[ 243.6286047] panic: ASan: Unauthorized Access In 0xffffffff811dc6ad: Addr 0xffffd301700cfd60 [18446744073709551392 bytes, read, Unknown] [ 243.6486321] cpu1: Begin traceback... [ 243.6988076] vpanic() at netbsd:vpanic+0x267 sys/kern/subr_prf.c:336 [ 243.8091701] snprintf() at netbsd:snprintf [ 243.9396022] kasan_report() at netbsd:kasan_report+0x89 kasan_code_name sys/kern/subr_asan.c:178 [inline] [ 243.9396022] kasan_report() at netbsd:kasan_report+0x89 sys/kern/subr_asan.c:194 [ 244.0599942] kasan_copyoutstr() at netbsd:kasan_copyoutstr+0x73 kasan_shadow_check sys/kern/subr_asan.c:421 [inline] [ 244.0599942] kasan_copyoutstr() at netbsd:kasan_copyoutstr+0x73 sys/kern/subr_asan.c:548 [ 244.1803935] sys__lwp_getname() at netbsd:sys__lwp_getname+0x1cf sys/kern/sys_lwp.c:862 [ 244.3007895] sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] [ 244.3007895] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 [ 244.4211853] syscall() at netbsd:syscall+0x3ac sy_call sys/sys/syscallvar.h:65 [inline] [ 244.4211853] syscall() at netbsd:syscall+0x3ac sy_invoke sys/sys/syscallvar.h:94 [inline] [ 244.4211853] syscall() at netbsd:syscall+0x3ac sys/arch/x86/x86/syscall.c:138 [ 244.4512905] --- syscall (number 198) --- [ 244.5014486] 76e3c8c43b9a: [ 244.5014486] cpu1: End traceback... [ 244.5014486] fatal breakpoint trap in supervisor mode [ 244.5114801] trap type 1 code 0 rip 0xffffffff8021cd1d cs 0x8 rflags 0x246 cr2 0x76e3c7e00000 ilevel 0 rsp 0xffffd301700cfbc0 [ 244.5215164] curlwp 0xffffd30013c65260 pid 1575.3 lowest kstack 0xffffd301700c82c0 Stopped in pid 1575.3 (syz-executor.5) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xf9 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x267 sys/kern/subr_prf.c:336 snprintf() at netbsd:snprintf kasan_report() at netbsd:kasan_report+0x89 kasan_code_name sys/kern/subr_asan.c:178 [inline] kasan_report() at netbsd:kasan_report+0x89 sys/kern/subr_asan.c:194 kasan_copyoutstr() at netbsd:kasan_copyoutstr+0x73 kasan_shadow_check sys/kern/subr_asan.c:421 [inline] kasan_copyoutstr() at netbsd:kasan_copyoutstr+0x73 sys/kern/subr_asan.c:548 sys__lwp_getname() at netbsd:sys__lwp_getname+0x1cf sys/kern/sys_lwp.c:862 sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 syscall() at netbsd:syscall+0x3ac sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x3ac sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x3ac sys/arch/x86/x86/syscall.c:138 --- syscall (number 198) --- 76e3c8c43b9a: ds 0 es 1 fs f3f5 gs 807b rdi ffffd3000d935458 rsi ffffd30013c65548 rbp ffffd301700cfbc0 rbx ffffd3016d8a0000 rdx 3ffff rcx ffffd30173c57000 rax ffffd300129f2d48 r8 4 r9 ffffffff82891e63 db_onpanic+0x3 r10 1ffffffff05123cc r11 8000000000 r12 ffffd3016d8b2000 r13 ffffffff82200b40 ostype+0x49140 r14 ffffd301700cfc50 r15 ffffd3016d8a0058 rip ffffffff8021cd1d breakpoint+0x5 cs 8 rflags 246 rsp ffffd301700cfbc0 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 1575 5 2 0 0 ffffd30013994120 syz-executor.5 1575 4 2 0 0 ffffd30013c656a0 syz-executor.5 1575 > 3 7 1 0 ffffd30013c65260 syz-executor.5 1575 2 3 1 80 ffffd30013c4cac0 syz-executor.5 parked 1575 