch+0x3b4 sys/kern/kern_softint.c:814
[ 80.0783014] Skipping crash dump on recursive panic
[ 80.0891740] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/arch/amd64/amd64/db_machdep.c:123:24, member access within misaligned address 0xf475 for type 'struct x86_64_frame' which requires 8 byte alignment
[ 80.1107366] Faulted in mid-traceback; aborting...
[ 80.1107366] fatal breakpoint trap in supervisor mode
[ 80.1187037] trap type 1 code 0 rip 0xffffffff80221a95 cs 0x8 rflags 0x246 cr2 0xffff9c80b0e12000 ilevel 0x6 rsp 0xffff9c80af690e30
[ 80.1322151] curlwp 0xffff8275fddc6080 pid 0.5 lowest kstack 0xffff9c80af68d2c0
Stopped in pid 0.5 (system) at netbsd:breakpoint+0x5: leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x2d0 sys/kern/subr_prf.c:290
Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
HandleTypeMismatch() at netbsd:HandleTypeMismatch+0xfc sys/../common/lib/libc/misc/ubsan.c:432
db_nextframe() at netbsd:db_nextframe+0x837 sys/arch/amd64/amd64/db_machdep.c:123
db_stack_trace_print() at netbsd:db_stack_trace_print+0x281 sys/arch/x86/x86/db_trace.c:277
db_panic() at netbsd:db_panic+0x9d x86_curcpu sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:56 [inline]
db_panic() at netbsd:db_panic+0x9d sys/ddb/db_panic.c:59
vpanic() at netbsd:vpanic+0x2d0 sys/kern/subr_prf.c:290
panic() at netbsd:panic+0x49 sys/kern/subr_prf.c:1221
lockdebug_abort1() at netbsd:lockdebug_abort1+0x194 lockdebug_abort1 sys/kern/subr_lockdebug.c:790 [inline]
lockdebug_abort1() at netbsd:lockdebug_abort1+0x194 sys/kern/subr_lockdebug.c:772
_kernel_lock() at netbsd:_kernel_lock+0x47c sys/kern/kern_lock.c:239
intr_biglock_wrapper() at netbsd:intr_biglock_wrapper+0x19 sys/arch/x86/x86/intr.c:660
Xhandle_ioapic_edge19() at netbsd:Xhandle_ioapic_edge19+0x74
--- interrupt ---
kcov_silence_leave() at netbsd:kcov_silence_leave+0x96 sys/kern/subr_kcov.c:584
ip_slowtimo() at netbsd:ip_slowtimo+0x1f sys/netinet/ip_input.c:828
pfslowtimo() at netbsd:pfslowtimo+0xc6 sys/kern/uipc_domain.c:745
callout_softclock() at netbsd:callout_softclock+0x24d sys/kern/kern_timeout.c:786
softint_dispatch() at netbsd:softint_dispatch+0x3b4 x86_curcpu sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:56 [inline]
softint_dispatch() at netbsd:softint_dispatch+0x3b4 softint_execute sys/kern/kern_softint.c:573 [inline]
softint_dispatch() at netbsd:softint_dispatch+0x3b4 sys/kern/kern_softint.c:814
[ 80.1394030] Skipping crash dump on recursive panic
[ 80.1394030] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/arch/amd64/amd64/db_machdep.c:124:14, member access within misaligned address 0xf475 for type 'struct x86_64_frame' which requires 8 byte alignment
[ 80.1394030] Faulted in mid-traceback; aborting...
[ 80.1394030] fatal breakpoint trap in supervisor mode
[ 80.1394030] trap type 1 code 0 rip 0xffffffff80221a95 cs 0x8 rflags 0x246 cr2 0xffff9c80b0e12000 ilevel 0x8 rsp 0xffff9c80af68fb30
[ 80.1394030] curlwp 0xffff8275fddc6080 pid 0.5 lowest kstack 0xffff9c80af68d2c0
Stopped in pid 0.5 (system) at netbsd:breakpoint+0x5: leave
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 90fa6fd83126 Use a variable to store command line to be fi..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1320bed8700000
kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=f3e3884f7c1d9681de7e
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f3e388...@syzkaller.appspotmail.com
[ 79.6835108] panic: LOCKDEBUG: Kernel lock error: _kernel_lock,239: spinout
[ 79.6903547] cpu0: Begin traceback...
