syzbot

 sign-in | mailing list | source | docs
🐞 Open [216] 🐞 Fixed [376] 🐞 Invalid [901] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

UBSan: Undefined Behavior in db_nextframe

Status: auto-closed as invalid on 2022/05/18 00:37
Reported-by: syzbot+f3e3884f7c1d9681de7e@syzkaller.appspotmail.com
First crash: 807d, last: 800d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
netbsd UBSan: Undefined Behavior in db_nextframe (2) 1 613d 613d 0/3 auto-obsoleted due to no activity on 2022/11/20 23:49
netbsd UBSan: Undefined Behavior in db_nextframe (3) 1 137d 137d 0/3 auto-obsoleted due to no activity on 2024/03/10 18:16

Sample crash report:
[  69.1950704] panic: LOCKDEBUG: Kernel lock error: _kernel_lock,239: spinout
[  69.1950704] cpu0: Begin traceback...
[  69.2137069] vpanic() at netbsd:vpanic+0x2d0 sys/kern/subr_prf.c:290
[  69.2537082] panic() at netbsd:panic+0x49 sys/kern/subr_prf.c:1221
[  69.2937129] lockdebug_abort1() at netbsd:lockdebug_abort1+0x194 lockdebug_abort1 sys/kern/subr_lockdebug.c:790 [inline]
[  69.2937129] lockdebug_abort1() at netbsd:lockdebug_abort1+0x194 sys/kern/subr_lockdebug.c:772
[  69.3237116] _kernel_lock() at netbsd:_kernel_lock+0x47c sys/kern/kern_lock.c:239
[  69.3637098] frag6_fasttimo() at netbsd:frag6_fasttimo+0x24 sys/netinet6/frag6.c:657
[  69.3937076] pffasttimo() at netbsd:pffasttimo+0xc6 sys/kern/uipc_domain.c:761
[  69.4237102] callout_softclock() at netbsd:callout_softclock+0x24d sys/kern/kern_timeout.c:786
[  69.4637074] softint_dispatch() at netbsd:softint_dispatch+0x3b4 x86_curcpu sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:56 [inline]
[  69.4637074] softint_dispatch() at netbsd:softint_dispatch+0x3b4 softint_execute sys/kern/kern_softint.c:573 [inline]
[  69.4637074] softint_dispatch() at netbsd:softint_dispatch+0x3b4 sys/kern/kern_softint.c:814
[  69.4751760] Skipping crash dump on recursive panic
[  69.4751760] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/arch/amd64/amd64/db_machdep.c:123:24, member access within misaligned address 0x1 for type 'struct x86_64_frame' which requires 8 byte alignment

[  69.5019420] Faulted in mid-traceback; aborting...
[  69.5069694] fatal breakpoint trap in supervisor mode
[  69.5069694] trap type 1 code 0 rip 0xffffffff80221a95 cs 0x8 rflags 0x246 cr2 0x782f3e67cc50 ilevel 0x2 rsp 0xffff9200af690fb0
[  69.5232662] curlwp 0xffff8217779c6080 pid 0.5 lowest kstack 0xffff9200af68d2c0
Stopped in pid 0.5 (system) at  netbsd:breakpoint+0x5:  leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x2d0 sys/kern/subr_prf.c:290
Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
HandleTypeMismatch() at netbsd:HandleTypeMismatch+0xfc sys/../common/lib/libc/misc/ubsan.c:432
db_nextframe() at netbsd:db_nextframe+0x837 sys/arch/amd64/amd64/db_machdep.c:123
db_stack_trace_print() at netbsd:db_stack_trace_print+0x281 sys/arch/x86/x86/db_trace.c:277
db_panic() at netbsd:db_panic+0x9d x86_curcpu sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:56 [inline]
db_panic() at netbsd:db_panic+0x9d sys/ddb/db_panic.c:59
vpanic() at netbsd:vpanic+0x2d0 sys/kern/subr_prf.c:290
panic() at netbsd:panic+0x49 sys/kern/subr_prf.c:1221
lockdebug_abort1() at netbsd:lockdebug_abort1+0x194 lockdebug_abort1 sys/kern/subr_lockdebug.c:790 [inline]
lockdebug_abort1() at netbsd:lockdebug_abort1+0x194 sys/kern/subr_lockdebug.c:772
_kernel_lock() at netbsd:_kernel_lock+0x47c sys/kern/kern_lock.c:239
frag6_fasttimo() at netbsd:frag6_fasttimo+0x24 sys/netinet6/frag6.c:657
pffasttimo() at netbsd:pffasttimo+0xc6 sys/kern/uipc_domain.c:761
callout_softclock() at netbsd:callout_softclock+0x24d sys/kern/kern_timeout.c:786
softint_dispatch() at netbsd:softint_dispatch+0x3b4 x86_curcpu sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:56 [inline]
softint_dispatch() at netbsd:softint_dispatch+0x3b4 softint_execute sys/kern/kern_softint.c:573 [inline]
softint_dispatch() at netbsd:softint_dispatch+0x3b4 sys/kern/kern_softint.c:814
[  69.5304631] Skipping crash dump on recursive panic
[  69.5304631] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/arch/amd64/amd64/db_machdep.c:124:14, member access within misaligned address 0x1 for type 'struct x86_64_frame' which requires 8 byte alignment

[  69.5304631] Faulted in mid-traceback; aborting...
[  69.5304631] fatal breakpoint trap in supervisor mode
[  69.5304631] trap type 1 code 0 rip 0xffffffff80221a95 cs 0x8 rflags 0x246 cr2 0x782f3e67cc50 ilevel 0x8 rsp 0xffff9200af68fcb0
[  69.5304631] curlwp 0xffff8217779c6080 pid 0.5 lowest kstack 0xffff9200af68d2c0
Stopped in pid 0.5 (system) at  netbsd:breakpoint+0x5:  leave

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/02/17 00:37 netbsd 5fcd8c951038 50221962 .config console log report ci2-netbsd-kubsan UBSan: Undefined Behavior in db_nextframe
2022/02/09 06:53 netbsd 90fa6fd83126 0b33604d .config console log report ci2-netbsd-kubsan UBSan: Undefined Behavior in db_nextframe
* Struck through repros no longer work on HEAD.