Re: kern/53261: kernel crash during test run

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,martin%NetBSD.org@localhost
Subject: Re: kern/53261: kernel crash during test run
From: Martin Husemann <martin%duskware.de@localhost>
Date: Fri, 4 May 2018 12:35:01 +0000 (UTC)

The following reply was made to PR kern/53261; it has been noted by GNATS.

From: Martin Husemann <martin%duskware.de@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: kern/53261: kernel crash during test run
Date: Fri, 4 May 2018 14:32:22 +0200

 Steps to reproduce:
 
 Use this test program (from the ATF test case):
 --8<--
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 int main(int argc, char **argv) {volatile int l = INT_MAX; l+= argc; return l;}
 -->8--
 
 and compile like: cc -fsanitize=undefined -o test test.c
 and then run ./test.
 
 The crash happens when accessing the off_t "pos" argument:
 
 0xc024e34c is in sys_mmap (../../../../uvm/uvm_mmap.c:276).
 271             size = (vsize_t)SCARG(uap, len);
 272             prot = SCARG(uap, prot) & VM_PROT_ALL;
 273             extraprot = PROT_MPROTECT_EXTRACT(SCARG(uap, prot));
 274             flags = SCARG(uap, flags);
 275             fd = SCARG(uap, fd);
 276             pos = SCARG(uap, pos);
 277
 
 The syscall argument record is properly formed, i.e. "pos" is at offset 0x18
 and thus well aligned.
 
 However, the address of "uap" is only 4 byte aligned:
 
 netbsd:sys_mmap+0x34:   ldrd    r2, [r1, #0x18]
 
 r1          cbcd3f54
 
 Martin

Prev by Date: Re: kern/29786 (ieee80211 headers contain two definitions of IEEE80211_AUTH_*)
Next by Date: Re: kern/53199: stateful npf
Previous by Thread: Re: kern/53261: kernel crash during test run
Next by Thread: Re: kern/53261: kernel crash during test run
Indexes:

Home | Main Index | Thread Index | Old Index