NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/59964 (kernel diagnostic assertion "it->it_time.it_value.tv_sec >= 0" failed)
Synopsis: kernel diagnostic assertion "it->it_time.it_value.tv_sec >= 0" failed
Responsible-Changed-From-To: kern-bug-people->riastradh
Responsible-Changed-By: riastradh%NetBSD.org@localhost
Responsible-Changed-When: Fri, 06 Feb 2026 23:37:53 +0000
Responsible-Changed-Why:
mine
State-Changed-From-To: open->analyzed
State-Changed-By: riastradh%NetBSD.org@localhost
State-Changed-When: Fri, 06 Feb 2026 23:37:53 +0000
State-Changed-Why:
Almost certainly arithmetic overlfow here:
1423 if ((flags & TIMER_ABSTIME) == 0) {
1424 if (it->it_clockid == CLOCK_REALTIME) {
1425 getnanotime(&now);
1426 } else { /* CLOCK_MONOTONIC */
1427 getnanouptime(&now);
1428 }
1429 timespecadd(&it->it_time.it_value, &now,
1430 &it->it_time.it_value);
1431 }
https://nxr.netbsd.org/xref/src/sys/kern/kern_time.c?r=1.230#1429
Reproducer:
#include <err.h>
#include <limits.h>
#include <signal.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
int
main(void)
{
timer_t t;
struct sigevent ev = {
.sigev_notify = SIGEV_SIGNAL,
.sigev_signo = SIGALRM,
};
const struct itimerspec it = {
.it_value = {INT64_MAX - 1000, 0},
.it_interval = {0,0},
};
sigset_t mask, omask;
int signo;
if (sigemptyset(&mask) == -1)
err(1, "sigemptyset");
if (sigaddset(&mask, SIGALRM) == -1)
err(1, "sigaddset");
if (sigprocmask(SIG_BLOCK, &mask, &omask) == -1)
err(1, "sigprocmask(SIG_BLOCK)");
if (timer_create(CLOCK_REALTIME, &ev, &t) == -1)
err(1, "timer_create");
if (timer_settime(t, TIMER_RELTIME, &it, NULL) == -1)
err(1, "timer_settime");
if (sigwait(&mask, &signo) == -1)
err(1, "sigwait");
printf("signal %d (%s)\n", signo, strsignal(signo));
fflush(stdout);
return ferror(stdout);
}
Home |
Main Index |
Thread Index |
Old Index