Warning: Permanently added '10.128.0.96' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 52.4643943] panic: ASan: Unauthorized Access In 0xffffffff811784c5: Addr 0xffffaf8011c81b18 [8 bytes, read, PoolUseAfterFree] [ 52.4808567] fatal page fault in supervisor mode [ 52.4808567] trap type 6 code 0 rip 0xffffffff811db8d4 cs 0x8 rflags 0x10283 cr2 0xffff900000000007 ilevel 0x8 rsp 0xffffaf816da9fda0 [ 52.4808567] curlwp 0xffffaf800de22060 pid 0.5 lowest kstack 0xffffaf816da982c0 kernel: page fault trap, code=0 Stopped in pid 0.5 (system) at netbsd:__asan_load8+0x62: movzbl 0(%rax),%r8d ? __asan_load8() at netbsd:__asan_load8+0x62 sleepq_remove() at netbsd:sleepq_remove+0x262 sleepq_unsleep() at netbsd:sleepq_unsleep+0x74 sleepq_timeout() at netbsd:sleepq_timeout+0x6b callout_softclock() at netbsd:callout_softclock+0x272 softint_dispatch() at netbsd:softint_dispatch+0x264 DDB lost frame for netbsd:Xsoftintr+0x5a, trying 0xffffaf816da9fff0 Xsoftintr() at netbsd:Xsoftintr+0x5a --- interrupt --- 0: ds fdb0 es cbea fs 3060 gs 6a34 rdi 38 rsi 7 rbp ffffaf816da9fdb0 rbx ffffaf8012a26960 rdx 800000000000 rcx ffffffff811a8477 sleepq_remove+0x262 rax ffff900000000007 r8 0 r9 3f r10 7 r11 0 r12 0 r13 38 r14 13c6 r15 ffffaf8012a269b4 rip ffffffff811db8d4 __asan_load8+0x62 cs 8 rflags 10283 rsp ffffaf816da9fda0 ss 0 netbsd:__asan_load8+0x62: movzbl 0(%rax),%r8d PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 567 1 2 0 0 ffffaf8011ccf6e0 syz-executor1907 634 1 2 0 0 ffffaf8011ccfb20 syz-executor1907 571 > 1 7 0 20000000 ffffaf8012a66a20 syz-executor1907 45 1 2 0 0 ffffaf8012a665e0 syz-executor1907 389 > 1 7 1 20000000 ffffaf8012a661a0 syz-executor1907 568 1 3 1 0 ffffaf8013164a80 syz-executor1907 tstile 41 1 3 1 0 ffffaf8013164640 syz-executor1907 nodebug 40 1 3 -1 0 ffffaf8012a26960 syz-executor1907 486 1 3 1 80 ffffaf8011ae2160 syz-executor1907 nanoslp 551 1 3 0 40080 ffffaf8011ae45c0 sshd select 561 1 3 0 80 ffffaf8012a30540 getty nanoslp 563 1 3 1 80 ffffaf8012a4f9e0 getty nanoslp 575 1 3 1 80 ffffaf8012a4f160 getty nanoslp 580 1 3 0 80 ffffaf8012a469c0 getty ttyraw 432 1 3 1 80 ffffaf8012969740 cron nanoslp 554 1 3 1 80 ffffaf8012994760 inetd kqueue 317 1 3 1 80 ffffaf8011fba2a0 sshd select 460 1 3 0 80 ffffaf8011f04600 powerd kqueue 382 1 2 0 40000 ffffaf8011ea3540 makemandb 195 1 3 1 80 ffffaf8012994ba0 syslogd kqueue 182 1 3 0 80 ffffaf8011f161e0 dhcpcd kqueue 220 1 3 0 80 ffffaf8011e2a080 dhcpcd kqueue 1 1 3 0 80 ffffaf8011bfcaa0 init wait 0 58 3 0 204 ffffaf8011c10680 physiod physiod 0 57 3 0 204 ffffaf8011c52ae0 aiodoned aiodoned 0 56 3 0 204 ffffaf8011c526a0 pooldrain pooldrain 0 55 3 0 200 ffffaf8011c52260 ioflush syncer 0 54 3 1 200 ffffaf8011c10ac0 pgdaemon pgdaemon 0 51 3 1 200 ffffaf8011c10240 npfgc-0 npfgccv 0 50 3 1 204 ffffaf8011bfc660 rt_free rt_free 0 49 3 0 204 ffffaf8011bfc220 unpgc unpgc 0 48 3 0 204 ffffaf8011bf5a80 key_timehandler key_timehandler 0 47 3 1 204 ffffaf8011bf5640 icmp6_wqinput/1 icmp6_wqinput 0 46 3 0 204 ffffaf8011bf5200 icmp6_wqinput/0 icmp6_wqinput 0 45 3 0 204 ffffaf8011b0ca60 nd6_timer nd6_timer 0 44 3 1 204 ffffaf8011b0c620 carp6_wqinput/1 carp6_wqinput 0 43 3 0 204 ffffaf8011b0c1e0 carp6_wqinput/0 carp6_wqinput 0 42 3 1 204 ffffaf8011af7a40 carp_wqinput/1 carp_wqinput 0 41 3 0 204 ffffaf8011af7600 carp_wqinput/0 carp_wqinput 0 