netbsd test error: UBSan: Undefined Behavior in AcpiRsSetResourceHeader
0 views
Skip to first unread message
syzbot
Feb 24, 2025, 3:24:27 PMFeb 24
to syzkaller-...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 19c0a1efffc4 efi(8): brush up markup a bit (mostly consist..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10ecd7a4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=cc4a1be11d1daf5e1efe
compiler: g++ (Debian 12.2.0-14) 12.2.0
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/adea074511b0/disk-19c0a1ef.raw.xz
netbsd.gdb: https://storage.googleapis.com/syzbot-assets/44c6ffabbc04/netbsd-19c0a1ef.gdb.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cc4a1b...@syzkaller.appspotmail.com
[ 1.0180658] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/external/bsd/acpica/dist/resources/rsutils.c:407:37, member access within misaligned address 0xffff8830c8a31b11 for type 'union AML_RESOURCE' which requires 4 byte alignment
[ 1.0180658] cpu0: Begin traceback...
[ 1.0180658] vpanic() at netbsd:vpanic+0x2f3 sys/kern/subr_prf.c:288
[ 1.0180658] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
[ 1.0180658] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0xfc sys/../common/lib/libc/misc/ubsan.c:432
[ 1.0180658] AcpiRsSetResourceHeader() at netbsd:AcpiRsSetResourceHeader+0x13f sys/external/bsd/acpica/dist/resources/rsutils.c:407
[ 1.0180658] AcpiRsConvertResourceToAml() at netbsd:AcpiRsConvertResourceToAml+0xb9c sys/external/bsd/acpica/dist/resources/rsmisc.c:634
[ 1.0180658] AcpiRsConvertResourcesToAml() at netbsd:AcpiRsConvertResourcesToAml+0xa1 sys/external/bsd/acpica/dist/resources/rslist.c:359
[ 1.0180658] AcpiRsCreateAmlResources() at netbsd:AcpiRsCreateAmlResources+0xe3 sys/external/bsd/acpica/dist/resources/rscreate.c:608
[ 1.0180658] AcpiRsSetSrsMethodData() at netbsd:AcpiRsSetSrsMethodData+0xc7 sys/external/bsd/acpica/dist/resources/rsutils.c:942
[ 1.0180658] AcpiSetCurrentResources() at netbsd:AcpiSetCurrentResources+0x11a sys/external/bsd/acpica/dist/resources/rsxface.c:454
[ 1.0180658] acpi_pci_link_route_interrupt() at netbsd:acpi_pci_link_route_interrupt+0x746 acpi_pci_link_route_irqs sys/dev/acpi/acpi_pci_link.c:905 [inline]
[ 1.0180658] acpi_pci_link_route_interrupt() at netbsd:acpi_pci_link_route_interrupt+0x746 sys/dev/acpi/acpi_pci_link.c:1068
[ 1.0180658] mpacpi_findintr_linkdev() at netbsd:mpacpi_findintr_linkdev+0x84 sys/arch/x86/x86/mpacpi.c:1035
[ 1.0180658] intr_find_mpmapping() at netbsd:intr_find_mpmapping+0x291 intr_scan_bus sys/arch/x86/x86/mp.c:226 [inline]
[ 1.0180658] intr_find_mpmapping() at netbsd:intr_find_mpmapping+0x291 sys/arch/x86/x86/mp.c:191
[ 1.0180658] pci_intr_map() at netbsd:pci_intr_map+0x2d3 sys/arch/x86/pci/pci_intr_machdep.c:156
[ 1.0180658] pci_intx_alloc() at netbsd:pci_intx_alloc+0x46 sys/arch/x86/pci/pci_intr_machdep.c:448
[ 1.0180658] pci_intr_alloc() at netbsd:pci_intr_alloc+0x127 sys/arch/x86/pci/pci_intr_machdep.c:573
[ 1.0180658] virtio_pci_alloc_interrupts() at netbsd:virtio_pci_alloc_interrupts+0x3be sys/dev/pci/virtio_pci.c:1171
[ 1.0180658] virtio_child_attach_finish() at netbsd:virtio_child_attach_finish+0x5f4 sys/dev/pci/virtio.c:1389
[ 1.0180658] viomb_attach() at netbsd:viomb_attach+0x5c5 sys/dev/pci/viomb.c:194
[ 1.0180658] config_attach_internal() at netbsd:config_attach_internal+0x4d5 sys/kern/subr_autoconf.c:1832
