Aug 29 01:41:43 ci2-netbsd-4 getty[1091]: /dev/ttyE2: Device not configured Aug 29 01:41:43 ci2-netbsd-4 get NetBSD/amd64 (ci2-netbsd-4.c.syzkaller.internal) (constty) Warning: Permanently added '10.128.0.133' (ECDSA) to the list of known hosts. 2020/08/29 01:41:57 fuzzer started 2020/08/29 01:41:57 dialing manager at 10.128.0.105:45649 2020/08/29 01:41:58 syscalls: 306 2020/08/29 01:41:58 code coverage: enabled 2020/08/29 01:41:58 comparison tracing: enabled 2020/08/29 01:41:58 extra coverage: enabled 2020/08/29 01:41:58 setuid sandbox: support is not implemented in syzkaller 2020/08/29 01:41:58 namespace sandbox: support is not implemented in syzkaller 2020/08/29 01:41:58 Android sandbox: support is not implemented in syzkaller 2020/08/29 01:41:58 fault injection: enabled 2020/08/29 01:41:58 leak checking: support is not implemented in syzkaller 2020/08/29 01:41:58 net packet injection: support is not implemented in syzkaller 2020/08/29 01:41:58 net device setup: support is not implemented in syzkaller 2020/08/29 01:41:58 concurrency sanitizer: support is not implemented in syzkaller 2020/08/29 01:41:58 devlink PCI setup: support is not implemented in syzkaller 2020/08/29 01:41:58 USB emulation: enabled 2020/08/29 01:41:58 hci packet injection: support is not implemented in syzkaller 01:42:15 executing program 0: r0 = socket(0x18, 0x1, 0x0) getsockopt$sock_int(r0, 0xffff, 0x200, &(0x7f0000000040), &(0x7f0000000140)=0x4) 01:42:15 executing program 1: r0 = socket(0x18, 0x0, 0x0) getsockname$unix(r0, 0x0, &(0x7f0000000040)=0xffffffffffffff19) 01:42:15 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e) 01:42:15 executing program 3: r0 = semget$private(0x0, 0x8, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0xff7d}], 0x1) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000000)) 01:42:15 executing program 4: syz_usb_connect$printer(0x1, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12015006000000082505a8a44000010203010902"], 0x0) 01:42:16 executing program 5: syz_emit_ethernet(0x6a, &(0x7f0000000140)) 01:42:21 executing program 0: syz_emit_ethernet(0x6e, &(0x7f0000000000)) 01:42:21 executing program 0: syz_emit_ethernet(0x46, &(0x7f00000000c0)) 01:42:21 executing program 1: r0 = semget$private(0x0, 0x8, 0x0) semop(r0, &(0x7f0000000000)=[{}, {0x0, 0xd6bf}, {0x7, 0x39dc}, {}, {}, {}, {}, {}, {}], 0x52) semctl$IPC_RMID(r0, 0x0, 0x0) 01:42:22 executing program 2: r0 = semget$private(0x0, 0x8, 0x0) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000080)=[0x200]) semop(r0, &(0x7f0000000040)=[{}], 0x1) semctl$IPC_RMID(r0, 0x0, 0x0) 01:42:22 executing program 5: msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02"], 0x2000, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)) 01:42:22 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0xffffffffffffffb5, 0x0, &(0x7f0000e68000)={0x2, 0x0}, 0x10) mincore(&(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f0000000080)=""/10) 