[Bug 238333] bhyve random crash in rfb.c on FreeBSD current (after r346011)

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Jun 5 09:02:47 UTC 2019 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238333

            Bug ID: 238333
           Summary: bhyve random crash in rfb.c on FreeBSD current (after
                    r346011)
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs at FreeBSD.org
          Reporter: olevole at olevole.ru

After -O0 flag removal (
https://svnweb.freebsd.org/base?view=revision&revision=r346011 ) bhyve process
begins to crash with an active VNC session.

Not all VNC clients can crash. It seems that it depends on the default settings
(some use the default compression by default, some do not), for example, it
does not cause problems when using vncviewer (without any arguments) from
tigervnc-viewer, but is well reproduced using KDE's KRDC: net/krdc ).

When you connect to VNC console via KRDC bhyve process crashed with SIGBUS:

pid 88831 (bhyve), jid 0, uid 0: exited on signal 10 (core dumped)

Backtrace:

Thread 29 "rfbout" received signal SIGBUS, Bus error.
[Switching to LWP 101756 of process 93578]
memcpy () at /usr/src/lib/libc/amd64/string/memmove.S:306
306             MEMMOVE erms=0 overlap=1 begin=MEMMOVE_BEGIN end=MEMMOVE_END

(gdb) bt
#0  memcpy () at /usr/src/lib/libc/amd64/string/memmove.S:306
#1  0x00000008002c85dc in flush_pending (strm=<optimized out>) at
/usr/src/sys/contrib/zlib/deflate.c:741
#2  deflate (strm=0x800bb1030, flush=2) at
/usr/src/sys/contrib/zlib/deflate.c:787
#3  0x000000000023f141 in rfb_send_rect (rc=<optimized out>, cfd=<optimized
out>, gc=<optimized out>, x=0, y=0, w=128, h=32) at
/usr/src/usr.sbin/bhyve/rfb.c:355
#4  rfb_send_screen (rc=<optimized out>, cfd=6, all=<optimized out>) at
/usr/src/usr.sbin/bhyve/rfb.c:600
#5  0x000000000023f5c7 in rfb_wr_thr (arg=0x800bb1000) at
/usr/src/usr.sbin/bhyve/rfb.c:730
#6  0x000000080064b726 in thread_start (curthread=0x800be1000) at
/usr/src/lib/libthr/thread/thr_create.c:291
#7  0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdc9e3000

(gdb) p len
$1 = 9600016

print sizeof(strm)
$2 = 8

(gdb) print sizeof(s)
$3 = 8

There are no problems when bhyve is compiled without optimization (-O0), so we
do not see this problem in FreeBSD <= 12.0, but the problem occurs in
FreeBSD-current

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list