[ 165.9518201] panic: ASan: Unauthorized Access In 0xffffffff810c5874: Addr 0xffffdd00141ffd60 [8 bytes, read, PoolUseAfterFree] [ 165.9666535] cpu0: Begin traceback... [ 165.9861079] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 166.0333175] snprintf() at netbsd:snprintf [ 166.0805299] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:172 [inline] [ 166.0805299] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:194 [ 166.1320331] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:344 [inline] [ 166.1320331] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:358 [inline] [ 166.1320331] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:410 [inline] [ 166.1320331] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1180 [ 166.1792519] uvm_fault_internal() at netbsd:uvm_fault_internal+0x1ac5 uvm_fault_lower_io sys/uvm/uvm_fault.c:1921 [inline] [ 166.1792519] uvm_fault_internal() at netbsd:uvm_fault_internal+0x1ac5 uvm_fault_lower sys/uvm/uvm_fault.c:1730 [inline] [ 166.1792519] uvm_fault_internal() at netbsd:uvm_fault_internal+0x1ac5 sys/uvm/uvm_fault.c:915 [ 166.2264573] trap() at netbsd:trap+0xbbe sys/arch/amd64/amd64/trap.c:538 [ 166.2402222] --- trap (number 6) --- [ 166.2779596] copyout() at netbsd:copyout+0x33 [ 166.3208804] sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] [ 166.3208804] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 [ 166.3723858] syscall() at netbsd:syscall+0x431 sy_call sys/sys/syscallvar.h:65 [inline] [ 166.3723858] syscall() at netbsd:syscall+0x431 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 166.3723858] syscall() at netbsd:syscall+0x431 sys/arch/x86/x86/syscall.c:138 [ 166.3852598] --- syscall (number 198) --- [ 166.4110103] 72e864243b9a: [ 166.4154271] cpu0: End traceback... [ 166.4196641] fatal breakpoint trap in supervisor mode [ 166.4258418] trap type 1 code 0 rip 0xffffffff8021ccd5 cs 0x8 rflags 0x246 cr2 0x200016c0 ilevel 0 rsp 0xffffdd017bd4f4d0 [ 166.4394042] curlwp 0xffffdd0012242980 pid 1363.1 lowest kstack 0xffffdd017bd482c0 Stopped in pid 1363.1 (syz-executor.5) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xf9 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 snprintf() at netbsd:snprintf kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:172 [inline] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:194 __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:344 [inline] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:358 [inline] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:410 [inline] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1180 uvm_fault_internal() at netbsd:uvm_fault_internal+0x1ac5 uvm_fault_lower_io sys/uvm/uvm_fault.c:1921 [inline] uvm_fault_internal() at netbsd:uvm_fault_internal+0x1ac5 uvm_fault_lower sys/uvm/uvm_fault.c:1730 [inline] uvm_fault_internal() at netbsd:uvm_fault_internal+0x1ac5 sys/uvm/uvm_fault.c:915 trap() at netbsd:trap+0xbbe sys/arch/amd64/amd64/trap.c:538 --- trap (number 6) --- copyout() at netbsd:copyout+0x33 sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 syscall() at netbsd:syscall+0x431 sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x431 sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x431 sys/arch/x86/x86/syscall.c:138 --- syscall (number 198) --- 72e864243b9a: ds a5 es d88a fs f4b0 gs f500 rdi ffffdd000d92d458 rsi ffffdd0012242c68 rbp ffffdd017bd4f4d0 rbx ffffffff8280fc40 cpu_info_primary rdx 3ffff rcx ffffdd0170e58000 rax