[ 1318.1706415] panic: ASan: Unauthorized Access In 0xffffffff809790dc: Addr 0xffffd70012be5ea0 [8 bytes, read, PoolUseAfterFree] [ 1318.1706415] cpu1: Begin traceback... [ 1318.1806290] vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:292 [ 1318.2206320] panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1088 [ 1318.2506345] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:169 [inline] [ 1318.2506345] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:201 [ 1318.2906305] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:371 [inline] [ 1318.2906305] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_check sys/kern/subr_asan.c:421 [inline] [ 1318.2906305] __asan_load8() at netbsd:__asan_load8+0xac sys/kern/subr_asan.c:1208 [ 1318.3206296] pmap_growkernel() at netbsd:pmap_growkernel+0x74f pmap_alloc_level sys/arch/x86/x86/pmap.c:5679 [inline] [ 1318.3206296] pmap_growkernel() at netbsd:pmap_growkernel+0x74f sys/arch/x86/x86/pmap.c:5791 [ 1318.3506305] uvm_map_prepare() at netbsd:uvm_map_prepare+0x7ed sys/uvm/uvm_map.c:1221 [ 1318.3806325] uvm_map() at netbsd:uvm_map+0x14d sys/uvm/uvm_map.c:1089 [ 1318.4106295] uvm_km_alloc() at netbsd:uvm_km_alloc+0x211 sys/uvm/uvm_km.c:636 [ 1318.4406286] pool_grow() at netbsd:pool_grow+0x173 pool_allocator_alloc sys/kern/subr_pool.c:2968 [inline] [ 1318.4406286] pool_grow() at netbsd:pool_grow+0x173 sys/kern/subr_pool.c:1417 [ 1318.4806310] pool_get() at netbsd:pool_get+0x952 pool_catchup sys/kern/subr_pool.c:1558 [inline] [ 1318.4806310] pool_get() at netbsd:pool_get+0x952 sys/kern/subr_pool.c:1244 [ 1318.5106295] allocbuf() at netbsd:allocbuf+0x167 buf_alloc sys/kern/vfs_bio.c:648 [inline] [ 1318.5106295] allocbuf() at netbsd:allocbuf+0x167 sys/kern/vfs_bio.c:1333 [ 1318.5406288] getblk() at netbsd:getblk+0x304 sys/kern/vfs_bio.c:1258 [ 1318.5706289] ffs_getblk() at netbsd:ffs_getblk+0x5b sys/ufs/ffs/ffs_subr.c:124 [ 1318.6006298] ffs_balloc() at netbsd:ffs_balloc+0x18f3 ffs_balloc_ufs2 sys/ufs/ffs/ffs_balloc.c:774 [inline] [ 1318.6006298] ffs_balloc() at netbsd:ffs_balloc+0x18f3 sys/ufs/ffs/ffs_balloc.c:99 [ 1318.6306296] ufs_mkdir() at netbsd:ufs_mkdir+0x8a0 sys/ufs/ufs/ufs_vnops.c:1331 [ 1318.6606304] VOP_MKDIR() at netbsd:VOP_MKDIR+0x12c sys/kern/vnode_if.c:1338 [ 1318.6906296] do_sys_mkdirat() at netbsd:do_sys_mkdirat+0x377 sys/kern/vfs_syscalls.c:4752 [ 1318.7306319] syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline] [ 1318.7306319] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline] [ 1318.7306319] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138 [ 1318.7406301] --- syscall (number 136) --- [ 1318.7506317] netbsd:syscall+0x25a: [ 1318.7506317] cpu1: End traceback... [ 1318.7506317] fatal breakpoint trap in supervisor mode [ 1318.7606294] trap type 1 code 0 rip 0xffffffff8023241d cs 0x8 rflags 0x286 cr2 0x7217d4fa5ff8 ilevel 0x6 rsp 0xffffd70248669e40 [ 1318.7706282] curlwp 0xffffd70013d44280 pid 1382.1382 