netbsd boot error: panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/kern/vfs_cache.c:LINE, left shift of AD
2 views
Skip to first unread message
syzbot
Mar 22, 2020, 5:46:15 PM3/22/20
to syzkaller-...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 24cb291f Import bwfm firmware from linux-firmware snapshot..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10efd8c5e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=824b23e1f4b6c76b
dashboard link: https://syzkaller.appspot.com/bug?extid=dd5df915b2cd2f3f3da5
compiler: g++ (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+dd5df9...@syzkaller.appspotmail.com
[ 1.8663075] panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/kern/vfs_cache.c:345:14, left shift of 4161115716 by 32 places cannot be represented in type 'long int'
[ 1.8810464] cpu1: Begin traceback...
[ 1.8810464] vpanic() at netbsd:vpanic+0x2af sys/kern/subr_prf.c:336
[ 1.9010553] isAlreadyReported() at netbsd:isAlreadyReported
[ 1.9210660] HandleShiftOutOfBounds() at netbsd:HandleShiftOutOfBounds+0x288 sys/../common/lib/libc/misc/ubsan.c:479
[ 1.9410911] cache_lookup.cold.4() at netbsd:cache_lookup.cold.4+0x19
[ 1.9610921] ufs_lookup() at netbsd:ufs_lookup+0x3ae sys/ufs/ufs/ufs_lookup.c:357
[ 1.9811030] VOP_LOOKUP() at netbsd:VOP_LOOKUP+0x119 sys/kern/vnode_if.c:177
[ 2.0011152] lookup_once() at netbsd:lookup_once+0x427 sys/kern/vfs_lookup.c:1020
[ 2.0211240] namei_tryemulroot() at netbsd:namei_tryemulroot+0xa99 namei_oneroot sys/kern/vfs_lookup.c:1260 [inline]
[ 2.0211240] namei_tryemulroot() at netbsd:namei_tryemulroot+0xa99 sys/kern/vfs_lookup.c:1541
[ 2.0411403] namei() at netbsd:namei+0x2e sys/kern/vfs_lookup.c:1577
[ 2.0511546] nameiat_simple_kernel() at netbsd:nameiat_simple_kernel+0xcd sys/kern/vfs_lookup.c:1917
[ 2.0711505] start_init() at netbsd:start_init+0x10c check_console sys/kern/init_main.c:918 [inline]
[ 2.0711505] start_init() at netbsd:start_init+0x10c sys/kern/init_main.c:983
[ 2.0811512] cpu1: End traceback...
[ 2.0811512] fatal breakpoint trap in supervisor mode
[ 2.0911596] trap type 1 code 0 rip 0xffffffff8021f59d cs 0x8 rflags 0x282 cr2 0 ilevel 0 rsp 0xffff8800b6eb2380
[ 2.0911596] curlwp 0xffff86f9e6c1a900 pid 1.1 lowest kstack 0xffff8800b6eaf2c0
Stopped in pid 1.1 (init) at netbsd:breakpoint+0x5: leave
db{1}>
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 24cb291f Import bwfm firmware from linux-firmware snapshot..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10efd8c5e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=824b23e1f4b6c76b
dashboard link: https://syzkaller.appspot.com/bug?extid=dd5df915b2cd2f3f3da5
compiler: g++ (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+dd5df9...@syzkaller.appspotmail.com
[ 1.8663075] panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/kern/vfs_cache.c:345:14, left shift of 4161115716 by 32 places cannot be represented in type 'long int'
[ 1.8810464] cpu1: Begin traceback...
[ 1.8810464] vpanic() at netbsd:vpanic+0x2af sys/kern/subr_prf.c:336
[ 1.9010553] isAlreadyReported() at netbsd:isAlreadyReported
[ 1.9210660] HandleShiftOutOfBounds() at netbsd:HandleShiftOutOfBounds+0x288 sys/../common/lib/libc/misc/ubsan.c:479
[ 1.9410911] cache_lookup.cold.4() at netbsd:cache_lookup.cold.4+0x19
[ 1.9610921] ufs_lookup() at netbsd:ufs_lookup+0x3ae sys/ufs/ufs/ufs_lookup.c:357
[ 1.9811030] VOP_LOOKUP() at netbsd:VOP_LOOKUP+0x119 sys/kern/vnode_if.c:177
[ 2.0011152] lookup_once() at netbsd:lookup_once+0x427 sys/kern/vfs_lookup.c:1020
[ 2.0211240] namei_tryemulroot() at netbsd:namei_tryemulroot+0xa99 namei_oneroot sys/kern/vfs_lookup.c:1260 [inline]
[ 2.0211240] namei_tryemulroot() at netbsd:namei_tryemulroot+0xa99 sys/kern/vfs_lookup.c:1541
[ 2.0411403] namei() at netbsd:namei+0x2e sys/kern/vfs_lookup.c:1577
[ 2.0511546] nameiat_simple_kernel() at netbsd:nameiat_simple_kernel+0xcd sys/kern/vfs_lookup.c:1917
[ 2.0711505] start_init() at netbsd:start_init+0x10c check_console sys/kern/init_main.c:918 [inline]
[ 2.0711505] start_init() at netbsd:start_init+0x10c sys/kern/init_main.c:983
[ 2.0811512] cpu1: End traceback...
[ 2.0811512] fatal breakpoint trap in supervisor mode
[ 2.0911596] trap type 1 code 0 rip 0xffffffff8021f59d cs 0x8 rflags 0x282 cr2 0 ilevel 0 rsp 0xffff8800b6eb2380
[ 2.0911596] curlwp 0xffff86f9e6c1a900 pid 1.1 lowest kstack 0xffff8800b6eaf2c0
Stopped in pid 1.1 (init) at netbsd:breakpoint+0x5: leave
db{1}>
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Reply all
Reply to author
Forward
0 new messages