[ 71.0238082] panic: ASan: Unauthorized Access In 0xffffffff81175db0: Addr 0xffffd78011d84758 [8 bytes, read, PoolUseAfterFree] [ 71.0338057] cpu1: Begin traceback... [ 71.0538194] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 71.0838519] snprintf() at netbsd:snprintf [ 71.1238932] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:172 [inline] [ 71.1238932] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:194 [ 71.1539258] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:344 [inline] [ 71.1539258] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:358 [inline] [ 71.1539258] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:410 [inline] [ 71.1539258] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1180 [ 71.1939690] mutex_oncpu() at netbsd:mutex_oncpu+0x3a mutex_oncpu sys/kern/kern_mutex.c:422 [inline] [ 71.1939690] mutex_oncpu() at netbsd:mutex_oncpu+0x3a sys/kern/kern_mutex.c:406 [ 71.2340133] mutex_enter() at netbsd:mutex_enter+0x17d sys/kern/kern_mutex.c:550 [ 71.2640499] lwp_exit() at netbsd:lwp_exit+0x353 sys/kern/kern_lwp.c:1143 [ 71.2940848] lwp_userret() at netbsd:lwp_userret+0x1f5 sys/kern/kern_lwp.c:1612 [ 71.3341255] syscall() at netbsd:syscall+0x84c x86_curlwp sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:68 [inline] [ 71.3341255] syscall() at netbsd:syscall+0x84c KPREEMPT_DISABLE sys/sys/lwp.h:516 [inline] [ 71.3341255] syscall() at netbsd:syscall+0x84c mi_userret sys/sys/userret.h:100 [inline] [ 71.3341255] syscall() at netbsd:syscall+0x84c userret sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/userret.h:81 [inline] [ 71.3341255] syscall() at netbsd:syscall+0x84c sys/arch/x86/x86/syscall.c:166 [ 71.3441345] --- syscall (number 4) --- [ 71.3641574] 7aff824ade7a: [ 71.3741665] cpu1: End traceback... [ 71.3741665] fatal breakpoint trap in supervisor mode [ 71.3841766] trap type 1 code 0 rip 0xffffffff8021e4c5 cs 0x8 rflags 0x246 cr2 0x7aff8385dff8 ilevel 0 rsp 0xffffd7816eba7b90 [ 71.3941858] curlwp 0xffffd78011ccb2a0 pid 887.4 lowest kstack 0xffffd7816eba02c0 Stopped in pid 887.4 (syz-executor.0) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xe9 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 snprintf() at netbsd:snprintf kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:172 [inline] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:194 __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:344 [inline] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:358 [inline] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:410 [inline] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1180 mutex_oncpu() at