[ 91.1787415] panic: ASan: Unauthorized Access In 0xffffffff8118bc9d: Addr 0xffff9d8013ecf550 [8 bytes, read, PoolUseAfterFree] [ 91.1919262] cpu0: Begin traceback... [ 91.1987573] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 91.2288199] snprintf() at netbsd:snprintf [ 91.2588734] kasan_report() at netbsd:kasan_report+0x98 kasan_code_name sys/kern/subr_asan.c:186 [inline] [ 91.2588734] kasan_report() at netbsd:kasan_report+0x98 sys/kern/subr_asan.c:196 [ 91.2989484] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:346 [inline] [ 91.2989484] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:360 [inline] [ 91.2989484] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:412 [inline] [ 91.2989484] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1182 [ 91.3290141] fixjobc() at netbsd:fixjobc+0xfb sys/kern/kern_proc.c:1197 [ 91.3590633] exit1() at netbsd:exit1+0x4b2 sys/kern/kern_exit.c:420 [ 91.3891230] sys_exit() at netbsd:sys_exit+0x77 sys/kern/kern_exit.c:180 [ 91.4191783] syscall() at netbsd:syscall+0x57e sy_call sys/sys/syscallvar.h:65 [inline] [ 91.4191783] syscall() at netbsd:syscall+0x57e sy_invoke sys/sys/syscallvar.h:94 [inline] [ 91.4191783] syscall() at netbsd:syscall+0x57e sys/arch/x86/x86/syscall.c:138 [ 91.4292003] --- syscall (number 1) --- [ 91.4392155] 76c67c399a6a: [ 91.4494661] cpu0: End traceback... [ 91.4494661] fatal breakpoint trap in supervisor mode [ 91.4494661] trap type 1 code 0 rip 0xffffffff8021e4b5 cs 0x8 rflags 0x246 cr2 0x76c67cd51ff8 ilevel 0 rsp 0xffff9d817e92fac0 [ 91.4692495] curlwp 0xffff9d80116a16c0 pid 900.1 lowest kstack 0xffff9d817e9282c0 Stopped in pid 900.1 (syz-executor4114) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xe9 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 snprintf() at netbsd:snprintf kasan_report() at netbsd:kasan_report+0x98 kasan_code_name sys/kern/subr_asan.c:186 [inline] kasan_report() at netbsd:kasan_report+0x98 sys/kern/subr_asan.c:196 __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:346 [inline] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:360 [inline] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:412 [inline] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1182 fixjobc() at netbsd:fixjobc+0xfb sys/kern/kern_proc.c:1197 exit1() at netbsd:exit1+0x4b2 sys/kern/kern_exit.c:420 sys_exit() at netbsd:sys_exit+0x77 sys/kern/kern_exit.c:180 syscall() at netbsd:syscall+0x57e sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x57e sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x57e sys/arch/x86/x86/syscall.c:138 --- syscall (number 1) --- 76c67c399a6a: ds e6ac es 7953 fs faa0 gs faf0 rdi ffff9d800d92d488 rsi ffff9d80116a1978 rbp ffff9d817e92fac0 rbx ffffffff82810480 cpu_info_primary rdx 2 rcx ffffffff80d14fa1 db_panic+0xd5 rax 0 r8 4 r9 1ffffffff0554bfc r10 ffffffff82aa5fe3 