May 11 17:20:05 ci2-netbsd-5 getty[927]: /dev/ttyE1: Device not configured NetBSD/amd64 (ci2-netbsd-5.c.syzkaller.internal) (console) login: May 11 17:20:05 ci2-netbsd-5 getty[720]: /dev/ttyE2: Device not configured Warning: Permanently added '10.128.0.165' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program May 11 17:20:24 ci2-netbsd-5 shutdown: poweroff by root: power button pressed executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 66.4688555] panic: ASan: Unauthorized Access In 0xffffffff817142e5: Addr 0xffffaa0013716298 [8 bytes, read, PoolUseAfterFree] [ 66.4788335] cpu1: Begin traceback... [ 66.4888307] vpanic() at netbsd:vpanic+0x244 [ 66.5088249] snprintf() at netbsd:snprintf [ 66.5388139] kasan_report() at netbsd:kasan_report+0x9c [ 66.5588075] __asan_load8() at netbsd:__asan_load8+0x294 [ 66.5887980] mutex_oncpu() at netbsd:mutex_oncpu+0x38 [ 66.6087904] mutex_enter() at netbsd:mutex_enter+0x1a4 [ 66.6287859] lwp_exit() at netbsd:lwp_exit+0x157 [ 66.6587743] lwp_userret() at netbsd:lwp_userret+0x1f5 [ 66.6787674] syscall() at netbsd:syscall+0x882 [ 66.6887651] --- syscall (number 4) --- [ 66.6987630] 7e1f8b6ade7a: [ 66.6987630] cpu1: End traceback... [ 66.7087584] fatal breakpoint trap in supervisor mode [ 66.7087584] trap type 1 code 0 rip 0xffffffff802209c5 cs 0x8 rflags 0x246 cr2 0x7e1f8b9fb729 ilevel 0 rsp 0xffffaa017f607b90 [ 66.7187534] curlwp 0xffffaa0012cc3bc0 pid 5374.3105 lowest kstack 0xffffaa017f6002c0 Stopped in pid 5374.3105 (syz-executor6381) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xe9 vpanic() at netbsd:vpanic+0x244 snprintf() at netbsd:snprintf kasan_report() at netbsd:kasan_report+0x9c __asan_load8() at netbsd:__asan_load8+0x294 mutex_oncpu() at netbsd:mutex_oncpu+0x38 mutex_enter() at netbsd:mutex_enter+0x1a4 lwp_exit() at netbsd:lwp_exit+0x157 lwp_userret() at netbsd:lwp_userret+0x1f5 syscall() at netbsd:syscall+0x882 --- syscall (number 4) --- 7e1f8b6ade7a: ds 3bc0 es 6ef0 fs 7b70 gs b291 rdi ffffffff82bdf200 db_onpanic rsi 1ffffffff057be40 rbp ffffaa017f607b90 rbx ffffaa016e699000 rdx 0 rcx ffffffff812a7109 db_panic+0xd5 rax 0 r8 4 r9 1ffffffff057be40 r10 ffffffff82bdf203 db_onpanic+0x3 r11 10 r12 ffffaa016e6aa000 r13 ffffffff82444348 ostype+0x708a8 r14 ffffaa017f607c20 r15 ffffaa016e699060 rip ffffffff802209c5 breakpoint+0x5 cs 8 rflags 246 rsp ffffaa017f607b90 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 4687 4649 2 0 0 ffffaa00136e8680 syz-executor6381 4687 4687 2 0 0 ffffaa00129bb600 syz-executor6381 5374 >3105 7 1 100000 ffffaa0012cc3bc0 syz-executor6381 5374 5374 2 1 10000040 ffffaa0012cf5940 syz-executor6381 5055 5055 2 0 0 ffffaa0012cb1b80 syz-executor6381 5538 4772 3 0 80 ffffaa00148501c0 syz-executor6381 parked 5538 5538 2 0 0 ffffaa0012d13580 syz-executor6381 4807 4807 2 0 0 ffffaa0012bf3540 syz-executor6381 2106 2106 2 1 40 ffffaa0012b95040 shutdown 691 > 691 7 0 40 ffffaa00147e3080 