netbsd:mutex_oncpu+0x3a mutex_oncpu sys/kern/kern_mutex.c:422 [inline] mutex_oncpu() at netbsd:mutex_oncpu+0x3a sys/kern/kern_mutex.c:406 mutex_enter() at netbsd:mutex_enter+0x17d sys/kern/kern_mutex.c:550 lwp_exit() at netbsd:lwp_exit+0x353 sys/kern/kern_lwp.c:1143 lwp_userret() at netbsd:lwp_userret+0x1f5 sys/kern/kern_lwp.c:1612 syscall() at netbsd:syscall+0x84c x86_curlwp sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:68 [inline] syscall() at netbsd:syscall+0x84c KPREEMPT_DISABLE sys/sys/lwp.h:516 [inline] syscall() at netbsd:syscall+0x84c mi_userret sys/sys/userret.h:100 [inline] syscall() at netbsd:syscall+0x84c userret sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/userret.h:81 [inline] syscall() at netbsd:syscall+0x84c sys/arch/x86/x86/syscall.c:166 --- syscall (number 4) --- 7aff824ade7a: ds 31c8 es bc5b fs 7b70 gs 7bc0 rdi ffffd7800d92b458 rsi ffffd78011ccb588 rbp ffffd7816eba7b90 rbx ffffd7816d893000 rdx 2 rcx ffffffff80d16441 db_panic+0xd5 rax 0 r8 4 r9 1ffffffff0553e24 r10 ffffffff82a9f123 db_onpanic+0x3 r11 10 r12 ffffd7816d8a4000 r13 ffffffff8243b0c8 ostype+0x4bd08 r14 ffffd7816eba7c20 r15 ffffd7816d893060 rip ffffffff8021e4c5 breakpoint+0x5 cs 8 rflags 246 rsp ffffd7816eba7b90 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 887 > 4 7 1 100000 ffffd78011ccb2a0 syz-executor.0 887 3 5 0 100000 ffffd78011ec89c0 syz-executor.0 887 1 2 1 10000000 ffffd78011ec8580 syz-executor.0 40 > 1 7 0 0 ffffd78013754660 syz-executor.0 464 9 3 1 80 ffffd78012a6a600 syz-execprog parked 464 8 3 0 80 ffffd78013754220 syz-execprog parked 464 7 3 0 80 ffffd78012a5fa20 syz-execprog parked 464 6 3 1 80 ffffd78012962300 syz-execprog parked 464 5 3 0 80 ffffd78012a5f1a0 syz-execprog parked 464 4 3 0 80 ffffd7801313ea80 syz-execprog parked 464 3 3 0 80 ffffd7801313e640 syz-execprog kqueue 464 2 2 1 0 ffffd78012934b60 syz-execprog 464 1 3 0 80 ffffd78011ae2160 syz-execprog parked 612 1 3 0 80 ffffd78011ae25a0 sshd select 465 1 3 0 80 ffffd78012a2f120 getty nanoslp 595 1 3 1 80 ffffd78012a3d9c0 getty nanoslp 566 1 3 1 80 ffffd78012a3d140 getty nanoslp 500 1 3 0 80 ffffd78012a459e0 getty ttyraw 422 1 3 0 80 ffffd78012a09920 cron nanoslp 423 1 3 1 80 ffffd78012934720 inetd kqueue 317 1 3 0 80 ffffd78011fb82a0 sshd select 478 1 3 1 80 ffffd78011f05600 powerd kqueue 314 1 3 0 80 ffffd7801297cba0 syslogd kqueue 268 1 3 0 80 ffffd78011f151e0 dhcpcd kqueue 220 1 3 0 80 ffffd78011e26080 dhcpcd kqueue 1 1 3 0 80 ffffd78011bfdaa0 init wait 0 58 3 0 204 ffffd78011c10680 physiod physiod 0 57 3 0 204 ffffd78011c52ae0 aiodoned aiodoned 0 56 3 0 204 ffffd78011c526a0 pooldrain pooldrain 