netbsd boot error: ASan: Unauthorized Access in evcnt_attach_dynamic

To: syzkaller-netbsd-bugs%googlegroups.com@localhost
Subject: netbsd boot error: ASan: Unauthorized Access in evcnt_attach_dynamic
From: syzbot <syzbot+361cecdd4307323c1ee2%syzkaller.appspotmail.com@localhost>
Date: Thu, 23 Mar 2023 00:16:48 -0700
Hello,

syzbot found the following issue on:

HEAD commit:    7d5560eb106d vioif(4): divide IFF_OACTIVE into per-queue
git tree:       netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15e6796ac80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=fab579639ba4bf0a
dashboard link: https://syzkaller.appspot.com/bug?extid=361cecdd4307323c1ee2
compiler:       g++ (Debian 10.2.1-6) 10.2.1 20210110

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/20d77e22b848/disk-7d5560eb.raw.xz
netbsd.gdb: https://storage.googleapis.com/syzbot-assets/d68897b0134d/netbsd-7d5560eb.gdb.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+361cecdd4307323c1ee2%syzkaller.appspotmail.com@localhost

[   1.0443535] panic: ASan: Unauthorized Access In 0xffffffff81bcc201: Addr 0xffffaf8010cc07a0 [56 bytes, write, KmemRedZone]

