NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/56950: Race in vnode klist destruction?



>Number:         56950
>Category:       kern
>Synopsis:       Race in vnode klist destruction?
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 03 09:30:00 +0000 2022
>Originator:     Taylor R Campbell
>Release:        current
>Organization:
La Fundacion NetBSD
>Environment:
hot like a greenhouse
>Description:
[ 158.8702193] panic: ASan: Unauthorized Access In 0xffffffff81ca635a: Addr 0xffffb1001400b418 [8 bytes, read, PoolUseAfterFree]

[ 158.8896562] cpu0: Begin traceback...
[ 158.9002072] vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:293
[ 158.9402085] panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1043
[ 158.9702073] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:168 [inline]
[ 158.9702073] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:200
[ 159.0002068] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:370 [inline]
[ 159.0002068] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_check sys/kern/subr_asan.c:420 [inline]
[ 159.0002068] __asan_load8() at netbsd:__asan_load8+0xac sys/kern/subr_asan.c:1207
[ 159.0302067] vcache_reclaim() at netbsd:vcache_reclaim+0x52b sys/kern/vfs_vnode.c:1923
[ 159.0702091] vrelel() at netbsd:vrelel+0x67a sys/kern/vfs_vnode.c:985
[ 159.1002077] vrele() at netbsd:vrele+0x51 sys/kern/vfs_vnode.c:1038
[ 159.1202065] layer_remove() at netbsd:layer_remove+0xa4 sys/miscfs/genfs/layer_vnops.c:631
[ 159.1502067] VOP_REMOVE() at netbsd:VOP_REMOVE+0x27c sys/kern/vnode_if.c:1219
[ 159.1802070] do_sys_unlinkat() at netbsd:do_sys_unlinkat+0x5b5 sys/kern/vfs_syscalls.c:2916
[ 159.2102077] syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
[ 159.2102077] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 159.2102077] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
[ 159.2215181] --- syscall (number 10) ---
[ 159.2327772] netbsd:syscall+0x25a:

Reported-by: syzbot+177e6808c863c4dd4584%syzkaller.appspotmail.com@localhost
https://syzkaller.appspot.com/bug?id=7ea755f80234f6a5c322864deba9b5abfc13c1b9
>How-To-Repeat:
syzbot did not find a reproducer.
>Fix:
Yes, please!



Home | Main Index | Thread Index | Old Index