[ 73.2620970] panic: ASan: Unauthorized Access In 0xffffffff81a82f19: Addr 0xffffc28013f6f182 [2 bytes, read, PoolRedZone] [ 73.2720958] cpu1: Begin traceback... [ 73.2921150] vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:292 [ 73.3620870] panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1088 [ 73.4220853] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:169 [inline] [ 73.4220853] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:201 [ 73.4720852] __asan_load2() at netbsd:__asan_load2+0x8c kasan_shadow_2byte_isvalid sys/kern/subr_asan.c:331 [inline] [ 73.4720852] __asan_load2() at netbsd:__asan_load2+0x8c kasan_shadow_check sys/kern/subr_asan.c:415 [inline] [ 73.4720852] __asan_load2() at netbsd:__asan_load2+0x8c sys/kern/subr_asan.c:1206 [ 73.5120848] ufs_rmdir() at netbsd:ufs_rmdir+0xc1 sys/ufs/ufs/ufs_vnops.c:1428 [ 73.5620853] VOP_RMDIR() at netbsd:VOP_RMDIR+0x173 sys/kern/vnode_if.c:1382 [ 73.6021031] union_rmdir() at netbsd:union_rmdir+0x15e sys/fs/union/union_vnops.c:1485 [ 73.6420842] VOP_RMDIR() at netbsd:VOP_RMDIR+0x173 sys/kern/vnode_if.c:1382 [ 73.6920846] do_sys_unlinkat() at netbsd:do_sys_unlinkat+0x64d sys/kern/vfs_syscalls.c:2890 [ 73.7420886] syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline] [ 73.7420886] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline] [ 73.7420886] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138 [ 73.7521133] --- syscall (number 137) --- [ 73.7721031] netbsd:syscall+0x25a: [ 73.7721031] cpu1: End traceback... [ 73.7820894] fatal breakpoint trap in supervisor mode [ 73.7820894] trap type 1 code 0 rip 0xffffffff8023241d cs 0x8 rflags 0x286 cr2 0x7f7fffd56fe0 ilevel 0 rsp 0xffffc282486c4960 [ 73.7920830] curlwp 0xffffc28012ad30c0 pid 2024.2024 lowest kstack 0xffffc282486bd2c0 Stopped in pid 2024.2024 (syz-executor.4) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69 vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:292 panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1088 kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:169 [inline] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:201 __asan_load2() at netbsd:__asan_load2+0x8c kasan_shadow_2byte_isvalid sys/kern/subr_asan.c:331 [inline] __asan_load2() at netbsd:__asan_load2+0x8c kasan_shadow_check sys/kern/subr_asan.c:415 [inline] __asan_load2() at netbsd:__asan_load2+0x8c sys/kern/subr_asan.c:1206 ufs_rmdir() at netbsd:ufs_rmdir+0xc1 sys/ufs/ufs/ufs_vnops.c:1428 VOP_RMDIR() at netbsd:VOP_RMDIR+0x173 sys/kern/vnode_if.c:1382 union_rmdir() at netbsd:union_rmdir+0x15e sys/fs/union/union_vnops.c:1485 VOP_RMDIR() at netbsd:VOP_RMDIR+0x173 sys/kern/vnode_if.c:1382 do_sys_unlinkat() at netbsd:do_sys_unlinkat+0x64d sys/kern/vfs_syscalls.c:2890 syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138 --- syscall (number 137) --- netbsd:syscall+0x25a: Panic string: ASan: Unauthorized Access In 0xffffffff81a82f19: Addr 0xffffc28013f6f182 [2 bytes, read, PoolRedZone] PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 1977 2087 3 0 0 ffffc28012d27b00 