ffffdd0013c99048 r8 4 r9 1ffffffff0553800 r10 ffffffff82a9c003 db_onpanic+0x3 r11 10 r12 ffffdd016d8a4000 r13 ffffffff82413280 ostype+0x4a720 r14 ffffdd017bd4f560 r15 ffffdd016d892058 rip ffffffff8021ccd5 breakpoint+0x5 cs 8 rflags 246 rsp ffffdd017bd4f4d0 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 1754 1 3 1 40080 ffffdd0012de6140 syz-executor.1 parked 1179 1 3 1 4 ffffdd0012dd0980 syz-executor.0 xclocv 1248 1 3 0 80 ffffdd0014130660 syz-executor.1 parked 1363 2 3 0 80 ffffdd0012da4940 syz-executor.5 parked 1363 > 1 7 0 0 ffffdd0012242980 syz-executor.5 1363 1 3 0 40000 ffffdd001411fa80 syz-executor.5 tstile 1469 1 4 1 1000000 ffffdd0013d9c340 syz-executor.0 1265 1 4 1 1000000 ffffdd001405fa40 syz-executor.0 1265 1 4 1 1000000 ffffdd0013f63540 syz-executor.0 1011 2 3 1 80 ffffdd0013f4e520 syz-executor.5 parked 1470 2 3 1 80 ffffdd0012de6580 syz-executor.5 parked 1533 2 3 1 80 ffffdd0012e021a0 syz-executor.5 parked 1253 3 3 0 80 ffffdd00122f5a80 syz-executor.4 parked 901 1 3 0 80 ffffdd0012d678c0 syz-executor.5 parked 892 1 3 1 80 ffffdd001405f600 syz-executor.2 parked 1290 1 3 1 80 ffffdd0012d950a0 syz-executor.2 parked 953 1 3 0 80 ffffdd0012da40c0 syz-executor.0 parked 690 1 3 1 80 ffffdd00123a3b60 syz-executor.5 parked 827 2 3 1 80 ffffdd0013df94c0 syz-executor.5 parked 888 1 3 1 80 ffffdd0013fe45a0 syz-executor.5 parked 1390 1 3 0 80 ffffdd0012236960 syz-executor.5 parked 1488 10 3 1 80 ffffdd001413dac0 syz-executor.0 parked 1170 8 3 0 80 ffffdd001413d680 syz-executor.0 parked 1494 8 3 0 80 ffffdd0014130aa0 syz-executor.0 parked 712 1 3 1 80 ffffdd0014035a00 syz-executor.2 parked 518 1 3 0 80 ffffdd0011ee89e0 syz-executor.3 parked 649 1 3 0 80 ffffdd0012dee5a0 syz-executor.2 parked 845 1 3 1 80 ffffdd0013de54a0 syz-executor.3 parked 1180 1 3 0 80 ffffdd00122aa160 syz-executor.5 parked 447 1 3 0 80 ffffdd00140a71e0 syz-executor.5 parked 749 3 3 0 80 ffffdd001229a9c0 syz-executor.5 parked 1067 2 3 1 80 ffffdd00122aa5a0 syz-executor.5 parked 281 5 3 1 80 ffffdd00121d38c0 syz-executor.1 parked 514 2 4 1 1000000 ffffdd0014035180 syz-executor.4 759 1 3 1 80 ffffdd0013fcd580 syz-executor.4 parked 972 1 3 1 80 ffffdd0013fcd140 syz-executor.0 parked 761 2 4 0 1000000 ffffdd0012121b40 syz-executor.4 761 1 4 0 1000080 ffffdd0013dbd040 syz-executor.4 parked 761 1 4 0 1000000 ffffdd0013eb2940 syz-executor.4 1140 2 3 0 80 ffffdd0012321260 syz-executor.3 parked 1334 11 3 1 80 ffffdd0013f7e120 syz-executor.1 parked 1187 8 3 0 80 ffffdd00122b85c0 syz-executor.1 parked 978 6 3 1 80 ffffdd0012dc40e0 syz-executor.1 parked 1168 4 3 0 80 ffffdd0012286120 syz-executor.1 parked 1054 2 3 1 80 ffffdd0013df9900 syz-executor.3 parked 1003 1 3 1 80 ffffdd0013ca26c0 syz-executor.3 parked 1174 2 3 1 80 ffffdd0011ee85a0 syz-executor.3 parked 1136 1 3 0 80 ffffdd0013cfab20 syz-executor.5 parked 1007 1 3 1 80 ffffdd0012e1b1e0 syz-executor.5 parked 1188 1 3 1 80 ffffdd0012d834c0 syz-executor.3 parked 787 1 3 1 80 ffffdd0012dee160 syz-executor.3 parked 557 2 3 1 80 ffffdd00121c8bc0 syz-executor.3 parked 543 6 3 0 80 ffffdd00123ba300 syz-executor.5 parked 805 1 3 1 80 ffffdd0012d46340 syz-executor.3 parked 853 2 3 1 80 ffffdd00123a3720 syz-executor.5 parked 568 1 3 0 80 ffffdd001229a580 syz-executor.1 parked 731 1 3 1 80 ffffdd00122360e0 syz-executor.5 parked 836 9 3 1 80 ffffdd00122f5200 syz-executor.1 parked 161 6 3 0 80 ffffdd00121d3480 syz-executor.1 parked 651 1 3 1 80 ffffdd0012169b80 syz-executor.5 parked 771 