01:42:22 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) 01:42:22 executing program 1: r0 = semget$private(0x0, 0x8, 0x0) semop(r0, &(0x7f0000000000)=[{}, {0x0, 0xd6bf}, {0x7, 0x39dc}, {}, {}, {}, {}, {}, {}], 0x52) semctl$IPC_RMID(r0, 0x0, 0x0) 01:42:22 executing program 5: r0 = semget$private(0x0, 0x8, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0xff7d}], 0x1) semop(r0, &(0x7f0000000000)=[{0x0, 0x4}], 0x1) login: [ 81.4278279] uhub4: device problem, disabling port 1 01:42:23 executing program 2: syz_emit_ethernet(0xfdef, &(0x7f00000000c0)) 01:42:24 executing program 4: semop(0x0, &(0x7f00000023c0)=[{0x0, 0x0, 0x1800}], 0x1) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000100)) 01:42:24 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) setreuid(0xee00, 0x0) r0 = getuid() lchown(&(0x7f0000000080)='./file0\x00', r0, 0x0) lchown(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 01:42:24 executing program 3: syz_emit_ethernet(0x6e, &(0x7f0000000140)) 01:42:24 executing program 2: msgsnd(0x0, &(0x7f0000000040)={0x2}, 0x8, 0x0) msgsnd(0x0, &(0x7f0000000080)={0x1}, 0x8, 0x0) msgrcv(0x0, 0x0, 0x0, 0x0, 0x1000) msgrcv(0x0, &(0x7f00000020c0)={0x0, ""/185}, 0xc1, 0x0, 0x0) 01:42:24 executing program 1: r0 = semget$private(0x0, 0x8, 0x0) semop(r0, &(0x7f0000000000)=[{}, {0x0, 0xd6bf}, {0x7, 0x39dc}, {}, {}, {}, {}, {}, {}], 0x52) semctl$IPC_RMID(r0, 0x0, 0x0) 01:42:24 executing program 5: msgsnd(0x0, &(0x7f0000000040)={0x2}, 0x8, 0x0) msgsnd(0x0, &(0x7f0000000080)={0x1}, 0x8, 0x0) msgrcv(0x0, 0x0, 0x0, 0x0, 0x1000) msgrcv(0x0, &(0x7f00000020c0)={0x0, ""/185}, 0xc1, 0x8000000000000000, 0x0) [ 83.0078467] uhub4: device problem, disabling port 1 01:42:24 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) setreuid(0xee00, 0x0) r0 = getuid() lchown(&(0x7f0000000080)='./file0\x00', r0, 0x0) r1 = getuid() setreuid(0xee00, r1) lchown(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 01:42:24 executing program 2: r0 = socket(0x23, 0x5, 0x0) recvmmsg(r0, &(0x7f000000a180), 0x1, 0xa0, 0x0) 01:42:24 executing program 3: msgsnd(0x0, &(0x7f0000000080)={0x1}, 0x8, 0x0) msgrcv(0x0, &(0x7f00000020c0)={0x0, ""/185}, 0xc1, 0x0, 0x0) 01:42:24 executing program 5: semop(0x0, &(0x7f0000000040)=[{}, {0x0, 0xfffc}], 0x2) semctl$GETALL(0x0, 0x0, 0xf, 0x0) 01:42:24 executing program 5: socket(0x723581e786759967, 0x0, 0x0) 01:42:24 executing program 1: r0 = semget$private(0x0, 0x8, 0x0) semop(r0, &(0x7f0000000000)=[{}, {0x0, 0xd6bf}, {0x7, 0x39dc}, {}, {}, {}, {}, {}, {}], 0x52) semctl$IPC_RMID(r0, 0x0, 0x0) 01:42:24 executing program 4: syz_usb_connect(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000f1b6df086a080200c567000000010902"], 0x0) 01:42:24 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0}, 0x1c) 01:42:25 executing program 3: r0 = semget$private(0x0, 0x8, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0x47c}, {0x0, 0x8001, 0x800}], 0x2) 01:42:25 executing program 