panic: prevented execution of user address ADDR (SMEP)
1 view
Skip to first unread message
syzbot
Apr 26, 2019, 12:41:07 PM4/26/19
to syzkaller-...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 14d2bf09 Some more empty-string --> NULL conversions for m..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16562660a00000
dashboard link: https://syzkaller.appspot.com/bug?extid=3365123b3df098a9c09c
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+336512...@syzkaller.appspotmail.com
ª�%u c�$)s ��؇���O�T m�i+bW ι�� �� ��
ĈQ
��Qףb� !�-��@O$[�0^]P��Q:C4�� 7�rg,��ؑ\� ��tw3� D�=\��A��z�� �h,�������4� ���}�>�R�r H��� �ɟ�- 'x t�� �F$B'ɔ�؛H�{��ɶ'�/Z&,d_ ���?C۳IqJ���, �(٪�[� .B�*ݪ
�
��Q ��' ./file0 ./file0 [
2137.5196137] panic: prevented execution of user address 0x716d00000000
(SMEP)
[ 2137.5196137] cpu1: Begin traceback...
[ 2137.5296206] vpanic() at netbsd:vpanic+0x214
[ 2137.5396291] snprintf() at netbsd:snprintf
[ 2137.5496331] trap() at netbsd:trap+0x1237
[ 2137.5596398] --- trap (number 6) ---
[ 2137.5596398] ?() at 716d00000000
[ 2137.5696460] selnotify() at netbsd:selnotify+0x30
[ 2137.5796507] pipeselwakeup() at netbsd:pipeselwakeup+0x47
[ 2137.5896578] pipeclose.part.0() at netbsd:pipeclose.part.0+0x8a
[ 2137.6096707] pipe_close() at netbsd:pipe_close+0x2b
[ 2137.6196774] closef() at netbsd:closef+0xf3
[ 2137.6296815] fd_free() at netbsd:fd_free+0x174
[ 2137.6396868] exit1() at netbsd:exit1+0x265
[ 2137.6496938] sigexit() at netbsd:sigexit+0x33c
[ 2137.6596991] sendsig() at netbsd:sendsig
[ 2137.6596991] lwp_userret() at netbsd:lwp_userret+0x2db
[ 2137.6797128] syscall() at netbsd:syscall+0x42d
[ 2137.6797128] --- syscall (number 32) ---
[ 2137.6897164] 78a4f003e02a:
[ 2137.6897164] cpu1: End traceback...
[ 2137.6897164] dumping to dev 4,1 (offset=0, size=0): not possible
[ 2137.6997212] rebooting...
SeaBIOS (version 1.8.2-20190322_093631-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f29d0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...
>> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from
>> NetBSD 8.0)
>> Memory: 639/3144640 k
1. Boot normally
2. Boot single user
3. Disable ACPI
4. Disable ACPI and SMP
5. Drop to boot prompt
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 14d2bf09 Some more empty-string --> NULL conversions for m..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16562660a00000
dashboard link: https://syzkaller.appspot.com/bug?extid=3365123b3df098a9c09c
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+336512...@syzkaller.appspotmail.com
ª�%u c�$)s ��؇���O�T m�i+bW ι�� �� ��
ĈQ
��Qףb� !�-��@O$[�0^]P��Q:C4�� 7�rg,��ؑ\� ��tw3� D�=\��A��z�� �h,�������4� ���}�>�R�r H��� �ɟ�- 'x t�� �F$B'ɔ�؛H�{��ɶ'�/Z&,d_ ���?C۳IqJ���, �(٪�[� .B�*ݪ
�
��Q ��' ./file0 ./file0 [
2137.5196137] panic: prevented execution of user address 0x716d00000000
(SMEP)
[ 2137.5196137] cpu1: Begin traceback...
[ 2137.5296206] vpanic() at netbsd:vpanic+0x214
[ 2137.5396291] snprintf() at netbsd:snprintf
[ 2137.5496331] trap() at netbsd:trap+0x1237
[ 2137.5596398] --- trap (number 6) ---
[ 2137.5596398] ?() at 716d00000000
[ 2137.5696460] selnotify() at netbsd:selnotify+0x30
[ 2137.5796507] pipeselwakeup() at netbsd:pipeselwakeup+0x47
[ 2137.5896578] pipeclose.part.0() at netbsd:pipeclose.part.0+0x8a
[ 2137.6096707] pipe_close() at netbsd:pipe_close+0x2b
[ 2137.6196774] closef() at netbsd:closef+0xf3
[ 2137.6296815] fd_free() at netbsd:fd_free+0x174
[ 2137.6396868] exit1() at netbsd:exit1+0x265
[ 2137.6496938] sigexit() at netbsd:sigexit+0x33c
[ 2137.6596991] sendsig() at netbsd:sendsig
[ 2137.6596991] lwp_userret() at netbsd:lwp_userret+0x2db
[ 2137.6797128] syscall() at netbsd:syscall+0x42d
[ 2137.6797128] --- syscall (number 32) ---
[ 2137.6897164] 78a4f003e02a:
[ 2137.6897164] cpu1: End traceback...
[ 2137.6897164] dumping to dev 4,1 (offset=0, size=0): not possible
[ 2137.6997212] rebooting...
SeaBIOS (version 1.8.2-20190322_093631-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f29d0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...
>> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from
>> NetBSD 8.0)
>> Memory: 639/3144640 k
1. Boot normally
2. Boot single user
3. Disable ACPI
4. Disable ACPI and SMP
5. Drop to boot prompt
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Maxime Villard
Apr 27, 2019, 6:52:48 AM4/27/19
to syzbot, syzkaller-...@googlegroups.com
Duplicate, here the freed garbage makes us jump in userland, hence SMEP.
I'm getting increasingly worried about this bug.
#syz dup: ASan: Unauthorized Access in knote
I'm getting increasingly worried about this bug.
#syz dup: ASan: Unauthorized Access in knote
Reply all
Reply to author
Forward
0 new messages