lowest kstack 0xffffd702486632c0 Stopped in pid 1382.1382 (syz-executor.4) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69 vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:292 panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1088 kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:169 [inline] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:201 __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:371 [inline] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_check sys/kern/subr_asan.c:421 [inline] __asan_load8() at netbsd:__asan_load8+0xac sys/kern/subr_asan.c:1208 pmap_growkernel() at netbsd:pmap_growkernel+0x74f pmap_alloc_level sys/arch/x86/x86/pmap.c:5679 [inline] pmap_growkernel() at netbsd:pmap_growkernel+0x74f sys/arch/x86/x86/pmap.c:5791 uvm_map_prepare() at netbsd:uvm_map_prepare+0x7ed sys/uvm/uvm_map.c:1221 uvm_map() at netbsd:uvm_map+0x14d sys/uvm/uvm_map.c:1089 uvm_km_alloc() at netbsd:uvm_km_alloc+0x211 sys/uvm/uvm_km.c:636 pool_grow() at netbsd:pool_grow+0x173 pool_allocator_alloc sys/kern/subr_pool.c:2968 [inline] pool_grow() at netbsd:pool_grow+0x173 sys/kern/subr_pool.c:1417 pool_get() at netbsd:pool_get+0x952 pool_catchup sys/kern/subr_pool.c:1558 [inline] pool_get() at netbsd:pool_get+0x952 sys/kern/subr_pool.c:1244 allocbuf() at netbsd:allocbuf+0x167 buf_alloc sys/kern/vfs_bio.c:648 [inline] allocbuf() at netbsd:allocbuf+0x167 sys/kern/vfs_bio.c:1333 getblk() at netbsd:getblk+0x304 sys/kern/vfs_bio.c:1258 ffs_getblk() at netbsd:ffs_getblk+0x5b sys/ufs/ffs/ffs_subr.c:124 ffs_balloc() at netbsd:ffs_balloc+0x18f3 ffs_balloc_ufs2 sys/ufs/ffs/ffs_balloc.c:774 [inline] ffs_balloc() at netbsd:ffs_balloc+0x18f3 sys/ufs/ffs/ffs_balloc.c:99 ufs_mkdir() at netbsd:ufs_mkdir+0x8a0 sys/ufs/ufs/ufs_vnops.c:1331 VOP_MKDIR() at netbsd:VOP_MKDIR+0x12c sys/kern/vnode_if.c:1338 do_sys_mkdirat() at netbsd:do_sys_mkdirat+0x377 sys/kern/vfs_syscalls.c:4752 syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138 --- syscall (number 136) --- netbsd:syscall+0x25a: Panic string: ASan: Unauthorized Access In 0xffffffff809790dc: Addr 0xffffd70012be5ea0 [8 bytes, read, PoolUseAfterFree] PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 25780 26299 2 0 0 ffffd70013473940 syz-executor.0 25780 25171 3 0 180 ffffd7001345b480 syz-executor.0 parked 25780 25780 2 0 10040000 ffffd70013451780 syz-executor.0 1344 1344 3 0 40 ffffd70013365540 syz-executor.5 xclow 1207 1207 3 0 40 ffffd70013d642c0 syz-executor.1 xclow 1382 >1382 7 1 40 ffffd70013d44280 syz-executor.4 1201 1201 2 1 40 ffffd70013d2aac0 syz-executor.2 1383 1383 3 0 40 ffffd70013d2a680 syz-executor.3 biolock 1200 1200 2 0 140 ffffd70013d2a240 syz-executor.0 1130 19661 3 0 180 ffffd70012c96780 syz-execprog parked 1130 1358 2 1 100 ffffd700133be1c0 syz-execprog 1130 1384 3 1 180 ffffd70013d1fa80 syz-execprog wait 1130 1236 3 0 180 ffffd70013d1f640 syz-execprog wait 1130 449 3 1 180 ffffd70013d1f200 