5: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000080)="240000001e005f0214fffffffffffff80700000000000004000000000800080007000000", 0x24) 01:42:25 executing program 1: r0 = semget$private(0x0, 0x8, 0x0) semop(r0, &(0x7f0000000000)=[{}, {0x0, 0xd6bf}, {0x7, 0x39dc}, {}, {}, {}, {}, {}, {}], 0x52) 01:42:25 executing program 0: unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 01:42:25 executing program 2: r0 = socket$inet(0x2, 0x3, 0x2) sendto$inet(r0, 0x0, 0x0, 0x4000804, &(0x7f0000000080)={0x2, 0x0}, 0x10) 01:42:25 executing program 5: symlink(&(0x7f0000000100)='..', &(0x7f0000000200)='./file0\x00') chroot(&(0x7f00000000c0)='./file0\x00') __mount50(&(0x7f0000000000)='overlay\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000140), 0x0) 01:42:25 executing program 3: shmat(0xffffffffffffffff, &(0x7f0000004000/0x1000)=nil, 0x0) 01:42:25 executing program 0: r0 = semget(0x3, 0x0, 0x0) semctl$GETZCNT(r0, 0x0, 0xf, 0x0) 01:42:25 executing program 0: semctl$IPC_STAT(0x0, 0x0, 0x2, &(0x7f0000000100)=""/212) 01:42:26 executing program 3: socket(0xf, 0x3, 0x2) [ 84.5878245] uhub4: device problem, disabling port 1 01:42:27 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x4) recvfrom(r0, 0x0, 0x0, 0x40012103, 0x0, 0x0) 01:42:27 executing program 1: semget$private(0x0, 0x8, 0x0) 01:42:27 executing program 4: syz_usb_connect(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000f1b6df086a080200c567000000010902"], 0x0) 01:42:27 executing program 5: symlink(&(0x7f0000000100)='..', &(0x7f0000000200)='./file0\x00') chroot(&(0x7f00000000c0)='./file0\x00') __mount50(&(0x7f0000000000)='overlay\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000140), 0x0) 01:42:27 executing program 3: socketpair(0x14, 0x0, 0x0, &(0x7f0000000140)) 01:42:27 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x2) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0x22, 0x0, 0x0) [ 86.1878330] uhub4: device problem, disabling port 1 01:42:27 executing program 0: r0 = socket(0x18, 0x1, 0x0) r1 = socket(0x18, 0x2, 0x0) getsockname$unix(r1, &(0x7f00000000c0)=ANY=[], &(0x7f0000000040)=0xffffffffffffff19) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x7}, 0x1c) 01:42:27 executing program 2: msgrcv(0x0, &(0x7f00000020c0)={0x0, ""/185}, 0xc1, 0x8000000000000000, 0x0) 01:42:27 executing program 1: semget$private(0x0, 0x0, 0x0) 01:42:27 executing program 3: unlinkat(0xffffffffffffffff, 0x0, 0xf25f1fd9b6dda020) 01:42:27 executing program 1: semget$private(0x0, 0x0, 0x0) 01:42:28 executing program 3: semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000040)=""/65) 01:42:28 executing program 1: semget$private(0x0, 0x0, 0x0) 01:42:28 executing program 5: symlink(&(0x7f0000000100)='..', &(0x7f0000000200)='./file0\x00') chroot(&(0x7f00000000c0)='./file0\x00') __mount50(&(0x7f0000000000)='overlay\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000140), 0x0) [ 87.7178141] uhub4: device problem, disabling port 1 01:42:29 