syzbot

 sign-in | mailing list | source | docs
🐞 Open [195]
🐞 Fixed [376]
🐞 Invalid [1339]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: ASan: Unauthorized Access In ADDR: Addr ADDR [NUM bytes, read, PoolUseAfterFree]

Status: upstream: reported C repro on 2022/07/17 20:24
Reported-by: syzbot+f0bc1a7b10d92e4677dd@syzkaller.appspotmail.com
First crash: 857d, last: 198d
Last patch testing requests (7)
Created Duration User Patch Repo Result
2023/04/02 23:32 7m retest repro netbsd error
2023/04/02 11:32 7m retest repro netbsd error
2022/12/24 18:31 20m retest repro netbsd OK log
2022/12/24 08:31 18m retest repro netbsd OK log
2022/12/23 23:31 17m retest repro netbsd OK log
2022/12/23 11:31 19m retest repro netbsd report log
2022/12/23 08:31 11m retest repro netbsd report log

Sample crash report:
[  40.2654479] panic: ASan: Unauthorized Access In 0xffffffff81b8e155: Addr 0xffffdb8012859b88 [4 bytes, read, PoolUseAfterFree]

[  40.2754555] cpu1: Begin traceback...
[  40.2854701] vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:293
[  40.3054568] panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1043
[  40.3254666] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:168 [inline]
[  40.3254666] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:200
[  40.3554411] __asan_load4() at netbsd:__asan_load4+0x9d kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:350 [inline]
[  40.3554411] __asan_load4() at netbsd:__asan_load4+0x9d kasan_shadow_check sys/kern/subr_asan.c:417 [inline]
[  40.3554411] __asan_load4() at netbsd:__asan_load4+0x9d sys/kern/subr_asan.c:1206
[  40.3854369] config_detach() at netbsd:config_detach+0x1aa config_detach_enter sys/kern/subr_autoconf.c:1937 [inline]
[  40.3854369] config_detach() at netbsd:config_detach+0x1aa sys/kern/subr_autoconf.c:2007
[  40.4154397] dkwedge_delall1() at netbsd:dkwedge_delall1+0x1f7 dkwedge_del1 sys/dev/dkwedge/dk.c:573 [inline]
[  40.4154397] dkwedge_delall1() at netbsd:dkwedge_delall1+0x1f7 sys/dev/dkwedge/dk.c:718
[  40.4454381] disk_ioctl() at netbsd:disk_ioctl+0x2d2 sys/kern/subr_disk.c:645
[  40.4654370] dk_ioctl() at netbsd:dk_ioctl+0x1b2 sys/dev/dksubr.c:642
[  40.4954371] sdioctl() at netbsd:sdioctl+0xa12 sys/dev/scsipi/sd.c:1006
[  40.5254384] cdev_ioctl() at netbsd:cdev_ioctl+0x177 sys/kern/subr_devsw.c:1248
[  40.5554417] spec_ioctl() at netbsd:spec_ioctl+0x148 sys/miscfs/specfs/spec_vnops.c:1294
[  40.5854383] VOP_IOCTL() at netbsd:VOP_IOCTL+0x132 sys/kern/vnode_if.c:934
[  40.6154358] vn_ioctl() at netbsd:vn_ioctl+0x1ba sys/kern/vfs_vnops.c:865
[  40.6354371] sys_ioctl() at netbsd:sys_ioctl+0x8f6 sys/kern/sys_generic.c:675
[  40.6654367] sys_syscall() at netbsd:sys_syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline]
[  40.6654367] sys_syscall() at netbsd:sys_syscall+0x10e sys/kern/sys_syscall.c:90
[  40.6954355] syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
[  40.6954355] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
[  40.6954355] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
[  40.7054357] --- syscall (number 54 via SYS_syscall) ---
[  40.7154341] netbsd:syscall+0x25a:
[  40.7154341] cpu1: End traceback...
[  40.7254396] fatal breakpoint trap in supervisor mode
[  40.7254396] trap type 1 code 0 rip 0xffffffff80220a4d cs 0x8 rflags 0x282 cr2 0x7e73da9e92a0 ilevel 0 rsp 0xffffdb819d95c210
[  40.7354319] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d95bd30
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d95b850
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d95b370
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d95ae90
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d95a9b0
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d95a4d0
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d959ff0
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d959b10
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d959630
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d959150
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d958c70
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d958790
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d9582b0
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d957dd0
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb819d9578f0
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
[  40.7454322] fatal double fault in supervisor mode
[  40.7454322] trap type 13 code 0 rip 0xffffffff81bc7727 cs 0x8 rflags 0x10282 cr2 0xffffdb819d956f18 ilevel 0x8 rsp 0xffffdb819d956f20
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: double fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10083 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb8184debc40
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb8184deb760
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb8184deb280
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb8184deada0
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb8184dea8c0
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb8184dea3e0
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb8184de9f00
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb8184de9a20
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb8184de9540
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb8184de9060
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
[  40.7454322] uvm_fault(0xffffdb801347aa40, 0xffff900000000000, 1) -> e
[  40.7454322] fatal page fault in supervisor mode
[  40.7454322] trap type 6 code 0 rip 0xffffffff81b883bb cs 0x8 rflags 0x10283 cr2 0xffff90000000003d ilevel 0x8 rsp 0xffffdb8184de8b80
[  40.7454322] curlwp 0xffffdb8013cb95c0 pid 1223.1223 lowest kstack 0xffffdb819d9552c0
kernel: page fault trap, code=0
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000200000000 = 8192 MiB
CPUs found: 2     Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 4c05c429-9a8a-6fd4-5ca1-d65f7eaf5bf3
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2700: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...

