Dec 14 23:58:35 ci2-netbsd-4 getty[526]: /dev/ttyE3: Device not configured NetBSD/amd64 (ci2-netbsd-4.c.syzkaller.internal) (console) login: Dec 14 23:58:35 ci2-netbsd-4 getty[587]: /dev/ttyE1: Device not configured Warning: Permanently added '10.128.1.36' (ECDSA) to the list of known hosts. 2019/12/14 23:58:46 fuzzer started 2019/12/14 23:58:46 dialing manager at 10.128.0.105:46033 2019/12/14 23:58:47 syscalls: 215 2019/12/14 23:58:47 code coverage: enabled 2019/12/14 23:58:47 comparison tracing: enabled 2019/12/14 23:58:47 extra coverage: support is not implemented in syzkaller 2019/12/14 23:58:47 setuid sandbox: support is not implemented in syzkaller 2019/12/14 23:58:47 namespace sandbox: support is not implemented in syzkaller 2019/12/14 23:58:47 Android sandbox: support is not implemented in syzkaller 2019/12/14 23:58:47 fault injection: support is not implemented in syzkaller 2019/12/14 23:58:47 leak checking: support is not implemented in syzkaller 2019/12/14 23:58:47 net packet injection: support is not implemented in syzkaller 2019/12/14 23:58:47 net device setup: support is not implemented in syzkaller 2019/12/14 23:58:47 concurrency sanitizer: support is not implemented in syzkaller 2019/12/14 23:58:47 devlink PCI setup: support is not implemented in syzkaller 23:58:54 executing program 0: clock_nanosleep(0x75cca5a7b239673e, 0x0, &(0x7f0000002840), 0x0) 23:58:54 executing program 1: r0 = __clone(0x0, 0x0) ptrace(0x9, r0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ptrace(0x2, r0, &(0x7f0000000000), 0x0) 23:58:54 executing program 2: r0 = open(&(0x7f0000000100)='./file0\x00', 0xe1e, 0x0) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0, 0x0) preadv(r1, &(0x7f00000003c0)=[{0x0}], 0x1, 0x0) 23:58:54 executing program 3: ptrace(0x7, 0x0, &(0x7f0000000000), 0x0) r0 = __clone(0x0, 0x0) ptrace(0x9, r0, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB], 0xa) wait4(r0, &(0x7f0000000040), 0x6, &(0x7f0000000080)) 23:58:54 executing program 4: setitimer(0x0, &(0x7f0000000000)={{}, {0x6}}, 0x0) setitimer(0x0, &(0x7f0000000040), 0x0) getitimer(0x0, &(0x7f00000001c0)) 23:58:54 executing program 5: __clone(0x91a3a8f1a4a00414, 0x0) wait4(0x0, 0x0, 0x20000, 0x0) 23:58:57 executing program 3: clock_settime(0x0, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x200000000000c, &(0x7f0000000000)="ea00005c00000000", 0x8) r1 = dup(r0) setsockopt$inet_opts(r1, 0x0, 0x200000000000d, &(0x7f0000000080)="ea00005c00000000", 0x8) 23:58:57 executing program 1: chroot(&(0x7f0000000140)='.\x00') mknod$loop(&(0x7f0000000080)='./file0\x00', 0x6000, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 23:58:58 executing program 3: r0 = socket(0x18, 0x400000002, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000001c0)=0xc) r1 = socket(0x18, 0x2, 0x0) connect$unix(r1, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) getsockname$unix(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b276f69efeb8a878049f5a8100000000000000000000000000000000000000000000000000314741f79296462900"/110], &(0x7f0000000040)=0x6e) msgsnd(0x0, &(0x7f0000000000)={0x3}, 0x8, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) close(r0) r2 = socket(0x18, 0x3, 0x0) connect$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) write(r0, &(0x7f0000000000)="baf2a3ac324f5d5b", 0x20f) 23:58:58 executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) paccept(r1, 0x0, 0x0, 0x20000000) connect(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="0100e91f7189591e9233614b008effbe634d34182a26cd9c34eafe13da3c947d4a975fa036a539f955d1082630bd7f0ed887b711ce4572e2b0bec90212636458f9a90e88d7589d97704c99e66ab6c5fc2b9f743ea7d29de9603cdb19897fd9324ccc0292f179eb7f5a70d6bdd597165b4b0ffb9d7616203f0066d595178a71eda3ccc550794d9b49f846c348e8d7f3ff62fac9ca4432a25bc7d526709600d3e09c66b8edb7e202616ccb63f5063a6d2bb9f8f6d2373f6d13b4a0e5a69a3206dbb9c61c02b72bad7c2c77f527dbba2a078683f7679637b266ee4f5365f115da8e3b3a3699d508baf4833f1d559e5ab5fa06649285adc6afdafff867a547d5a0d467938c94449b41e8ae50558fdf6a6f9584f044946c648df75e31f67e19577dbd3241a688b35a1cb7230fc39383d1a948ffbde714a696aaea2a3149fc63086e4399912b7e9bd457ff030000d65af94c0d3f1873ab00"/358], 0xc) [ 67.2671986] WARNING: module error: vfs load failed for `mcd', error 2 23:58:58 executing program 4: clock_nanosleep(0x20000000, 0xa3144639bafbb38f, &(0x7f0000000040)={0x0, 0x778}, 0x0) [ 67.4675037] WARNING: module error: vfs load failed for `mcd', error 2 23:58:58 executing program 1: setuid(0xee01) r0 = socket(0x18, 0x1, 0x0) setsockopt(r0, 0x0, 0x80000000000000c, &(0x7f0000000180), 0x14) 23:58:58 executing program 4: r0 = socket$inet6(0x18, 0x3, 0x0) r1 = socket$inet6(0x18, 0x3, 0x0) r2 = dup2(r0, r1) getsockopt(r2, 0x200000029, 0x1c, 0x0, 0x0) 23:58:58 executing program 5: socket(0x0, 0x0, 0x0) socket(0x0, 0x0, 0x0) r0 = socket(0x1f, 0x3, 0x0) getsockopt$sock_int(r0, 0xffff, 0x1003, 0x0, 0x0) [ 67.9782832] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 73 command syz-executor.2) [ 68.0383727] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 73 command syz-executor.2) 23:58:59 executing program 2: open(&(0x7f0000000040)='./file0\x00', 0x2070e, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fcntl$setown(r0, 0x6, 0xffffffffffffffff) 23:58:59 executing program 1: setuid(0xee01) r0 = socket(0x18, 0x1, 0x0) setsockopt(r0, 0x0, 0x80000000000000c, &(0x7f0000000180), 0x14) 23:58:59 executing program 0: setpgid(0x0, 0x0) r0 = getppid() __clone(0x0, 0x0) setpgid(0x0, r0) 23:58:59 executing program 4: r0 = socket$inet6(0x18, 0x3, 0x0) r1 = socket$inet6(0x18, 0x3, 0x0) r2 = dup2(r0, r1) getsockopt(r2, 0x200000029, 0x1c, 0x0, 0x0) 23:58:59 executing program 3: r0 = socket(0x18, 0x400000002, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000001c0)=0xc) r1 = socket(0x18, 0x2, 0x0) connect$unix(r1, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) getsockname$unix(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b276f69efeb8a878049f5a8100000000000000000000000000000000000000000000000000314741f79296462900"/110], &(0x7f0000000040)=0x6e) msgsnd(0x0, &(0x7f0000000000)={0x3}, 0x8, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) close(r0) r2 = socket(0x18, 0x3, 0x0) connect$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) write(r0, &(0x7f0000000000)="baf2a3ac324f5d5b", 0x20f) 23:58:59 executing program 5: r0 = socket(0x18, 0x400000002, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000001c0)=0xc) r1 = socket(0x18, 0x2, 0x0) connect$unix(r1, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) getsockname$unix(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b276f69efeb8a878049f5a8100000000000000000000000000000000000000000000000000314741f79296462900"/110], &(0x7f0000000040)=0x6e) msgsnd(0x0, &(0x7f0000000000)={0x3}, 0x8, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) close(r0) r2 = socket(0x18, 0x3, 0x0) connect$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) write(r0, &(0x7f0000000000)="baf2a3ac324f5d5b", 0x20f) 23:58:59 executing program 4: r0 = socket$inet6(0x18, 0x3, 0x0) r1 = socket$inet6(0x18, 0x3, 0x0) r2 = dup2(r0, r1) getsockopt(r2, 0x200000029, 0x1c, 0x0, 0x0) 23:58:59 executing program 1: setuid(0xee01) r0 = socket(0x18, 0x1, 0x0) setsockopt(r0, 0x0, 0x80000000000000c, &(0x7f0000000180), 0x14) 23:58:59 executing program 2: r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x2020231, 0x0) writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000000), 0x2cfea}], 0x1000000000000013) setsockopt(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) writev(r0, &(0x7f0000000280), 0xd) write(r0, 0x0, 0x454) fdatasync(r0) 23:58:59 executing program 0: munmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0) mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000) mincore(&(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000)=""/4096) 23:58:59 executing program 4: r0 = socket$inet6(0x18, 0x3, 0x0) r1 = socket$inet6(0x18, 0x3, 0x0) r2 = dup2(r0, r1) getsockopt(r2, 0x200000029, 0x1c, 0x0, 0x0) 23:59:00 executing program 1: setuid(0xee01) r0 = socket(0x18, 0x1, 0x0) setsockopt(r0, 0x0, 0x80000000000000c, &(0x7f0000000180), 0x14) 23:59:00 executing program 0: r0 = socket$inet(0x2, 0x20000000000002, 0x0) sendto$inet(r0, &(0x7f0000000280)="8a28580839e9541d782574a57f8046bdd513e60a0ad88c447bf990a4518244fc4bc844918ea0237c", 0x28, 0x4000800, &(0x7f0000000180)={0x2, 0x0}, 0x10) 23:59:00 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) symlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0/file0\x00') rename(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000140)='./file2\x00') 23:59:00 executing program 3: r0 = socket(0x18, 0x400000002, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000001c0)=0xc) r1 = socket(0x18, 0x2, 0x0) connect$unix(r1, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) getsockname$unix(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b276f69efeb8a878049f5a8100000000000000000000000000000000000000000000000000314741f79296462900"/110], &(0x7f0000000040)=0x6e) msgsnd(0x0, &(0x7f0000000000)={0x3}, 0x8, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) close(r0) r2 = socket(0x18, 0x3, 