freebsd boot error: panic: ASan: Invalid access, 8-byte write at ADDR, MallocRedZone(fb)
1 view
Skip to first unread message
syzbot
Jul 6, 2021, 3:56:23 PM7/6/21
to syzkaller-f...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 2a69eb8c cxgb: switch bare zone_mbuf use to m_free_raw
git tree: https://github.com/freebsd/freebsd-src.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=143ed04c300000
dashboard link: https://syzkaller.appspot.com/bug?extid=c16a80a86999958477ef
userspace arch: i386
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c16a80...@syzkaller.appspotmail.com
panic: ASan: Invalid access, 8-byte write at 0xfffffe0007836ff8, MallocRedZone(fb)
cpuid = 0
time = 1
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc7/frame 0xffffffff84f44530
kdb_backtrace() at kdb_backtrace+0xd3/frame 0xffffffff84f44690
vpanic() at vpanic+0x2c5/frame 0xffffffff84f44770
panic() at panic+0xb5/frame 0xffffffff84f44830
kasan_atomic_testandset_long() at kasan_atomic_testandset_long+0x384/frame 0xffffffff84f448f0
item_ctor() at item_ctor+0x4da/frame 0xffffffff84f44950
malloc() at malloc+0x1b5/frame 0xffffffff84f44a30
init_dynamic_kenv_from() at init_dynamic_kenv_from+0x296/frame 0xffffffff84f44ab0
init_dynamic_kenv() at init_dynamic_kenv+0x144/frame 0xffffffff84f44b70
mi_startup() at mi_startup+0x457/frame 0xffffffff84f44cb0
btext() at btext+0x22
KDB: enter: panic
[ thread pid 0 tid 0 ]
Stopped at kdb_enter+0x6b: movq $0,0x28f874a(%rip)
db>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 2a69eb8c cxgb: switch bare zone_mbuf use to m_free_raw
git tree: https://github.com/freebsd/freebsd-src.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=143ed04c300000
dashboard link: https://syzkaller.appspot.com/bug?extid=c16a80a86999958477ef
userspace arch: i386
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c16a80...@syzkaller.appspotmail.com
panic: ASan: Invalid access, 8-byte write at 0xfffffe0007836ff8, MallocRedZone(fb)
cpuid = 0
time = 1
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xc7/frame 0xffffffff84f44530
kdb_backtrace() at kdb_backtrace+0xd3/frame 0xffffffff84f44690
vpanic() at vpanic+0x2c5/frame 0xffffffff84f44770
panic() at panic+0xb5/frame 0xffffffff84f44830
kasan_atomic_testandset_long() at kasan_atomic_testandset_long+0x384/frame 0xffffffff84f448f0
item_ctor() at item_ctor+0x4da/frame 0xffffffff84f44950
malloc() at malloc+0x1b5/frame 0xffffffff84f44a30
init_dynamic_kenv_from() at init_dynamic_kenv_from+0x296/frame 0xffffffff84f44ab0
init_dynamic_kenv() at init_dynamic_kenv+0x144/frame 0xffffffff84f44b70
mi_startup() at mi_startup+0x457/frame 0xffffffff84f44cb0
btext() at btext+0x22
KDB: enter: panic
[ thread pid 0 tid 0 ]
Stopped at kdb_enter+0x6b: movq $0,0x28f874a(%rip)
db>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Mark Johnston
Jul 7, 2021, 9:40:00 AM7/7/21
to syzbot, syzkaller-f...@googlegroups.com
This happened because I enabled KASAN without disabling DEBUG_REDZONE
(which provides some similar but less general and precise checking), and
the two don't interact properly. DEBUG_REDZONE is disabled in the
default config now. In the meantime I'll make it a compile error to
enable both options together in FreeBSD.
Reply all
Reply to author
Forward
0 new messages