1 3 1 80 ffffdd0013de58e0 syz-executor.4 parked 98 1 3 1 80 ffffdd0013de5060 syz-executor.4 parked 743 4 3 0 80 ffffdd0012df8180 syz-executor.3 parked 757 3 3 0 80 ffffdd0012e0e600 syz-executor.3 parked 462 1 2 0 0 ffffdd0013ca2280 syz-executor.4 591 1 2 0 0 ffffdd0013c21ae0 syz-executor.5 41 > 1 7 1 0 ffffdd0013c216a0 syz-executor.3 40 1 2 0 0 ffffdd0013c21260 syz-executor.2 492 1 2 1 0 ffffdd0013b39ac0 syz-executor.1 634 1 2 0 0 ffffdd0013b39680 syz-executor.0 635 11 3 0 80 ffffdd0013b39240 syz-fuzzer parked 635 10 2 1 0 ffffdd00121f0060 syz-fuzzer 635 9 3 1 80 ffffdd0013ac4aa0 syz-fuzzer parked 635 8 3 0 80 ffffdd0013ac4220 syz-fuzzer parked 635 7 2 0 0 ffffdd001357ba80 syz-fuzzer 635 6 3 1 80 ffffdd001357b640 syz-fuzzer parked 635 5 3 1 80 ffffdd0011eeb1a0 syz-fuzzer parked 635 4 3 0 80 ffffdd00121212c0 syz-fuzzer parked 635 3 3 1 80 ffffdd001217fba0 syz-fuzzer parked 635 2 3 1 80 ffffdd00121c8340 syz-fuzzer parked 635 1 3 0 80 ffffdd00120b96e0 syz-fuzzer parked 572 1 3 0 80 ffffdd00120b9b20 sshd select 581 1 3 1 80 ffffdd001205db00 getty nanoslp 490 1 3 0 80 ffffdd001213fb60 getty nanoslp 596 1 3 1 80 ffffdd0012e0ea40 getty nanoslp 541 1 3 1 80 ffffdd001217f320 getty ttyraw 383 1 3 1 80 ffffdd0012dc4960 cron nanoslp 563 1 3 0 80 ffffdd0012dc4520 inetd kqueue 498 1 3 0 80 ffffdd0012da4500 sshd select 408 1 3 0 80 ffffdd001232cb00 powerd kqueue 326 1 3 0 80 ffffdd0012d95920 syslogd kqueue 273 1 3 1 80 ffffdd0012312680 dhcpcd kqueue 217 1 3 1 80 ffffdd0012236520 dhcpcd kqueue 1 1 3 0 80 ffffdd0012012240 init wait 0 58 3 0 204 ffffdd0012012ac0 physiod physiod 0 57 3 0 204 ffffdd001205c6a0 pooldrain pooldrain 0 56 3 0 204 ffffdd001205d280 aiodoned aiodoned 0 55 2 1 200 ffffdd001205cae0 ioflush 0 54 3 0 200 ffffdd001205c260 pgdaemon pgdaemon 0 51 2 0 200 ffffdd0012012680 npfgc-0 0 50 3 1 204 ffffdd0012001aa0 rt_free rt_free 0 49 3 0 204 ffffdd0012001660 unpgc unpgc 0 48 2 0 200 ffffdd0012001220 key_timehandler 0 47 3 1 204 ffffdd0011ff8a80 icmp6_wqinput/1 icmp6_wqinput 0 46 3 0 204 ffffdd0011ff8640 icmp6_wqinput/0 icmp6_wqinput 0 45 2 0 200 ffffdd0011ff8200 nd6_timer 0 44 3 1 204 ffffdd0011f0ea60 carp6_wqinput/1 carp6_wqinput 0 43 3 0 204 ffffdd0011f0e620 carp6_wqinput/0 carp6_wqinput 0 42 3 1 204 ffffdd0011f0e1e0 carp_wqinput/1 carp_wqinput 0 41 3 0 204 ffffdd0011efba40 carp_wqinput/0 carp_wqinput 0 40 3 1 204 ffffdd0011efb600 icmp_wqinput/1 icmp_wqinput 0 39 3 0 204 ffffdd0011efb1c0 icmp_wqinput/0 icmp_wqinput 0 38 2 0 200 ffffdd0011eeba20 rt_timer 0 37 3 1 204 ffffdd0011ee9180 vmem_rehash vmem_rehash 0 27 3 1 204 ffffdd000f7ca580 scsibus0 sccomp 0 26 3 0 200 ffffdd000f7ca140 pms0 pmsreset 0 25 3 1 204 ffffdd000f73c9a0 xcall/1 xcall 0 24 1 1 200 ffffdd000f73c560 softser/1 0 23 1 1 200 ffffdd000f73c120 softclk/1 0 22 1 1 200 ffffdd000f738980 softbio/1 0 21 1 1 200 ffffdd000f738540 softnet/1 0 20 1 1 201 ffffdd000f738100 idle/1 0 19 3 1 204 ffffdd000f66e960 lnxpwrwq lnxpwrwq 0 18 3 0 204 ffffdd000f66e520 lnxlngwq lnxlngwq 0 17 3 1 204 ffffdd000f66e0e0 lnxsyswq lnxsyswq 0 16 3 0 204 ffffdd000de53940 lnxrcugc lnxrcugc 0 15 3 1 204 ffffdd000de53500 sysmon smtaskq 0 14 3 0 204 ffffdd000de530c0 pmfsuspend pmfsuspend 0 13 3 0 204 ffffdd000de43920 pmfevent pmfevent 0 12 3 0 204 ffffdd000de434e0 sopendfree sopendfr 0 11 3 1 204 ffffdd000de430a0 nfssilly nfssilly 0 10 2 1 200 ffffdd000de39900 cachegc 0 9 3 1 204 ffffdd000de394c0 vdrain vdrain 0 8 3 1 200 ffffdd000de39080 modunload mod_unld 0 7 2 0 200 