0x0) connect$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) write(r0, &(0x7f0000000000)="baf2a3ac324f5d5b", 0x20f) 23:59:00 executing program 0: r0 = socket$inet(0x2, 0x20000000000002, 0x0) sendto$inet(r0, &(0x7f0000000280)="8a28580839e9541d782574a57f8046bdd513e60a0ad88c447bf990a4518244fc4bc844918ea0237c", 0x28, 0x4000800, &(0x7f0000000180)={0x2, 0x0}, 0x10) 23:59:00 executing program 4: r0 = __clone(0x0, 0x0) ptrace(0x9, r0, 0x0, 0x0) wait4(r0, &(0x7f0000000040), 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ptrace(0x7, r0, &(0x7f0000000000), 0xfffffffffffffffd) 23:59:00 executing program 5: r0 = socket(0x18, 0x400000002, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000001c0)=0xc) r1 = socket(0x18, 0x2, 0x0) connect$unix(r1, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) getsockname$unix(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b276f69efeb8a878049f5a8100000000000000000000000000000000000000000000000000314741f79296462900"/110], &(0x7f0000000040)=0x6e) msgsnd(0x0, &(0x7f0000000000)={0x3}, 0x8, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) close(r0) r2 = socket(0x18, 0x3, 0x0) connect$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) write(r0, &(0x7f0000000000)="baf2a3ac324f5d5b", 0x20f) 23:59:00 executing program 0: r0 = socket$inet(0x2, 0x20000000000002, 0x0) sendto$inet(r0, &(0x7f0000000280)="8a28580839e9541d782574a57f8046bdd513e60a0ad88c447bf990a4518244fc4bc844918ea0237c", 0x28, 0x4000800, &(0x7f0000000180)={0x2, 0x0}, 0x10) 23:59:00 executing program 3: r0 = socket(0x18, 0x400000002, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000001c0)=0xc) r1 = socket(0x18, 0x2, 0x0) connect$unix(r1, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) getsockname$unix(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b276f69efeb8a878049f5a8100000000000000000000000000000000000000000000000000314741f79296462900"/110], &(0x7f0000000040)=0x6e) msgsnd(0x0, &(0x7f0000000000)={0x3}, 0x8, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) close(r0) r2 = socket(0x18, 0x3, 0x0) connect$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) write(r0, &(0x7f0000000000)="baf2a3ac324f5d5b", 0x20f) 23:59:01 executing program 2: r0 = __clone(0x0, 0x0) ptrace(0x9, r0, 0x0, 0x0) wait4(r0, &(0x7f0000000040), 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ptrace(0x7, r0, &(0x7f0000000000), 0xfffffffffffffffd) 23:59:01 executing program 4: r0 = __clone(0x0, 0x0) ptrace(0x9, r0, 0x0, 0x0) wait4(r0, &(0x7f0000000040), 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ptrace(0x7, r0, &(0x7f0000000000), 0xfffffffffffffffd) 23:59:01 executing program 0: r0 = socket$inet(0x2, 0x20000000000002, 0x0) sendto$inet(r0, &(0x7f0000000280)="8a28580839e9541d782574a57f8046bdd513e60a0ad88c447bf990a4518244fc4bc844918ea0237c", 0x28, 0x4000800, &(0x7f0000000180)={0x2, 0x0}, 0x10) 23:59:01 executing program 3: r0 = __clone(0x0, 0x0) ptrace(0x9, r0, 0x0, 0x0) wait4(r0, &(0x7f0000000040), 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ptrace(0x7, r0, &(0x7f0000000000), 0xfffffffffffffffd) 23:59:01 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) symlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0/file0\x00') rename(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000140)='./file2\x00') 23:59:01 executing program 2: r0 = __clone(0x0, 0x0) ptrace(0x9, r0, 0x0, 0x0) wait4(r0, &(0x7f0000000040), 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ptrace(0x7, r0, &(0x7f0000000000), 0xfffffffffffffffd) 23:59:01 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) symlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0/file0\x00') rename(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000140)='./file2\x00') 23:59:02 executing program 5: r0 = socket(0x18, 0x400000002, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000001c0)=0xc) r1 = socket(0x18, 0x2, 0x0) connect$unix(r1, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7}, 0x1c) getsockname$unix(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b276f69efeb8a878049f5a8100000000000000000000000000000000000000000000000000314741f79296462900"/110], &(0x7f0000000040)=0x6e) msgsnd(0x0, &(0x7f0000000000)={0x3}, 0x8, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) close(r0) r2 = socket(0x18, 0x3, 0x0) connect$unix(r2, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) write(r0, &(0x7f0000000000)="baf2a3ac324f5d5b", 0x20f) 23:59:02 executing program 4: r0 = __clone(0x0, 0x0) ptrace(0x9, r0, 0x0, 0x0) wait4(r0, &(0x7f0000000040), 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ptrace(0x7, r0, &(0x7f0000000000), 0xfffffffffffffffd) 23:59:02 