0 55 3 0 200 ffffd78011c52260 ioflush syncer 0 54 3 1 200 ffffd78011c10ac0 pgdaemon pgdaemon 0 51 3 0 200 ffffd78011c10240 npfgc-0 npfgccv 0 50 3 0 204 ffffd78011bfd660 rt_free rt_free 0 49 3 0 204 ffffd78011bfd220 unpgc unpgc 0 48 3 0 204 ffffd78011bf5a80 key_timehandler key_timehandler 0 47 3 1 204 ffffd78011bf5640 icmp6_wqinput/1 icmp6_wqinput 0 46 3 0 204 ffffd78011bf5200 icmp6_wqinput/0 icmp6_wqinput 0 45 3 0 204 ffffd78011b0ca60 nd6_timer nd6_timer 0 44 3 1 204 ffffd78011b0c620 carp6_wqinput/1 carp6_wqinput 0 43 3 0 204 ffffd78011b0c1e0 carp6_wqinput/0 carp6_wqinput 0 42 3 1 204 ffffd78011af7a40 carp_wqinput/1 carp_wqinput 0 41 3 0 204 ffffd78011af7600 carp_wqinput/0 carp_wqinput 0 40 3 1 204 ffffd78011af71c0 icmp_wqinput/1 icmp_wqinput 0 39 3 0 204 ffffd78011ae7a20 icmp_wqinput/0 icmp_wqinput 0 38 3 0 204 ffffd78011ae75e0 rt_timer rt_timer 0 37 3 1 204 ffffd78011ae4180 vmem_rehash vmem_rehash 0 27 3 0 204 ffffd7800f3c4580 scsibus0 sccomp 0 26 3 0 200 ffffd7800f3c4140 pms0 pmsreset 0 25 3 1 204 ffffd7800f3359a0 xcall/1 xcall 0 24 1 1 200 ffffd7800f335560 softser/1 0 23 1 1 200 ffffd7800f335120 softclk/1 0 22 1 1 200 ffffd7800f331980 softbio/1 0 21 1 1 200 ffffd7800f331540 softnet/1 0 20 1 1 201 ffffd7800f331100 idle/1 0 19 3 1 204 ffffd7800de52960 lnxpwrwq lnxpwrwq 0 18 3 1 204 ffffd7800de52520 lnxlngwq lnxlngwq 0 17 3 1 204 ffffd7800de520e0 lnxsyswq lnxsyswq 0 16 3 1 204 ffffd7800de4d940 lnxrcugc lnxrcugc 0 15 3 0 204 ffffd7800de4d500 sysmon smtaskq 0 14 3 0 204 ffffd7800de4d0c0 pmfsuspend pmfsuspend 0 13 3 1 204 ffffd7800de3e920 pmfevent pmfevent 0 12 3 0 204 ffffd7800de3e4e0 sopendfree sopendfr 0 11 3 0 204 ffffd7800de3e0a0 nfssilly nfssilly 0 10 3 0 200 ffffd7800de32900 cachegc cachegc 0 9 3 0 204 ffffd7800de324c0 vdrain vdrain 0 8 3 1 200 ffffd7800de32080 modunload mod_unld 0 7 3 0 204 ffffd7800de228e0 xcall/0 xcall 0 6 1 0 200 ffffd7800de224a0 softser/0 0 5 1 0 200 ffffd7800de22060 softclk/0 0 4 1 0 200 ffffd7800de1f8c0 softbio/0 0 3 1 0 200 ffffd7800de1f480 softnet/0 0 2 1 0 201 ffffd7800de1f040 idle/0 0 1 3 0 200 ffffffff82b669c0 swapper uvm [Locks tracked through LWPs] [Locks tracked through CPUs] PAGE FLAG PQ UOBJECT UANON 0xffffd78000014180 0048 00000000 0x0 0x0 0xffffd780000141f8 0048 00000000 0x0 0x0 0xffffd78000014270 0048 00000000 0x0 0x0 0xffffd780000142e8 0048 00000000 0x0 0x0 0xffffd78000014360 0048 00000000 0x0 0x0 0xffffd780000143d8 0048 00000000 0x0 0x0 0xffffd78000014450 0048 00000000 0x0 0x0 0xffffd780000144c8 0040 00000000 0x0 0x0 0xffffd78000014540 0040 00000000 0x0 0x0 0xffffd780000145b8 0040 00000000 0x0 0x0 0xffffd78000014630 0048 00000000 