login: [ 66.7893596] panic: ASan: Unauthorized Access In 0xffffffff81ce2651: Addr 0xffffa20013e5fd00 [8 bytes, read, PoolUseAfterFree] [ 66.8008406] cpu0: Begin traceback... [ 66.8093536] vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:288 [ 66.8393498] panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1084 [ 66.8693552] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:169 [inline] [ 66.8693552] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:201 [ 66.8993516] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:371 [inline] [ 66.8993516] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_check sys/kern/subr_asan.c:421 [inline] [ 66.8993516] __asan_load8() at netbsd:__asan_load8+0xac sys/kern/subr_asan.c:1208 [ 66.9193492] mount_domount() at netbsd:mount_domount+0x783 mount_checkdirs sys/kern/vfs_mount.c:744 [inline] [ 66.9193492] mount_domount() at netbsd:mount_domount+0x783 sys/kern/vfs_mount.c:898 [ 66.9393536] do_sys_mount() at netbsd:do_sys_mount+0x79d sys/kern/vfs_syscalls.c:616 [ 66.9593528] compat_40_sys_mount() at netbsd:compat_40_sys_mount+0xbd sys/compat/common/vfs_syscalls_40.c:88 [ 66.9793509] sys___syscall() at netbsd:sys___syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline] [ 66.9793509] sys___syscall() at netbsd:sys___syscall+0x10e sys/kern/sys_syscall.c:90 [ 66.9993498] syscall() at netbsd:syscall+0x246 sy_call sys/sys/syscallvar.h:65 [inline] [ 66.9993498] syscall() at netbsd:syscall+0x246 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 66.9993498] syscall() at netbsd:syscall+0x246 sys/arch/x86/x86/syscall.c:137 [ 66.9993498] --- syscall (number 21 via SYS_syscall) --- [ 67.0193479] netbsd:syscall+0x246: [ 67.0193479] cpu0: End traceback... [ 67.0193479] fatal breakpoint trap in supervisor mode [ 67.0308654] trap type 1 code 0 rip 0xffffffff8023240d cs 0x8 rflags 0x282 cr2 0x79c62e85a112 ilevel 0 rsp 0xffffa202486a48c0 [ 67.0435518] curlwp 0xffffa20012b8f140 pid 3279.3416 lowest kstack 0xffffa2024869d2c0 Stopped in pid 3279.3416 (syz-executor.5) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:71 vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:288 panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1084 kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:169 [inline] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:201 __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:371 [inline] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_check sys/kern/subr_asan.c:421 [inline] __asan_load8() at netbsd:__asan_load8+0xac sys/kern/subr_asan.c:1208 mount_domount() at netbsd:mount_domount+0x783 mount_checkdirs sys/kern/vfs_mount.c:744 [inline] mount_domount() at netbsd:mount_domount+0x783 sys/kern/vfs_mount.c:898 do_sys_mount() at netbsd:do_sys_mount+0x79d sys/kern/vfs_syscalls.c:616 compat_40_sys_mount() at netbsd:compat_40_sys_mount+0xbd sys/compat/common/vfs_syscalls_40.c:88 sys___syscall() at netbsd:sys___syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0x10e sys/kern/sys_syscall.c:90 syscall() at netbsd:syscall+0x246 sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x246 sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x246 sys/arch/x86/x86/syscall.c:137 --- syscall (number 21 via SYS_syscall) --- netbsd:syscall+0x246: Panic string: ASan: Unauthorized Access In 0xffffffff81ce2651: Addr 0xffffa20013e5fd00 [8 bytes, read, PoolUseAfterFree] PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 3295 3295 3 1 10000000 ffffa200134504c0 syz-executor.1 mutex 2373 2373 3 1 0 ffffa20013464980 syz-executor.3 mutex 3421 3421 2 0 140 ffffa200133c6b00 syz-executor.1 3537 3537 3 1 40000 ffffa20013e17b00 syz-executor.0 mutex 