[ 1.0180658] config_found_acquire() at netbsd:config_found_acquire+0x6a sys/kern/subr_autoconf.c:1275
[ 1.0180658] config_found() at netbsd:config_found+0x4c sys/kern/subr_autoconf.c:1317
[ 1.0180658] virtio_pci_rescan() at netbsd:virtio_pci_rescan+0x86 sys/dev/pci/virtio_pci.c:350
[ 1.0180658] virtio_pci_attach() at netbsd:virtio_pci_attach+0x456 sys/dev/pci/virtio_pci.c:331
[ 1.0180658] config_attach_internal() at netbsd:config_attach_internal+0x4d5 sys/kern/subr_autoconf.c:1832
[ 1.0180658] config_found_acquire() at netbsd:config_found_acquire+0x6a sys/kern/subr_autoconf.c:1275
[ 1.0180658] config_found() at netbsd:config_found+0x4c sys/kern/subr_autoconf.c:1317
[ 1.0180658] pci_probe_device1() at netbsd:pci_probe_device1+0xeaa sys/dev/pci/pci.c:488
[ 1.0180658] pci_enumerate_bus1() at netbsd:pci_enumerate_bus1+0x477 sys/dev/pci/pci.c:851
[ 1.0180658] pcirescan() at netbsd:pcirescan+0x73 sys/dev/pci/pci.c:113
[ 1.0180658] pciattach() at netbsd:pciattach+0x516 sys/dev/pci/pci.c:210
[ 1.0180658] config_attach_internal() at netbsd:config_attach_internal+0x4d5 sys/kern/subr_autoconf.c:1832
[ 1.0180658] config_found_acquire() at netbsd:config_found_acquire+0x6a sys/kern/subr_autoconf.c:1275
[ 1.0180658] config_found() at netbsd:config_found+0x4c sys/kern/subr_autoconf.c:1317
[ 1.0180658] mp_pci_scan() at netbsd:mp_pci_scan+0x197 sys/arch/x86/x86/mp.c:96
[ 1.0180658] amd64_mainbus_attach() at netbsd:amd64_mainbus_attach+0x517 sys/arch/amd64/amd64/amd64_mainbus.c:220
[ 1.0180658] config_attach_internal() at netbsd:config_attach_internal+0x4d5 sys/kern/subr_autoconf.c:1832
[ 1.0180658] config_attach() at netbsd:config_attach+0x71 config_attach_acquire sys/kern/subr_autoconf.c:1867 [inline]
[ 1.0180658] config_attach() at netbsd:config_attach+0x71 sys/kern/subr_autoconf.c:1895
[ 1.0180658] config_rootfound() at netbsd:config_rootfound+0x4e sys/kern/subr_autoconf.c:1336
[ 1.0180658] cpu_configure() at netbsd:cpu_configure+0x58 sys/arch/amd64/amd64/autoconf.c:112
[ 1.0180658] main() at netbsd:main+0x43d sys/kern/init_main.c:553
[ 1.0180658] cpu0: End traceback...
[ 1.0180658] fatal breakpoint trap in supervisor mode
[ 1.0180658] trap type 1 code 0 rip 0xffffffff8023547d cs 0x8 rflags 0x202 cr2 0 ilevel 0x8 rsp 0xffffffff870b4780
[ 1.0180658] curlwp 0xffffffff867f7840 pid 0.0 lowest kstack 0xffffffff870b02c0
Stopped in pid 0.0 (system) at netbsd:breakpoint+0x5: leave
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:71
vpanic() at netbsd:vpanic+0x2f3 sys/kern/subr_prf.c:288
Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
HandleTypeMismatch() at netbsd:HandleTypeMismatch+0xfc sys/../common/lib/libc/misc/ubsan.c:432
AcpiRsSetResourceHeader() at netbsd:AcpiRsSetResourceHeader+0x13f sys/external/bsd/acpica/dist/resources/rsutils.c:407
AcpiRsConvertResourceToAml() at netbsd:AcpiRsConvertResourceToAml+0xb9c sys/external/bsd/acpica/dist/resources/rsmisc.c:634
AcpiRsConvertResourcesToAml() at netbsd:AcpiRsConvertResourcesToAml+0xa1 sys/external/bsd/acpica/dist/resources/rslist.c:359
AcpiRsCreateAmlResources() at netbsd:AcpiRsCreateAmlResources+0xe3 sys/external/bsd/acpica/dist/resources/rscreate.c:608
AcpiRsSetSrsMethodData() at netbsd:AcpiRsSetSrsMethodData+0xc7 sys/external/bsd/acpica/dist/resources/rsutils.c:942