executing program 3: r0 = socket(0x22, 0x2, 0x4) getsockname(r0, 0x0, 0x0) 01:42:29 executing program 2: r0 = semget(0x1, 0x0, 0x0) semctl$SETALL(r0, 0x0, 0x10, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 01:42:29 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) 01:42:29 executing program 1: msgsnd(0x0, &(0x7f0000000040)={0x2}, 0x8, 0x0) msgsnd(0x0, &(0x7f0000000080)={0x1}, 0x8, 0x0) 01:42:29 executing program 0: socket$inet6(0xa, 0x3, 0xff) 01:42:29 executing program 5: symlink(&(0x7f0000000100)='..', &(0x7f0000000200)='./file0\x00') chroot(&(0x7f00000000c0)='./file0\x00') __mount50(&(0x7f0000000000)='overlay\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000140), 0x0) 01:42:29 executing program 3: setreuid(0x0, 0xee01) socketpair(0x25, 0x0, 0x0, &(0x7f0000000000)) 01:42:29 executing program 2: socketpair(0x1f, 0x0, 0x0, &(0x7f00000000c0)) 01:42:29 executing program 1: socket(0x0, 0x8000b, 0x0) 01:42:29 executing program 0: syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000020000082505a5a440000102030109023b000101f200000904"], 0x0) 01:42:30 executing program 5: symlink(&(0x7f0000000100)='..', &(0x7f0000000200)='./file0\x00') __mount50(&(0x7f0000000000)='overlay\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000140), 0x0) 01:42:30 executing program 2: r0 = socket(0x22, 0x2, 0x3) recvmmsg(r0, &(0x7f0000006140), 0x1, 0x3, 0x0) 01:42:30 executing program 3: syz_emit_ethernet(0x3e, &(0x7f00000000c0)) 01:42:30 executing program 1: r0 = socket(0x18, 0x0, 0x0) getpeername(r0, 0x0, &(0x7f0000000100)) 01:42:30 executing program 4: 01:42:30 executing program 2: 01:42:30 executing program 4: 01:42:30 executing program 2: msgsnd(0x0, &(0x7f0000000080)={0x1}, 0x8, 0x0) msgrcv(0x0, &(0x7f00000020c0)={0x0, ""/185}, 0xc1, 0x8000000000000000, 0x0) 01:42:30 executing program 5: symlink(&(0x7f0000000100)='..', &(0x7f0000000200)='./file0\x00') __mount50(&(0x7f0000000000)='overlay\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000140), 0x0) 01:42:30 executing program 2: r0 = semget$private(0x0, 0x8, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) 01:42:30 executing program 3: syz_emit_ethernet(0x376, &(0x7f0000000000)) [ 89.9278184] uhub0: device problem, disabling port 1 01:42:32 executing program 5: symlink(&(0x7f0000000100)='..', &(0x7f0000000200)='./file0\x00') __mount50(&(0x7f0000000000)='overlay\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000140), 0x0) 01:42:32 executing program 0: 01:42:32 executing program 4: 01:42:32 executing program 1: 01:42:32 executing program 3: 01:42:32 executing program 2: [ 91.4778265] uhub0: device problem, disabling port 1 01:42:32 executing program 0: 01:42:32 executing program 4: 01:42:33 executing program 3: 01:42:33 executing program 2: 01:42:33 executing program 4: 01:42:33 executing program 1: [ 91.7078170] panic: ASan: Unauthorized Access In 0xffffffff81a48954: Addr 0xffffbc8012cb4ac0 [8 bytes, read, PoolUseAfterFree] [ 