40 3 1 204 ffffaf8011af71c0 icmp_wqinput/1 icmp_wqinput 0 39 3 0 204 ffffaf8011ae7a20 icmp_wqinput/0 icmp_wqinput 0 38 3 0 204 ffffaf8011ae75e0 rt_timer rt_timer 0 37 3 0 204 ffffaf8011ae4a00 vmem_rehash vmem_rehash 0 27 3 0 204 ffffaf800f3c4580 scsibus0 sccomp 0 26 3 0 200 ffffaf800f3c4140 pms0 pmsreset 0 25 3 1 204 ffffaf800f3359a0 xcall/1 xcall 0 24 1 1 200 ffffaf800f335560 softser/1 0 23 1 1 200 ffffaf800f335120 softclk/1 0 22 1 1 200 ffffaf800f331980 softbio/1 0 21 1 1 200 ffffaf800f331540 softnet/1 0 20 1 1 201 ffffaf800f331100 idle/1 0 19 3 1 204 ffffaf800de52960 lnxpwrwq lnxpwrwq 0 18 3 1 204 ffffaf800de52520 lnxlngwq lnxlngwq 0 17 3 0 204 ffffaf800de520e0 lnxsyswq lnxsyswq 0 16 3 1 204 ffffaf800de4d940 lnxrcugc lnxrcugc 0 15 3 0 204 ffffaf800de4d500 sysmon smtaskq 0 14 3 0 204 ffffaf800de4d0c0 pmfsuspend pmfsuspend 0 13 3 0 204 ffffaf800de3e920 pmfevent pmfevent 0 12 3 0 204 ffffaf800de3e4e0 sopendfree sopendfr 0 11 3 1 204 ffffaf800de3e0a0 nfssilly nfssilly 0 10 3 0 200 ffffaf800de32900 cachegc cachegc 0 9 3 1 204 ffffaf800de324c0 vdrain vdrain 0 8 3 1 200 ffffaf800de32080 modunload mod_unld 0 7 3 0 204 ffffaf800de228e0 xcall/0 xcall 0 6 1 0 200 ffffaf800de224a0 softser/0 0 > 5 7 0 20000200 ffffaf800de22060 softclk/0 0 4 1 0 200 ffffaf800de1f8c0 softbio/0 0 3 1 0 200 ffffaf800de1f480 softnet/0 0 2 1 0 201 ffffaf800de1f040 idle/0 0 1 3 0 200 ffffffff82b66bc0 swapper uvm [Locks tracked through LWPs] Locks held by an LWP (syz-executor1907): Lock 0 (initialized at uvm_obj_init) lock address : 0xffffaf800d92aec0 type : sleep/adaptive initialized : 0xffffffff8110a8b7 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 0 current lwp : 0xffffaf800de22060 last held: 0xffffaf8011ccf6e0 last locked* : 0xffffffff810ee658 unlocked : 0xffffffff810eb896 owner field : 0xffffaf8011ccf6e0 wait/spin: 0/0 Turnstile chain at 0xffffffff82d8c898 with mutex 0xffffffff82d8b580. => No active turnstile for this lock. Locks held by an LWP (syz-executor1907): Lock 0 (initialized at amap_ctor) lock address : 0xffffaf8013269e80 type : sleep/adaptive initialized : 0xffffffff810de605 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 current cpu : 0 last held: 0 current lwp : 0xffffaf800de22060 last held: 0xffffaf8011ccfb20 last locked* : 0xffffffff810ed1a4 unlocked : 0xffffffff810eb24c owner field : 0xffffaf8011ccfb20 wait/spin: 1/0 Turnstile chain at 0xffffffff82d8ca90 with mutex 0xffffffff82d8c540. => Turnstile at 0xffffaf8012a73440 (wrq=0xffffaf8012a73460, rdq=0xffffaf8012a73470). => 0 waiting readers: => 1 waiting writers: 0xffffaf8013164a80 Locks held by an LWP (syz-executor1907): Lock 0 (initialized at vcache_alloc) lock address : 0xffffaf8013785100 type : sleep/adaptive initialized : 0xffffffff812c7fb2 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 0 current lwp : 0xffffaf800de22060 last held: 0xffffaf8012a665e0 last locked* : 0xffffffff812f4ad0 unlocked : 0xffffffff812f498d owner/count : 0xffffaf8012a665e0 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d8c8e0 with mutex 0xffffffff82d8b7c0. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffffaf80137853c0 type : sleep/adaptive initialized : 0xffffffff812c7fb2 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 0 current lwp : 0xffffaf800de22060 last held: 0xffffaf8012a665e0 last locked* : 0xffffffff812f4ad0 unlocked : 0xffffffff812f498d owner/count : 0xffffaf8012a665e0 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d8c938 with mutex 0xffffffff82d8ba80. => No active turnstile for this lock. Lock 2 (initialized at genfs_node_init) lock address : 0xffffaf8013794ae0 type : sleep/adaptive initialized : 0xffffffff812f4c54 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 0 current lwp : 0xffffaf800de22060 last held: 0xffffaf8012a665e0 last locked* : 0xffffffff8103e384 unlocked : 000000000000000000 owner/count : 0xffffaf8012a665e0 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d8c818 with mutex 0xffffffff82d8b180. => No active turnstile for this lock. Locks held by an LWP (syz-executor1907): Lock 0 (initialized at vcache_alloc) lock address : 0xffffaf8013708f80 type : sleep/adaptive initialized : 0xffffffff812c7fb2 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 1 current lwp : 0xffffaf800de22060 last held: 0xffffaf8013164640 last locked* : 0xffffffff812f4ad0 unlocked : 0xffffffff812f498d owner/count : 0xffffaf8013164640 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d8c8b0 with mutex 0xffffffff82d8b640. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffffaf8013785380 type : sleep/adaptive initialized : 0xffffffff812c7fb2 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 1 current lwp : 0xffffaf800de22060 last held: 0xffffaf8013164640 last locked* : 0xffffffff812f4ad0 unlocked : 0xffffffff812f498d [ 52.4808567] Skipping crash dump on recursive panic [ 52.4808567] panic: ASan: Unauthorized Access In 0xffffffff8119b800: Addr 0xffffaf8013785380 [8 bytes, read, PoolUseAfterFree] [ 52.4808567] cpu0: Begin traceback... [ 52.4808567] vpanic() at netbsd:vpanic+0x241 [ 52.4808567] snprintf() at netbsd:snprintf [ 52.4808567] kasan_report() at netbsd:kasan_report+0x8f [ 52.4808567] __asan_load8() at netbsd:__asan_load8+0x294 [ 52.4808567] rw_dump() at netbsd:rw_dump+0x20 [ 52.4808567] lockdebug_dump() at netbsd:lockdebug_dump+0x281 [ 52.4808567] lockdebug_show_one() at netbsd:lockdebug_show_one+0xb9 [ 52.4808567] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f [ 52.4808567] db_command() at netbsd:db_command+0x2c0 [ 52.4808567] db_command_loop() at netbsd:db_command_loop+0x26c [ 52.4808567] db_trap() at netbsd:db_trap+0x219 [ 52.4808567] kdb_trap() at netbsd:kdb_trap+0x1ce [ 52.4808567] trap() at netbsd:trap+0x650 [ 52.4808567] --- trap (number 6) --- [ 52.4808567] __asan_load8() at netbsd:__asan_load8+0x62 [ 52.4808567] sleepq_remove() at netbsd:sleepq_remove+0x262 [ 52.4808567] sleepq_unsleep() at netbsd:sleepq_unsleep+0x74 [ 52.4808567] sleepq_timeout() at netbsd:sleepq_timeout+0x6b [ 52.4808567] callout_softclock() at netbsd:callout_softclock+0x272 [ 52.4808567] softint_dispatch() at netbsd:softint_dispatch+0x264 [ 52.4808567] DDB lost frame for netbsd:Xsoftintr+0x5a, trying 0xffffaf816da9fff0 [ 52.4808567] Xsoftintr() at netbsd:Xsoftintr+0x5a [ 52.4808567] --- interrupt --- [ 52.4808567] 0: [ 52.4808567] cpu0: End traceback... [ 52.4808567] fatal breakpoint trap in supervisor mode [ 52.4808567] trap type 1 code 0 rip 0xffffffff8021e4b5 cs 0x8 rflags 0x246 cr2 0xffff900000000007 ilevel 0x8 rsp 0xffffaf816da9f360 [ 52.4808567] curlwp 0xffffaf800de22060 pid 0.5 lowest kstack 0xffffaf816da982c0 Stopped in pid 0.5 (system) at netbsd:breakpoint+0x5: leave