3279 > 3416 7 0 0 ffffa20012b8f140 syz-executor.5 3279 3279 2 0 10040000 ffffa200126d7740 syz-executor.5 2379 2379 3 1 40 ffffa20012d0f6c0 syz-executor.5 mutex 1229 2867 3 1 180 ffffa20012ca14c0 syz-execprog parked 1229 1207 3 1 0 ffffa20013e64740 syz-execprog mutex 1229 1321 3 0 180 ffffa20013e50b40 syz-execprog wait 1229 1211 3 1 180 ffffa20013e50700 syz-execprog parked 1229 990 3 0 180 ffffa20013dc7640 syz-execprog parked 1229 958 3 1 180 ffffa20013dbfa40 syz-execprog wait 1229 1244 3 1 180 ffffa20013dbf600 syz-execprog parked 1229 1243 3 0 180 ffffa20013dbf1c0 syz-execprog wait 1229 829 3 1 180 ffffa20012b74100 syz-execprog parked 1229 929 3 1 180 ffffa200133c66c0 syz-execprog parked 1229 1239 3 1 1c0 ffffa200133a5a80 syz-execprog parked 1229 1224 3 0 180 ffffa200133b0680 syz-execprog parked 1229 449 2 0 140 ffffa200133b0240 syz-execprog 1229 1229 3 0 180 ffffa20012b74540 syz-execprog wait 1080 1080 3 0 180 ffffa20012ac3500 sshd select 1132 1132 3 1 180 ffffa2001347f9c0 getty nanoslp 1225 1225 3 1 180 ffffa2001347f580 getty nanoslp 1184 1184 3 1 180 ffffa200134965c0 getty nanoslp 1195 1195 3 0 180 ffffa20013496180 getty ttyraw 817 817 3 0 180 ffffa200133a5200 sshd select 1088 1088 3 0 180 ffffa20012d1b700 powerd kqueue 700 700 3 0 180 ffffa2001341fb40 syslogd kqueue 746 746 3 0 180 ffffa20012c09ac0 dhcpcd poll 747 747 3 0 180 ffffa20012cb2500 dhcpcd poll 466 466 3 0 180 ffffa20012c1b6c0 dhcpcd poll 602 602 3 0 180 ffffa20012c7bbc0 dhcpcd poll 292 292 3 0 180 ffffa20012d90900 dhcpcd poll 485 485 3 0 180 ffffa20012d904c0 dhcpcd poll 291 291 3 1 180 ffffa20012d90080 dhcpcd poll 1 1 3 0 180 ffffa2001286e180 init wait 0 686 3 0 200 ffffa200129bf6c0 physiod physiod 0 196 3 1 200 ffffa200129c1700 pooldrain pooldrain 0 195 3 0 200 ffffa200129c12c0 ioflush syncer 0 194 3 0 200 ffffa200129bfb00 pgdaemon pgdaemon 0 167 3 0 200 ffffa20012976ac0 usb7 usbevt 0 172 3 0 200 ffffa20012976680 usb6 usbevt 0 170 3 0 200 ffffa20012976240 usb5 usbevt 0 168 3 0 200 ffffa2001291ea80 usb4 usbevt 0 166 3 0 200 ffffa2001291e640 usb3 usbevt 0 165 3 0 200 ffffa2001291e200 usb2 usbevt 0 31 3 0 200 ffffa200128caa40 usb1 usbevt 0 63 3 1 200 ffffa200128ca600 usb0 usbevt 0 126 3 1 200 ffffa200128ca1c0 usbtask-dr usbtsk 0 125 3 1 200 ffffa2001286ea00 usbtask-hc usbtsk 0 124 3 0 200 ffffa20010d66b00 swwreboot swwreboot 0 123 3 0 200 ffffa2001286e5c0 npfgc0 npfgcw 0 122 3 1 200 ffffa200128669c0 rt_free rt_free 0 121 3 1 200 ffffa20012866580 unpgc unpgc 0 120 3 0 200 ffffa20012866140 key_timehandler key_timehandler 0 119 3 1 200 ffffa20012703980 icmp6_wqinput/1 icmp6_wqinput 0 118 3 0 200 ffffa20012703540 icmp6_wqinput/0 icmp6_wqinput 0 117 3 0 200 ffffa20012703100 nd6_timer nd6_timer 0 116 3 1 200 ffffa200126fb940 carp6_wqinput/1 carp6_wqinput 0 115 3 0 200 ffffa200126fb500 carp6_wqinput/0 carp6_wqinput 0 114 3 1 200 ffffa200126fb0c0 carp_wqinput/1 carp_wqinput 0 113 3 0 200 ffffa200126ed900 carp_wqinput/0 carp_wqinput 0 112 3 1 200 ffffa200126ed4c0 icmp_wqinput/1 icmp_wqinput 0 111 3 0 200 ffffa200126ed080 icmp_wqinput/0 icmp_wqinput 0 110 3 0 200 ffffa200126da040 rt_timer rt_timer 0 109 3 0 200 ffffa200126da8c0 vmem_rehash vmem_rehash 0 100 3 0 200 ffffa200126d7300 entbutler entropy 0 99 3 1 200 ffffa200120bcb40 viomb balloon 0 98 3 1 200 ffffa200120bc700 vioif0_txrx/1 vioif0_txrx 0 97 3 0 200 ffffa200120bc2c0 vioif0_txrx/0 vioif0_txrx 0 30 3 0 200 ffffa20010d666c0 scsibus0 sccomp 0 29 3 0 200 ffffa20010d66280 pms0 pmsreset 0 28 3 1 200 ffffa20010cacac0 xcall/1 xcall 0 27 1 1 200 ffffa20010cac680 softser/1 0 26 1 1 200 ffffa20010cac240 softclk/1 0 25 1 1 200 ffffa20010ca8a80 softbio/1 0 24 1 1 200 ffffa20010ca8640 softnet/1 0 > 23 1 1