91.7178032] cpu1: Begin traceback... [ 91.7378019] vpanic() at netbsd:vpanic+0x26f [ 91.7778014] snprintf() at netbsd:snprintf [ 91.8178010] kasan_report() at netbsd:kasan_report+0x9c [ 91.8578006] __asan_load8() at netbsd:__asan_load8+0x294 [ 91.8978030] mount_domount() at netbsd:mount_domount+0x64b [ 91.9378011] do_sys_mount() at netbsd:do_sys_mount+0x74a [ 91.9777998] sys___mount50() at netbsd:sys___mount50+0x89 [ 92.0178026] sys___syscall() at netbsd:sys___syscall+0xfe [ 92.0577997] syscall() at netbsd:syscall+0x281 [ 92.0677994] --- syscall (number 198) --- [ 92.0878017] netbsd:syscall+0x281: [ 92.0878017] cpu1: End traceback... [ 92.0878017] fatal breakpoint trap in supervisor mode [ 92.0977998] trap type 1 code 0 rip 0xffffffff80220a1d cs 0x8 rflags 0x282 cr2 0x638000 ilevel 0 rsp 0xffffbc8193427850 [ 92.1077991] curlwp 0xffffbc8012cbdb40 pid 1723.804 lowest kstack 0xffffbc81934202c0 Stopped in pid 1723.804 (syz-executor.5) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 vpanic() at netbsd:vpanic+0x26f snprintf() at netbsd:snprintf kasan_report() at netbsd:kasan_report+0x9c __asan_load8() at netbsd:__asan_load8+0x294 mount_domount() at netbsd:mount_domount+0x64b do_sys_mount() at netbsd:do_sys_mount+0x74a sys___mount50() at netbsd:sys___mount50+0x89 sys___syscall() at netbsd:sys___syscall+0xfe syscall() at netbsd:syscall+0x281 --- syscall (number 198) --- netbsd:syscall+0x281: Panic string: ASan: Unauthorized Access In 0xffffffff81a48954: Addr 0xffffbc8012cb4ac0 [8 bytes, read, PoolUseAfterFree] PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 1622 1622 3 0 0 ffffbc8012cbd700 syz-executor.4 tstile 842 842 2 0 0 ffffbc8012cea780 syz-executor.0 1723 > 804 7 1 0 ffffbc8012cbdb40 syz-executor.5 1723 1723 2 1 10000000 ffffbc80138c9b80 syz-executor.5 1092 1092 2 0 40040 ffffbc801438f200 syz-executor.5 419 419 3 0 40 ffffbc8014325a40 syz-executor.1 biolock 1079 1079 2 1 40 ffffbc8014325600 syz-executor.4 1081 1081 3 0 40 ffffbc80143251c0 syz-executor.2 biolock 1082 1082 2 1 40 ffffbc8014251a00 syz-executor.3 1069 1069 3 0 40 ffffbc80142515c0 syz-executor.0 tstile 1255 1097 3 1 80 ffffbc8014251180 syz-fuzzer kqueue 1255 1076 3 1 80 ffffbc8012bb8080 syz-fuzzer parked 1255 1065 3 0 80 ffffbc80140e2580 syz-fuzzer parked 1255 1100 3 1 80 ffffbc8012d23540 syz-fuzzer parked 1255 808 3 0 80 ffffbc8013841a40 syz-fuzzer parked 1255 1119 3 0 80 ffffbc8013841600 syz-fuzzer parked 1255 1250 3 0 80 ffffbc8013867ac0 syz-fuzzer parked 1255 1067 3 1 80 ffffbc80138c9740 syz-fuzzer parked 1255 1255 3 0 80 ffffbc8013818580 syz-fuzzer parked 817 817 3 1 80 ffffbc8012bb84c0 sshd select 949 949 3 0 80 ffffbc8012824700 getty nanoslp 1091 1091 3 1 80 ffffbc8013923980 getty nanoslp 1096 1096 3 1 80 ffffbc8013923540 getty nanoslp 1088 1088 3 1 c0 ffffbc8012826300 getty ttyraw 942 942 3 1 80 ffffbc80138411c0 sshd select 979 979 3 0 80 ffffbc8012d93700 powerd kqueue 865 865 3 0 80 ffffbc80138b06c0 syslogd kqueue 592 592 3 