[ 79.6983015] vpanic() at netbsd:vpanic+0x2d0 sys/kern/subr_prf.c:290
[ 79.7483024] panic() at netbsd:panic+0x49 sys/kern/subr_prf.c:1221
[ 79.7783017] lockdebug_abort1() at netbsd:lockdebug_abort1+0x194 lockdebug_abort1 sys/kern/subr_lockdebug.c:790 [inline]
[ 79.7783017] lockdebug_abort1() at netbsd:lockdebug_abort1+0x194 sys/kern/subr_lockdebug.c:772
[ 79.8183003] _kernel_lock() at netbsd:_kernel_lock+0x47c sys/kern/kern_lock.c:239
[ 79.8483003] intr_biglock_wrapper() at netbsd:intr_biglock_wrapper+0x19 sys/arch/x86/x86/intr.c:660
[ 79.8782999] Xhandle_ioapic_edge19() at netbsd:Xhandle_ioapic_edge19+0x74
[ 79.8909183] --- interrupt ---
[ 79.9283004] kcov_silence_leave() at netbsd:kcov_silence_leave+0x96 sys/kern/subr_kcov.c:584
[ 79.9682978] ip_slowtimo() at netbsd:ip_slowtimo+0x1f sys/netinet/ip_input.c:828
[ 79.9982994] pfslowtimo() at netbsd:pfslowtimo+0xc6 sys/kern/uipc_domain.c:745
[ 80.0382997] callout_softclock() at netbsd:callout_softclock+0x24d sys/kern/kern_timeout.c:786
[ 80.0683001] softint_dispatch() at netbsd:softint_dispatch+0x3b4 x86_curcpu sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:56 [inline]
[ 80.0683001] softint_dispatch() at netbsd:softint_dispatch+0x3b4 softint_execute sys/kern/kern_softint.c:573 [inline]
[ 80.0683001] softint_dispatch() at netbsd:softint_dispatch+0x3b4 sys/kern/kern_softint.c:814
[ 80.0783014] Skipping crash dump on recursive panic
[ 80.0891740] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/arch/amd64/amd64/db_machdep.c:123:24, member access within misaligned address 0xf475 for type 'struct x86_64_frame' which requires 8 byte alignment
[ 80.1107366] Faulted in mid-traceback; aborting...
[ 80.1107366] fatal breakpoint trap in supervisor mode
[ 80.1187037] trap type 1 code 0 rip 0xffffffff80221a95 cs 0x8 rflags 0x246 cr2 0xffff9c80b0e12000 ilevel 0x6 rsp 0xffff9c80af690e30
[ 80.1322151] curlwp 0xffff8275fddc6080 pid 0.5 lowest kstack 0xffff9c80af68d2c0
Stopped in pid 0.5 (system) at netbsd:breakpoint+0x5: leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x2d0 sys/kern/subr_prf.c:290
Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
HandleTypeMismatch() at netbsd:HandleTypeMismatch+0xfc sys/../common/lib/libc/misc/ubsan.c:432
db_nextframe() at netbsd:db_nextframe+0x837 sys/arch/amd64/amd64/db_machdep.c:123
db_stack_trace_print() at netbsd:db_stack_trace_print+0x281 sys/arch/x86/x86/db_trace.c:277
db_panic() at netbsd:db_panic+0x9d x86_curcpu sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:56 [inline]
db_panic() at netbsd:db_panic+0x9d sys/ddb/db_panic.c:59
vpanic() at netbsd:vpanic+0x2d0 sys/kern/subr_prf.c:290
panic() at netbsd:panic+0x49 sys/kern/subr_prf.c:1221
lockdebug_abort1() at netbsd:lockdebug_abort1+0x194 lockdebug_abort1 sys/kern/subr_lockdebug.c:790 [inline]
lockdebug_abort1() at netbsd:lockdebug_abort1+0x194 sys/kern/subr_lockdebug.c:772
_kernel_lock() at netbsd:_kernel_lock+0x47c sys/kern/kern_lock.c:239
intr_biglock_wrapper() at netbsd:intr_biglock_wrapper+0x19 sys/arch/x86/x86/intr.c:660
Xhandle_ioapic_edge19() at netbsd:Xhandle_ioapic_edge19+0x74
--- interrupt ---
kcov_silence_leave() at netbsd:kcov_silence_leave+0x96 sys/kern/subr_kcov.c:584
ip_slowtimo() at netbsd:ip_slowtimo+0x1f sys/netinet/ip_input.c:828
pfslowtimo() at netbsd:pfslowtimo+0xc6 sys/kern/uipc_domain.c:745
callout_softclock() at netbsd:callout_softclock+0x24d sys/kern/kern_timeout.c:786
softint_dispatch() at netbsd:softint_dispatch+0x3b4 x86_curcpu sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:56 [inline]
softint_dispatch() at netbsd:softint_dispatch+0x3b4 softint_execute sys/kern/kern_softint.c:573 [inline]
softint_dispatch() at netbsd:softint_dispatch+0x3b4 sys/kern/kern_softint.c:814
[ 80.1394030] Skipping crash dump on recursive panic
[ 80.1394030] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/arch/amd64/amd64/db_machdep.c:124:14, member access within misaligned address 0xf475 for type 'struct x86_64_frame' which requires 8 byte alignment
[ 80.1394030] Faulted in mid-traceback; aborting...
[ 80.1394030] fatal breakpoint trap in supervisor mode
[ 80.1394030] trap type 1 code 0 rip 0xffffffff80221a95 cs 0x8 rflags 0x246 cr2 0xffff9c80b0e12000 ilevel 0x8 rsp 0xffff9c80af68fb30
[ 80.1394030] curlwp 0xffff8275fddc6080 pid 0.5 lowest kstack 0xffff9c80af68d2c0
Stopped in pid 0.5 (system) at netbsd:breakpoint+0x5: leave
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
May 17, 2022, 8:37:17 PM5/17/22
to syzkaller-...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages