[ 101.3354082] panic: ASan: Unauthorized Access In 0xffffffff811d7ec7: Addr 0xffffd6801380f800 [1 byte, read, PoolUseAfterFree] [ 101.3469926] cpu0: Begin traceback... [ 101.3554333] vpanic() at netbsd:vpanic+0x267 sys/kern/subr_prf.c:336 [ 101.3654558] snprintf() at netbsd:snprintf [ 101.3654558] kasan_report() at netbsd:kasan_report+0x89 kasan_code_name sys/kern/subr_asan.c:178 [inline] [ 101.3654558] kasan_report() at netbsd:kasan_report+0x89 sys/kern/subr_asan.c:194 [ 101.3654558] __asan_load1_noabort() at netbsd:__asan_load1_noabort [ 101.3654558] psref_release() at netbsd:psref_release+0x1da sys/kern/subr_psref.c:390 [ 101.3654558] doifioctl() at netbsd:doifioctl+0xfb4 x86_curlwp sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:67 [inline] [ 101.3654558] doifioctl() at netbsd:doifioctl+0xfb4 curlwp_bindx sys/sys/lwp.h:552 [inline] [ 101.3654558] doifioctl() at netbsd:doifioctl+0xfb4 sys/net/if.c:3367 [ 101.3654558] soo_ioctl() at netbsd:soo_ioctl+0x420 sys/kern/sys_socket.c:212 [ 101.3654558] sys_ioctl() at netbsd:sys_ioctl+0x51f sys/kern/sys_generic.c:671 [ 101.3654558] syscall() at netbsd:syscall+0x3ac sy_call sys/sys/syscallvar.h:65 [inline] [ 101.3654558] syscall() at netbsd:syscall+0x3ac sy_invoke sys/sys/syscallvar.h:94 [inline] [ 101.3654558] syscall() at netbsd:syscall+0x3ac sys/arch/x86/x86/syscall.c:138 [ 101.3654558] --- syscall (number 54) --- [ 101.3654558] 788aa699538a: [ 101.3654558] cpu0: End traceback... [ 101.3654558] fatal breakpoint trap in supervisor mode [ 101.3654558] trap type 1 code 0 rip 0xffffffff8021ccdd cs 0x8 rflags 0x246 cr2 0x73732ef57160 ilevel 0x8 rsp 0xffffd6816ec7b680 [ 101.3654558] curlwp 0xffffd68012a42300 pid 247.1 lowest kstack 0xffffd6816ec742c0 Stopped in pid 247.1 (dhcpcd) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xf9 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x267 sys/kern/subr_prf.c:336 snprintf() at netbsd:snprintf kasan_report() at netbsd:kasan_report+0x89 kasan_code_name sys/kern/subr_asan.c:178 [inline] kasan_report() at netbsd:kasan_report+0x89 sys/kern/subr_asan.c:194 __asan_load1_noabort() at netbsd:__asan_load1_noabort psref_release() at netbsd:psref_release+0x1da sys/kern/subr_psref.c:390 doifioctl() at netbsd:doifioctl+0xfb4 x86_curlwp sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/cpu.h:67 [inline] doifioctl() at netbsd:doifioctl+0xfb4 curlwp_bindx sys/sys/lwp.h:552 [inline] doifioctl() at netbsd:doifioctl+0xfb4 sys/net/if.c:3367 soo_ioctl() at netbsd:soo_ioctl+0x420 sys/kern/sys_socket.c:212 sys_ioctl() at netbsd:sys_ioctl+0x51f sys/kern/sys_generic.c:671 syscall() at netbsd:syscall+0x3ac sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x3ac sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x3ac sys/arch/x86/x86/syscall.c:138 --- syscall (number 54) --- 788aa699538a: ds 0 es 0 fs 536a gs abf7 rdi ffffd6800d926458 rsi ffffd68012a425e8 rbp ffffd6816ec7b680 rbx ffffffff828100c0 cpu_info_primary rdx 2 rcx ffffffff80ce6a5b db_panic+0xe5 rax 0 r8 4 r9 ffffffff82a97dc3 db_onpanic+0x3 r10 1ffffffff0552fb8 