db_onpanic+0x3 r11 10 r12 ffff9d816d8a4000 r13 ffffffff82440be8 ostype+0x4e268 r14 ffff9d817e92fb50 r15 ffff9d816d893068 rip ffffffff8021e4b5 breakpoint+0x5 cs 8 rflags 246 rsp ffff9d817e92fac0 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 577 2 2 1 1000000 ffff9d8011f9b700 syz-executor4114 946 3 2 1 0 ffff9d8013ef6a80 syz-executor4114 946 2 2 1 0 ffff9d8013d18600 syz-executor4114 946 1 2 0 0 ffff9d8013cc50c0 syz-executor4114 1043 1 2 1 10000000 ffff9d8012057480 syz-executor4114 1006 2 3 0 80 ffff9d8013ef6640 syz-executor4114 parked 1036 2 3 1 80 ffff9d8013ef6200 syz-executor4114 parked 804 2 3 1 80 ffff9d8013cfb180 syz-executor4114 parked 804 1 2 0 0 ffff9d8012023300 syz-executor4114 1132 2 3 1 80 ffff9d8011c8cb80 syz-executor4114 parked 956 2 2 0 0 ffff9d8013db4780 syz-executor4114 956 1 2 0 10000000 ffff9d8012cb22c0 syz-executor4114 1151 1 2 0 10000000 ffff9d8013dc4480 syz-executor4114 616 3 3 1 80 ffff9d8013eda1c0 syz-executor4114 parked 963 2 3 0 40080 ffff9d8012c98ac0 syz-executor4114 parked 900 > 1 7 0 10040000 ffff9d80116a16c0 syz-executor4114 566 2 3 0 40080 ffff9d8013ecb180 syz-executor4114 parked 883 2 3 1 40080 ffff9d8012c79a00 syz-executor4114 parked 953 2 3 0 40080 ffff9d8012bd02c0 syz-executor4114 parked 819 3 3 1 40080 ffff9d8012c514c0 syz-executor4114 parked 675 3 3 1 40080 ffff9d8012c5c0c0 syz-executor4114 parked 361 2 3 0 40080 ffff9d8012c5c500 syz-executor4114 parked 482 2 3 1 80 ffff9d8013e4e100 syz-executor4114 parked 793 2 3 0 80 ffff9d8012063900 syz-executor4114 parked 794 2 3 0 80 ffff9d8013d83b40 syz-executor4114 parked 988 2 3 1 80 ffff9d8012063080 syz-executor4114 parked 784 3 3 1 80 ffff9d80120bf180 syz-executor4114 parked 394 2 3 0 80 ffff9d801211b280 syz-executor4114 parked 647 2 3 0 80 ffff9d801212c2c0 syz-executor4114 parked 823 2 3 0 80 ffff9d8013d46680 syz-executor4114 parked 571 2 3 0 80 ffff9d8013cc5940 syz-executor4114 parked 762 2 3 0 80 ffff9d8013cc5500 syz-executor4114 parked 752 2 3 1 80 ffff9d8011f9b2c0 syz-executor4114 parked 679 3 3 0 80 ffff9d8011efc1c0 syz-executor4114 parked 555 2 3 1 80 ffff9d8013ccc540 syz-executor4114 parked 671 3 3 1 80 ffff9d8012ca6280 syz-executor4114 parked 856 2 3 1 80 ffff9d8011f2fa80 syz-executor4114 parked 533 2 3 0 80 ffff9d8013db4340 syz-executor4114 parked 843 2 3 1 80 ffff9d80135b8300 syz-executor4114 parked 130 3 3 1 80 ffff9d80121a1580 syz-executor4114 parked 595 3 3 0 80 ffff9d8012141300 syz-executor4114 parked 192 2 3 1 80 ffff9d8013d832c0 syz-executor4114 parked 760 2 3 1 80 ffff9d8011f79b00 syz-executor4114 parked 664 2 3 1 80 ffff9d8013d5eb00 syz-executor4114 parked 580 2 3 0 80 ffff9d8013d5e6c0 syz-executor4114 parked 478 2 3 1 80 ffff9d80120760c0 syz-executor4114 parked 668 2 3 0 80 ffff9d80120ffa80 syz-executor4114 parked 374 2 3 1 80 ffff9d8013d3f640 syz-executor4114 parked 592 2 