lib/57249: reproducable jemalloc crash on sparc64

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/57249: reproducable jemalloc crash on sparc64
From: martin%NetBSD.org@localhost
Date: Tue, 28 Feb 2023 10:35:00 +0000 (UTC)

>Number:         57249
>Category:       lib
>Synopsis:       reproducable jemalloc crash on sparc64
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Feb 28 10:35:00 +0000 2023
>Originator:     Martin Husemann
>Release:        NetBSD 10.99.2
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD thirdstage.duskware.de 10.99.2 NetBSD 10.99.2 (MODULAR) #619: Mon Feb 27 14:46:07 CET 2023 martin%thirdstage.duskware.de@localhost:/usr/src/sys/arch/sparc64/compile/MODULAR sparc64
Architecture: sparc64
Machine: sparc64
>Description:

Running /usr/tests/lib/libc/regex/t_exhaust reproducably crashes on sparc64:

tc-se:Program terminated with signal SIGSEGV, Segmentation fault.
tc-se:#0  je_nstime_init2 (nsec=<error reading variable: Cannot access memory at address 0x35e54046c9733dfd>, sec=<error reading variable: Cannot access memory at address 0x35e54046c9733df5>, time=0x35e54046c9733606) at /usr/src/external/bsd/jemalloc/lib/../dist/src/nstime.c:18
tc-se:18                time->ns = sec * BILLION + nsec;
tc-se:#0  je_nstime_init2 (nsec=<error reading variable: Cannot access memory at address 0x35e54046c9733dfd>, sec=<error reading variable: Cannot access memory at address 0x35e54046c9733df5>, time=0x35e54046c9733606) at /usr/src/external/bsd/jemalloc/lib/../dist/src/nstime.c:18
tc-se:#1  nstime_get (time=0x35e54046c9733606) at /usr/src/external/bsd/jemalloc/lib/../dist/src/nstime.c:129
tc-se:#2  nstime_update_impl (time=0x35e54046c9733606) at /usr/src/external/bsd/jemalloc/lib/../dist/src/nstime.c:160
tc-se:#3  0x35e54046c973360e in ?? ()
tc-se:Backtrace stopped: previous frame identical to this frame (corrupt stack?)
tc-se:Stack trace complete
tc-end: 1677579553.332923, regcomp_too_big, failed, Test program received signal 11 (core dumped)

*something* calls nstime_update_impl with a bogus time pointer (values vary).
The stack seems to be smashed at this point, so gdb is not very usefull to
find the culprit (and there are millions of calls to nstime_update_impl
before this happens with valid args, with "time" either NULL or pointing to
a stack variable).

Unfortunately right now sanitizers are not fully supported on sparc64.

>How-To-Repeat:
s/a

>Fix:
n/a

Prev by Date: kern/57248: rumpfs test failure on sparc64
Next by Date: Re: port-arm/56239: lib/libc/regex/t_exhaust:regcomp_too_big test fails on aarch64
Previous by Thread: kern/57248: rumpfs test failure on sparc64
Next by Thread: lib/57250: dtoa mishandles infinite doubles on 32bit big endian machines
Indexes:

Home | Main Index | Thread Index | Old Index