AcpiSetCurrentResources() at netbsd:AcpiSetCurrentResources+0x11a sys/external/bsd/acpica/dist/resources/rsxface.c:454
acpi_pci_link_route_interrupt() at netbsd:acpi_pci_link_route_interrupt+0x746 acpi_pci_link_route_irqs sys/dev/acpi/acpi_pci_link.c:905 [inline]
acpi_pci_link_route_interrupt() at netbsd:acpi_pci_link_route_interrupt+0x746 sys/dev/acpi/acpi_pci_link.c:1068
mpacpi_findintr_linkdev() at netbsd:mpacpi_findintr_linkdev+0x84 sys/arch/x86/x86/mpacpi.c:1035
intr_find_mpmapping() at netbsd:intr_find_mpmapping+0x291 intr_scan_bus sys/arch/x86/x86/mp.c:226 [inline]
intr_find_mpmapping() at netbsd:intr_find_mpmapping+0x291 sys/arch/x86/x86/mp.c:191
pci_intr_map() at netbsd:pci_intr_map+0x2d3 sys/arch/x86/pci/pci_intr_machdep.c:156
pci_intx_alloc() at netbsd:pci_intx_alloc+0x46 sys/arch/x86/pci/pci_intr_machdep.c:448
pci_intr_alloc() at netbsd:pci_intr_alloc+0x127 sys/arch/x86/pci/pci_intr_machdep.c:573
virtio_pci_alloc_interrupts() at netbsd:virtio_pci_alloc_interrupts+0x3be sys/dev/pci/virtio_pci.c:1171
virtio_child_attach_finish() at netbsd:virtio_child_attach_finish+0x5f4 sys/dev/pci/virtio.c:1389
viomb_attach() at netbsd:viomb_attach+0x5c5 sys/dev/pci/viomb.c:194
config_attach_internal() at netbsd:config_attach_internal+0x4d5 sys/kern/subr_autoconf.c:1832
config_found_acquire() at netbsd:config_found_acquire+0x6a sys/kern/subr_autoconf.c:1275
--db_more--
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 19c0a1efffc4 efi(8): brush up markup a bit (mostly consist..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10ecd7a4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=cc4a1be11d1daf5e1efe
compiler: g++ (Debian 12.2.0-14) 12.2.0
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/adea074511b0/disk-19c0a1ef.raw.xz
netbsd.gdb: https://storage.googleapis.com/syzbot-assets/44c6ffabbc04/netbsd-19c0a1ef.gdb.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cc4a1b...@syzkaller.appspotmail.com
[ 1.0180658] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/external/bsd/acpica/dist/resources/rsutils.c:407:37, member access within misaligned address 0xffff8830c8a31b11 for type 'union AML_RESOURCE' which requires 4 byte alignment
[ 1.0180658] cpu0: Begin traceback...
[ 1.0180658] vpanic() at netbsd:vpanic+0x2f3 sys/kern/subr_prf.c:288
[ 1.0180658] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
[ 1.0180658] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0xfc sys/../common/lib/libc/misc/ubsan.c:432
[ 1.0180658] AcpiRsSetResourceHeader() at netbsd:AcpiRsSetResourceHeader+0x13f sys/external/bsd/acpica/dist/resources/rsutils.c:407
[ 1.0180658] AcpiRsConvertResourceToAml() at netbsd:AcpiRsConvertResourceToAml+0xb9c sys/external/bsd/acpica/dist/resources/rsmisc.c:634
[ 1.0180658] AcpiRsConvertResourcesToAml() at netbsd:AcpiRsConvertResourcesToAml+0xa1 sys/external/bsd/acpica/dist/resources/rslist.c:359
[ 1.0180658] AcpiRsCreateAmlResources() at netbsd:AcpiRsCreateAmlResources+0xe3 sys/external/bsd/acpica/dist/resources/rscreate.c:608
[ 1.0180658] AcpiRsSetSrsMethodData() at netbsd:AcpiRsSetSrsMethodData+0xc7 sys/external/bsd/acpica/dist/resources/rsutils.c:942
[ 1.0180658] AcpiSetCurrentResources() at netbsd:AcpiSetCurrentResources+0x11a sys/external/bsd/acpica/dist/resources/rsxface.c:454
[ 1.0180658] acpi_pci_link_route_interrupt() at netbsd:acpi_pci_link_route_interrupt+0x746 acpi_pci_link_route_irqs sys/dev/acpi/acpi_pci_link.c:905 [inline]