r11 8000000000 r12 ffffd6816d8a4000 r13 ffffffff82407c18 ostype+0x49838 r14 ffffd6816ec7b710 r15 ffffd6816d892058 rip ffffffff8021ccdd breakpoint+0x5 cs 8 rflags 246 rsp ffffd6816ec7b680 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 1786 1 2 1 0 ffffd6801386d5a0 syz-executor.1 1711 2 3 0 80 ffffd680137850a0 syz-executor.0 parked 1711 1 2 0 0 ffffd68013754900 syz-executor.0 1095 1 2 1 0 ffffd6801389fa20 syz-executor.4 1802 2 3 0 80 ffffd680138a9600 syz-executor.2 parked 1802 1 2 1 0 ffffd680137dc940 syz-executor.2 338 1 2 0 0 ffffd680136f14a0 syz-executor.1 597 1 2 1 0 ffffd680136c2bc0 syz-executor.2 390 1 2 0 0 ffffd680136c2780 syz-executor.0 41 1 2 1 0 ffffd68011f78240 syz-executor.3 618 11 3 0 80 ffffd680136d88c0 syz-execprog parked 618 10 3 0 80 ffffd68012a22b60 syz-execprog parked 618 9 3 0 80 ffffd68011fe1260 syz-execprog parked 618 8 3 1 80 ffffd680136c2340 syz-execprog parked 618 7 3 0 80 ffffd68012a59ba0 syz-execprog parked 618 6 2 1 0 ffffd68012a42b80 syz-execprog 618 5 3 0 80 ffffd68012a59760 syz-execprog parked 618 4 3 0 80 ffffd68012a222e0 syz-execprog parked 618 3 3 1 80 ffffd68011fe16a0 syz-execprog parked 618 > 2 7 1 0 ffffd68011f78ac0 syz-execprog 618 1 3 1 80 ffffd68011fe1ae0 syz-execprog parked 566 1 3 0 80 ffffd68012a59320 sshd select 527 1 3 1 80 ffffd68012048280 getty nanoslp 564 1 3 1 80 ffffd68012a42740 getty nanoslp 572 1 3 0 80 ffffd68011f78680 getty nanoslp 421 1 3 0 80 ffffd68011f4c200 getty ttyraw 538 1 3 0 80 ffffd680129f7b40 cron nanoslp 539 1 3 0 80 ffffd680129f7700 inetd kqueue 317 1 3 0 80 ffffd680120ad2a0 sshd select 479 1 3 1 80 ffffd680120ad6e0 powerd kqueue 195 1 3 1 80 ffffd680129f72c0 syslogd kqueue 247 > 1 7 0 0 ffffd68012a42300 dhcpcd 228 1 2 0 0 ffffd680120adb20 dhcpcd 1 1 3 0 80 ffffd68011f03a60 init wait 0 58 3 0 204 ffffd68011f4c640 physiod physiod 0 57 3 1 204 ffffd68011f4f220 pooldrain pooldrain 0 56 3 0 204 ffffd68011f4faa0 aiodoned aiodoned 0 55 3 0 200 ffffd68011f4f660 ioflush syncer 0 54 3 1 200 ffffd68011f4ca80 pgdaemon pgdaemon 0 51 3 0 200 ffffd6800f6cb9c0 npfgc-0 npfgccv 0 50 3 0 204 ffffd68011f03620 rt_free rt_free 0 49 3 0 204 ffffd68011f031e0 unpgc unpgc 0 48 3 1 204 ffffd68011efca40 key_timehandler key_timehandler 0 47 3 1 204 ffffd68011efc600 icmp6_wqinput/1 icmp6_wqinput 0 46 3 0 204 ffffd68011efc1c0 icmp6_wqinput/0 icmp6_wqinput 0 45 3 0 204 ffffd68011daba20 nd6_timer nd6_timer 0 44 3 1 204 ffffd68011da9160 carp6_wqinput/1 carp6_wqinput 0 43 3 0 204 ffffd68011da95a0 carp6_wqinput/0 carp6_wqinput 0 42 3 1 204 ffffd68011da99e0 carp_wqinput/1 carp_wqinput 0 41 3 0 204 ffffd68011daa180 carp_wqinput/0 carp_wqinput 0 40 3 1 204 ffffd68011daa5c0 icmp_wqinput/1 icmp_wqinput 0 39 3 0 204 ffffd68011daaa00 icmp_wqinput/0 icmp_wqinput 0 38 3 0 204 ffffd68011dab1a0 rt_timer rt_timer 0 37 3 0 204 ffffd68011dab5e0 vmem_rehash vmem_rehash 0 27 3 0 204 ffffd6800f6cb580 scsibus0 sccomp 0 26 3 0 200 ffffd6800f6cb140 pms0 pmsreset 0 25 3 1 204 ffffd6800f6a49a0 xcall/1 xcall 0 24 1 1 200 ffffd6800f6a4560 softser/1 0 23 1 1 200 ffffd6800f6a4120 softclk/1 0 