NetBSD Problem Report #57249

From martin@duskware.de  Tue Feb 28 10:31:40 2023
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 1425A1A9239
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 28 Feb 2023 10:31:40 +0000 (UTC)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: reproducable jemalloc crash on sparc64
X-Send-Pr-Version: 3.95

>Number:         57249
>Category:       lib
>Synopsis:       reproducable jemalloc crash on sparc64
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Feb 28 10:35:00 +0000 2023
>Originator:     Martin Husemann
>Release:        NetBSD 10.99.2
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD thirdstage.duskware.de 10.99.2 NetBSD 10.99.2 (MODULAR) #619: Mon Feb 27 14:46:07 CET 2023 martin@thirdstage.duskware.de:/usr/src/sys/arch/sparc64/compile/MODULAR sparc64
Architecture: sparc64
Machine: sparc64
>Description:

Running /usr/tests/lib/libc/regex/t_exhaust reproducably crashes on sparc64:

tc-se:Program terminated with signal SIGSEGV, Segmentation fault.
tc-se:#0  je_nstime_init2 (nsec=<error reading variable: Cannot access memory at address 0x35e54046c9733dfd>, sec=<error reading variable: Cannot access memory at address 0x35e54046c9733df5>, time=0x35e54046c9733606) at /usr/src/external/bsd/jemalloc/lib/../dist/src/nstime.c:18
tc-se:18                time->ns = sec * BILLION + nsec;
tc-se:#0  je_nstime_init2 (nsec=<error reading variable: Cannot access memory at address 0x35e54046c9733dfd>, sec=<error reading variable: Cannot access memory at address 0x35e54046c9733df5>, time=0x35e54046c9733606) at /usr/src/external/bsd/jemalloc/lib/../dist/src/nstime.c:18
tc-se:#1  nstime_get (time=0x35e54046c9733606) at /usr/src/external/bsd/jemalloc/lib/../dist/src/nstime.c:129
tc-se:#2  nstime_update_impl (time=0x35e54046c9733606) at /usr/src/external/bsd/jemalloc/lib/../dist/src/nstime.c:160
tc-se:#3  0x35e54046c973360e in ?? ()
tc-se:Backtrace stopped: previous frame identical to this frame (corrupt stack?)
tc-se:Stack trace complete
tc-end: 1677579553.332923, regcomp_too_big, failed, Test program received signal 11 (core dumped)

*something* calls nstime_update_impl with a bogus time pointer (values vary).
The stack seems to be smashed at this point, so gdb is not very usefull to
find the culprit (and there are millions of calls to nstime_update_impl
before this happens with valid args, with "time" either NULL or pointing to
a stack variable).

Unfortunately right now sanitizers are not fully supported on sparc64.

>How-To-Repeat:
s/a

>Fix:
n/a

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.