[ 1.0180658] acpi_pci_link_route_interrupt() at netbsd:acpi_pci_link_route_interrupt+0x746 sys/dev/acpi/acpi_pci_link.c:1068
[ 1.0180658] mpacpi_findintr_linkdev() at netbsd:mpacpi_findintr_linkdev+0x84 sys/arch/x86/x86/mpacpi.c:1035
[ 1.0180658] intr_find_mpmapping() at netbsd:intr_find_mpmapping+0x291 intr_scan_bus sys/arch/x86/x86/mp.c:226 [inline]
[ 1.0180658] intr_find_mpmapping() at netbsd:intr_find_mpmapping+0x291 sys/arch/x86/x86/mp.c:191
[ 1.0180658] pci_intr_map() at netbsd:pci_intr_map+0x2d3 sys/arch/x86/pci/pci_intr_machdep.c:156
[ 1.0180658] pci_intx_alloc() at netbsd:pci_intx_alloc+0x46 sys/arch/x86/pci/pci_intr_machdep.c:448
[ 1.0180658] pci_intr_alloc() at netbsd:pci_intr_alloc+0x127 sys/arch/x86/pci/pci_intr_machdep.c:573
[ 1.0180658] virtio_pci_alloc_interrupts() at netbsd:virtio_pci_alloc_interrupts+0x3be sys/dev/pci/virtio_pci.c:1171
[ 1.0180658] virtio_child_attach_finish() at netbsd:virtio_child_attach_finish+0x5f4 sys/dev/pci/virtio.c:1389
[ 1.0180658] viomb_attach() at netbsd:viomb_attach+0x5c5 sys/dev/pci/viomb.c:194
[ 1.0180658] config_attach_internal() at netbsd:config_attach_internal+0x4d5 sys/kern/subr_autoconf.c:1832
[ 1.0180658] config_found_acquire() at netbsd:config_found_acquire+0x6a sys/kern/subr_autoconf.c:1275
[ 1.0180658] config_found() at netbsd:config_found+0x4c sys/kern/subr_autoconf.c:1317
[ 1.0180658] virtio_pci_rescan() at netbsd:virtio_pci_rescan+0x86 sys/dev/pci/virtio_pci.c:350
[ 1.0180658] virtio_pci_attach() at netbsd:virtio_pci_attach+0x456 sys/dev/pci/virtio_pci.c:331
[ 1.0180658] config_attach_internal() at netbsd:config_attach_internal+0x4d5 sys/kern/subr_autoconf.c:1832
[ 1.0180658] config_found_acquire() at netbsd:config_found_acquire+0x6a sys/kern/subr_autoconf.c:1275
[ 1.0180658] config_found() at netbsd:config_found+0x4c sys/kern/subr_autoconf.c:1317
[ 1.0180658] pci_probe_device1() at netbsd:pci_probe_device1+0xeaa sys/dev/pci/pci.c:488
[ 1.0180658] pci_enumerate_bus1() at netbsd:pci_enumerate_bus1+0x477 sys/dev/pci/pci.c:851
[ 1.0180658] pcirescan() at netbsd:pcirescan+0x73 sys/dev/pci/pci.c:113
[ 1.0180658] pciattach() at netbsd:pciattach+0x516 sys/dev/pci/pci.c:210
[ 1.0180658] config_attach_internal() at netbsd:config_attach_internal+0x4d5 sys/kern/subr_autoconf.c:1832
[ 1.0180658] config_found_acquire() at netbsd:config_found_acquire+0x6a sys/kern/subr_autoconf.c:1275
[ 1.0180658] config_found() at netbsd:config_found+0x4c sys/kern/subr_autoconf.c:1317
[ 1.0180658] mp_pci_scan() at netbsd:mp_pci_scan+0x197 sys/arch/x86/x86/mp.c:96
[ 1.0180658] amd64_mainbus_attach() at netbsd:amd64_mainbus_attach+0x517 sys/arch/amd64/amd64/amd64_mainbus.c:220
[ 1.0180658] config_attach_internal() at netbsd:config_attach_internal+0x4d5 sys/kern/subr_autoconf.c:1832
[ 1.0180658] config_attach() at netbsd:config_attach+0x71 config_attach_acquire sys/kern/subr_autoconf.c:1867 [inline]
[ 1.0180658] config_attach() at netbsd:config_attach+0x71 sys/kern/subr_autoconf.c:1895
[ 1.0180658] config_rootfound() at netbsd:config_rootfound+0x4e sys/kern/subr_autoconf.c:1336
[ 1.0180658] cpu_configure() at netbsd:cpu_configure+0x58 sys/arch/amd64/amd64/autoconf.c:112
[ 1.0180658] main() at netbsd:main+0x43d sys/kern/init_main.c:553
[ 1.0180658] cpu0: End traceback...