syz-executor6381 690 690 2 1 40 ffffaa00147d28c0 syz-executor6381 692 692 2 1 40 ffffaa00147d2040 syz-executor6381 689 689 2 1 40 ffffaa0013850ac0 syz-executor6381 686 686 2 0 40 ffffaa0013850680 syz-executor6381 688 688 2 1 40 ffffaa0013850240 syz-executor6381 685 685 3 0 80 ffffaa0012741b00 syz-executor6381 nanoslp 730 730 3 0 80 ffffaa0013873300 sshd select 1312 1312 3 1 80 ffffaa001383b1c0 getty nanoslp 720 720 3 0 80 ffffaa00136e8ac0 getty nanoslp 927 927 3 1 80 ffffaa001381b980 getty nanoslp 1374 1374 3 1 c0 ffffaa0013832a00 getty ttyraw 585 585 3 0 80 ffffaa0012d139c0 sshd select 597 597 3 1 80 ffffaa0012c1b5c0 powerd kqueue 460 460 3 0 80 ffffaa0013716b00 syslogd kqueue 303 303 3 0 80 ffffaa0012cc3780 dhcpcd kqueue 333 333 3 0 80 ffffaa0012be00c0 dhcpcd kqueue 1 1 3 0 80 ffffaa0012933100 init wait 0 454 3 0 200 ffffaa001297b9c0 physiod physiod 0 123 3 0 200 ffffaa0012989a00 pooldrain pooldrain 0 122 3 0 200 ffffaa00129895c0 ioflush syncer 0 121 3 1 200 ffffaa0012989180 pgdaemon pgdaemon 0 118 3 1 200 ffffaa001297b140 usb0 usbevt 0 117 3 1 200 ffffaa0012933980 usbtask-dr usbtsk 0 116 3 1 200 ffffaa000fe5dac0 usbtask-hc usbtsk 0 115 3 0 200 ffffaa0012933540 npfgc-0 npfgccv 0 114 3 1 200 ffffaa0012925940 rt_free rt_free 0 113 3 1 200 ffffaa0012925500 unpgc unpgc 0 112 3 0 200 ffffaa00129250c0 key_timehandler key_timehandler 0 111 3 1 200 ffffaa001291c900 icmp6_wqinput/1 icmp6_wqinput 0 110 3 0 200 ffffaa001291c4c0 icmp6_wqinput/0 icmp6_wqinput 0 109 3 0 200 ffffaa001291c080 nd6_timer nd6_timer 0 108 3 1 200 ffffaa00129128c0 carp6_wqinput/1 carp6_wqinput 0 107 3 0 200 ffffaa0012912480 carp6_wqinput/0 carp6_wqinput 0 106 3 1 200 ffffaa0012912040 carp_wqinput/1 carp_wqinput 0 105 3 0 200 ffffaa001275bbc0 carp_wqinput/0 carp_wqinput 0 104 3 1 200 ffffaa001275b780 icmp_wqinput/1 icmp_wqinput 0 103 3 0 200 ffffaa001275b340 icmp_wqinput/0 icmp_wqinput 0 102 3 0 200 ffffaa0012745b80 rt_timer rt_timer 0 101 3 0 200 ffffaa0012745740 vmem_rehash vmem_rehash 0 100 3 1 200 ffffaa00127422c0 entbutler entropy 0 27 3 0 200 ffffaa000fe5d680 scsibus0 sccomp 0 26 3 0 200 ffffaa000fe5d240 pms0 pmsreset 0 25 3 1 200 ffffaa000fd9ea80 xcall/1 xcall 0 24 1 1 200 ffffaa000fd9e640 softser/1 0 23 1 1 200 ffffaa000fd9e200 softclk/1 0 22 1 1 200 ffffaa000fd9ca40 softbio/1 0 21 1 1 200 ffffaa000fd9c600 softnet/1 0 20 1 1 201 ffffaa000fd9c1c0 idle/1 0 19 3 1 200 ffffaa000e80aa00 lnxpwrwq lnxpwrwq 0 18 3 1 200 ffffaa000e80a5c0 lnxlngwq lnxlngwq 0 17 3 1 200 ffffaa000e80a180 lnxsyswq lnxsyswq 0 16 3 1 200 ffffaa000e8039c0 lnxrcugc lnxrcugc 0 15 3 0 200 ffffaa000e803580 sysmon smtaskq 0 14 3 0 200 ffffaa000e803140 pmfsuspend pmfsuspend 0 13 3 1 200 ffffaa000e7fe980 pmfevent pmfevent 0 12 3 0 200 ffffaa000e7fe540 sopendfree sopendfr 0 11 3 0 200 ffffaa000e7fe100 iflnkst iflnkst 0 10 3 0 200 ffffaa000e7f3940 nfssilly nfssilly 0 9 3 0 200 ffffaa000e7f3500 vdrain vdrain 0 8 3 1 200 ffffaa000e7f30c0 modunload mod_unld 