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) symlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0/file0\x00') rename(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000140)='./file2\x00') 23:59:02 executing program 2: r0 = __clone(0x0, 0x0) ptrace(0x9, r0, 0x0, 0x0) wait4(r0, &(0x7f0000000040), 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ptrace(0x7, r0, &(0x7f0000000000), 0xfffffffffffffffd) 23:59:03 executing program 3: r0 = __clone(0x0, 0x0) ptrace(0x9, r0, 0x0, 0x0) wait4(r0, &(0x7f0000000040), 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ptrace(0x7, r0, &(0x7f0000000000), 0xfffffffffffffffd) 23:59:03 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) symlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0/file0\x00') rename(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000140)='./file2\x00') 23:59:03 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) symlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0/file0\x00') rename(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000140)='./file2\x00') 23:59:03 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) symlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0/file0\x00') rename(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000140)='./file2\x00') 23:59:03 executing program 2: setregid(0xffffffffffffffff, 0x0) 23:59:03 executing program 4: r0 = __clone(0x0, 0x0) ptrace(0x9, r0, 0x0, 0x0) wait4(r0, &(0x7f0000000040), 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ptrace(0x7, r0, &(0x7f0000000000), 0xfffffffffffffffd) 23:59:04 executing program 3: r0 = __clone(0x0, 0x0) ptrace(0x9, r0, 0x0, 0x0) wait4(r0, &(0x7f0000000040), 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) ptrace(0x7, r0, &(0x7f0000000000), 0xfffffffffffffffd) 23:59:04 executing program 2: mkdir(0x0, 0x0) r0 = socket(0x2, 0x1, 0x0) getsockopt$inet_opts(r0, 0x0, 0x1, 0x0, &(0x7f00000000c0)) 23:59:04 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) symlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0/file0\x00') rename(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000140)='./file2\x00') 23:59:04 executing program 4: mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) __clone(0x0, &(0x7f00000004c0)) mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) 23:59:04 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) symlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0/file0\x00') rename(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000140)='./file2\x00') 23:59:04 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) symlink(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0/file0\x00') rename(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000140)='./file2\x00') 23:59:04 executing program 4: mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) __clone(0x0, &(0x7f00000004c0)) mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) 23:59:05 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) setuid(0xee01) chdir(&(0x7f0000000040)='./file0\x00') 23:59:05 executing program 3: r0 = socket(0x2, 0x3, 0x0) fcntl$setstatus(r0, 0x4, 0x8297b6cb83223ebf) shutdown(r0, 0x1) symlink(0x0, 0x0) 23:59:05 executing program 2: r0 = socket(0x2, 0x2, 0x0) sendmsg(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@in={0x2, 0x2}, 0xc, &(0x7f0000000200), 0x0, &(0x7f0000000380)=[{0x10}], 0x10}, 0x0) 23:59:05 executing program 5: r0 = open(&(0x7f00000014c0)='./file0\x00', 0x208, 0x0) pread(0xffffffffffffffff, 0x0, 0x0, 0x0) fchroot(r0) 23:59:05 executing program 3: r0 = socket(0x2, 0x3, 0x0) fcntl$setstatus(r0, 0x4, 0x8297b6cb83223ebf) shutdown(r0, 0x1) symlink(0x0, 0x0) 23:59:05 executing program 2: msgsnd(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="62780ff3162998913ea4900989feddcc3d043057e48b9ea3ca4768db64e841b6feade1b0c281959a86a89eceae1385ea07"], 0x1, 0x0) select(0x14e, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x306}, 0x0, 0x0) _lwp_create(&(0x7f0000000140)={0x4, 0x0, {}, {}, {0x0, 0x0, '}\x00'}}, 0x0, 0x0) 23:59:05 executing program 1: setrlimit(0x9, &(0x7f0000000040)) socket(0x1f, 0x5, 0x2) 23:59:06 executing program 3: r0 = socket(0x2, 0x3, 0x0) fcntl$setstatus(r0, 0x4, 0x8297b6cb83223ebf) shutdown(r0, 0x1) symlink(0x0, 0x0) 23:59:06 executing program 4: mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) __clone(0x0, &(0x7f00000004c0)) mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) 23:59:06 executing program 0: r0 = socket(0x12, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000000340)="1d", 0x1, 0x0, &(0x7f0000000000)={0x18, 0x1}, 0xc) 23:59:06 executing program 1: fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0xfff}) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2}) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs={0x682eb13985c518e6, 0x7, 0x0}, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket(0x18, 0x2, 0x0) setsockopt(r0, 0x1000000029, 0x2e, &(0x7f0000000000)="ebffcbff13b9fd812eaa4e713048e69931929648", 0x14) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 23:59:06 executing program 3: r0 = socket(0x2, 0x3, 0x0) fcntl$setstatus(r0, 0x4, 0x8297b6cb83223ebf) shutdown(r0, 0x1) symlink(0x0, 0x0) 23:59:06 executing program 5: r0 = socket(0x18, 0x1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt(r0, 0x29, 0x1b, &(0x7f0000000240)="1900b882", 0x4) 23:59:06 executing program 0: r0 = socket(0x12, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000000340)="1d", 0x1, 0x0, &(0x7f0000000000)={0x18, 0x1}, 0xc) 23:59:07 executing program 3: r0 = socket(0x2, 0x3, 0x0) connect(r0, &(0x7f0000000000)=@in={0x2, 0x2}, 0xc) 23:59:07 executing program 1: socket(0x1f, 0x0, 0x0) r0 = socket(0x1d, 0x3, 0x0) getsockname$unix(r0, &(0x7f0000001200)=@file={0x0, ""/9}, &(0x7f0000001240)=0xb) 23:59:07 executing program 5: r0 = socket(0x18, 0x1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt(r0, 0x29, 0x1b, &(0x7f0000000240)="1900b882", 0x4) 23:59:07 executing program 4: mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) __clone(0x0, &(0x7f00000004c0)) mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) 23:59:07 executing program 2: pipe(&(0x7f0000000740)={0xffffffffffffffff}) listen(r0, 0x0) 23:59:07 executing program 3: r0 = socket(0x2, 0x3, 0x0) connect(r0, &(0x7f0000000000)=@in={0x2, 0x2}, 0xc) 23:59:07 executing program 0: r0 = socket(0x12, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000000340)="1d", 0x1, 0x0, &(0x7f0000000000)={0x18, 0x1}, 0xc) 23:59:07 executing program 0: r0 = socket(0x12, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000000340)="1d", 0x1, 0x0, &(0x7f0000000000)={0x18, 0x1}, 0xc) 23:59:07 executing program 5: r0 = socket(0x18, 0x1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt(r0, 0x29, 0x1b, &(0x7f0000000240)="1900b882", 0x4) 23:59:08 executing program 2: select(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x0, 0x2}) 23:59:08 executing program 1: socket$inet(0x2, 0x3, 0x6) 23:59:08 executing program 0: mlockall(0x4) 23:59:08 executing program 4: semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000080)={{0x7fffff, 0x0, 0xffffffffffffffff}}) 23:59:08 executing program 3: r0 = socket(0x2, 0x3, 0x0) connect(r0, &(0x7f0000000000)=@in={0x2, 0x2}, 0xc) 23:59:08 executing program 2: select(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x0, 0x2}) 23:59:08 executing program 0: mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) munlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) 23:59:08 executing program 4: r0 = getpid() ptrace(0x9, r0, 0x0, 0x0) 23:59:08 executing program 3: r0 = socket(0x2, 0x3, 0x0) connect(r0, &(0x7f0000000000)=@in={0x2, 0x2}, 0xc) 23:59:08 executing program 5: r0 = socket(0x18, 0x1, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt(r0, 0x29, 0x1b, &(0x7f0000000240)="1900b882", 0x4) 23:59:08 executing program 2: select(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x0, 0x2}) 23:59:08 executing program 1: r0 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x60e, 0x0) writev(r1, &(0x7f0000000300)=[{&(0x7f0000004180)='%', 0x1}], 0x1) mmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x4, 0xa10, r1, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x10, r0, 0x0, 0x0) mlock(&(0x7f0000000000/0x4000)=nil, 0x4000) 23:59:08 executing program 4: r0 = getpid() ptrace(0x9, r0, 0x0, 0x0) 23:59:09 executing program 5: mprotect(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x7) 23:59:09 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$getflags(r0, 0x3) 23:59:09 executing program 3: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x6000, 0xffffffffffffffff) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)) [ 78.3238972] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 477 command syz-executor.1) [ 78.4140347] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 477 command syz-executor.1) 23:59:09 executing program 5: open$dir(&(0x7f0000000000)='./file0\x00', 0x2020231, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) 23:59:09 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f00000000c0)="42d38d3f2d348eda0bf3c1171ee4a167940b69ff3a6abcbdccbb80abcee33348bd348720af97133d1334f63cd2efe89bdbda6f927bf4d33fc52140d760be5e84", 0x40}], 