0x0 0x0 0xffffd780000146a8 0048 00000000 0x0 0x0 0xffffd78000014720 0048 00000000 0x0 0x0 0xffffd78000014798 0048 00000000 0x0 0x0 0xffffd78000014810 0048 00000000 0x0 0x0 0xffffd78000014888 0048 00000000 0x0 0x0 0xffffd78000014900 0048 00000000 0x0 0x0 0xffffd78000014978 0048 00000000 0x0 0x0 0xffffd780000149f0 0040 00000000 0x0 0x0 0xffffd78000014a68 0040 00000000 0x0 0x0 0xffffd78000014ae0 0040 00000000 0x0 0x0 0xffffd78000014b58 0040 00000000 0x0 0x0 0xffffd78000014bd0 0040 00000000 0x0 0x0 0xffffd78000014c48 0040 00000000 0x0 0x0 0xffffd78000014cc0 0048 00000000 0x0 0x0 0xffffd78000014d38 0048 00000000 0x0 0x0 0xffffd78000014db0 0048 00000000 0x0 0x0 0xffffd78000014e28 0048 00000000 0x0 0x0 0xffffd78000014ea0 0048 00000000 0x0 0x0 0xffffd78000014f18 0048 00000000 0x0 0x0 0xffffd78000014f90 0048 00000000 0x0 0x0 0xffffd78000015008 0048 00000000 0x0 0x0 0xffffd78000015080 0048 00000000 0x0 0x0 0xffffd780000150f8 0048 00000000 0x0 0x0 0xffffd78000015170 0048 00000000 0x0 0x0 0xffffd780000151e8 0048 00000000 0x0 0x0 0xffffd78000015260 0048 00000000 0x0 0x0 0xffffd780000152d8 0048 00000000 0x0 0x0 0xffffd78000015350 0048 00000000 0x0 0x0 0xffffd780000153c8 0048 00000000 0x0 0x0 0xffffd78000015440 0048 00000000 0x0 0x0 0xffffd780000154b8 0048 00000000 0x0 0x0 0xffffd78000015530 0048 00000000 0x0 0x0 0xffffd780000155a8 0048 00000000 0x0 0x0 0xffffd78000015620 0048 00000000 0x0 0x0 0xffffd78000015698 0048 00000000 0x0 0x0 0xffffd78000015710 0048 00000000 0x0 0x0 0xffffd78000015788 0048 00000000 0x0 0x0 0xffffd78000015800 0048 00000000 0x0 0x0 0xffffd78000015878 0048 00000000 0x0 0x0 0xffffd780000158f0 0048 00000000 0x0 0x0 0xffffd78000015968 0048 00000000 0x0 0x0 0xffffd780000159e0 0048 00000000 0x0 0x0 0xffffd78000015a58 0048 00000000 0x0 0x0 0xffffd78000015ad0 0048 00000000 0x0 0x0 0xffffd78000015b48 0048 00000000 0x0 0x0 0xffffd78000015bc0 0048 00000000 0x0 0x0 0xffffd78000015c38 0048 00000000 0x0 0x0 0xffffd78000015cb0 0048 00000000 0x0 0x0 0xffffd78000015d28 0048 00000000 0x0 0x0 0xffffd78000015da0 0048 00000000 0x0 0x0 0xffffd78000015e18 0048 00000000 0x0 0x0 0xffffd78000015e90 0048 00000000 0x0 0x0 0xffffd78000015f08 0048 00000000 0x0 0x0 0xffffd78000015f80 0048 00000000 0x0 0x0 0xffffd78000015ff8 0048 00000000 0x0 0x0 0xffffd78000016070 0048 00000000 0x0 0x0 0xffffd780000160e8 0040 00000000 0x0 0x0 0xffffd78000016160 0040 00000000 0x0 0x0 0xffffd780000161d8 0041 00000000 0x0 0x0 0xffffd78000016250 0048 00000000 0x0 0x0 0xffffd780000162c8 0048 00000000 0x0 0x0 0xffffd78000016340 0048 00000000 0x0 0x0 0xffffd780000163b8 0048 00000000 0x0 0x0 0xffffd78000016430 0040 00000000 