syz-executor.0 tstile 1977 2122 3 0 0 ffffc280133a3180 syz-executor.0 tstile 1977 1977 2 0 10000000 ffffc28012c28680 syz-executor.0 1099 1099 2 0 40000 ffffc28012cfe600 syz-executor.0 2024 >2024 7 1 40 ffffc28012ad30c0 syz-executor.4 942 1205 2 1 100 ffffc28013dc1b40 syz-execprog 942 941 3 0 180 ffffc28013d13a80 syz-execprog parked 942 1237 3 1 180 ffffc28013d13640 syz-execprog wait 942 930 3 1 180 ffffc28013d13200 syz-execprog parked 942 1245 3 1 180 ffffc28013d0fa40 syz-execprog parked 942 991 3 0 180 ffffc28013d0f600 syz-execprog parked 942 1240 3 0 180 ffffc28013d0f1c0 syz-execprog wait 942 1242 3 1 180 ffffc28012c7ab80 syz-execprog parked 942 1067 3 1 180 ffffc28012bcf180 syz-execprog parked 942 829 2 1 140 ffffc28013431700 syz-execprog 942 1244 3 0 180 ffffc280134312c0 syz-execprog parked 942 > 449 7 0 140 ffffc280133d4ac0 syz-execprog 942 942 3 1 180 ffffc28012b7a100 syz-execprog parked 1080 1080 3 0 180 ffffc28012b7a540 sshd select 1224 1224 3 0 180 ffffc280126eb780 getty nanoslp 1216 1216 3 1 180 ffffc280126eb340 getty nanoslp 1225 1225 3 1 180 ffffc280134b65c0 getty nanoslp 1184 1184 3 0 1c0 ffffc280134b6180 getty ttyraw 1103 1103 3 0 180 ffffc280133b7600 sshd select 954 954 3 0 180 ffffc28012d82040 powerd kqueue 876 876 3 0 180 ffffc28012d45b80 syslogd kqueue 559 559 3 0 180 ffffc28012c28ac0 dhcpcd poll 746 746 3 1 180 ffffc28012cd1100 dhcpcd poll 745 745 3 0 180 ffffc28012c386c0 dhcpcd poll 599 599 3 0 180 ffffc28012c94bc0 dhcpcd poll 487 487 3 0 180 ffffc28012dc70c0 dhcpcd poll 292 292 3 0 180 ffffc28012dad900 dhcpcd poll 485 485 3 0 180 ffffc28012dad4c0 dhcpcd poll 1 1 3 0 180 ffffc28012879180 init wait 0 673 3 0 200 ffffc280129a26c0 physiod physiod 0 196 3 1 200 ffffc280129a4700 pooldrain pooldrain 0 195 3 0 240 ffffc280129a42c0 ioflush tstile 0 194 3 0 200 ffffc280129a2b00 pgdaemon pgdaemon 0 169 3 0 200 ffffc28012962ac0 usb7 usbevt 0 172 3 0 200 ffffc28012962680 usb6 usbevt 0 170 3 0 200 ffffc28012962240 usb5 usbevt 0 168 3 0 200 ffffc28012914a80 usb4 usbevt 0 166 3 0 200 ffffc28012914640 usb3 usbevt 0 165 3 0 200 ffffc28012914200 usb2 usbevt 0 31 3 0 200 ffffc280128daa40 usb1 usbevt 0 63 3 0 200 ffffc280128da600 usb0 usbevt 0 126 3 1 200 ffffc280128da1c0 usbtask-dr usbtsk 0 125 3 1 200 ffffc28012879a00 usbtask-hc usbtsk 0 124 3 0 200 ffffc28010d77b00 swwreboot swwreboot 0 123 3 0 200 ffffc280128795c0 npfgc0 npfgcw 0 122 3 1 200 ffffc2801286b9c0 rt_free rt_free 0 121 3 1 200 ffffc2801286b580 unpgc unpgc 0 120 3 0 200 ffffc2801286b140 key_timehandler key_timehandler 0 119 3 1 200 ffffc2801271c980 icmp6_wqinput/1 icmp6_wqinput 0 118 3 0 200 ffffc2801271c540 icmp6_wqinput/0 icmp6_wqinput 0 117 3 0 200 ffffc2801271c100 nd6_timer nd6_timer 0 116 3 1 200 ffffc28012713940 carp6_wqinput/1 carp6_wqinput 0 115 3 0 200 ffffc28012713500 carp6_wqinput/0 carp6_wqinput 0 114 3 1 200 ffffc280127130c0 carp_wqinput/1 carp_wqinput 0 113 3 0 200 ffffc28012705900 carp_wqinput/0 carp_wqinput 0 112 3 1 200 ffffc280127054c0 icmp_wqinput/1 icmp_wqinput 0 111 3 0 200 ffffc28012705080 icmp_wqinput/0 icmp_wqinput 0 110 