0x1) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)="c2c25130d92a09d55e89e668772a2c18d145a52289848481eac9aa71b4f0342bcf5bfa32b3156c22963a41864a04155834f8c54abd331494", 0x38) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000000700)='./file0\x00') unlink(&(0x7f0000000080)='./file0/file0\x00') 23:59:09 executing program 2: select(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000080)={0x0, 0x2}) [ 78.9047751] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 477 command syz-executor.1) [ 78.9047751] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 477 command syz-executor.1) 23:59:09 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000100)=@abs={0x1, 0x0, 0x2}, 0x8) 23:59:09 executing program 4: r0 = getpid() ptrace(0x9, r0, 0x0, 0x0) 23:59:09 executing program 1: r0 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x60e, 0x0) writev(r1, &(0x7f0000000300)=[{&(0x7f0000004180)='%', 0x1}], 0x1) mmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x4, 0xa10, r1, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x10, r0, 0x0, 0x0) mlock(&(0x7f0000000000/0x4000)=nil, 0x4000) 23:59:09 executing program 0: open(0x0, 0x0, 0x0) msgget$private(0x0, 0x0) r0 = socket(0x2, 0x2, 0x0) getsockname(r0, 0x0, 0x0) 23:59:10 executing program 4: r0 = getpid() ptrace(0x9, r0, 0x0, 0x0) [ 79.4255582] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 290 command syz-executor.1) 23:59:10 executing program 4: munmap(&(0x7f0000001000/0x2000)=nil, 0x2000) r0 = socket(0x18, 0x2, 0x0) bind(r0, &(0x7f0000000600)=@in6={0x18, 0x0}, 0xc) getsockname$inet6(r0, &(0x7f0000000000), &(0x7f0000000040)=0xc) r1 = shmget(0xffffffffffffffff, 0x1000, 0x0, &(0x7f0000002000/0x1000)=nil) shmat(r1, &(0x7f0000002000/0x4000)=nil, 0x0) mprotect(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x2) 23:59:10 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f0000000100)=@abs={0x1, 0x0, 0x2}, 0x8) 23:59:10 executing program 0: open(0x0, 0x0, 0x0) msgget$private(0x0, 0x0) r0 = socket(0x2, 0x2, 0x0) getsockname(r0, 0x0, 0x0) [ 79.4656208] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 290 command syz-executor.1) 23:59:10 executing program 5: _lwp_getname(0x0, &(0x7f0000000040)=""/3, 0x3) 23:59:10 executing program 1: r0 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x60e, 0x0) writev(r1, &(0x7f0000000300)=[{&(0x7f0000004180)='%', 0x1}], 0x1) mmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x4, 0xa10, r1, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x10, r0, 0x0, 0x0) mlock(&(0x7f0000000000/0x4000)=nil, 0x4000) [ 79.8962709] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 682 command syz-executor.1) [ 79.9263192] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 682 command syz-executor.1) [ 80.0665260] panic: kernel diagnostic assertion "pmap->pm_ncsw == curlwp->l_ncsw" failed: file "/syzkaller/managers/netbsd/kernel/sys/arch/x86/x86/pmap.c", line 700 [ 80.0765284] cpu1: Begin traceback... [ 80.0965783] vpanic() at netbsd:vpanic+0x241 [ 80.1166159] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 80.1466534] pmap_unmap_ptes() at netbsd:pmap_unmap_ptes+0x1c7 [ 80.1767008] pmap_remove() at netbsd:pmap_remove+0x491 [ 80.2067431] uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x61b [ 80.2367886] uvm_unmap1() at netbsd:uvm_unmap1+0xd0 [ 80.2568181] lwp_ctl_exit() at netbsd:lwp_ctl_exit+0x15a [ 80.2868615] exit1() at netbsd:exit1+0x26f [ 80.3068915] sys_exit() at netbsd:sys_exit+0x77 [ 80.3369369] syscall() at netbsd:syscall+0x559 [ 80.3469490] --- syscall (number 1) --- [ 80.3669822] 76df10399a6a: [ 80.3669822] cpu1: End traceback... [ 80.3669822] fatal breakpoint trap in supervisor mode [ 80.3770283] trap type 1 code 0 rip 0xffffffff8021ccb5 cs 0x8 rflags 0x246 cr2 0x74187829d000 ilevel 0 rsp 0xffffd0817a4af6a0 [ 80.3870260] curlwp 0xffffd08012030a40 pid 264.1 lowest kstack 0xffffd0817a4a82c0 Stopped in pid 264.1 (syz-executor.5) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xe9 vpanic() at netbsd:vpanic+0x241 _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure pmap_unmap_ptes() at netbsd:pmap_unmap_ptes+0x1c7 pmap_remove() at netbsd:pmap_remove+0x491 uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x61b uvm_unmap1() at netbsd:uvm_unmap1+0xd0 lwp_ctl_exit() at netbsd:lwp_ctl_exit+0x15a exit1() at netbsd:exit1+0x26f sys_exit() at netbsd:sys_exit+0x77 syscall() at netbsd:syscall+0x559 --- syscall (number 1) --- 76df10399a6a: ds 5d0 es 2f8 fs f680 gs f6d0 rdi ffffd0800cb1a458 rsi ffffd08012030d28 rbp ffffd0817a4af6a0 rbx ffffd0816ca80000 rdx 2 rcx ffffffff80d00841 db_panic+0xd5 rax 0 r8 