netbsd boot error: assert failed: len <= map->dm_mapsize - offset (2)

To: syzkaller-netbsd-bugs%googlegroups.com@localhost
Subject: netbsd boot error: assert failed: len <= map->dm_mapsize - offset (2)
From: syzbot <syzbot+7fb1047f5dfa33b26331%syzkaller.appspotmail.com@localhost>
Date: Sun, 26 Mar 2023 07:41:44 -0700

Hello,

syzbot found the following issue on:

HEAD commit:    2db25c8bd775 Fix parser for carp state. The state values a..
git tree:       netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1210c6f5c80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=7fb1047f5dfa33b26331
compiler:       g++ (Debian 10.2.1-6) 10.2.1 20210110

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/55715852c5b5/disk-2db25c8b.raw.xz
netbsd.gdb: https://storage.googleapis.com/syzbot-assets/8d9a9ff3d2d5/netbsd-2db25c8b.gdb.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7fb1047f5dfa33b26331%syzkaller.appspotmail.com@localhost

[   1.4299648] panic: kernel diagnostic assertion "len <= map->dm_mapsize - offset" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/arch/x86/x86/bus_dma.c", line 813 bad length 0x20004 + 4000 > 22000
[   1.4299648] cpu0: Begin traceback...
[   1.4299648] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:291
[   1.4299648] kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074
[   1.4299648] bus_dmamap_sync() at netbsd:bus_dmamap_sync+0x61a _bus_dmamap_sync sys/arch/x86/x86/bus_dma.c:813 [inline]
[   1.4299648] bus_dmamap_sync() at netbsd:bus_dmamap_sync+0x61a sys/arch/x86/x86/bus_dma.c:1373
[   1.4299648] virtio_enqueue_commit() at netbsd:virtio_enqueue_commit+0x506 sys/dev/pci/virtio.c:1174
[   1.4299648] vioscsi_scsipi_request() at netbsd:vioscsi_scsipi_request+0xa3d sys/dev/pci/vioscsi.c:426
[   1.4299648] scsipi_adapter_request() at netbsd:scsipi_adapter_request+0xd9 sys/dev/scsipi/scsipi_base.c:2834
[   1.4299648] scsipi_run_queue() at netbsd:scsipi_run_queue+0x5ea sys/dev/scsipi/scsipi_base.c:2090
[   1.4299648] scsipi_execute_xs() at netbsd:scsipi_execute_xs+0x7f2 sys/dev/scsipi/scsipi_base.c:2310
[   1.4299648] scsipi_command() at netbsd:scsipi_command+0x1e6 sys/dev/scsipi/scsipiconf.c:107
[   1.4299648] scsipi_inquire() at netbsd:scsipi_inquire+0x94 sys/dev/scsipi/scsipi_base.c:1221
[   1.4299648] scsi_probe_bus() at netbsd:scsi_probe_bus+0x442 scsi_report_luns sys/dev/scsipi/scsiconf.c:358 [inline]
[   1.4299648] scsi_probe_bus() at netbsd:scsi_probe_bus+0x442 scsi_discover_luns sys/dev/scsipi/scsiconf.c:435 [inline]
[   1.4299648] scsi_probe_bus() at netbsd:scsi_probe_bus+0x442 sys/dev/scsipi/scsiconf.c:494
[   1.4299648] scsibus_discover_thread() at netbsd:scsibus_discover_thread+0x110 scsibus_config sys/dev/scsipi/scsiconf.c:268 [inline]
[   1.4299648] scsibus_discover_thread() at netbsd:scsibus_discover_thread+0x110 sys/dev/scsipi/scsiconf.c:233
[   1.4299648] cpu0: End traceback...
[   1.4299648] fatal breakpoint trap in supervisor mode
[   1.4299648] trap type 1 code 0 rip 0xffffffff80235375 cs 0x8 rflags 0x246 cr2 0 ilevel 0x8 rsp 0xffffbf022f8ea9f0
[   1.4299648] curlwp 0xffffe772034a1b00 pid 0.96 lowest kstack 0xffffbf022f8e62c0
Stopped in pid 0.96 (system) at netbsd:breakpoint+0x5:  leave
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:291
kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074
bus_dmamap_sync() at netbsd:bus_dmamap_sync+0x61a _bus_dmamap_sync sys/arch/x86/x86/bus_dma.c:813 [inline]
bus_dmamap_sync() at netbsd:bus_dmamap_sync+0x61a sys/arch/x86/x86/bus_dma.c:1373
virtio_enqueue_commit() at netbsd:virtio_enqueue_commit+0x506 sys/dev/pci/virtio.c:1174
vioscsi_scsipi_request() at netbsd:vioscsi_scsipi_request+0xa3d sys/dev/pci/vioscsi.c:426
scsipi_adapter_request() at netbsd:scsipi_adapter_request+0xd9 sys/dev/scsipi/scsipi_base.c:2834
scsipi_run_queue() at netbsd:scsipi_run_queue+0x5ea sys/dev/scsipi/scsipi_base.c:2090
scsipi_execute_xs() at netbsd:scsipi_execute_xs+0x7f2 sys/dev/scsipi/scsipi_base.c:2310
scsipi_command() at netbsd:scsipi_command+0x1e6 sys/dev/scsipi/scsipiconf.c:107
scsipi_inquire() at netbsd:scsipi_inquire+0x94 sys/dev/scsipi/scsipi_base.c:1221
scsi_probe_bus() at netbsd:scsi_probe_bus+0x442 scsi_report_luns sys/dev/scsipi/scsiconf.c:358 [inline]
scsi_probe_bus() at netbsd:scsi_probe_bus+0x442 scsi_discover_luns sys/dev/scsipi/scsiconf.c:435 [inline]
scsi_probe_bus() at netbsd:scsi_probe_bus+0x442 sys/dev/scsipi/scsiconf.c:494
scsibus_discover_thread() at netbsd:scsibus_discover_thread+0x110 scsibus_config sys/dev/scsipi/scsiconf.c:268 [inline]
scsibus_discover_thread() at netbsd:scsibus_discover_thread+0x110 sys/dev/scsipi/scsiconf.c:233
ds          1
es          a9b0
fs          aa00
gs          10
rdi         5
rsi         0
rbp         ffffbf022f8ea9f0
rbx         1
--db_more--


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller%googlegroups.com@localhost.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

-- 
You received this message because you are subscribed to the Google Groups "syzkaller-netbsd-bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-netbsd-bugs+unsubscribe%googlegroups.com@localhost.
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-netbsd-bugs/00000000000015234505f7cea07a%40google.com.

Prev by Date: page fault in VFS_STATVFS (2)
Next by Date: netbsd boot error: ASan: Unauthorized Access in evcnt_attach_dynamic
Previous by Thread: page fault in VFS_STATVFS (2)
Next by Thread: Re: netbsd boot error: assert failed: len <= map->dm_mapsize - offset (2)
Indexes:

Home | Main Index | Thread Index | Old Index