syz-execprog wait 1130 1247 3 1 180 ffffd70013d19a40 syz-execprog wait 1130 829 3 1 180 ffffd70013d19600 syz-execprog parked 1130 1243 3 1 180 ffffd70013d191c0 syz-execprog wait 1130 1244 3 1 180 ffffd70012b86100 syz-execprog parked 1130 929 3 1 180 ffffd700133f06c0 syz-execprog parked 1130 1120 3 0 180 ffffd700133f0280 syz-execprog parked 1130 990 3 1 180 ffffd70012cd8980 syz-execprog parked 1130 > 947 7 0 140 ffffd70012978ac0 syz-execprog 1130 1130 3 0 180 ffffd70012ae40c0 syz-execprog wait 1080 1080 3 0 180 ffffd70012ae4500 sshd select 1112 1112 3 0 180 ffffd700134a45c0 getty nanoslp 1225 1225 3 0 180 ffffd700134a4180 getty nanoslp 1223 1223 3 0 180 ffffd700133d6680 getty nanoslp 1082 1082 3 1 1c0 ffffd70013451bc0 getty ttyraw 1105 1105 3 0 180 ffffd700133be600 sshd select 1098 1098 3 1 180 ffffd70012d48300 powerd kqueue 811 811 3 0 180 ffffd7001343ab40 syslogd kqueue 605 605 3 0 180 ffffd70012c5db40 dhcpcd poll 559 559 3 0 180 ffffd70012cc50c0 dhcpcd poll 747 747 3 1 180 ffffd70012c5d700 dhcpcd poll 601 601 3 0 180 ffffd70012c96340 dhcpcd poll 292 292 3 0 180 ffffd70012db74c0 dhcpcd poll 485 485 3 0 180 ffffd70012db7080 dhcpcd poll 291 291 3 0 180 ffffd70012d9a8c0 dhcpcd poll 1 1 3 1 180 ffffd7001286d9c0 init wait 0 557 3 0 200 ffffd700129a3280 physiod physiod 0 196 3 1 200 ffffd700129a42c0 pooldrain pooldrain 0 195 3 1 200 ffffd700129a3b00 ioflush syncer 0 194 3 0 200 ffffd700129a36c0 pgdaemon pgdaemon 0 167 3 0 200 ffffd70012978680 usb7 usbevt 0 172 3 1 200 ffffd70012978240 usb6 usbevt 0 170 3 0 200 ffffd7001292ea80 usb5 usbevt 0 168 3 0 200 ffffd7001292e640 usb4 usbevt 0 166 3 0 200 ffffd7001292e200 usb3 usbevt 0 165 3 0 200 ffffd700128e1a40 usb2 usbevt 0 31 3 0 200 ffffd700128e1600 usb1 usbevt 0 63 3 0 200 ffffd700128e11c0 usb0 usbevt 0 126 3 1 200 ffffd7001287ea00 usbtask-dr usbtsk 0 125 3 1 200 ffffd7001287e5c0 usbtask-hc usbtsk 0 124 3 0 200 ffffd70010d77b00 swwreboot swwreboot 0 123 3 0 200 ffffd7001287e180 npfgc0 npfgcw 0 122 3 1 200 ffffd7001286d580 rt_free rt_free 0 121 3 1 200 ffffd7001286d140 unpgc unpgc 0 120 3 1 200 ffffd70012867980 key_timehandler key_timehandler 0 119 3 1 200 ffffd70012867540 icmp6_wqinput/1 icmp6_wqinput 0 118 3 0 200 ffffd70012867100 icmp6_wqinput/0 icmp6_wqinput 0 117 3 1 200 ffffd70012715940 nd6_timer nd6_timer 0 116 3 1 200 ffffd70012715500 carp6_wqinput/1 carp6_wqinput 0 115 3 0 200 ffffd700127150c0 carp6_wqinput/0 carp6_wqinput 0 114 3 1 200 ffffd70012706900 carp_wqinput/1 carp_wqinput 0 113 3 0 200 ffffd700127064c0 carp_wqinput/0 carp_wqinput 0 112 3 1 200 ffffd70012706080 icmp_wqinput/1 icmp_wqinput 0 111 3 0 200 ffffd700126ec8c0 icmp_wqinput/0 icmp_wqinput 0 110 3 0 200 ffffd700126ec040 rt_timer rt_timer 0 109 3 1 200 ffffd700126eb780 vmem_rehash vmem_rehash 0 100 3 1 200 ffffd700126e8300 entbutler entropy 0 99 3 1 200 ffffd700120beb40 viomb balloon 0 98 3 1 200 ffffd700120be700 vioif0_txrx/1 vioif0_txrx 0 97 3 0 200 ffffd700120be2c0 vioif0_txrx/0 