ffffdd000de2b8e0 xcall/0 0 6 1 0 200 ffffdd000de2b4a0 softser/0 0 5 1 0 200 ffffdd000de2b060 softclk/0 0 4 1 0 200 ffffdd000de268c0 softbio/0 0 3 1 0 200 ffffdd000de26480 softnet/0 0 2 1 0 201 ffffdd000de26040 idle/0 0 1 2 0 200 ffffffff82b64960 swapper [Locks tracked through LWPs] Locks held by an LWP (syz-executor.5): Lock 0 (initialized at uvm_obj_init) lock address : 0xffffdd0013f99dc0 type : sleep/adaptive initialized : 0xffffffff810e13a3 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 current cpu : 0 last held: 0 current lwp : 0xffffdd0012242980 last held: 0xffffdd0012242980 last locked* : 0xffffffff810c5a04 unlocked : 0xffffffff812bb13e owner field : 0xffffdd0012242980 wait/spin: 1/0 Turnstile chain at 0xffffffff82d803c0. => Turnstile at 0xffffdd000de27da0 (wrq=0xffffdd000de27dc0, rdq=0xffffdd000de27dd0). => 0 waiting readers: => 1 waiting writers: 0xffffdd001411fa80 Locks held by an LWP (syz-executor.5): Lock 0 (initialized at amap_alloc) lock address : 0xffffdd0013f0c4c0 type : sleep/adaptive initialized : 0xffffffff810b4e61 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 0 current lwp : 0xffffdd0012242980 last held: 0xffffdd001411fa80 last locked* : 0xffffffff810c45b3 unlocked : 0xffffffff810bac40 owner field : 0xffffdd001411fa80 wait/spin: 0/0 Turnstile chain at 0xffffffff82d801c0. => No active turnstile for this lock. Locks held by an LWP (syz-executor.4): Lock 0 (initialized at vcache_alloc) lock address : 0xffffdd0013c74b58 type : sleep/adaptive initialized : 0xffffffff81298d1e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 0 current lwp : 0xffffdd0012242980 last held: 0xffffdd0013ca2280 last locked* : 0xffffffff812c65f5 unlocked : 0xffffffff812c6628 owner/count : 0xffffdd0013ca2280 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d802f0. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffffdd00140f33b0 type : sleep/adaptive initialized : 0xffffffff81298d1e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 0 current lwp : 0xffffdd0012242980 last held: 0xffffdd0013ca2280 last locked* : 0xffffffff812c65f5 unlocked : 0xffffffff812c6628 owner/count : 0xffffdd0013ca2280 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d803a0. => No active turnstile for this lock. Locks held by an LWP (syz-executor.3): Lock 0 (initialized at vcache_alloc) lock address : 0xffffdd0013c745f8 type : sleep/adaptive initialized : 0xffffffff81298d1e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 1 current lwp : 0xffffdd0012242980 last held: 0xffffdd0013c216a0 last locked* : 0xffffffff812c65f5 unlocked : 0xffffffff812c6628 owner/count : 0xffffdd0013c216a0 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d80430. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffffdd00140f3508 type : sleep/adaptive initialized : 0xffffffff81298d1e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 1 current lwp : 0xffffdd0012242980 last held: 0xffffdd0013c216a0 last locked* : 0xffffffff812c65f5 unlocked : 0xffffffff812c6628 [ 166.4487225] Skipping crash dump on recursive panic [ 166.4487225] panic: ASan: Unauthorized Access In 0xffffffff8116e020: Addr 0xffffdd00140f3508 [8 bytes, read, PoolUseAfterFree] [ 166.4487225] cpu0: Begin traceback... [ 166.4487225] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 166.4487225] snprintf() at netbsd:snprintf [ 166.4487225] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:172 [inline] [ 166.4487225] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:194 [ 166.4487225] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:344 [inline] [ 166.4487225] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:358 [inline] [ 166.4487225] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:410 [inline] [ 166.4487225] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1180 [ 166.4487225] rw_dump() at netbsd:rw_dump+0x20 sys/kern/kern_rwlock.c:176 [ 166.4487225] lockdebug_dump() at netbsd:lockdebug_dump+0x289 sys/kern/subr_lockdebug.c:777 [ 166.4487225] lockdebug_show_one() at netbsd:lockdebug_show_one+0xb9 sys/kern/subr_lockdebug.c:855 [ 166.4487225] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f lockdebug_show_all_locks_lwp sys/kern/subr_lockdebug.c:886 [inline] [ 166.4487225] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f sys/kern/subr_lockdebug.c:933 [ 166.4487225] db_command() at netbsd:db_command+0x2c0 sys/ddb/db_command.c:935 [ 166.4487225] db_command_loop() at netbsd:db_command_loop+0x26c db_execute_commandlist sys/ddb/db_command.c:432 [inline] [ 166.4487225] db_command_loop() at netbsd:db_command_loop+0x26c sys/ddb/db_command.c:582 [ 166.4487225] db_trap() at netbsd:db_trap+0x219 sys/ddb/db_trap.c:94 [ 166.4487225] kdb_trap() at netbsd:kdb_trap+0x1ce sys/arch/amd64/amd64/db_interface.c:246 [ 166.4487225] trap() at netbsd:trap+0x55f sys/arch/amd64/amd64/trap.c:313 [ 166.4487225] --- trap (number 1) --- [ 166.4487225] breakpoint() at netbsd:breakpoint+0x5 [ 166.4487225] db_panic() at netbsd:db_panic+0xf9 sys/ddb/db_panic.c:67 [ 166.4487225] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 166.4487225] snprintf() at netbsd:snprintf [ 166.4487225] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:172 [inline] [ 166.4487225] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:194 [ 166.4487225] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:344 [inline] [ 166.4487225] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:358 [inline] [ 166.4487225] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:410 [inline] [ 166.4487225] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1180 [ 166.4487225] uvm_fault_internal() at netbsd:uvm_fault_internal+0x1ac5 uvm_fault_lower_io sys/uvm/uvm_fault.c:1921 [inline] [ 166.4487225] uvm_fault_internal() at netbsd:uvm_fault_internal+0x1ac5 uvm_fault_lower sys/uvm/uvm_fault.c:1730 [inline] [ 166.4487225] uvm_fault_internal() at netbsd:uvm_fault_internal+0x1ac5 sys/uvm/uvm_fault.c:915 [ 166.4487225] trap() at netbsd:trap+0xbbe sys/arch/amd64/amd64/trap.c:538 [ 166.4487225] --- trap (number 6) --- [ 166.4487225] copyout() at netbsd:copyout+0x33 [ 166.4487225] sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] [ 166.4487225] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 [ 166.4487225] syscall() at netbsd:syscall+0x431 sy_call sys/sys/syscallvar.h:65 [inline] [ 166.4487225] syscall() at netbsd:syscall+0x431 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 166.4487225] syscall() at netbsd:syscall+0x431 sys/arch/x86/x86/syscall.c:138 [ 166.4487225] --- syscall (number 198) --- [ 166.4487225] 72e864243b9a: [ 166.4487225] cpu0: End traceback... [ 166.4487225] fatal breakpoint trap in supervisor mode [ 166.4487225] trap type 1 code 0 rip 0xffffffff8021ccd5 cs 0x8 rflags 0x246 cr2 0x200016c0 ilevel 0x8 rsp 0xffffdd017bd4ea90 [ 166.4487225] curlwp 0xffffdd0012242980 pid 1363.1 lowest kstack 0xffffdd017bd482c0 Stopped in pid 1363.1 (syz-executor.5) at netbsd:breakpoint+0x5: leave