3 1 80 ffff9d8012087100 syz-executor4114 parked 684 2 3 0 80 ffff9d801202e780 syz-executor4114 parked 298 2 3 1 80 ffff9d801202e340 syz-executor4114 parked 168 2 3 1 80 ffff9d8013cfba00 syz-executor4114 parked 453 2 3 0 80 ffff9d8012cb2700 syz-executor4114 parked 162 3 3 1 80 ffff9d8012ca6b00 syz-executor4114 parked 96 3 3 0 80 ffff9d8011efca40 syz-executor4114 parked 626 2 3 0 80 ffff9d80116a1280 syz-executor4114 parked 500 2 3 0 80 ffff9d8013cd69c0 syz-executor4114 parked 636 2 3 0 80 ffff9d8013cd6580 syz-executor4114 parked 484 1 2 1 0 ffff9d8013c5bbc0 syz-executor4114 483 1 3 1 0 ffff9d8013c5b340 syz-executor4114 tstile 601 1 2 1 0 ffff9d8012ba7b00 syz-executor4114 446 1 2 1 0 ffff9d8012ba76c0 syz-executor4114 607 > 1 7 1 0 ffff9d8012bdab80 syz-executor4114 45 1 3 1 0 ffff9d8012ca66c0 syz-executor4114 tstile 558 1 3 0 80 ffff9d8011efc600 syz-executor4114 nanoslp 41 1 3 1 80 ffff9d80116a1b00 sshd select 495 1 3 0 80 ffff9d8012c84a40 getty nanoslp 507 1 3 1 80 ffff9d8012c84600 getty nanoslp 381 1 3 1 80 ffff9d8012b87680 getty nanoslp 570 1 3 0 80 ffff9d8012c79180 getty ttyraw 455 1 3 0 80 ffff9d8012227a80 cron nanoslp 469 1 3 1 80 ffff9d8012c028c0 inetd kqueue 421 1 3 0 80 ffff9d80121b6a00 sshd select 491 1 3 0 80 ffff9d8012141b80 powerd kqueue 202 1 3 1 80 ffff9d8012bd0700 syslogd kqueue 278 1 3 0 80 ffff9d8012152780 dhcpcd kqueue 230 1 3 1 80 ffff9d80120578c0 dhcpcd kqueue 1 1 3 0 80 ffff9d8011e2d540 init wait 0 29 3 0 204 ffff9d8011e84140 physiod physiod 0 48 3 0 204 ffff9d8011e86180 pooldrain pooldrain 0 47 3 0 200 ffff9d8011e849c0 ioflush syncer 0 46 3 1 200 ffff9d8011e84580 pgdaemon pgdaemon 0 44 3 0 200 ffff9d8011e2d980 npfgc-0 npfgccv 0 43 3 1 204 ffff9d8011e2d100 rt_free rt_free 0 42 3 1 204 ffff9d8011e25940 unpgc unpgc 0 41 3 1 204 ffff9d8011e25500 key_timehandler key_timehandler 0 40 3 1 204 ffff9d8011e250c0 icmp6_wqinput/1 icmp6_wqinput 0 39 3 0 204 ffff9d8011e1b900 icmp6_wqinput/0 icmp6_wqinput 0 38 3 0 204 ffff9d8011e1b4c0 nd6_timer nd6_timer 0 37 3 1 204 ffff9d8011e1b080 carp6_wqinput/1 carp6_wqinput 0 36 3 0 204 ffff9d8011e168c0 carp6_wqinput/0 carp6_wqinput 0 35 3 1 204 ffff9d8011e16480 carp_wqinput/1 carp_wqinput 0 34 3 0 204 ffff9d8011e16040 carp_wqinput/0 carp_wqinput 0 33 3 1 204 ffff9d8011c9bbc0 icmp_wqinput/1 icmp_wqinput 0 32 3 0 204 ffff9d8011c9b780 icmp_wqinput/0 icmp_wqinput 0 31 3 0 204 ffff9d8011c9b340 rt_timer rt_timer 0 30 2 0 200 ffff9d8011c8c300 vmem_rehash 0 28 3 0 204 ffff9d800f35dac0 scsibus0 sccomp 0 27 3 0 200 ffff9d800f35d680 pms0 pmsreset 0 26 3 1 204 ffff9d800f35d240 xcall/1 xcall 0 25 1 1 200 ffff9d800f35ca80 softser/1 0 24 1 1 200 ffff9d800f35c640 softclk/1 0 23 1 1 200 ffff9d800f35c200 softbio/1 0 22 1 1 200 ffff9d800f26ea40 softnet/1 0 21 1 1 201 ffff9d800f26e600 idle/1 0 20 3 1 204 ffff9d800f26e1c0 lnxpwrwq lnxpwrwq 0 19 3 1 204 ffff9d800f26ca00 