1 80 ffffbc8012cbd2c0 dhcpcd poll 590 590 3 1 80 ffffbc8012d06080 dhcpcd poll 589 589 3 0 80 ffffbc8012c88b00 dhcpcd poll 545 545 3 1 80 ffffbc8012c68a80 dhcpcd poll 347 347 3 0 80 ffffbc8012e02480 dhcpcd poll 346 346 3 0 80 ffffbc8012e02040 dhcpcd poll 345 345 3 1 80 ffffbc8012de6bc0 dhcpcd poll 1 1 3 0 80 ffffbc80128c3980 init wait 0 861 3 0 200 ffffbc80129e6a80 physiod physiod 0 162 3 0 200 ffffbc80129faac0 pooldrain pooldrain 0 > 167 7 0 240 ffffbc80129fa680 ioflush 0 165 3 1 200 ffffbc80129fa240 pgdaemon pgdaemon 0 160 3 1 200 ffffbc80129e6200 usb7 usbevt 0 31 3 1 200 ffffbc801299da40 usb6 usbevt 0 63 3 1 200 ffffbc801299d600 usb5 usbevt 0 126 3 0 200 ffffbc801299d1c0 usb4 usbevt 0 125 3 1 200 ffffbc8012949a00 usb3 usbevt 0 124 3 1 200 ffffbc80129495c0 usb2 usbevt 0 123 3 1 200 ffffbc8012949180 usb1 usbevt 0 122 3 1 200 ffffbc80128d89c0 usb0 usbevt 0 121 3 0 200 ffffbc80128d8580 usbtask-dr usbtsk 0 120 3 0 200 ffffbc800fe35ac0 usbtask-hc usbtsk 0 119 3 1 200 ffffbc80128d8140 npfgc0 npfgcw 0 118 3 1 200 ffffbc80128c3540 rt_free rt_free 0 117 3 0 200 ffffbc80128c3100 unpgc unpgc 0 116 3 0 200 ffffbc8012859940 key_timehandler key_timehandler 0 115 3 1 200 ffffbc8012859500 icmp6_wqinput/1 icmp6_wqinput 0 114 3 0 200 ffffbc80128590c0 icmp6_wqinput/0 icmp6_wqinput 0 113 3 0 200 ffffbc801284f900 nd6_timer nd6_timer 0 112 3 1 200 ffffbc801284f4c0 carp6_wqinput/1 carp6_wqinput 0 111 3 0 200 ffffbc801284f080 carp6_wqinput/0 carp6_wqinput 0 110 3 1 200 ffffbc801283b8c0 carp_wqinput/1 carp_wqinput 0 109 3 0 200 ffffbc801283b480 carp_wqinput/0 carp_wqinput 0 108 3 1 200 ffffbc801283b040 icmp_wqinput/1 icmp_wqinput 0 107 3 0 200 ffffbc801282abc0 icmp_wqinput/0 icmp_wqinput 0 106 3 0 200 ffffbc801282a780 rt_timer rt_timer 0 105 3 1 200 ffffbc801282a340 vmem_rehash vmem_rehash 0 104 3 1 200 ffffbc8012826740 entbutler entropy 0 30 3 1 200 ffffbc801213b6c0 vioif0_txrx/1 vioif0_txrx 0 29 3 0 200 ffffbc801213b280 vioif0_txrx/0 vioif0_txrx 0 27 3 0 200 ffffbc800fe35680 scsibus0 sccomp 0 26 3 0 200 ffffbc800fe35240 pms0 pmsreset 0 25 3 1 200 ffffbc800fd89a80 xcall/1 xcall 0 24 1 1 200 ffffbc800fd89640 softser/1 0 23 1 1 200 ffffbc800fd89200 softclk/1 0 22 1 1 200 ffffbc800fd87a40 softbio/1 0 21 1 1 200 ffffbc800fd87600 softnet/1 0 20 1 1 201 ffffbc800fd871c0 idle/1 0 19 3 0 200 ffffbc800e7f7a00 lnxpwrwq lnxpwrwq 0 18 3 0 200 ffffbc800e7f75c0 lnxlngwq lnxlngwq 0 17 3 0 200 ffffbc800e7f7180 lnxsyswq lnxsyswq 0 16 3 0 200 ffffbc800e7f19c0 lnxrcugc lnxrcugc 0 15 3 0 200 ffffbc800e7f1580 sysmon smtaskq 0 14 3 0 200 ffffbc800e7f1140 pmfsuspend pmfsuspend 0 13 3 0 200 ffffbc800e7ec980 pmfevent pmfevent 0 12 3 0 200 ffffbc800e7ec540 sopendfree sopendfr 0 11 3 0 200 ffffbc800e7ec100 iflnkst iflnkst 0 10 3 0 200 ffffbc800e7e1940 nfssilly nfssilly 0 9 3 0 200 ffffbc800e7e1500 vdrain vdrain 0 8 3 0 200 ffffbc800e7e10c0 modunload mod_unld 0 7 3 0 200 ffffbc800e7d4900 xcall/0 xcall 0 6 1 0 200 ffffbc800e7d44c0 softser/0 0 5 1 0 200 