Re: panic: ASan: Unauthorized Access In ADDR: Addr ADDR [NUM bytes, read, PoolUseAfterFree]

To: syzkaller-netbsd-bugs%googlegroups.com@localhost
Subject: Re: panic: ASan: Unauthorized Access In ADDR: Addr ADDR [NUM bytes, read, PoolUseAfterFree]
From: syzbot <syzbot+f0bc1a7b10d92e4677dd%syzkaller.appspotmail.com@localhost>
Date: Thu, 21 Jul 2022 02:58:23 -0700
syzbot has found a reproducer for the following issue on:

HEAD commit:    6a5ad45c0beb Improve error reporting.
git tree:       netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15a1d854080000
kernel config:  https://syzkaller.appspot.com/x/.config?x=fab579639ba4bf0a
dashboard link: https://syzkaller.appspot.com/bug?extid=f0bc1a7b10d92e4677dd
compiler:       g++ (Debian 10.2.1-6) 10.2.1 20210110
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11925e5a080000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13b31c54080000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f0bc1a7b10d92e4677dd%syzkaller.appspotmail.com@localhost

[  62.7976006] panic: ASan: Unauthorized Access In 0xffffffff81c852ef: Addr 0xffff940012b76040 [8 bytes, read, PoolUseAfterFree]

[  62.7976006] cpu1: Begin traceback...
[  62.8075916] vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:293
[  62.8375963] panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1043
[  62.8575936] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:168 [inline]
[  62.8575936] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:200
[  62.8875939] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:370 [inline]
[  62.8875939] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_check sys/kern/subr_asan.c:420 [inline]
[  62.8875939] __asan_load8() at netbsd:__asan_load8+0xac sys/kern/subr_asan.c:1207
[  62.9075930] mount_domount() at netbsd:mount_domount+0x72f mount_checkdirs sys/kern/vfs_mount.c:678 [inline]
[  62.9075930] mount_domount() at netbsd:mount_domount+0x72f sys/kern/vfs_mount.c:832
[  62.9375937] do_sys_mount() at netbsd:do_sys_mount+0x7a1 sys/kern/vfs_syscalls.c:616
[  62.9575964] sys___mount50() at netbsd:sys___mount50+0x8f sys/kern/vfs_syscalls.c:537
[  62.9875944] sys_syscall() at netbsd:sys_syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline]
[  62.9875944] sys_syscall() at netbsd:sys_syscall+0x10e sys/kern/sys_syscall.c:90
[  63.0075934] syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
[  63.0075934] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
[  63.0075934] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
[  63.0176018] --- syscall (number 410 via SYS_syscall) ---
[  63.0275943] netbsd:syscall+0x25a:
[  63.0275943] cpu1: End traceback...
[  63.0375934] fatal breakpoint trap in supervisor mode
[  63.0375934] trap type 1 code 0 rip 0xffffffff80220a4d cs 0x8 rflags 0x286 cr2 0x20000040 ilevel 0 rsp 0xffff94019db3b900
[  63.0475901] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db3b420
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db3af40
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db3aa60
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db3a580
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db3a0a0
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db39bc0
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db396e0
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db39200
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db38d20
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db38840
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db38360
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db37e80
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db379a0
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db374c0
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db36fe0
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff94019db36b00
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] fatal double fault in supervisor mode
[  63.0575950] trap type 13 code 0 rip 0xffffffff81a5d95c cs 0x8 rflags 0x10282 cr2 0xffff94019db35fd8 ilevel 0x8 rsp 0xffff94019db35fe0
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: double fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10083 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff940184debc40
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff940184deb760
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff940184deb280
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff940184deada0
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff940184dea8c0
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff940184dea3e0
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff940184de9f00
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff940184de9a20
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kernel: page fault trap, code=0
[  63.0575950] uvm_fault(0xffff940012b8a1a8, 0xffff900000000000, 1) -> e
[  63.0575950] fatal page fault in supervisor mode
[  63.0575950] trap type 6 code 0 rip 0xffffffff81b8256b cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffff940184de9540
[  63.0575950] curlwp 0xffff9400126c7300 pid 3674.3674 lowest kstack 0xffff94019db342c0
kerne

-- 
You received this message because you are subscribed to the Google Groups "syzkaller-netbsd-bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-netbsd-bugs+unsubscribe%googlegroups.com@localhost.
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-netbsd-bugs/0000000000001d67ba05e44dc24f%40google.com.
References:
- panic: ASan: Unauthorized Access In ADDR: Addr ADDR [NUM bytes, read, PoolUseAfterFree]
  - From: syzbot
Prev by Date: Re: assert failed: !fmi->fmi_gone
Next by Date: panic: ufs_inactive: dirty filesystem?
Previous by Thread: panic: ASan: Unauthorized Access In ADDR: Addr ADDR [NUM bytes, read, PoolUseAfterFree]
Next by Thread: Re: assert failed: lktype != LK_NONE
Indexes:
Home | Main Index | Thread Index | Old Index