[ 1.0180658] fatal breakpoint trap in supervisor mode
[ 1.0180658] trap type 1 code 0 rip 0xffffffff8023547d cs 0x8 rflags 0x202 cr2 0 ilevel 0x8 rsp 0xffffffff870b4780
[ 1.0180658] curlwp 0xffffffff867f7840 pid 0.0 lowest kstack 0xffffffff870b02c0
Stopped in pid 0.0 (system) at netbsd:breakpoint+0x5: leave
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:71
vpanic() at netbsd:vpanic+0x2f3 sys/kern/subr_prf.c:288
Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
HandleTypeMismatch() at netbsd:HandleTypeMismatch+0xfc sys/../common/lib/libc/misc/ubsan.c:432
AcpiRsSetResourceHeader() at netbsd:AcpiRsSetResourceHeader+0x13f sys/external/bsd/acpica/dist/resources/rsutils.c:407
AcpiRsConvertResourceToAml() at netbsd:AcpiRsConvertResourceToAml+0xb9c sys/external/bsd/acpica/dist/resources/rsmisc.c:634
AcpiRsConvertResourcesToAml() at netbsd:AcpiRsConvertResourcesToAml+0xa1 sys/external/bsd/acpica/dist/resources/rslist.c:359
AcpiRsCreateAmlResources() at netbsd:AcpiRsCreateAmlResources+0xe3 sys/external/bsd/acpica/dist/resources/rscreate.c:608
AcpiRsSetSrsMethodData() at netbsd:AcpiRsSetSrsMethodData+0xc7 sys/external/bsd/acpica/dist/resources/rsutils.c:942
AcpiSetCurrentResources() at netbsd:AcpiSetCurrentResources+0x11a sys/external/bsd/acpica/dist/resources/rsxface.c:454
acpi_pci_link_route_interrupt() at netbsd:acpi_pci_link_route_interrupt+0x746 acpi_pci_link_route_irqs sys/dev/acpi/acpi_pci_link.c:905 [inline]
acpi_pci_link_route_interrupt() at netbsd:acpi_pci_link_route_interrupt+0x746 sys/dev/acpi/acpi_pci_link.c:1068
mpacpi_findintr_linkdev() at netbsd:mpacpi_findintr_linkdev+0x84 sys/arch/x86/x86/mpacpi.c:1035
intr_find_mpmapping() at netbsd:intr_find_mpmapping+0x291 intr_scan_bus sys/arch/x86/x86/mp.c:226 [inline]
intr_find_mpmapping() at netbsd:intr_find_mpmapping+0x291 sys/arch/x86/x86/mp.c:191
pci_intr_map() at netbsd:pci_intr_map+0x2d3 sys/arch/x86/pci/pci_intr_machdep.c:156
pci_intx_alloc() at netbsd:pci_intx_alloc+0x46 sys/arch/x86/pci/pci_intr_machdep.c:448
pci_intr_alloc() at netbsd:pci_intr_alloc+0x127 sys/arch/x86/pci/pci_intr_machdep.c:573
virtio_pci_alloc_interrupts() at netbsd:virtio_pci_alloc_interrupts+0x3be sys/dev/pci/virtio_pci.c:1171
virtio_child_attach_finish() at netbsd:virtio_child_attach_finish+0x5f4 sys/dev/pci/virtio.c:1389
viomb_attach() at netbsd:viomb_attach+0x5c5 sys/dev/pci/viomb.c:194
config_attach_internal() at netbsd:config_attach_internal+0x4d5 sys/kern/subr_autoconf.c:1832
config_found_acquire() at netbsd:config_found_acquire+0x6a sys/kern/subr_autoconf.c:1275
--db_more--
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages