netbsd boot error: UBSan: Undefined Behavior in node_insert
1 view
Skip to first unread message
syzbot
Mar 30, 2022, 2:19:24 PM3/30/22
to syzkaller-...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: a2bbd8e60824 Revert "kern: Sprinkle biglock-slippage asser..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14b56d4f700000
kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=8ded6e17a394e39d6291
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8ded6e...@syzkaller.appspotmail.com
[ 2.1433821] panic: dk0 at sd0: "49b813d1-8009-4c4f-b3e1-2cc288366ecc", 2097085 blocks at 64, type: ffs
[ 2.1433821] UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/subr_thmap.c:262:10, member access within null pointer of type 'struct thmap_inode_t'
[ 2.1433821] dk1 at sd0: "2a5f9479-33b7-499d-8cc4-f8d9ae0937b7", 2097119 blocks at 2097152, type: swap
[ 2.2297778] cpu0: Begin traceback...
[ 2.2297778] sd0: async, 8-bit transfers, tagged queueing
[ 2.2833660] vpanic() at netbsd:vpanic+0x2d0 sys/kern/subr_prf.c:290
[ 2.4033626] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
[ 2.4733657] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
[ 2.5433644] node_insert() at netbsd:node_insert+0x805 node_locked_p sys/kern/subr_thmap.c:262 [inline]
[ 2.5433644] node_insert() at netbsd:node_insert+0x805 sys/kern/subr_thmap.c:417
[ 2.6133669] thmap_put() at netbsd:thmap_put+0x3d5 root_try_put sys/kern/subr_thmap.c:544 [inline]
[ 2.6133669] thmap_put() at netbsd:thmap_put+0x3d5 sys/kern/subr_thmap.c:706
[ 2.6833619] npf_param_register() at netbsd:npf_param_register+0x164 sys/net/npf/npf_params.c:187
[ 2.7433663] npf_state_tcp_sysinit() at netbsd:npf_state_tcp_sysinit+0x1dc sys/net/npf/npf_state_tcp.c:585
[ 2.8133601] npf_state_sysinit() at netbsd:npf_state_sysinit+0x118 sys/net/npf/npf_state.c:127
[ 2.8833641] npfk_create() at netbsd:npfk_create+0xd5 sys/net/npf/npf.c:88
[ 2.9533602] npf_modcmd() at netbsd:npf_modcmd+0xac npf_init sys/net/npf/npf_os.c:158 [inline]
[ 2.9533602] npf_modcmd() at netbsd:npf_modcmd+0xac sys/net/npf/npf_os.c:184
[ 3.0233602] module_do_builtin() at netbsd:module_do_builtin+0x517 sys/kern/kern_module.c:940
[ 3.0933604] module_init_class() at netbsd:module_init_class+0x544 sys/kern/kern_module.c:596
[ 3.1633577] main() at netbsd:main+0x6c3 sys/kern/init_main.c:663
[ 3.1733591] cpu0: End traceback...
[ 3.1907235] fatal breakpoint trap in supervisor mode
[ 3.1980852] trap type 1 code 0 rip 0xffffffff80221a95 cs 0x8 rflags 0x246 cr2 0 ilevel 0 rsp 0xffffffff86e933f0
[ 3.2261441] curlwp 0xffffffff86534a40 pid 0.0 lowest kstack 0xffffffff86e8e2c0
Stopped in pid 0.0 (system) at netbsd:breakpoint+0x5: leave
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x2d0 sys/kern/subr_prf.c:290
Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
node_insert() at netbsd:node_insert+0x805 node_locked_p sys/kern/subr_thmap.c:262 [inline]
node_insert() at netbsd:node_insert+0x805 sys/kern/subr_thmap.c:417
thmap_put() at netbsd:thmap_put+0x3d5 root_try_put sys/kern/subr_thmap.c:544 [inline]
thmap_put() at netbsd:thmap_put+0x3d5 sys/kern/subr_thmap.c:706
npf_param_register() at netbsd:npf_param_register+0x164 sys/net/npf/npf_params.c:187
npf_state_tcp_sysinit() at netbsd:npf_state_tcp_sysinit+0x1dc sys/net/npf/npf_state_tcp.c:585
npf_state_sysinit() at netbsd:npf_state_sysinit+0x118 sys/net/npf/npf_state.c:127
npfk_create() at netbsd:npfk_create+0xd5 sys/net/npf/npf.c:88
npf_modcmd() at netbsd:npf_modcmd+0xac npf_init sys/net/npf/npf_os.c:158 [inline]
npf_modcmd() at netbsd:npf_modcmd+0xac sys/net/npf/npf_os.c:184
module_do_builtin() at netbsd:module_do_builtin+0x517 sys/kern/kern_module.c:940
module_init_class() at netbsd:module_init_class+0x544 sys/kern/kern_module.c:596
main() at netbsd:main+0x6c3 sys/kern/init_main.c:663
ds a9
es 33b0
fs 3400
gs 10
rdi 5
rsi 0
rbp ffffffff86e933f0
--db_more--
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: a2bbd8e60824 Revert "kern: Sprinkle biglock-slippage asser..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14b56d4f700000
kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=8ded6e17a394e39d6291
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8ded6e...@syzkaller.appspotmail.com
[ 2.1433821] panic: dk0 at sd0: "49b813d1-8009-4c4f-b3e1-2cc288366ecc", 2097085 blocks at 64, type: ffs
[ 2.1433821] UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/subr_thmap.c:262:10, member access within null pointer of type 'struct thmap_inode_t'
[ 2.1433821] dk1 at sd0: "2a5f9479-33b7-499d-8cc4-f8d9ae0937b7", 2097119 blocks at 2097152, type: swap
[ 2.2297778] cpu0: Begin traceback...