0 7 3 0 200 ffffaa000e7e6900 xcall/0 xcall 0 6 1 0 200 ffffaa000e7e64c0 softser/0 0 5 1 0 200 ffffaa000e7e6080 softclk/0 0 4 1 0 200 ffffaa000e7e38c0 softbio/0 0 3 1 0 200 ffffaa000e7e3480 softnet/0 0 2 1 0 201 ffffaa000e7e3040 idle/0 0 0 2 1 240 ffffffff82caa040 swapper [Locks tracked through LWPs] ****** LWP 5374.3105 (syz-executor6381) @ 0xffffaa0012cc3bc0, l_stat=7 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at fork1) lock address : 0xffffaa00129b73c0 type : sleep/adaptive initialized : 0xffffffff816fc493 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 1 relevant lwp : 0xffffaa0012cc3bc0 last held: 000000000000000000 last locked : 0xffffffff8170ce09 unlocked*: 0xffffffff816d4a53 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 5055.5055 (syz-executor6381) @ 0xffffaa0012cb1b80, l_stat=2 *** Locks held: * Lock 0 (initialized at uvm_map_setup) lock address : 0xffffaa0012c7ca00 type : sleep/adaptive initialized : 0xffffffff8168d001 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffaa0012cb1b80 last held: 0xffffaa0012cb1b80 last locked* : 0xffffffff81687275 unlocked : 0xffffffff8167cf14 owner/count : 0xffffaa0012cb1b80 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 4807.4807 (syz-executor6381) @ 0xffffaa0012bf3540, l_stat=2 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at pmap_ctor) lock address : 0xffffaa0012c8f980 type : sleep/adaptive initialized : 0xffffffff8087e6aa shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 0 relevant lwp : 0xffffaa0012bf3540 last held: 000000000000000000 last locked : 0xffffffff80880292 unlocked*: 0xffffffff80880a6d owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 730.730 (sshd) @ 0xffffaa0013873300, l_stat=3 *** Locks held: * Lock 0 (initialized at soinit) lock address : 0xffffaa000e733080 type : sleep/adaptive initialized : 0xffffffff8181706d shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffaa0013873300 last held: 0xffffaa0013873300 last locked* : 0xffffffff8181626c unlocked : 0xffffffff818162ec owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 0.15 (sysmon) @ 0xffffaa000e803580, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff82da12c0 type : sleep/adaptive initialized : 0xffffffff81713612 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffaa000e803580 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 0.11 (iflnkst) @ 0xffffaa000e7fe100, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff82da12c0 type : sleep/adaptive initialized : 0xffffffff81713612 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffaa000e7fe100 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 0.5 (softclk/0) @ 0xffffaa000e7e6080, l_stat=1 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff82da12c0 type : sleep/adaptive initialized : 0xffffffff81713612 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffaa000e7e6080 last held: 000000000000000000 last locked : 00000000000000