ASan: Unauthorized Access in __asan

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
netbsd	ASan: Unauthorized Access in __asan_load8	syz			39	1624d	1743d	2/3	fixed on 2019/11/17 08:54
[ 165.5719563] panic: ASan: Unauthorized Access In 0xffffffff81190b65: Addr 0xffffa58012ad7018 [8 bytes, read, PoolUseAfterFree]

[ 165.5857681] cpu1: Begin traceback...
[ 165.6273301] vpanic() at netbsd:vpanic+0x244 sys/kern/subr_prf.c:336
[ 165.7335349] snprintf() at netbsd:snprintf
[ 165.8443576] kasan_report() at netbsd:kasan_report+0x98 kasan_code_name sys/kern/subr_asan.c:187 [inline]
[ 165.8443576] kasan_report() at netbsd:kasan_report+0x98 sys/kern/subr_asan.c:197
[ 165.9505529] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:347 [inline]
[ 165.9505529] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:361 [inline]
[ 165.9505529] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:413 [inline]
[ 165.9505529] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1214
[ 166.0613724] mutex_oncpu() at netbsd:mutex_oncpu+0x38 mutex_oncpu sys/kern/kern_mutex.c:422 [inline]
[ 166.0613724] mutex_oncpu() at netbsd:mutex_oncpu+0x38 sys/kern/kern_mutex.c:406
[ 166.1721936] mutex_enter() at netbsd:mutex_enter+0x1a4 sys/kern/kern_mutex.c:550
[ 166.2737772] pool_get() at netbsd:pool_get+0xcc sys/kern/subr_pool.c:1050
[ 166.3845963] pool_cache_get_slow() at netbsd:pool_cache_get_slow+0x30c sys/kern/subr_pool.c:2498
[ 166.4954169] pool_cache_get_paddr() at netbsd:pool_cache_get_paddr+0x535 sys/kern/subr_pool.c:2590
[ 166.5970014] pmap_enter_ma() at netbsd:pmap_enter_ma+0x16b8 pmap_enter_pv sys/arch/x86/x86/pmap.c:2132 [inline]
[ 166.5970014] pmap_enter_ma() at netbsd:pmap_enter_ma+0x16b8 sys/arch/x86/x86/pmap.c:4809
[ 166.6985865] pmap_enter_default() at netbsd:pmap_enter_default+0x60 sys/arch/x86/x86/pmap.c:4692
[ 166.8001713] uvm_fault_internal() at netbsd:uvm_fault_internal+0x222e uvm_fault_lower_lookup sys/uvm/uvm_fault.c:2023 [inline]
[ 166.8001713] uvm_fault_internal() at netbsd:uvm_fault_internal+0x222e uvm_fault_lower sys/uvm/uvm_fault.c:1872 [inline]
[ 166.8001713] uvm_fault_internal() at netbsd:uvm_fault_internal+0x222e sys/uvm/uvm_fault.c:939
[ 166.9017560] trap() at netbsd:trap+0x975 sys/arch/amd64/amd64/trap.c:520
[ 166.9202245] --- trap (number 6) ---
[ 166.9663985] 7f7e68a05089:
[ 166.9663985] cpu1: End traceback...
[ 166.9710139] fatal breakpoint trap in supervisor mode
[ 166.9756313] trap type 1 code 0 rip 0xffffffff8021e4b5 cs 0x8 rflags 0x246 cr2 0x7b965263ae78 ilevel 0 rsp 0xffffa5817f6970a0
[ 166.9894841] curlwp 0xffffa58012ad7800 pid 914.1 lowest kstack 0xffffa5817f6902c0
Stopped in pid 914.1 (syz-executor.5) at        netbsd:breakpoint+0x5:  leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xe9 sys/ddb/db_panic.c:67
vpanic() at netbsd:vpanic+0x244 sys/kern/subr_prf.c:336
snprintf() at netbsd:snprintf
kasan_report() at netbsd:kasan_report+0x98 kasan_code_name sys/kern/subr_asan.c:187 [inline]
kasan_report() at netbsd:kasan_report+0x98 sys/kern/subr_asan.c:197
__asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:347 [inline]
__asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:361 [inline]
__asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:413 [inline]
__asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1214