>> NetBSD/x86 BIOS Boot, Revision 5.11 (Thu Jun 11 19:20:47 UTC 2020) (from NetBSD 9.99.65)
>> Memory: 639/3144640 k

     1. Boot normally
     2. Boot single user
     3. Drop to boot prompt

Choose an option; RETURN for default; SPACE to stop countdown.
Option 1 will be chosen in 5 seconds. 4 seconds. 3 seconds. 2 seconds. 1 seconds. 0 seconds. 0 seconds.     
command(s): rndseed /var/db/entropy-file;boot
default boot twice, skipping...

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/07/23 20:31 netbsd 9262324f77ac 22343af4 .config console log report syz C ci2-netbsd panic: ASan: Unauthorized Access In ADDR: Addr ADDR [NUM bytes, read, PoolUseAfterFree]
2022/07/21 09:58 netbsd 6a5ad45c0beb 6e67af9d .config console log report syz C ci2-netbsd panic: ASan: Unauthorized Access In ADDR: Addr ADDR [NUM bytes, read, PoolUseAfterFree]
2024/05/07 02:28 netbsd adfd220df860 fa7a5cf0 .config console log report syz [disk image] [netbsd.gdb] ci2-netbsd panic: ASan: Unauthorized Access In ADDR: Addr ADDR [NUM bytes, read, PoolUseAfterFree]
2022/09/14 08:22 netbsd 6878208bd17b b884348d .config console log report syz [disk image] [netbsd.gdb] ci2-netbsd panic: ASan: Unauthorized Access In ADDR: Addr ADDR [NUM bytes, read, PoolUseAfterFree]
2022/07/31 00:44 netbsd c5589dd24632 fef302b1 .config console log report syz ci2-netbsd panic: ASan: Unauthorized Access In ADDR: Addr ADDR [NUM bytes, read, PoolUseAfterFree]
2022/07/17 20:24 netbsd 285735492d5f 95cb00d1 .config console log report syz ci2-netbsd panic: ASan: Unauthorized Access In ADDR: Addr ADDR [NUM bytes, read, PoolUseAfterFree]
2024/05/01 18:10 netbsd 29856787a78c 3ba885bc .config console log report [disk image] [netbsd.gdb] ci2-netbsd panic: ASan: Unauthorized Access In ADDR: Addr ADDR [NUM bytes, read, PoolUseAfterFree]
* Struck through repros no longer work on HEAD.