3 0 200 ffffc280126e8b80 rt_timer rt_timer 0 109 3 0 200 ffffc280126ec8c0 vmem_rehash vmem_rehash 0 100 3 0 200 ffffc280126e8300 entbutler entropy 0 99 3 1 200 ffffc280120beb40 viomb balloon 0 98 3 1 200 ffffc280120be700 vioif0_txrx/1 vioif0_txrx 0 97 3 0 200 ffffc280120be2c0 vioif0_txrx/0 vioif0_txrx 0 30 3 0 200 ffffc28010d776c0 scsibus0 sccomp 0 29 3 0 200 ffffc28010d77280 pms0 pmsreset 0 28 3 1 200 ffffc28010cbdac0 xcall/1 xcall 0 27 1 1 200 ffffc28010cbd680 softser/1 0 26 1 1 200 ffffc28010cbd240 softclk/1 0 25 1 1 200 ffffc28010cb9a80 softbio/1 0 24 1 1 200 ffffc28010cb9640 softnet/1 0 23 1 1 201 ffffc28010cb9200 idle/1 0 22 3 0 200 ffffc2800f756a40 lnxsyswq lnxsyswq 0 21 3 0 200 ffffc2800f756600 lnxubdwq lnxubdwq 0 20 3 0 200 ffffc2800f7561c0 lnxpwrwq lnxpwrwq 0 19 3 0 200 ffffc2800f755a00 lnxlngwq lnxlngwq 0 18 3 0 200 ffffc2800f7555c0 lnxhipwq lnxhipwq 0 17 3 0 200 ffffc2800f755180 lnxrcugc lnxrcugc 0 16 3 0 200 ffffc2800f74e9c0 sysmon smtaskq 0 15 3 0 200 ffffc2800f74e580 pmfsuspend pmfsuspend 0 14 3 0 200 ffffc2800f74e140 pmfevent pmfevent 0 13 3 0 200 ffffc2800f74b980 sopendfree sopendfr 0 12 3 0 200 ffffc2800f74b540 ifwdog ifwdog 0 11 3 1 200 ffffc2800f74b100 iflnkst iflnkst 0 10 3 0 200 ffffc2800f73e940 nfssilly nfssilly 0 9 3 0 200 ffffc2800f73e500 vdrain vdrain 0 8 3 1 200 ffffc2800f73e0c0 modunload mod_unld 0 7 3 0 200 ffffc2800f733900 xcall/0 xcall 0 6 1 0 200 ffffc2800f7334c0 softser/0 0 5 1 0 200 ffffc2800f733080 softclk/0 0 4 1 0 200 ffffc2800f7318c0 softbio/0 0 3 1 0 200 ffffc2800f731480 softnet/0 0 2 1 0 201 ffffc2800f731040 idle/0 0 0 3 0 200 ffffffff83343700 swapper uvm [Locks tracked through LWPs] ****** LWP 1099.1099 (syz-executor.0) @ 0xffffc28012cfe600, l_stat=2 *** Locks held: * Lock 0 (initialized at netbsd:amap_ctor+0x39 sys/uvm/uvm_amap.c:265) lock address : ffffc28013cf5a00 type : sleep/adaptive initialized : netbsd:amap_ctor+0x39 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffc28012cfe600 last held: 0xffffc28012cfe600 last locked* : netbsd:uvm_fault_internal+0x88a unlocked : netbsd:uvm_fault_upper_enter+0x366 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 2024.2024 (syz-executor.4) @ 0xffffc28012ad30c0, l_stat=7 *** Locks held: * Lock 0 (initialized at netbsd:vcache_alloc+0x3e sys/kern/vfs_vnode.c:1376) lock address : ffffc28013ff4cc0 type : sleep/adaptive initialized : netbsd:vcache_alloc+0x3e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc28012ad30c0 last held: 0xffffc28012ad30c0 last locked* : netbsd:genfs_lock+0x160 unlocked : netbsd:genfs_unlock+0x2a owner/count : 0xffffc28012ad30c0 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at netbsd:vcache_alloc+0x3e sys/kern/vfs_vnode.c:1376) lock address : ffffc28013ff8200 type : sleep/adaptive initialized : netbsd:vcache_alloc+0x3e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc28012ad30c0 last held: 0xffffc28012ad30c0 last locked* : netbsd:genfs_lock+0x160 unlocked : netbsd:genfs_unlock+0x2a owner/count : 0xffffc28012ad30c0 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 942.1205 (syz-execprog) @ 0xffffc28013dc1b40, l_stat=2 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:vcache_alloc+0x4a sys/kern/vfs_vnode.c:1376) lock address : ffffc28013fbbd40 type : sleep/adaptive initialized : netbsd:vcache_alloc+0x4a shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc28013dc1b40 last held: 000000000000000000 last locked : netbsd:vput+0xee unlocked* : netbsd:vrelel+0x4ee owner field : 0xffffc28013dc1b40 wait/spin: 1/0 Turnstile: => 0 waiting readers: => 1 waiting writers: 0xffffc280129a42c0 ****** LWP 746.746 (dhcpcd) @ 0xffffc28012cd1100, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132) lock address : netbsd:module_hook type : sleep/adaptive initialized : netbsd:module_hook_init+0x1c shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffc28012cd1100 last held: 000000000000000000 last locked : 0 unlocked* : 0 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 745.745 (dhcpcd) @ 0xffffc28012c386c0, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132) lock address : netbsd:module_hook type : sleep/adaptive initialized : netbsd:module_hook_init+0x1c shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffc28012c386c0 last held: 000000000000000000 last locked : 0 unlocked* : 0 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 292.292 (dhcpcd) @ 0xffffc28012dad900, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132) lock address : netbsd:module_hook type : sleep/adaptive initialized : netbsd:module_hook_init+0x1c shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffc28012dad900 last held: 000000000000000000 last locked : 0 unlocked* : 0 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 485.485 (dhcpcd) @ 0xffffc28012dad4c0, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132) lock address : netbsd:module_hook type : sleep/adaptive initialized : netbsd:module_hook_init+0x1c shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffc28012dad4c0 last held: 000000000000000000 last locked : 0 unlocked* : 0 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 0.11 (iflnkst) @ 0xffffc2800f74b100, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132) lock address : netbsd:module_hook type : sleep/adaptive initialized : netbsd:module_hook_init+0x1c shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffc2800f74b100 last held: 000000000000000000 last locked : 0 unlocked* : 0 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 0.5 (softclk/0) @ 0xffffc2800f733080, l_stat=1 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132) lock address : netbsd:module_hook type : sleep/adaptive initialized : netbsd:module_hook_init+0x1c shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffc2800f733080 last held: 000000000000000000 last locked : 0 unlocked* : 0 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 0.0 (swapper) @ 0xffffffff83343700, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132) lock address : netbsd:module_hook type : sleep/adaptive initialized : netbsd:module_hook_init+0x1c shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant c