[ 179.4088761] panic: ASan: Unauthorized Access In 0xffffffff811dc6ad: Addr 0xffffa7817bdafd60 [225 bytes, read, Unknown] [ 179.4199347] cpu1: Begin traceback... [ 179.4644310] vpanic() at netbsd:vpanic+0x267 sys/kern/subr_prf.c:336 [ 179.5979207] snprintf() at netbsd:snprintf [ 179.7314213] kasan_report() at netbsd:kasan_report+0x89 kasan_code_name sys/kern/subr_asan.c:178 [inline] [ 179.7314213] kasan_report() at netbsd:kasan_report+0x89 sys/kern/subr_asan.c:194 [ 179.8537705] kasan_copyoutstr() at netbsd:kasan_copyoutstr+0x73 kasan_shadow_check sys/kern/subr_asan.c:421 [inline] [ 179.8537705] kasan_copyoutstr() at netbsd:kasan_copyoutstr+0x73 sys/kern/subr_asan.c:548 [ 179.9872617] sys__lwp_getname() at netbsd:sys__lwp_getname+0x1cf sys/kern/sys_lwp.c:862 [ 180.1096267] sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] [ 180.1096267] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 [ 180.2431095] syscall() at netbsd:syscall+0x3ac sy_call sys/sys/syscallvar.h:65 [inline] [ 180.2431095] syscall() at netbsd:syscall+0x3ac sy_invoke sys/sys/syscallvar.h:94 [inline] [ 180.2431095] syscall() at netbsd:syscall+0x3ac sys/arch/x86/x86/syscall.c:138 [ 180.2764824] --- syscall (number 198) --- [ 180.3209818] 71783fe43b9a: [ 180.3320970] cpu1: End traceback... [ 180.3320970] fatal breakpoint trap in supervisor mode [ 180.3432272] trap type 1 code 0 rip 0xffffffff8021cd1d cs 0x8 rflags 0x246 cr2 0x771a62c04000 ilevel 0 rsp 0xffffa7817bdafbc0 [ 180.3543478] curlwp 0xffffa78013915920 pid 763.2 lowest kstack 0xffffa7817bda82c0 Stopped in pid 763.2 (syz-executor.0) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xf9 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x267 sys/kern/subr_prf.c:336 snprintf() at netbsd:snprintf kasan_report() at netbsd:kasan_report+0x89 kasan_code_name sys/kern/subr_asan.c:178 [inline] kasan_report() at netbsd:kasan_report+0x89 sys/kern/subr_asan.c:194 kasan_copyoutstr() at netbsd:kasan_copyoutstr+0x73 kasan_shadow_check sys/kern/subr_asan.c:421 [inline] kasan_copyoutstr() at netbsd:kasan_copyoutstr+0x73 sys/kern/subr_asan.c:548 sys__lwp_getname() at netbsd:sys__lwp_getname+0x1cf sys/kern/sys_lwp.c:862 sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 syscall() at netbsd:syscall+0x3ac sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x3ac sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x3ac sys/arch/x86/x86/syscall.c:138 --- syscall (number 198) --- 71783fe43b9a: ds 0 es 1 fs f3e4 gs 597c rdi ffffa7800d935458 rsi ffffa78013915c08 rbp ffffa7817bdafbc0 rbx ffffa7816d8a0000 rdx 3ffff rcx ffffa7816f030000 rax ffffa78012fd3488 r8 4 r9 ffffffff82891e63 db_onpanic+0x3 r10 1ffffffff05123cc r11 10 r12 ffffa7816d8b2000 r13 ffffffff82200b40 ostype+0x49140 r14 ffffa7817bdafc50 r15 ffffa7816d8a0058 rip ffffffff8021cd1d breakpoint+0x5 cs 8 rflags 246 rsp ffffa7817bdafbc0 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 763 > 2 7 1 0 ffffa78013915920 syz-executor.0 763 1 2 0 10000000 ffffa7801397c180 syz-executor.0 782 3 3 0 80 ffffa780138d44a0 syz-executor.2 parked 782 2 2 1 0 ffffa7801398ca20 syz-executor.2 782 1 2 1 10040000 ffffa7801396c580 syz-executor.2 887 3 2 0 100000 ffffa78013940560 syz-executor.5 887 1 3 0 10040004 ffffa7801397c5c0 syz-executor.5 lwpwait 862 3 3 1 40080 ffffa780138d48e0 syz-executor.1 parked 862 2 3 1 80 ffffa78013925940 syz-executor.1 parked 862 1 2 1 40000 ffffa780139250c0 syz-executor.1 297 1 2 0 0 ffffa78013995600 syz-executor.3 