1 2 1 40000 ffffd300139d15e0 syz-executor.5 706 2 2 1 0 ffffd300139294e0 syz-executor.3 706 1 2 0 40000 ffffd3001394f520 syz-executor.3 589 4 3 0 80 ffffd30013b83660 syz-executor.4 parked 589 3 3 1 80 ffffd300139b69e0 syz-executor.4 parked 589 2 2 0 0 ffffd300136cebc0 syz-executor.4 589 1 2 0 10040000 ffffd300139b6160 syz-executor.4 946 4 3 1 80 ffffd30013886480 syz-executor.0 parked 946 3 3 0 80 ffffd300139ae580 syz-executor.0 parked 946 2 3 0 80 ffffd300139ae9c0 syz-executor.0 netio 946 1 2 0 10040000 ffffd30013c4c240 syz-executor.0 1038 4 2 1 100000 ffffd3001391b080 syz-executor.1 1038 3 3 1 4 ffffd300139cb180 syz-executor.1 lwpwait 1038 2 2 0 100000 ffffd30013c4c680 syz-executor.1 1038 1 2 0 10140000 ffffd30012a352e0 syz-executor.1 1478 1 2 0 0 ffffd30013b83220 syz-executor.3 858 1 2 0 0 ffffd300139290a0 syz-executor.5 1510 1 3 1 80 ffffd300139cba00 syz-executor.4 parked 1528 1 3 1 80 ffffd300139d1a20 syz-executor.0 parked 534 1 3 1 80 ffffd300139b65a0 syz-executor.0 parked 1443 1 3 1 80 ffffd300139cb5c0 syz-executor.4 parked 96 1 3 1 80 ffffd3001394c0c0 syz-executor.4 parked 1095 1 3 1 80 ffffd30013a22620 syz-executor.1 parked 1432 1 3 1 80 ffffd300139ae140 syz-executor.1 parked 1156 1 3 0 80 ffffd300139d6a40 syz-executor.1 parked 972 1 3 1 80 ffffd30013929920 syz-executor.1 parked 173 1 2 0 0 ffffd300136ce780 syz-executor.4 907 > 1 7 0 0 ffffd30013a221e0 syz-executor.2 328 1 2 0 0 ffffd300139d61c0 syz-executor.1 41 1 2 0 0 ffffd300136ce340 syz-executor.0 403 11 3 0 80 ffffd30012a1a700 syz-fuzzer kqueue 403 10 3 1 80 ffffd30012a1a2c0 syz-fuzzer parked 403 9 2 1 0 ffffd30011fafae0 syz-fuzzer 403 8 3 1 80 ffffd30012fc9ba0 syz-fuzzer parked 403 7 3 1 80 ffffd30012fc0b80 syz-fuzzer parked 403 6 3 0 80 ffffd30011f89240 syz-fuzzer parked 403 5 3 1 80 ffffd30011faf260 syz-fuzzer parked 403 4 2 1 0 ffffd30011f89ac0 syz-fuzzer 403 3 3 1 80 ffffd30012049280 syz-fuzzer parked 403 2 2 1 0 ffffd30011f89680 syz-fuzzer 403 1 3 1 80 ffffd30012a35b60 syz-fuzzer parked 622 1 2 1 0 ffffd30012fc9320 sshd 549 1 3 0 80 ffffd30012fc9760 getty nanoslp 599 1 3 0 80 ffffd30012fc0300 getty nanoslp 466 1 3 0 80 ffffd300120b12a0 getty nanoslp 564 1 3 1 80 ffffd3000f6ea9c0 getty ttyraw 495 1 2 1 0 ffffd30011faf6a0 cron 529 1 3 0 80 ffffd300120b1b20 inetd kqueue 502 1 3 1 80 ffffd30012a35720 sshd select 447 1 3 1 80 ffffd30012fc0740 powerd kqueue 281 1 3 1 80 ffffd30012a1ab40 syslogd kqueue 202 1 3 0 80 ffffd300120b16e0 dhcpcd kqueue 219 1 3 0 80 ffffd300120496c0 dhcpcd kqueue 1 1 3 0 80 ffffd30011f10a60 init wait 0 58 3 1 204 ffffd30011f26640 physiod physiod 0 57 3 0 204 ffffd30011f5c220 pooldrain pooldrain 0 56 3 1 204 ffffd30011f5caa0 aiodoned aiodoned 0 55 2 0 200 ffffd30011f5c660 ioflush 0 54 3 0 200 ffffd30011f26a80 pgdaemon pgdaemon 0 51 2 1 200 ffffd30011f26200 npfgc-0 0 50 3 0 204 ffffd30011f10620 rt_free rt_free 0 49 3 0 204 ffffd30011f101e0 unpgc unpgc 0 48 2 1 200 ffffd30011f09a40 key_timehandler 0 47 3 1 204 ffffd30011f09600 icmp6_wqinput/1 icmp6_wqinput 0 46 3 0 204 ffffd30011f091c0 icmp6_wqinput/0 icmp6_wqinput 0 45 3 0 204 ffffd30011dbaa20 nd6_timer nd6_timer 0 44 3 1 204 