[ 2.2297778] sd0: async, 8-bit transfers, tagged queueing
[ 2.2833660] vpanic() at netbsd:vpanic+0x2d0 sys/kern/subr_prf.c:290
[ 2.4033626] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
[ 2.4733657] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
[ 2.5433644] node_insert() at netbsd:node_insert+0x805 node_locked_p sys/kern/subr_thmap.c:262 [inline]
[ 2.5433644] node_insert() at netbsd:node_insert+0x805 sys/kern/subr_thmap.c:417
[ 2.6133669] thmap_put() at netbsd:thmap_put+0x3d5 root_try_put sys/kern/subr_thmap.c:544 [inline]
[ 2.6133669] thmap_put() at netbsd:thmap_put+0x3d5 sys/kern/subr_thmap.c:706
[ 2.6833619] npf_param_register() at netbsd:npf_param_register+0x164 sys/net/npf/npf_params.c:187
[ 2.7433663] npf_state_tcp_sysinit() at netbsd:npf_state_tcp_sysinit+0x1dc sys/net/npf/npf_state_tcp.c:585
[ 2.8133601] npf_state_sysinit() at netbsd:npf_state_sysinit+0x118 sys/net/npf/npf_state.c:127
[ 2.8833641] npfk_create() at netbsd:npfk_create+0xd5 sys/net/npf/npf.c:88
[ 2.9533602] npf_modcmd() at netbsd:npf_modcmd+0xac npf_init sys/net/npf/npf_os.c:158 [inline]
[ 2.9533602] npf_modcmd() at netbsd:npf_modcmd+0xac sys/net/npf/npf_os.c:184
[ 3.0233602] module_do_builtin() at netbsd:module_do_builtin+0x517 sys/kern/kern_module.c:940
[ 3.0933604] module_init_class() at netbsd:module_init_class+0x544 sys/kern/kern_module.c:596
[ 3.1633577] main() at netbsd:main+0x6c3 sys/kern/init_main.c:663
[ 3.1733591] cpu0: End traceback...
[ 3.1907235] fatal breakpoint trap in supervisor mode
[ 3.1980852] trap type 1 code 0 rip 0xffffffff80221a95 cs 0x8 rflags 0x246 cr2 0 ilevel 0 rsp 0xffffffff86e933f0
[ 3.2261441] curlwp 0xffffffff86534a40 pid 0.0 lowest kstack 0xffffffff86e8e2c0
Stopped in pid 0.0 (system) at netbsd:breakpoint+0x5: leave
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x2d0 sys/kern/subr_prf.c:290
Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
node_insert() at netbsd:node_insert+0x805 node_locked_p sys/kern/subr_thmap.c:262 [inline]
node_insert() at netbsd:node_insert+0x805 sys/kern/subr_thmap.c:417
thmap_put() at netbsd:thmap_put+0x3d5 root_try_put sys/kern/subr_thmap.c:544 [inline]
thmap_put() at netbsd:thmap_put+0x3d5 sys/kern/subr_thmap.c:706
npf_param_register() at netbsd:npf_param_register+0x164 sys/net/npf/npf_params.c:187
npf_state_tcp_sysinit() at netbsd:npf_state_tcp_sysinit+0x1dc sys/net/npf/npf_state_tcp.c:585
npf_state_sysinit() at netbsd:npf_state_sysinit+0x118 sys/net/npf/npf_state.c:127
npfk_create() at netbsd:npfk_create+0xd5 sys/net/npf/npf.c:88
npf_modcmd() at netbsd:npf_modcmd+0xac npf_init sys/net/npf/npf_os.c:158 [inline]
npf_modcmd() at netbsd:npf_modcmd+0xac sys/net/npf/npf_os.c:184
module_do_builtin() at netbsd:module_do_builtin+0x517 sys/kern/kern_module.c:940
module_init_class() at netbsd:module_init_class+0x544 sys/kern/kern_module.c:596
main() at netbsd:main+0x6c3 sys/kern/init_main.c:663
ds a9
es 33b0
fs 3400
gs 10
rdi 5
rsi 0
rbp ffffffff86e933f0
--db_more--
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Reply all
Reply to author
Forward
0 new messages