4 r9 1ffffffff0553818 r10 ffffffff82a9c0c3 db_onpanic+0x3 r11 10 r12 ffffd0816ca92000 r13 ffffffff81c22540 platform_private_nodes+0x140 r14 ffffd0817a4af730 r15 ffffd0816ca80060 rip ffffffff8021ccb5 breakpoint+0x5 cs 8 rflags 246 rsp ffffd0817a4af6a0 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 850 3 1 0 0 ffffd0801304e740 syz-executor.2 850 1 3 0 0 ffffd08011415920 syz-executor.2 tstile 264 > 1 7 1 10000000 ffffd08012030a40 syz-executor.5 818 4 3 1 80 ffffd08012030600 syz-executor.3 parked 818 3 3 0 80 ffffd080113d3040 syz-executor.3 parked 818 1 2 1 10040000 ffffd080115266a0 syz-executor.3 747 3 3 1 80 ffffd08012d4e220 syz-executor.4 parked 686 3 3 1 80 ffffd08011fd14e0 syz-executor.2 parked 529 3 3 1 80 ffffd080114150a0 syz-executor.0 parked 97 3 3 1 80 ffffd08011338b60 syz-executor.5 parked 547 1 2 1 0 ffffd08012f1d280 syz-executor.5 497 1 3 0 80 ffffd08012e77ae0 syz-executor.4 pipe_rd 542 1 2 1 0 ffffd08012e776a0 syz-executor.3 612 1 3 0 0 ffffd08012e42ac0 syz-executor.2 tstile 40 1 2 1 0 ffffd08012e42680 syz-executor.1 41 1 3 1 80 ffffd08012e42240 syz-executor.0 pipe_rd 389 11 3 0 80 ffffd08012e77260 syz-fuzzer parked 389 10 3 1 80 ffffd080110d4a00 syz-fuzzer parked 389 9 3 0 80 ffffd08012d4eaa0 syz-fuzzer kqueue 389 8 3 0 80 ffffd08012d4e660 syz-fuzzer parked 389 7 3 0 80 ffffd08011f8e8e0 syz-fuzzer parked 389 6 3 0 80 ffffd08011f8e4a0 syz-fuzzer parked 389 5 3 0 80 ffffd08011f808c0 syz-fuzzer parked 389 4 3 1 80 ffffd08011f80040 syz-fuzzer parked 389 3 3 1 80 ffffd080120235e0 syz-fuzzer parked 389 2 3 0 80 ffffd080120231a0 syz-fuzzer parked 389 1 3 0 80 ffffd080110d4180 syz-fuzzer parked 532 1 3 0 80 ffffd08011f51760 sshd select 526 1 3 1 80 ffffd08011ffa9a0 getty nanoslp 575 1 3 0 80 ffffd08011ffa120 getty nanoslp 587 1 3 1 80 ffffd08011f30740 getty nanoslp 566 1 3 0 80 ffffd0801200e9e0 getty ttyraw 527 1 3 1 80 ffffd08011f8e060 cron nanoslp 464 1 3 1 80 ffffd08011f51320 inetd kqueue 437 1 3 0 80 ffffd080115a16e0 sshd select 473 1 3 1 80 ffffd080114dfa40 powerd kqueue 460 1 2 1 40000 ffffd080113d3480 makemandb 198 1 3 0 80 ffffd08011f51ba0 syslogd kqueue 247 1 3 1 80 ffffd080114ef1e0 dhcpcd kqueue 220 1 3 1 80 ffffd080113f18e0 dhcpcd kqueue 1 1 3 1 80 ffffd080111fa240 init wait 0 58 3 0 204 ffffd080111faac0 physiod physiod 0 57 3 0 204 ffffd08011242280 aiodoned aiodoned 0 56 3 0 40200 ffffd08011241ae0 ioflush syncer 0 55 3 0 204 ffffd080112416a0 pooldrain pooldrain 0 54 3 0 200 ffffd08011241260 pgdaemon pgdaemon 0 51 2 1 200 ffffd080111fa680 npfgc-0 0 50 3 0 204 ffffd080111ebaa0 rt_free rt_free 0 49 3 0 204 ffffd080111eb660 unpgc unpgc 0 48 3 1 204 ffffd080111eb220 key_timehandler key_timehandler 0 47 3 1 204 ffffd08011104a80 icmp6_wqinput/1 icmp6_wqinput 0 46 3 0 204 ffffd08011104640 icmp6_wqinput/0 icmp6_wqinput 0 45 3 1 204 ffffd08011104200 nd6_timer nd6_timer 0 44 3 1 204 ffffd080110f9a60 carp6_wqinput/1 carp6_wqinput 0 43 3 0 204 ffffd080110f9620 carp6_wqinput/0 carp6_wqinput 0 42 3 1 204 ffffd080110f91e0 carp_wqinput/1 carp_wqinput 0 41 3 0 204 ffffd080110e8a40 carp_wqinput/0 carp_wqinput 0 40 3 1 204 ffffd080110e8600 icmp_wqinput/1 icmp_wqinput 0 39 3 0 204 ffffd080110e81c0 icmp_wqinput/0 icmp_wqinput 0 38 3 1 204 ffffd080110d35a0 rt_timer rt_timer 0 37 3 1 204 ffffd080110d7a20 vmem_rehash vmem_rehash 0 27 3 0 204 ffffd0800e9b9580 scsibus0 sccomp 0 26 3 0 200 ffffd0800e9b9140 pms0 pmsreset 0 25 3 1 204 ffffd0800e92b9a0 xcall/1 xcall 0 24 1 1 200 ffffd0800e92b560 softser/1 0 23 1 1 200 ffffd0800e92b120 softclk/1 0 22 1 1 200 ffffd0800e927980 softbio/1 0 21 1 1 200 ffffd0800e927540 softnet/1 0 20 1 1 201 ffffd0800e927100 idle/1 0 19 3 0 204 ffffd0800e85d960 lnxpwrwq lnxpwrwq 0 18 3 0 204 ffffd0800e85d520 lnxlngwq lnxlngwq 0 17 3 0 204 ffffd0800e85d0e0 lnxsyswq lnxsyswq 0 16 3 0 204 ffffd0800d042940 lnxrcugc lnxrcugc 0 15 3 0 204 ffffd0800d042500 sysmon smtaskq 0 14 3 0 204 ffffd0800d0420c0 pmfsuspend pmfsuspend 0 13 3 0 204 ffffd0800d033920 pmfevent pmfevent 0 12 3 0 204 ffffd0800d0334e0 sopendfree sopendfr 0 11 3 1 204 ffffd0800d0330a0 nfssilly nfssilly 0 10 3 1 200 ffffd0800d027900 cachegc cachegc 0 9 3 1 204 ffffd0800d0274c0 vdrain vdrain 0 8 3 0 200 ffffd0800d027080 modunload mod_unld 0 7 3 0 204 ffffd0800d0188e0 xcall/0 xcall 0 6 1 0 200 ffffd0800d0184a0 softser/0 0 5 1 0 200 ffffd0800d018060 softclk/0 0 4 1 0 200 ffffd0800d0148c0 softbio/0 0 3 1 0 200 ffffd0800d014480 softnet/0 0 > 2 7 0 201 ffffd0800d014040 idle/0 0 1 3 0 200 ffffffff82b62fa0 swapper uvm [Locks tracked through LWPs] Locks held by an LWP (syz-executor.2): Lock 0 (initialized at uvm_obj_init) lock address : 0xffffd08011257240 