ffffd30011db8160 carp6_wqinput/1 carp6_wqinput 0 43 3 0 204 ffffd30011db85a0 carp6_wqinput/0 carp6_wqinput 0 42 3 1 204 ffffd30011db89e0 carp_wqinput/1 carp_wqinput 0 41 3 0 204 ffffd30011db9180 carp_wqinput/0 carp_wqinput 0 40 3 1 204 ffffd30011db95c0 icmp_wqinput/1 icmp_wqinput 0 39 3 0 204 ffffd30011db9a00 icmp_wqinput/0 icmp_wqinput 0 38 3 0 204 ffffd30011dba1a0 rt_timer rt_timer 0 37 3 0 204 ffffd30011dba5e0 vmem_rehash vmem_rehash 0 27 3 0 204 ffffd3000f6ea580 scsibus0 sccomp 0 26 3 0 200 ffffd3000f6ea140 pms0 pmsreset 0 25 3 1 204 ffffd3000f6b39a0 xcall/1 xcall 0 24 1 1 200 ffffd3000f6b3560 softser/1 0 23 1 1 200 ffffd3000f6b3120 softclk/1 0 22 1 1 200 ffffd3000f6b0980 softbio/1 0 21 1 1 200 ffffd3000f6b0540 softnet/1 0 20 1 1 201 ffffd3000f6b0100 idle/1 0 19 3 0 204 ffffd3000de68960 lnxpwrwq lnxpwrwq 0 18 3 0 204 ffffd3000de68520 lnxlngwq lnxlngwq 0 17 3 0 204 ffffd3000de680e0 lnxsyswq lnxsyswq 0 16 3 0 204 ffffd3000de62940 lnxrcugc lnxrcugc 0 15 3 0 204 ffffd3000de62500 sysmon smtaskq 0 14 3 0 204 ffffd3000de620c0 pmfsuspend pmfsuspend 0 13 3 0 204 ffffd3000de58920 pmfevent pmfevent 0 12 3 0 204 ffffd3000de584e0 sopendfree sopendfr 0 11 3 0 204 ffffd3000de580a0 nfssilly nfssilly 0 10 2 0 200 ffffd3000de4e900 cachegc 0 9 3 0 204 ffffd3000de4e4c0 vdrain vdrain 0 8 3 0 200 ffffd3000de4e080 modunload mod_unld 0 7 3 0 204 ffffd3000de3f8e0 xcall/0 xcall 0 6 1 0 200 ffffd3000de3f4a0 softser/0 0 5 1 0 200 ffffd3000de3f060 softclk/0 0 4 1 0 200 ffffd3000de3a8c0 softbio/0 0 3 1 0 200 ffffd3000de3a480 softnet/0 0 2 1 0 201 ffffd3000de3a040 idle/0 0 1 2 1 200 ffffffff82959000 swapper [Locks tracked through LWPs] Locks held by an LWP (syz-executor.2): Lock 0 (initialized at vcache_alloc) lock address : 0xffffd30013997c98 type : sleep/adaptive initialized : 0xffffffff8126e4ab shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 0 current lwp : 0xffffd30013c65260 last held: 0xffffd30013a221e0 last locked* : 0xffffffff8129d280 unlocked : 0xffffffff8129d2b3 owner/count : 0xffffd30013a221e0 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82b70670. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffffd3001387a9d8 type : sleep/adaptive initialized : 0xffffffff8126e4ab shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 0 current lwp : 0xffffd30013c65260 last held: 0xffffd30013a221e0 last locked* : 0xffffffff8129d280 unlocked : 0xffffffff8129d2b3 [ 244.5315473] Skipping crash dump on recursive panic [ 244.5315473] panic: ASan: Unauthorized Access In 0xffffffff8114f860: Addr 0xffffd3001387a9d8 [8 bytes, read, PoolUseAfterFree] [ 244.5315473] cpu1: Begin traceback... [ 244.5315473] vpanic() at netbsd:vpanic+0x267 sys/kern/subr_prf.c:336 [ 244.5315473] snprintf() at netbsd:snprintf [ 244.5315473] kasan_report() at netbsd:kasan_report+0x89 kasan_code_name sys/kern/subr_asan.c:178 [inline] [ 244.5315473] kasan_report() at netbsd:kasan_report+0x89 sys/kern/subr_asan.c:194 [ 244.5315473] __asan_load8() at netbsd:__asan_load8+0x285 kasan_shadow_1byte_isvalid sys/kern/subr_asan.c:302 [inline] [ 244.5315473] __asan_load8() at netbsd:__asan_load8+0x285 kasan_shadow_2byte_isvalid sys/kern/subr_asan.c:317 [inline] [ 244.5315473] __asan_load8() at netbsd:__asan_load8+0x285 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:337 [inline] [ 244.5315473] __asan_load8() at netbsd:__asan_load8+0x285 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:357 [inline] [ 244.5315473] __asan_load8() at netbsd:__asan_load8+0x285 kasan_shadow_check sys/kern/subr_asan.c:410 [inline] [ 244.5315473] __asan_load8() at netbsd:__asan_load8+0x285 sys/kern/subr_asan.c:599 [ 244.5315473] rw_dump() at netbsd:rw_dump+0x20 sys/kern/kern_rwlock.c:176 [ 244.5315473] lockdebug_dump() at netbsd:lockdebug_dump+0x15f sys/kern/subr_lockdebug.c:777 [ 244.5315473] lockdebug_show_one() at netbsd:lockdebug_show_one+0xc4 sys/kern/subr_lockdebug.c:855 [ 244.5315473] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f lockdebug_show_all_locks_lwp sys/kern/subr_lockdebug.c:886 [inline] [ 244.5315473] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f sys/kern/subr_lockdebug.c:933 [ 244.5315473] db_command() at netbsd:db_command+0x2d6 sys/ddb/db_command.c:936 [ 244.5315473] db_command_loop() at netbsd:db_command_loop+0x277 db_execute_commandlist sys/ddb/db_command.c:432 [inline] [ 244.5315473] db_command_loop() at netbsd:db_command_loop+0x277 sys/ddb/db_command.c:582 [ 244.5315473] db_trap() at netbsd:db_trap+0x219 sys/ddb/db_trap.c:94 [ 244.5315473] kdb_trap() at netbsd:kdb_trap+0x1cd sys/arch/amd64/amd64/db_interface.c:246 [ 244.5315473] trap() at netbsd:trap+0x6c5 sys/arch/amd64/amd64/trap.c:321 [ 244.5315473] --- trap (number 1) --- [ 244.5315473] breakpoint() at netbsd:breakpoint+0x5 [ 244.5315473] db_panic() at netbsd:db_panic+0xf9 sys/ddb/db_panic.c:67 [ 244.5315473] vpanic() at netbsd:vpanic+0x267 sys/kern/subr_prf.c:336 [ 244.5315473] snprintf() at netbsd:snprintf [ 244.5315473] kasan_report() at netbsd:kasan_report+0x89 kasan_code_name sys/kern/subr_asan.c:178 [inline] [ 244.5315473] kasan_report() at netbsd:kasan_report+0x89 sys/kern/subr_asan.c:194 [ 244.5315473] kasan_copyoutstr() at netbsd:kasan_copyoutstr+0x73 kasan_shadow_check sys/kern/subr_asan.c:421 [inline] [ 244.5315473] kasan_copyoutstr() at netbsd:kasan_copyoutstr+0x73 sys/kern/subr_asan.c:548 [ 244.5315473] sys__lwp_getname() at netbsd:sys__lwp_getname+0x1cf sys/kern/sys_lwp.c:862 [ 244.5315473] sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] [ 244.5315473] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 [ 244.5315473] syscall() at netbsd:syscall+0x3ac sy_call sys/sys/syscallvar.h:65 [inline] [ 244.5315473] syscall() at netbsd:syscall+0x3ac sy_invoke sys/sys/syscallvar.h:94 [inline] [ 244.5315473] syscall() at netbsd:syscall+0x3ac sys/arch/x86/x86/syscall.c:138 [ 244.5315473] --- syscall (number 198) --- [ 244.5315473] 76e3c8c43b9a: [ 244.5315473] cpu1: End traceback... [ 244.5315473] fatal breakpoint trap in supervisor mode [ 244.5315473] trap type 1 code 0 rip 0xffffffff8021cd1d cs 0x8 rflags 0x246 cr2 0x76e3c7e00000 ilevel 0x8 rsp 0xffffd301700cf180 [ 244.5315473] curlwp 0xffffd30013c65260 pid 1575.3 lowest kstack 0xffffd301700c82c0 Stopped in pid 1575.3 (syz-executor.5) at netbsd:breakpoint+0x5: leave