lnxlngwq lnxlngwq 0 18 3 0 204 ffff9d800f26c5c0 lnxsyswq lnxsyswq 0 17 3 1 204 ffff9d800f26c180 lnxrcugc lnxrcugc 0 16 3 0 204 ffff9d800de4f9c0 sysmon smtaskq 0 15 3 0 204 ffff9d800de4f580 pmfsuspend pmfsuspend 0 14 3 1 204 ffff9d800de4f140 pmfevent pmfevent 0 13 3 0 204 ffff9d800de40980 sopendfree sopendfr 0 12 3 1 204 ffff9d800de40540 iflnkst iflnkst 0 11 3 0 204 ffff9d800de40100 nfssilly nfssilly 0 10 3 0 200 ffff9d800de34940 cachegc cachegc 0 9 3 0 204 ffff9d800de34500 vdrain vdrain 0 8 3 0 200 ffff9d800de340c0 modunload mod_unld 0 7 3 0 204 ffff9d800de24900 xcall/0 xcall 0 6 1 0 200 ffff9d800de244c0 softser/0 0 5 1 0 200 ffff9d800de24080 softclk/0 0 4 1 0 200 ffff9d800de218c0 softbio/0 0 3 1 0 200 ffff9d800de21480 softnet/0 0 2 1 0 201 ffff9d800de21040 idle/0 0 1 3 1 200 ffffffff82b6efc0 swapper uvm [Locks tracked through LWPs] ****** LWP 577.2 (syz-executor4114) @ 0xffff9d8011f9b700, l_stat=2 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff82d90240 type : sleep/adaptive initialized : 0xffffffff8117f252 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffff9d8011f9b700 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 1043.1 (syz-executor4114) @ 0xffff9d8012057480, l_stat=2 *** Locks held: * Lock 0 (initialized at fork1) lock address : 0xffff9d8011f75e90 type : sleep/adaptive initialized : 0xffffffff81166c81 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffff9d8012057480 last held: 0xffff9d8012057480 last locked* : 0xffffffff811632a9 unlocked : 000000000000000000 owner/count : 0xffff9d8012057480 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at uvm_obj_init) lock address : 0xffff9d8011c6b540 type : sleep/adaptive initialized : 0xffffffff8110ca30 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffff9d8012057480 last held: 0xffff9d8012057480 last locked* : 0xffffffff81100a0b unlocked : 0xffffffff81100a90 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. * Lock 2 (initialized at pmap_ctor) lock address : 0xffff9d8012c69980 type : sleep/adaptive initialized : 0xffffffff802772c1 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffff9d8012057480 last held: 0xffff9d8012057480 last locked* : 0xffffffff8027793e unlocked : 0xffffffff80277bd5 [ 91.4766322] Skipping crash dump on recursive panic [ 91.4766322] panic: ASan: Unauthorized Access In 0xffffffff8117fe00: Addr 0xffff9d8012c69980 [8 bytes, read, PoolUseAfterFree] [ 91.4766322] cpu0: Begin traceback... [ 91.4766322] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 91.4766322] snprintf() at netbsd:snprintf [ 91.4766322] kasan_report() at netbsd:kasan_report+0x98 kasan_code_name sys/kern/subr_asan.c:186 [inline] [ 91.4766322] kasan_report() at netbsd:kasan_report+0x98 sys/kern/subr_asan.c:196 [ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:346 [inline] [ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:360 [inline] [ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:412 [inline] [ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1182 [ 91.4766322] mutex_dump() at netbsd:mutex_dump+0x20 sys/kern/kern_mutex.c:313 [ 91.4766322] lockdebug_dump() at netbsd:lockdebug_dump+0x28d sys/kern/subr_lockdebug.c:787 [ 91.4766322] lockdebug_show_one() at netbsd:lockdebug_show_one+0xca sys/kern/subr_lockdebug.c:864 [ 91.4766322] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x303 lockdebug_show_all_locks_lwp sys/kern/subr_lockdebug.c:900 [inline] [ 91.4766322] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x303 sys/kern/subr_lockdebug.c:962 [ 91.4766322] db_command() at netbsd:db_command+0x2c0 sys/ddb/db_command.c:942 [ 91.4766322] db_command_loop() at netbsd:db_command_loop+0x26c db_execute_commandlist sys/ddb/db_command.c:439 [inline] [ 91.4766322] db_command_loop() at netbsd:db_command_loop+0x26c sys/ddb/db_command.c:589 [ 91.4766322] db_trap() at netbsd:db_trap+0x219 sys/ddb/db_trap.c:94 [ 91.4766322] kdb_trap() at netbsd:kdb_trap+0x1ce sys/arch/amd64/amd64/db_interface.c:248 [ 91.4766322] trap() at netbsd:trap+0x66a sys/arch/amd64/amd64/trap.c:313 [ 91.4766322] --- trap (number 1) --- [ 91.4766322] breakpoint() at netbsd:breakpoint+0x5 [ 91.4766322] db_panic() at netbsd:db_panic+0xe9 sys/ddb/db_panic.c:67 [ 91.4766322] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 91.4766322] snprintf() at netbsd:snprintf [ 91.4766322] kasan_report() at netbsd:kasan_report+0x98 kasan_code_name sys/kern/subr_asan.c:186 [inline] [ 91.4766322] kasan_report() at netbsd:kasan_report+0x98 sys/kern/subr_asan.c:196 [ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:346 [inline] [ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:360 [inline] [ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:412 [inline] [ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1182 [ 91.4766322] fixjobc() at netbsd:fixjobc+0xfb sys/kern/kern_proc.c:1197 [ 91.4766322] exit1() at netbsd:exit1+0x4b2 sys/kern/kern_exit.c:420 [ 91.4766322] sys_exit() at netbsd:sys_exit+0x77 sys/kern/kern_exit.c:180 [ 91.4766322] syscall() at netbsd:syscall+0x57e sy_call sys/sys/syscallvar.h:65 [inline] [ 91.4766322] syscall() at netbsd:syscall+0x57e sy_invoke sys/sys/syscallvar.h:94 [inline] [ 91.4766322] syscall() at netbsd:syscall+0x57e sys/arch/x86/x86/syscall.c:138 [ 91.4766322] --- syscall (number 1) --- [ 91.4766322] 76c67c399a6a: [ 91.4766322] cpu0: End traceback... [ 91.4766322] fatal breakpoint trap in supervisor mode [ 91.4766322] trap type 1 code 0 rip 0xffffffff8021e4b5 cs 0x8 rflags 0x246 cr2 0x76c67cd51ff8 ilevel 0x8 rsp 0xffff9d817e92f060 [ 91.4766322] curlwp 0xffff9d80116a16c0 pid 900.1 lowest kstack 0xffff9d817e9282c0 Stopped in pid 900.1 (syz-executor4114) at netbsd:breakpoint+0x5: leave