type : sleep/adaptive initialized : 0xffffffff810f33bc shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 0 current lwp : 0xffffd08012030a40 last held: 0xffffd08011415920 last locked* : 0xffffffff810d79ce unlocked : 0xffffffff812adba4 owner field : 000000000000000000 wait/spin: 0/0 Turnstile chain at 0xffffffff82d839c8 with mutex 0xffffd0800d00b440. => No active turnstile for this lock. Locks held by an LWP (syz-executor.5): Lock 0 (initialized at uvm_map_setup) lock address : 0xffffd08012006d18 type : sleep/adaptive initialized : 0xffffffff810e792d shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffd08012030a40 last held: 0xffffd08012030a40 last locked* : 0xffffffff810e17d4 unlocked : 0xffffffff810d48b4 owner/count : 0xffffd08012030a40 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d83920 with mutex 0xffffd0800cb2fec0. => No active turnstile for this lock. Lock 1 (initialized at uvm_obj_init) lock address : 0xffffd08012cf37c0 type : sleep/adaptive initialized : 0xffffffff810f33bc shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffd08012030a40 last held: 0xffffd08012030a40 last locked* : 0xffffffff810e7c10 unlocked : 0xffffffff810e7c8f owner field : 0xffffd08012030a40 wait/spin: 0/0 Turnstile chain at 0xffffffff82d83a78 with mutex 0xffffd0800d00b9c0. => No active turnstile for this lock. Lock 2 (initialized at pmap_create) lock address : 0xffffd080120189b0 type : sleep/adaptive initialized : 0xffffffff80272166 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffd08012030a40 last held: 0xffffd08012030a40 last locked* : 0xffffffff80274a67 unlocked : 0xffffffff80274b88 owner field : 0xffffd08012030a40 wait/spin: 0/0 Turnstile chain at 0xffffffff82d838b0 with mutex 0xffffd0800cb2fb40. => No active turnstile for this lock. Locks held by an LWP (syz-executor.3): Lock 0 (initialized at vcache_alloc) lock address : 0xffffd08012d57880 type : sleep/adaptive initialized : 0xffffffff812ad182 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffd08012030a40 last held: 0xffffd080113d3040 last locked* : 0xffffffff812da8f0 unlocked : 0xffffffff812da7ad owner/count : 000000000000000000 flags : 000000000000000000 Turnstile chain at 0xffffffff82d83a90 with mutex 0xffffd0800d00ba80. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffffd080110796c0 type : sleep/adaptive initialized : 0xffffffff812ad182 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 0 current lwp : 0xffffd08012030a40 last held: 0xffffd080113d3040 last locked* : 0xffffffff812da838 unlocked : 0xffffffff812da7ad [ 80.3870260] Skipping crash dump on recursive panic [ 80.3870260] panic: ASan: Unauthorized Access In 0xffffffff81182850: Addr 0xffffd080110796c0 [8 bytes, read, PoolUseAfterFree] [ 80.3870260] cpu1: Begin traceback... [ 80.3870260] vpanic() at netbsd:vpanic+0x241 [ 80.3870260] snprintf() at netbsd:snprintf [ 80.3870260] kasan_report() at netbsd:kasan_report+0x8f [ 80.3870260] __asan_load8() at netbsd:__asan_load8+0x294 [ 80.3870260] rw_dump() at netbsd:rw_dump+0x20 [ 80.3870260] lockdebug_dump() at netbsd:lockdebug_dump+0x281 [ 80.3870260] lockdebug_show_one() at netbsd:lockdebug_show_one+0xb9 [ 80.3870260] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f [ 80.3870260] db_command() at netbsd:db_command+0x2c0 [ 80.3870260] db_command_loop() at netbsd:db_command_loop+0x26c [ 80.3870260] db_trap() at netbsd:db_trap+0x219 [ 80.3870260] kdb_trap() at netbsd:kdb_trap+0x1ce [ 80.3870260] trap() at netbsd:trap+0x650 [ 80.3870260] --- trap (number 1) --- [ 80.3870260] breakpoint() at netbsd:breakpoint+0x5 [ 80.3870260] db_panic() at netbsd:db_panic+0xe9 [ 80.3870260] vpanic() at netbsd:vpanic+0x241 [ 80.3870260] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 80.3870260] pmap_unmap_ptes() at netbsd:pmap_unmap_ptes+0x1c7 [ 80.3870260] pmap_remove() at netbsd:pmap_remove+0x491 [ 80.3870260] uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x61b [ 80.3870260] uvm_unmap1() at netbsd:uvm_unmap1+0xd0 [ 80.3870260] lwp_ctl_exit() at netbsd:lwp_ctl_exit+0x15a [ 80.3870260] exit1() at netbsd:exit1+0x26f [ 80.3870260] sys_exit() at netbsd:sys_exit+0x77 [ 80.3870260] syscall() at netbsd:syscall+0x559 [ 80.3870260] --- syscall (number 1) --- [ 80.3870260] 76df10399a6a: [ 80.3870260] cpu1: End traceback... [ 80.3870260] fatal breakpoint trap in supervisor mode [ 80.3870260] trap type 1 code 0 rip 0xffffffff8021ccb5 cs 0x8 rflags 0x246 cr2 0x74187829d000 ilevel 0x8 rsp 0xffffd0817a4aec60 [ 80.3870260] curlwp 0xffffd08012030a40 pid 264.1 lowest kstack 0xffffd0817a4a82c0 Stopped in pid 264.1 (syz-executor.5) at netbsd:breakpoint+0x5: leave