[   1.0443535] cpu0: Begin traceback...
[   1.0443535] vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:291
[   1.0443535] panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1059
[   1.0443535] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:168 [inline]
[   1.0443535] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:200
[   1.0443535] kasan_memset() at netbsd:kasan_memset+0x7b kasan_shadow_Nbyte_isvalid sys/kern/subr_asan.c:382 [inline]
[   1.0443535] kasan_memset() at netbsd:kasan_memset+0x7b kasan_shadow_check sys/kern/subr_asan.c:427 [inline]
[   1.0443535] kasan_memset() at netbsd:kasan_memset+0x7b sys/kern/subr_asan.c:456
[   1.0443535] evcnt_attach_dynamic() at netbsd:evcnt_attach_dynamic+0x34 evcnt_attach_dynamic_nozero sys/kern/subr_evcnt.c:185 [inline]
[   1.0443535] evcnt_attach_dynamic() at netbsd:evcnt_attach_dynamic+0x34 sys/kern/subr_evcnt.c:201
[   1.0443535] vioif_attach() at netbsd:vioif_attach+0x285f vioif_setup_stats sys/dev/pci/if_vioif.c:1039 [inline]
[   1.0443535] vioif_attach() at netbsd:vioif_attach+0x285f sys/dev/pci/if_vioif.c:629
[   1.0443535] config_attach_internal() at netbsd:config_attach_internal+0x341 sys/kern/subr_autoconf.c:1785
[   1.0443535] config_found() at netbsd:config_found+0x1e3 sys/kern/subr_autoconf.c:1272
[   1.0443535] virtio_pci_rescan() at netbsd:virtio_pci_rescan+0xd4 sys/dev/pci/virtio_pci.c:317
[   1.0443535] virtio_pci_attach() at netbsd:virtio_pci_attach+0x491 sys/dev/pci/virtio_pci.c:298
[   1.0443535] config_attach_internal() at netbsd:config_attach_internal+0x341 sys/kern/subr_autoconf.c:1785
[   1.0443535] config_found() at netbsd:config_found+0x1e3 sys/kern/subr_autoconf.c:1272
[   1.0443535] pci_probe_device() at netbsd:pci_probe_device+0xf77 sys/dev/pci/pci.c:488
[   1.0443535] pci_enumerate_bus() at netbsd:pci_enumerate_bus+0x426 sys/dev/pci/pci.c:819
[   1.0443535] pcirescan() at netbsd:pcirescan+0x71 sys/dev/pci/pci.c:113
[   1.0443535] pciattach() at netbsd:pciattach+0x310 sys/dev/pci/pci.c:210
[   1.0443535] config_attach_internal() at netbsd:config_attach_internal+0x341 sys/kern/subr_autoconf.c:1785
[   1.0443535] config_found() at netbsd:config_found+0x1e3 sys/kern/subr_autoconf.c:1272
[   1.0443535] mp_pci_scan() at netbsd:mp_pci_scan+0x265 sys/arch/x86/x86/mp.c:96
[   1.0443535] amd64_mainbus_attach() at netbsd:amd64_mainbus_attach+0x867 sys/arch/amd64/amd64/amd64_mainbus.c:213
[   1.0443535] mainbus_attach() at netbsd:mainbus_attach+0x1a2 sys/arch/x86/x86/mainbus.c:216
[   1.0443535] config_attach_internal() at netbsd:config_attach_internal+0x341 sys/kern/subr_autoconf.c:1785
[   1.0443535] config_rootfound() at netbsd:config_rootfound+0xda config_attach sys/kern/subr_autoconf.c:1820 [inline]
[   1.0443535] config_rootfound() at netbsd:config_rootfound+0xda sys/kern/subr_autoconf.c:1300
[   1.0443535] cpu_configure() at netbsd:cpu_configure+0x68 sys/arch/amd64/amd64/autoconf.c:112
[   1.0443535] main() at netbsd:main+0x4b8 sys/kern/init_main.c:555
[   1.0443535] cpu0: End traceback...
[   1.0443535] fatal breakpoint trap in supervisor mode
[   1.0443535] trap type 1 code 0 rip 0xffffffff8023230d cs 0x8 rflags 0x202 cr2 0 ilevel 0x8 rsp 0xffffffff8387d7a0
[   1.0443535] curlwp 0xffffffff83347880 pid 0.0 lowest kstack 0xffffffff838772c0
Stopped in pid 0.0 (system) at  netbsd:breakpoint+0x5:  leave
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:291
panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1059
kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:168 [inline]
kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:200
kasan_memset() at netbsd:kasan_memset+0x7b kasan_shadow_Nbyte_isvalid sys/kern/subr_asan.c:382 [inline]
kasan_memset() at netbsd:kasan_memset+0x7b kasan_shadow_check sys/kern/subr_asan.c:427 [inline]
kasan_memset() at netbsd:kasan_memset+0x7b sys/kern/subr_asan.c:456
evcnt_attach_dynamic() at netbsd:evcnt_attach_dynamic+0x34 evcnt_attach_dynamic_nozero sys/kern/subr_evcnt.c:185 [inline]
evcnt_attach_dynamic() at netbsd:evcnt_attach_dynamic+0x34 sys/kern/subr_evcnt.c:201
vioif_attach() at netbsd:vioif_attach+0x285f vioif_setup_stats sys/dev/pci/if_vioif.c:1039 [inline]
vioif_attach() at netbsd:vioif_attach+0x285f sys/dev/pci/if_vioif.c:629
config_attach_internal() at netbsd:config_attach_internal+0x341 sys/kern/subr_autoconf.c:1785
config_found() at netbsd:config_found+0x1e3 sys/kern/subr_autoconf.c:1272
virtio_pci_rescan() at netbsd:virtio_pci_rescan+0xd4 sys/dev/pci/virtio_pci.c:317
virtio_pci_attach() at netbsd:virtio_pci_attach+0x491 sys/dev/pci/virtio_pci.c:298
config_attach_internal() at netbsd:config_attach_internal+0x341 sys/kern/subr_autoconf.c:1785
config_found() at netbsd:config_found+0x1e3 sys/kern/subr_autoconf.c:1272
pci_probe_device() at netbsd:pci_probe_device+0xf77 sys/dev/pci/pci.c:488
pci_enumerate_bus() at netbsd:pci_enumerate_bus+0x426 sys/dev/pci/pci.c:819
pcirescan() at netbsd:pcirescan+0x71 sys/dev/pci/pci.c:113
pciattach() at netbsd:pciattach+0x310 sys/dev/pci/pci.c:210
config_attach_internal() at netbsd:config_attach_internal+0x341 sys/kern/subr_autoconf.c:1785
config_found() at netbsd:config_found+0x1e3 sys/kern/subr_autoconf.c:1272
mp_pci_scan() at netbsd:mp_pci_scan+0x265 sys/arch/x86/x86/mp.c:96
amd64_mainbus_attach() at netbsd:amd64_mainbus_attach+0x867 sys/arch/amd64/amd64/amd64_mainbus.c:213
--db_more--


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller%googlegroups.com@localhost.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

-- 
You received this message because you are subscribed to the Google Groups "syzkaller-netbsd-bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-netbsd-bugs+unsubscribe%googlegroups.com@localhost.
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-netbsd-bugs/0000000000005a705105f78c0f49%40google.com.
Prev by Date: ASan: Unauthorized Access in sl_compress_setup
Next by Date: netbsd boot error: page fault in virtio_free_vq
Previous by Thread: ASan: Unauthorized Access in sl_compress_setup
Next by Thread: netbsd boot error: ASan: Unauthorized Access in evcnt_attach_dynamic
Indexes:
Home | Main Index | Thread Index | Old Index