601 > 1 7 0 0 ffffa78012a38720 syz-executor.4 45 1 2 1 0 ffffa78013838040 syz-executor.5 522 1 2 0 0 ffffa78012a38b60 syz-executor.2 591 1 2 1 0 ffffa780136f5bc0 syz-executor.1 40 1 2 1 0 ffffa78011fb26a0 syz-executor.0 594 11 3 1 80 ffffa780136f5780 syz-fuzzer parked 594 10 2 1 0 ffffa780136f5340 syz-fuzzer 594 9 3 0 80 ffffa780136c3ba0 syz-fuzzer kqueue 594 8 3 0 80 ffffa780120962a0 syz-fuzzer parked 594 7 3 1 80 ffffa780136c3760 syz-fuzzer parked 594 6 3 0 80 ffffa780136c3320 syz-fuzzer parked 594 5 3 0 80 ffffa78013183b80 syz-fuzzer parked 594 4 3 1 80 ffffa78013183740 syz-fuzzer parked 594 3 3 1 80 ffffa78012a382e0 syz-fuzzer parked 594 2 3 1 80 ffffa78011f8a680 syz-fuzzer parked 594 1 3 1 80 ffffa7801203f6c0 syz-fuzzer parked 604 1 3 1 80 ffffa78011fb2ae0 sshd select 541 1 3 0 80 ffffa78012a23b40 getty nanoslp 550 1 3 1 80 ffffa78011fb2260 getty nanoslp 592 1 3 0 80 ffffa78011f8a240 getty nanoslp 459 1 3 1 80 ffffa78011f59200 getty ttyraw 428 1 3 1 80 ffffa780120966e0 cron nanoslp 420 1 3 0 80 ffffa78013183300 inetd kqueue 483 1 3 1 80 ffffa78012a23700 sshd select 465 1 3 0 80 ffffa78012a232c0 powerd kqueue 287 1 2 0 40000 ffffa78012096b20 makemandb 342 1 3 0 80 ffffa78011f8aac0 syslogd kqueue 295 1 3 1 80 ffffa7801203fb00 dhcpcd kqueue 248 1 3 1 80 ffffa7801203f280 dhcpcd kqueue 1 1 3 1 80 ffffa78011f12a60 init wait 0 58 3 1 204 ffffa78011f59640 physiod physiod 0 57 3 1 204 ffffa78011f5c220 pooldrain pooldrain 0 56 3 0 204 ffffa78011f5caa0 aiodoned aiodoned 0 55 3 0 200 ffffa78011f5c660 ioflush syncer 0 54 3 1 200 ffffa78011f59a80 pgdaemon pgdaemon 0 51 2 1 200 ffffa7800f6ea9c0 npfgc-0 0 50 3 0 204 ffffa78011f12620 rt_free rt_free 0 49 3 0 204 ffffa78011f121e0 unpgc unpgc 0 48 3 1 204 ffffa78011dc6a40 key_timehandler key_timehandler 0 47 3 1 204 ffffa78011db8160 icmp6_wqinput/1 icmp6_wqinput 0 46 3 0 204 ffffa78011db85a0 icmp6_wqinput/0 icmp6_wqinput 0 45 3 0 204 ffffa78011db89e0 nd6_timer nd6_timer 0 44 3 1 204 ffffa78011db9180 carp6_wqinput/1 carp6_wqinput 0 43 3 0 204 ffffa78011db95c0 carp6_wqinput/0 carp6_wqinput 0 42 3 1 204 ffffa78011db9a00 carp_wqinput/1 carp_wqinput 0 41 3 0 204 ffffa78011dba1a0 carp_wqinput/0 carp_wqinput 0 40 3 1 204 ffffa78011dc6600 icmp_wqinput/1 icmp_wqinput 0 39 3 0 204 ffffa78011dc61c0 icmp_wqinput/0 icmp_wqinput 0 38 2 1 200 ffffa78011dbaa20 rt_timer 0 37 2 1 200 ffffa78011dba5e0 vmem_rehash 0 27 3 0 204 ffffa7800f6ea580 scsibus0 sccomp 0 26 3 0 200 ffffa7800f6ea140 pms0 pmsreset 0 25 3 1 204 ffffa7800f6b39a0 xcall/1 xcall 0 24 1 1 200 ffffa7800f6b3560 softser/1 0 23 1 1 200 ffffa7800f6b3120 softclk/1 0 22 1 1 200 ffffa7800f6b0980 softbio/1 0 21 1 1 200 ffffa7800f6b0540 softnet/1 0 20 1 1 201 ffffa7800f6b0100 idle/1 0 19 3 0 204 ffffa7800de68960 lnxpwrwq lnxpwrwq 0 18 3 0 204 ffffa7800de68520 lnxlngwq lnxlngwq 0 17 3 0 204 ffffa7800de680e0 lnxsyswq lnxsyswq 0 16 3 0 204 ffffa7800de62940 lnxrcugc lnxrcugc 0 15 3 0 204 ffffa7800de62500 sysmon smtaskq 0 14 3 0 204 ffffa7800de620c0 pmfsuspend pmfsuspend 0 13 3 0 204 ffffa7800de58920 pmfevent pmfevent 0 12 3 0 204 ffffa7800de584e0 sopendfree sopendfr 0 11 3 0 204 ffffa7800de580a0 nfssilly nfssilly 0 10 2 1 200 ffffa7800de4e900 cachegc 0 9 3 0 204 ffffa7800de4e4c0 vdrain vdrain 0 8 3 0 200 ffffa7800de4e080 modunload mod_unld 0 7 3 0 204 ffffa7800de3f8e0 xcall/0 xcall 0 6 1 0 200 ffffa7800de3f4a0 softser/0 0 5 1 0 200 ffffa7800de3f060 softclk/0 0 4 1 0 200 ffffa7800de3a8c0 softbio/0 0 3 1 0 200 ffffa7800de3a480 softnet/0 0 2 1 0 201 ffffa7800de3a040 idle/0 0 1 2 1 200 ffffffff82959000 swapper [Locks tracked through LWPs] Locks held by an LWP (syz-executor.2): Lock 0 (initialized at vcache_alloc) lock address : 0xffffa780138bd1d0 type : sleep/adaptive initialized : 0xffffffff8126e4ab shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffa78013915920 last held: 0xffffa7801398ca20 last locked* : 0xffffffff8129d280 unlocked : 0xffffffff8129d2b3 owner/count : 0xffffa7801398ca20 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82b708e0. => No active turnstile for this lock. Locks held by an LWP (syz-executor.1): Lock 0 (initialized at uvm_obj_init) lock address : 0xffffa7801382d600 type : sleep/adaptive initialized : 0xffffffff810c24b3 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffa78013915920 last held: 0xffffa780139250c0 last locked* : 0xffffffff810a735b unlocked : 0xffffffff810a4158 owner field : 0xffffa780139250c0 wait/spin: 0/0 Turnstile chain at 0xffffffff82b70540. => No active turnstile for this lock. Locks held by an LWP (syz-executor.3): Lock 0 (initialized at vcache_alloc) lock address : 0xffffa780139ab488 type : sleep/adaptive initialized : 0xffffffff8126e4ab shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 0 current lwp : 0xffffa78013915920 last held: 0xffffa78013995600 last locked* : 0xffffffff8129d280 unlocked : 0xffffffff8129d2b3 owner/count : 0xffffa78013995600 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82b70650. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffffa780136b41b8 type : sleep/adaptive initialized : 0xffffffff8126e4ab shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 0 current lwp : 0xffffa78013915920 last held: 0xffffa78013995600 last locked* : 0xffffffff8129d280 unlocked : 0xffffffff8129d2b3 owner/count : 0xffffa78013995600 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82b708b0. => No active turnstile for this lock. Lock 2 (initialized at genfs_node_init) lock address : 0xffffa780136adcd0 type : sleep/adaptive initialized : 0xffffffff8129d400 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffa78013915920 last held: 0xffffa78013995600 last locked* : 0xffffffff80ff50cd unlocked : 000000000000000000 owner/count : 0xffffa78013995600 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82b706e0. => No active turnstile for this lock. Locks held by an LWP (syz-executor.4): Lock 0 (initialized at vcache_alloc) lock address : 0xffffa780138bd888 type : sleep/adaptive initialized : 0xffffffff8126e4ab shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffa78013915920 last held: 0xffffa78012a38720 last locked* : 0xffffffff8129d280 unlocked : 0xffffffff8129d2b3 owner/count : 0xffffa78012a38720 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82b70650. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffffa780139abdf0 type : sleep/adaptive initialized : 0xffffffff8126e4ab shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffa78013915920 last held: 0xffffa78012a38720 last locked* : 0xffffffff8129d280 unlocked : 0xffffffff8129d2b3 [ 180.3543478] Skipping crash dump on recursive panic [ 180.3543478] panic: ASan: Unauthorized Access In 0xffffffff8114f860: Addr 0xffffa780139abdf0 [8 bytes, read, PoolUseAfterFree] [ 180.3543478] cpu1: Begin traceback... [ 180.3543478] vpanic() at netbsd:vpanic+0x267 sys/kern/subr_prf.c:336 [ 180.3543478] snprintf() at netbsd:snprintf [ 180.3543478] kasan_report() at netbsd:kasan_report+0x89 kasan_code_name sys/kern/subr_asan.c:178 [inline] [ 180.3543478] kasan_report() at netbsd:kasan_report+0x89 sys/kern/subr_asan.c:194 [ 180.3543478] __asan_load8() at netbsd:__asan_load8+0x285 kasan_shadow_1byte_isvalid sys/kern/subr_asan.c:302 [inline] [ 180.3543478] __asan_load8() at netbsd:__asan_load8+0x285 kasan_shadow_2byte_isvalid sys/kern/subr_asan.c:317 [inline] [ 180.3543478] __asan_load8() at netbsd:__asan_load8+0x285 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:337 [inline] [ 180.3543478] __asan_load8() at netbsd:__asan_load8+0x285 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:357 [inline] [ 180.3543478] __asan_load8() at netbsd:__asan_load8+0x285 kasan_shadow_check sys/kern/subr_asan.c:410 [inline] [ 180.3543478] __asan_load8() at netbsd:__asan_load8+0x285 sys/kern/subr_asan.c:599 [ 180.3543478] rw_dump() at netbsd:rw_dump+0x20 sys/kern/kern_rwlock.c:176 [ 180.3543478] lockdebug_dump() at netbsd:lockdebug_dump+0x15f sys/kern/subr_lockdebug.c:777 [ 180.3543478] lockdebug_show_one() at netbsd:lockdebug_show_one+0xc4 sys/kern/subr_lockdebug.c:855 [ 180.3543478] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f lockdebug_show_all_locks_lwp sys/kern/subr_lockdebug.c:886 [inline] [ 180.3543478] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f sys/kern/subr_lockdebug.c:933 [ 180.3543478] db_command() at netbsd:db_command+0x2d6 sys/ddb/db_command.c:936 [ 180.3543478] db_command_loop() at netbsd:db_command_loop+0x277 db_execute_commandlist sys/ddb/db_command.c:432 [inline] [ 180.3543478] db_command_loop() at netbsd:db_command_loop+0x277 sys/ddb/db_command.c:582 [ 180.3543478] db_trap() at netbsd:db_trap+0x219 sys/ddb/db_trap.c:94 [ 180.3543478] kdb_trap() at netbsd:kdb_trap+0x1cd sys/arch/amd64/amd64/db_interface.c:246 [ 180.3543478] trap() at netbsd:trap+0x6c5 sys/arch/amd64/amd64/trap.c:321 [ 180.3543478] --- trap (number 1) --- [ 180.3543478] breakpoint() at netbsd:breakpoint+0x5 [ 180.3543478] db_panic() at netbsd:db_panic+0xf9 sys/ddb/db_panic.c:67 [ 180.3543478] vpanic() at netbsd:vpanic+0x267 sys/kern/subr_prf.c:336 [ 180.3543478] snprintf() at netbsd:snprintf [ 180.3543478] kasan_report() at netbsd:kasan_report+0x89 kasan_code_name sys/kern/subr_asan.c:178 [inline] [ 180.3543478] kasan_report() at netbsd:kasan_report+0x89 sys/kern/subr_asan.c:194 [ 180.3543478] kasan_copyoutstr() at netbsd:kasan_copyoutstr+0x73 kasan_shadow_check sys/kern/subr_asan.c:421 [inline] [ 180.3543478] kasan_copyoutstr() at netbsd:kasan_copyoutstr+0x73 sys/kern/subr_asan.c:548 [ 180.3543478] sys__lwp_getname() at netbsd:sys__lwp_getname+0x1cf sys/kern/sys_lwp.c:862 [ 180.3543478] sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] [ 180.3543478] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 [ 180.3543478] syscall() at netbsd:syscall+0x3ac sy_call sys/sys/syscallvar.h:65 [inline] [ 180.3543478] syscall() at netbsd:syscall+0x3ac sy_invoke sys/sys/syscallvar.h:94 [inline] [ 180.3543478] syscall() at netbsd:syscall+0x3ac sys/arch/x86/x86/syscall.c:138 [ 180.3543478] --- syscall (number 198) --- [ 180.3543478] 71783fe43b9a: [ 180.3543478] cpu1: End traceback... [ 180.3543478] fatal breakpoint trap in supervisor mode [ 180.3543478] trap type 1 code 0 rip 0xffffffff8021cd1d cs 0x8 rflags 0x246 cr2 0x771a62c04000 ilevel 0x8 rsp 0xffffa7817bdaf180 [ 180.3543478] curlwp 0xffffa78013915920 pid 763.2 lowest kstack 0xffffa7817bda82c0 Stopped in pid 763.2 (syz-executor.0) at netbsd:breakpoint+0x5: leave