ffffbc800e7d4080 softclk/0 0 4 1 0 200 ffffbc800e7d28c0 softbio/0 0 3 1 0 200 ffffbc800e7d2480 softnet/0 0 2 1 0 201 ffffbc800e7d2040 idle/0 0 0 3 0 240 ffffffff82ee52c0 swapper tstile [Locks tracked through LWPs] ****** LWP 1622.1622 (syz-executor.4) @ 0xffffbc8012cbd700, l_stat=3 *** Locks held: * Lock 0 (initialized at fork1) lock address : 0xffffbc8012de24d0 type : sleep/adaptive initialized : 0xffffffff818cd301 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffbc8012cbd700 last held: 0xffffbc8012cbd700 last locked* : 0xffffffff818c96e3 unlocked : 000000000000000000 owner/count : 0xffffbc8012cbd700 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at pmap_ctor) lock address : 0xffffbc8013797b80 type : sleep/adaptive initialized : 0xffffffff808d26e3 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffbc8012cbd700 last held: 0xffffbc8012cbd700 last locked* : 0xffffffff808d185b unlocked : 0xffffffff808d9a73 [ 92.1177984] Skipping crash dump on recursive panic [ 92.1177984] panic: ASan: Unauthorized Access In 0xffffffff818e86f0: Addr 0xffffbc8013797b80 [8 bytes, read, PoolUseAfterFree] [ 92.1177984] cpu1: Begin traceback... [ 92.1177984] vpanic() at netbsd:vpanic+0x26f [ 92.1177984] snprintf() at netbsd:snprintf [ 92.1177984] kasan_report() at netbsd:kasan_report+0x9c [ 92.1177984] __asan_load8() at netbsd:__asan_load8+0x294 [ 92.1177984] mutex_dump() at netbsd:mutex_dump+0x20 [ 92.1177984] lockdebug_dump() at netbsd:lockdebug_dump+0x234 [ 92.1177984] lockdebug_show_one() at netbsd:lockdebug_show_one+0xb7 [ 92.1177984] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x27c [ 92.1177984] db_command() at netbsd:db_command+0x320 [ 92.1177984] db_command_loop() at netbsd:db_command_loop+0x2b1 [ 92.1177984] db_trap() at netbsd:db_trap+0x24e [ 92.1177984] kdb_trap() at netbsd:kdb_trap+0x1ec [ 92.1177984] trap() at netbsd:trap+0x655 [ 92.1177984] --- trap (number 1) --- [ 92.1177984] breakpoint() at netbsd:breakpoint+0x5 [ 92.1177984] db_panic() at netbsd:db_panic+0x105 [ 92.1177984] vpanic() at netbsd:vpanic+0x26f [ 92.1177984] snprintf() at netbsd:snprintf [ 92.1177984] kasan_report() at netbsd:kasan_report+0x9c [ 92.1177984] __asan_load8() at netbsd:__asan_load8+0x294 [ 92.1177984] mount_domount() at netbsd:mount_domount+0x64b [ 92.1177984] do_sys_mount() at netbsd:do_sys_mount+0x74a [ 92.1177984] sys___mount50() at netbsd:sys___mount50+0x89 [ 92.1177984] sys___syscall() at netbsd:sys___syscall+0xfe [ 92.1177984] syscall() at netbsd:syscall+0x281 [ 92.1177984] --- syscall (number 198) --- [ 92.1177984] netbsd:syscall+0x281: [ 92.1177984] cpu1: End traceback... [ 92.1177984] fatal breakpoint trap in supervisor mode [ 92.1177984] trap type 1 code 0 rip 0xffffffff80220a1d cs 0x8 rflags 0x282 cr2 0x638000 ilevel 0x8 rsp 0xffffbc8193426de0 [ 92.1177984] curlwp 0xffffbc8012cbdb40 pid 1723.804 lowest kstack 0xffffbc81934202c0 Stopped in pid 1723.804 (syz-executor.5) at netbsd:breakpoint+0x5: leave