Skip to content

Misaligned accesses to ip6-related structs

Hi, QEMU's device fuzzer sometimes runs into these complaints about misaligned accesses in slirp Here is a qemu reproducer (requires an --enable-sanitizers build):

Reproducer

cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
512M,slots=1,maxmem=0xffff000000000000 -machine q35 -nodefaults -device \
vmxnet3,netdev=net0 -netdev user,id=net0 -object \
memory-backend-ram,id=mem1,size=4M -device \
pc-dimm,id=nv1,memdev=mem1,addr=0x1dd860000000000 -qtest stdio
outl 0xcf8 0x80000810
outl 0xcfc 0xe0000000
outl 0xcf8 0x80000814
outl 0xcfc 0xe0001000
outl 0xcf8 0x80000804
outw 0xcfc 0x06
write 0x0 0x1 0xe1
write 0x1 0x1 0xfe
write 0x2 0x1 0xbe
write 0x3 0x1 0xba
write 0x3e 0x1 0x01
write 0x39 0x1 0x01
write 0x28 0x1 0x01
write 0x29 0x1 0x01
write 0x2d 0x1 0x86
write 0x2e 0x1 0xdd
write 0x2f 0x1 0x01
write 0x1dd860000000112 0x1 0x10
write 0x1dd86000000013c 0x1 0x02
writel 0xe0001020 0xcafe0000
write 0x1009 0x1 0x40
write 0x100c 0x1 0x86
write 0x100d 0x1 0xdd
write 0x1011 0x1 0x10
write 0x1019 0x1 0x7e
write 0x101d 0x1 0x10
write 0x4d56 0x1 0x02
write 0xe0000603 0x1 0x00
EOF

Log

../hw/net/net_tx_pkt.c:664:18: runtime error: member access within misaligned address 0x631000014846 for type 'struct ip6_header', which requires 4 byte alignment
0x631000014846: note: pointer points here
 00 00 00 00 00 00  00 10 00 00 00 00 00 00  00 7e 00 00 00 10 00 00  00 00 00 00 00 00 00 00  00 00
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/net/net_tx_pkt.c:664:18 in 
../hw/net/net_tx_pkt.c:664:18: runtime error: member access within misaligned address 0x631000014846 for type 'union (unnamed union at /home/alxndr/Development/qemu-demo/qemu/include/net/eth.h:104:5)', which requires 4 byte alignment
0x631000014846: note: pointer points here
 00 00 00 00 00 00  00 10 00 00 00 00 00 00  00 7e 00 00 00 10 00 00  00 00 00 00 00 00 00 00  00 00
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/net/net_tx_pkt.c:664:18 in 
../hw/net/net_tx_pkt.c:664:18: runtime error: member access within misaligned address 0x631000014846 for type 'struct ip6_hdrctl', which requires 4 byte alignment
0x631000014846: note: pointer points here
 00 00 00 00 00 00  00 10 00 00 00 00 00 00  00 7e 00 00 00 10 00 00  00 00 00 00 00 00 00 00  00 00
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/net/net_tx_pkt.c:664:18 in 
../hw/net/net_tx_pkt.c:664:18: runtime error: load of misaligned address 0x63100001484a for type 'uint16_t' (aka 'unsigned short'), which requires 4 byte alignment
0x63100001484a: note: pointer points here
 00 00  00 10 00 00 00 00 00 00  00 7e 00 00 00 10 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/net/net_tx_pkt.c:664:18 in 
../hw/net/net_tx_pkt.c:666:22: runtime error: member access within misaligned address 0x631000014846 for type 'struct ip6_header', which requires 4 byte alignment
0x631000014846: note: pointer points here
 00 00 00 00 00 00  00 10 00 00 00 00 00 00  00 7e 00 00 00 10 00 00  00 00 00 00 00 00 00 00  00 00
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/net/net_tx_pkt.c:666:22 in 
../hw/net/net_tx_pkt.c:666:22: runtime error: member access within misaligned address 0x631000014846 for type 'union (unnamed union at /home/alxndr/Development/qemu-demo/qemu/include/net/eth.h:104:5)', which requires 4 byte alignment
0x631000014846: note: pointer points here
 00 00 00 00 00 00  00 10 00 00 00 00 00 00  00 7e 00 00 00 10 00 00  00 00 00 00 00 00 00 00  00 00
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/net/net_tx_pkt.c:666:22 in 
../hw/net/net_tx_pkt.c:666:22: runtime error: member access within misaligned address 0x631000014846 for type 'struct ip6_hdrctl', which requires 4 byte alignment
0x631000014846: note: pointer points here
 00 00 00 00 00 00  00 10 00 00 00 00 00 00  00 7e 00 00 00 10 00 00  00 00 00 00 00 00 00 00  00 00
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/net/net_tx_pkt.c:666:22 in 
../hw/net/net_tx_pkt.c:666:22: runtime error: store to misaligned address 0x63100001484a for type 'uint16_t' (aka 'unsigned short'), which requires 4 byte alignment
0x63100001484a: note: pointer points here
 00 00  00 10 00 00 00 00 00 00  00 7e 00 00 00 10 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/net/net_tx_pkt.c:666:22 in
Edited by Alex B