22 1 1 200 ffffd6800f6a1980 softbio/1 0 21 1 1 200 ffffd6800f6a1540 softnet/1 0 20 1 1 201 ffffd6800f6a1100 idle/1 0 19 3 0 204 ffffd6800de59960 lnxpwrwq lnxpwrwq 0 18 3 0 204 ffffd6800de59520 lnxlngwq lnxlngwq 0 17 3 0 204 ffffd6800de590e0 lnxsyswq lnxsyswq 0 16 3 0 204 ffffd6800de53940 lnxrcugc lnxrcugc 0 15 3 0 204 ffffd6800de53500 sysmon smtaskq 0 14 3 0 204 ffffd6800de530c0 pmfsuspend pmfsuspend 0 13 3 0 204 ffffd6800de49920 pmfevent pmfevent 0 12 3 0 204 ffffd6800de494e0 sopendfree sopendfr 0 11 3 0 204 ffffd6800de490a0 nfssilly nfssilly 0 10 3 0 200 ffffd6800de40900 cachegc cachegc 0 9 2 0 200 ffffd6800de404c0 vdrain 0 8 3 0 200 ffffd6800de40080 modunload mod_unld 0 7 3 0 204 ffffd6800de318e0 xcall/0 xcall 0 6 1 0 200 ffffd6800de314a0 softser/0 0 5 1 0 200 ffffd6800de31060 softclk/0 0 4 1 0 200 ffffd6800de2c8c0 softbio/0 0 3 1 0 200 ffffd6800de2c480 softnet/0 0 2 1 0 201 ffffd6800de2c040 idle/0 0 1 3 1 200 ffffffff82b5f740 swapper uvm [Locks tracked through LWPs] [Locks tracked through CPUs] PAGE FLAG PQ UOBJECT UANON 0xffffd68000014180 0048 0000 0x0 0x0 0xffffd680000141f8 0048 0000 0x0 0x0 0xffffd68000014270 0048 0000 0x0 0x0 0xffffd680000142e8 0048 0000 0x0 0x0 0xffffd68000014360 0048 0000 0x0 0x0 0xffffd680000143d8 0048 0000 0x0 0x0 0xffffd68000014450 0040 0000 0x0 0x0 0xffffd680000144c8 0048 0000 0x0 0x0 0xffffd68000014540 0040 0000 0x0 0x0 0xffffd680000145b8 0040 0000 0x0 0x0 0xffffd68000014630 0040 0000 0x0 0x0 0xffffd680000146a8 0040 0000 0x0 0x0 0xffffd68000014720 0040 0000 0x0 0x0 0xffffd68000014798 0048 0000 0x0 0x0 0xffffd68000014810 0048 0000 0x0 0x0 0xffffd68000014888 0040 0000 0x0 0x0 0xffffd68000014900 0048 0000 0x0 0x0 0xffffd68000014978 0048 0000 0x0 0x0 0xffffd680000149f0 0048 0000 0x0 0x0 0xffffd68000014a68 0048 0000 0x0 0x0 0xffffd68000014ae0 0048 0000 0x0 0x0 0xffffd68000014b58 0040 0000 0x0 0x0 0xffffd68000014bd0 0048 0000 0x0 0x0 0xffffd68000014c48 0048 0000 0x0 0x0 0xffffd68000014cc0 0048 0000 0x0 0x0 0xffffd68000014d38 0048 0000 0x0 0x0 0xffffd68000014db0 0048 0000 0x0 0x0 0xffffd68000014e28 0048 0000 0x0 0x0 0xffffd68000014ea0 0048 0000 0x0 0x0 0xffffd68000014f18 0048 0000 0x0 0x0 0xffffd68000014f90 0040 0000 0x0 0x0 0xffffd68000015008 0048 0000 0x0 0x0 0xffffd68000015080 0048 0000 0x0 0x0 0xffffd680000150f8 0048 0000 0x0 0x0 0xffffd68000015170 0048 0000 0x0 0x0 0xffffd680000151e8 0048 0000 0x0 0x0 0xffffd68000015260 0048 0000 0x0 0x0 0xffffd680000152d8 0048 0000 0x0 0x0 0xffffd68000015350 0048 0000 0x0 0x0 0xffffd680000153c8 0048 0000 0x0 0x0 0xffffd68000015440 0048 0000 0x0 0x0 0xffffd680000154b8 0048 0000 0x0 0x0 0xffffd68000015530 0048 0000 0x0 0x0 0xffffd680000155a8 0048 0000 0x0 0x0 0xffffd68000015620 0048 0000 0x0 0x0 0xffffd68000015698 0048 0000 0x0 0x0 0xffffd68000015710 0048 0000 0x0 0x0 0xffffd68000015788 0048 0000 0x0 0x0 0xffffd68000015800 0048 0000 0x0 0x0 0xffffd68000015878 0048 0000 0x0 0x0 0xffffd680000158f0 0048 0000 0x0 0x0 0xffffd68000015968 0048 0000 0x0 0x0 0xffffd680000159e0 0048 0000 0x0 0x0 0xffffd68000015a58 0048 0000 0x0 0x0 0xffffd68000015ad0 0