0x0 0x0 0xffffd780000164a8 0041 00000000 0x0 0x0 0xffffd78000016520 0041 00000000 0x0 0x0 0xffffd78000016598 0041 00000000 0x0 0x0 0xffffd78000016610 0041 00000000 0x0 0x0 0xffffd78000016688 0048 00000000 0x0 0x0 0xffffd78000016700 0040 00000000 0x0 0x0 0xffffd78000016778 0040 00000000 0x0 0x0 0xffffd780000167f0 0048 00000000 0x0 0x0 0xffffd78000016868 0041 00000000 0x0 0x0 0xffffd780000168e0 0041 00000000 0x0 0x0 0xffffd78000016958 0048 00000000 0x0 0x0 0xffffd780000169d0 0041 00000000 0x0 0x0 0xffffd78000016a48 0048 00000000 0x0 0x0 0xffffd78000016ac0 0041 00000000 0x0 0x0 0xffffd78000016b38 0041 00000000 0x0 0x0 0xffffd78000016bb0 0041 00000000 0x0 0x0 0xffffd78000016c28 0048 00000000 0x0 0x0 0xffffd78000016ca0 0048 00000000 0x0 0x0 0xffffd78000016d18 0048 00000000 0x0 0x0 0xffffd78000016d90 0048 00000000 0x0 0x0 0xffffd78000016e08 0041 00000000 0x0 0x0 0xffffd78000016e80 0041 00000000 0x0 0x0 0xffffd78000016ef8 0041 00000000 0x0 0x0 0xffffd78000016f70 0041 00000000 0x0 0x0 0xffffd78000016fe8 0048 00000000 0x0 0x0 0xffffd78000017060 0048 00000000 0x0 0x0 0xffffd780000170d8 0048 00000000 0x0 0x0 0xffffd78000017150 0048 00000000 0x0 0x0 0xffffd780000171c8 0041 00000000 0x0 0x0 0xffffd78000017240 0048 00000000 0x0 0x0 0xffffd780000172b8 0048 00000000 0x0 0x0 0xffffd78000017330 0048 00000000 0x0 0x0 0xffffd780000173a8 0048 00000000 0x0 0x0 0xffffd78000017420 0048 00000000 0x0 0x0 0xffffd78000017498 0048 00000000 0x0 0x0 0xffffd78000017510 0048 00000000 0x0 0x0 0xffffd78000017588 0048 00000000 0x0 0x0 0xffffd78000017600 0048 00000000 0x0 0x0 0xffffd78000017678 0048 00000000 0x0 0x0 0xffffd780000176f0 0048 00000000 0x0 0x0 0xffffd78000017768 0048 00000000 0x0 0x0 0xffffd780000177e0 0048 00000000 0x0 0x0 0xffffd78000017858 0048 00000000 0x0 0x0 0xffffd780000178d0 0048 00000000 0x0 0x0 0xffffd78000017948 0048 00000000 0x0 0x0 0xffffd780000179c0 0048 00000000 0x0 0x0 0xffffd78000017a38 0048 00000000 0x0 0x0 0xffffd78000017ab0 0048 00000000 0x0 0x0 0xffffd78000017b28 0048 00000000 0x0 0x0 0xffffd78000017ba0 0048 00000000 0x0 0x0 0xffffd78000017c18 0048 00000000 0x0 0x0 0xffffd78000017c90 0048 00000000 0x0 0x0 0xffffd78000017d08 0048 00000000 0x0 0x0 0xffffd78000017d80 0048 00000000 0x0 0x0 0xffffd78000017df8 0048 00000000 0x0 0x0 0xffffd78000017e70 0048 00000000 0x0 0x0 0xffffd78000017ee8 0048 00000000 0x0 0x0 0xffffd78000017f60 0048 00000000 0x0 0x0 0xffffd78000017fd8 0048 00000000 0x0 0x0 0xffffd78000018050 0048 00000000 0x0 0x0 0xffffd780000180c8 0048 00000000 0x0 0x0 0xffffd78000018140 0048 00000000 0x0 0x0 0xffffd780000181b8 0048 00000000 0x0 0x0 0xffffd78000018230 0048 00000000