netbsd boot error: panic: ASan: Unauthorized Access In ADDR: Addr ADDR [8 bytes, read, PoolUseAfterFree]
2 views
Skip to first unread message
syzbot
Feb 20, 2020, 11:05:12 PM2/20/20
to syzkaller-...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 11a80e89 Explicitly cast pointers to uintptr_t before cast..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10b1fdd9e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=6e4d6bd2b8e377a2
dashboard link: https://syzkaller.appspot.com/bug?extid=2d6a7215fe2801dad88a
compiler: g++ (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2d6a72...@syzkaller.appspotmail.com
[ 1.2714079] panic: ASan: Unauthorized Access In 0xffffffff811e0c46: Addr 0xffffb5000f382a58 [8 bytes, read, PoolUseAfterFree]
[ 1.2820459] cpu1: Begin traceback...
[ 1.2939419] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
[ 1.3177278] snprintf() at netbsd:snprintf
[ 1.3415195] kasan_report() at netbsd:kasan_report+0x98 kasan_code_name sys/kern/subr_asan.c:186 [inline]
[ 1.3415195] kasan_report() at netbsd:kasan_report+0x98 sys/kern/subr_asan.c:196
[ 1.3653055] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:346 [inline]
[ 1.3653055] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:360 [inline]
[ 1.3653055] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:412 [inline]
[ 1.3653055] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1182
[ 1.3890961] config_interrupts_thread() at netbsd:config_interrupts_thread+0x68 sys/kern/subr_autoconf.c:459
[ 1.4010025] cpu1: End traceback...
[ 1.4128829] fatal breakpoint trap in supervisor mode
[ 1.4128829] trap type 1 code 0 rip 0xffffffff8021e4b5 cs 0x8 rflags 0x246 cr2 0 ilevel 0 rsp 0xffffb5017de07d60
[ 1.4247761] curlwp 0xffffb500116a16c0 pid 0.30 lowest kstack 0xffffb5017de002c0
Stopped in pid 0.30 (system) at netbsd:breakpoint+0x5: leave
db{1}>
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 11a80e89 Explicitly cast pointers to uintptr_t before cast..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=10b1fdd9e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=6e4d6bd2b8e377a2
dashboard link: https://syzkaller.appspot.com/bug?extid=2d6a7215fe2801dad88a
compiler: g++ (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2d6a72...@syzkaller.appspotmail.com
[ 1.2714079] panic: ASan: Unauthorized Access In 0xffffffff811e0c46: Addr 0xffffb5000f382a58 [8 bytes, read, PoolUseAfterFree]
[ 1.2820459] cpu1: Begin traceback...
[ 1.2939419] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
[ 1.3177278] snprintf() at netbsd:snprintf
[ 1.3415195] kasan_report() at netbsd:kasan_report+0x98 kasan_code_name sys/kern/subr_asan.c:186 [inline]
[ 1.3415195] kasan_report() at netbsd:kasan_report+0x98 sys/kern/subr_asan.c:196
[ 1.3653055] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:346 [inline]
[ 1.3653055] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:360 [inline]
[ 1.3653055] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:412 [inline]
[ 1.3653055] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1182
[ 1.3890961] config_interrupts_thread() at netbsd:config_interrupts_thread+0x68 sys/kern/subr_autoconf.c:459
[ 1.4010025] cpu1: End traceback...
[ 1.4128829] fatal breakpoint trap in supervisor mode
[ 1.4128829] trap type 1 code 0 rip 0xffffffff8021e4b5 cs 0x8 rflags 0x246 cr2 0 ilevel 0 rsp 0xffffb5017de07d60
[ 1.4247761] curlwp 0xffffb500116a16c0 pid 0.30 lowest kstack 0xffffb5017de002c0
Stopped in pid 0.30 (system) at netbsd:breakpoint+0x5: leave
db{1}>
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Maxime Villard
Feb 26, 2020, 1:22:14 AM2/26/20
to syzbot+2d6a72...@syzkaller.appspotmail.com, syzkaller-netbsd-bugs
Temporary problem, now fixed:
#syz invalid
#syz invalid
Reply all
Reply to author
Forward
0 new messages