vioif0_txrx 0 30 3 0 200 ffffd70010d776c0 scsibus0 sccomp 0 29 3 0 200 ffffd70010d77280 pms0 pmsreset 0 28 2 1 200 ffffd70010cbdac0 xcall/1 0 27 1 1 200 ffffd70010cbd680 softser/1 0 26 1 1 200 ffffd70010cbd240 softclk/1 0 25 1 1 200 ffffd70010cb9a80 softbio/1 0 24 1 1 200 ffffd70010cb9640 softnet/1 0 23 1 1 201 ffffd70010cb9200 idle/1 0 22 3 0 200 ffffd7000f756a40 lnxsyswq lnxsyswq 0 21 3 0 200 ffffd7000f756600 lnxubdwq lnxubdwq 0 20 3 0 200 ffffd7000f7561c0 lnxpwrwq lnxpwrwq 0 19 3 0 200 ffffd7000f755a00 lnxlngwq lnxlngwq 0 18 3 0 200 ffffd7000f7555c0 lnxhipwq lnxhipwq 0 17 3 0 200 ffffd7000f755180 lnxrcugc lnxrcugc 0 16 3 0 200 ffffd7000f74e9c0 sysmon smtaskq 0 15 3 0 200 ffffd7000f74e580 pmfsuspend pmfsuspend 0 14 3 0 200 ffffd7000f74e140 pmfevent pmfevent 0 13 3 0 200 ffffd7000f74b980 sopendfree sopendfr 0 12 3 1 200 ffffd7000f74b540 ifwdog ifwdog 0 11 3 1 200 ffffd7000f74b100 iflnkst iflnkst 0 10 3 0 200 ffffd7000f73e940 nfssilly nfssilly 0 9 3 0 200 ffffd7000f73e500 vdrain vdrain 0 8 3 1 200 ffffd7000f73e0c0 modunload mod_unld 0 7 3 0 200 ffffd7000f733900 xcall/0 xcall 0 6 1 0 200 ffffd7000f7334c0 softser/0 0 5 1 0 200 ffffd7000f733080 softclk/0 0 4 1 0 200 ffffd7000f7318c0 softbio/0 0 3 1 0 200 ffffd7000f731480 softnet/0 0 2 1 0 201 ffffd7000f731040 idle/0 0 0 3 0 200 ffffffff83343700 swapper uvm [Locks tracked through LWPs] ****** LWP 1382.1382 (syz-executor.4) @ 0xffffd70013d44280, l_stat=7 *** Locks held: * Lock 0 (initialized at netbsd:vcache_alloc+0x3e sys/kern/vfs_vnode.c:1376) lock address : ffffd70013d41c00 type : sleep/adaptive initialized : netbsd:vcache_alloc+0x3e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffd70013d44280 last held: 0xffffd70013d44280 last locked* : netbsd:genfs_lock+0x160 unlocked : netbsd:genfs_unlock+0x2a owner/count : 0xffffd70013d44280 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at netbsd:vcache_alloc+0x3e sys/kern/vfs_vnode.c:1376) lock address : ffffd700129cf540 type : sleep/adaptive initialized : netbsd:vcache_alloc+0x3e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffd70013d44280 last held: 0xffffd70013d44280 last locked* : netbsd:genfs_lock+0x160 unlocked : 0 owner/count : 0xffffd70013d44280 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 2 (initialized at netbsd:pool_init+0xa63 sys/kern/subr_pool.c:981) lock address : netbsd:bmempools+0xba0 type : sleep/adaptive initialized : netbsd:pool_init+0xa63 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffd70013d44280 last held: 0xffffd70013d44280 last locked* : netbsd:pool_get+0x142 unlocked : netbsd:pool_get+0x991 owner field : 0xffffd70013d44280 wait/spin: 0/0 Turnstile: no active turnstile for this lock. * Lock 3 (initialized at netbsd:uvm_map_setup+0x11c sys/uvm/uvm_map.c:4794) lock address : netbsd:kernel_map_store+0x8 type : sleep/adaptive initialized : netbsd:uvm_map_setup+0x11c shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffd70013d44280 last hel