May 11 20:23:59 ci2-netbsd-9 getty[1245]: /dev/ttyE1: Device not configured NetBSD/amd64 (ci2-netbsd-9.c.syzkaller.internal) (console) login: May 11 20:23:59 ci2-netbsd-9 getty[677]: /dev/ttyE2: Device not configured Warning: Permanently added '10.128.0.159' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 42.0105800] panic: ASan: Unauthorized Access In 0xffffffff816c7699: Addr 0xffffb88012cfd518 [8 bytes, read, PoolUseAfterFree] [ 42.0201052] cpu1: Begin traceback... [ 42.0344160] vpanic() at netbsd:vpanic+0x22e [ 42.0534912] snprintf() at netbsd:snprintf executing program [ 42.0773366] kasan_report() at netbsd:kasan_report+0x9c [ 42.1011853] __asan_load8() at netbsd:__asan_load8+0x294 [ 42.1250285] mutex_oncpu() at netbsd:mutex_oncpu+0x38 [ 42.1488772] mutex_enter() at netbsd:mutex_enter+0x1a1 executing program [ 42.1727227] lwp_exit() at netbsd:lwp_exit+0x32e [ 42.1965720] lwp_userret() at netbsd:lwp_userret+0x1f5 [ 42.2204142] syscall() at netbsd:syscall+0x85e [ 42.2299519] --- syscall (number 4) --- [ 42.2442587] 75685d0ade7a: [ 42.2442587] cpu1: End traceback... [ 42.2490258] fatal breakpoint trap in supervisor mode [ 42.2537945] trap type 1 code 0 rip 0xffffffff802209c5 cs 0x8 rflags 0x246 cr2 0x75685d3fb729 ilevel 0 rsp 0xffffb8817f63fb90 [ 42.2633359] curlwp 0xffffb88012cfd0c0 pid 1492.1468 lowest kstack 0xffffb8817f6382c0 Stopped in pid 1492.1468 (syz-executor1541) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xe9 vpanic() at netbsd:vpanic+0x22e snprintf() at netbsd:snprintf kasan_report() at netbsd:kasan_report+0x9c __asan_load8() at netbsd:__asan_load8+0x294 mutex_oncpu() at netbsd:mutex_oncpu+0x38 mutex_enter() at netbsd:mutex_enter+0x1a1 lwp_exit() at netbsd:lwp_exit+0x32e lwp_userret() at netbsd:lwp_userret+0x1f5 syscall() at netbsd:syscall+0x85e --- syscall (number 4) --- 75685d0ade7a: ds d0c0 es 9f80 fs fb70 gs 2607 rdi ffffffff82bdf240 db_onpanic rsi 1ffffffff057be48 rbp ffffb8817f63fb90 rbx ffffb8816e699000 rdx 0 rcx ffffffff81265c09 db_panic+0xd5 rax 0 r8 4 r9 1ffffffff057be48 r10 ffffffff82bdf243 db_onpanic+0x3 r11 10 r12 ffffb8816e6aa000 r13 ffffffff824442b0 ostype+0x70890 r14 ffffb8817f63fc20 r15 ffffb8816e699060 rip ffffffff802209c5 breakpoint+0x5 cs 8 rflags 246 rsp ffffb8817f63fb90 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 1454 1454 2 0 0 ffffb88014085780 syz-executor1541 2079 2079 2 0 0 ffffb88014085340 syz-executor1541 2173 1617 2 0 0 ffffb88012c501c0 syz-executor1541 2173 1577 2 0 0 ffffb880137226c0 syz-executor1541 2173 2173 2 0 0 ffffb88012c85ac0 syz-executor1541 1492 >1468 7 1 100000 ffffb88012cfd0c0 syz-executor1541 1492 1492 2 1 10000040 ffffb88012ceb080 syz-executor1541 2080 1580 5 0 100000 ffffb88014837180 syz-executor1541 2080 2080 3 0 10000000 ffffb88012be10c0 syz-executor1541 xclocv 698 698 2 1 40 ffffb880147ae8c0 syz-executor1541 691 691 2 0 40 ffffb880147ae480 syz-executor1541 692 692 2 1 40 ffffb880147ae040 syz-executor1541 694 694 2 1 40 ffffb8801385fb00 syz-executor1541 713 713 2 0 40 ffffb8801385f6c0 syz-executor1541 712 712 2 0 40 ffffb880138375c0 syz-executor1541 689 689 3 0 80 ffffb880129bb600 syz-executor1541 nanoslp 683 683 3 0 80 ffffb8801297b580 sshd select 1374 1374 3 1 80 ffffb88013857680 getty nanoslp 677 677 3 1 80 ffffb8801384d640 getty nanoslp 1245 1245 3 1 80 ffffb8801384d200 getty nanoslp 867 867 3 0 c0 ffffb8801386a2c0 getty ttyraw 668 668 3 1 80 ffffb880137a0b80 cron nanoslp 719 719 3 1 80 ffffb880137d54c0 inetd kqueue 592 592 3 0 80 ffffb88012db7240 sshd select 560 560 3 0 80 ffffb88012ceb4c0 powerd kqueue 1247 1247 2 1 0 ffffb88012bf4980 makemandb 957 957 3 0 80 ffffb880137a0740 syslogd kqueue 301 301 3 0 80 ffffb88012cd9040 dhcpcd kqueue 334 334 3 0 80 ffffb88012bc8900 dhcpcd kqueue 1 1 3 1 80 ffffb88012933100 init wait 0 575 3 0 200 ffffb8801297b9c0 physiod physiod 0 123 3 0 200 ffffb88012989a00 pooldrain pooldrain 0 122 2 1 240 ffffb880129895c0 ioflush 0 121 3 1 200 ffffb88012989180 pgdaemon pgdaemon 0 118 3 0 200 ffffb8801297b140 usb0 usbevt 0 117 3 1 200 ffffb88012933980 usbtask-dr usbtsk 0 116 3 1 200 ffffb8800fe5dac0 usbtask-hc usbtsk 0 115 3 0 200 ffffb88012933540 npfgc-0 npfgccv 0 114 3 1 200 ffffb88012923940 rt_free rt_free 0 113 3 1 200 ffffb88012923500 unpgc unpgc 0 112 3 0 200 ffffb880129230c0 key_timehandler key_timehandler 0 111 3 1 200 ffffb88012919900 icmp6_wqinput/1 icmp6_wqinput 0 110 3 0 200 ffffb880129194c0 icmp6_wqinput/0 icmp6_wqinput 0 109 3 0 200 ffffb88012919080 nd6_timer nd6_timer 0 108 3 1 200 ffffb880127698c0 carp6_wqinput/1 carp6_wqinput 0 107 3 0 200 ffffb88012769480 carp6_wqinput/0 carp6_wqinput 0 106 3 1 200 ffffb88012769040 carp_wqinput/1 carp_wqinput 0 105 3 0 200 ffffb88012759bc0 carp_wqinput/0 carp_wqinput 0 104 3 1 200 ffffb88012759780 icmp_wqinput/1 icmp_wqinput 0 103 3 0 200 ffffb88012759340 icmp_wqinput/0 icmp_wqinput 0 102 2 1 200 ffffb88012745b80 rt_timer 0 101 3 0 200 ffffb88012745740 vmem_rehash vmem_rehash 0 100 3 0 200 ffffb880127416c0 entbutler entropy 0 27 3 0 200 ffffb8800fe5d680 scsibus0 sccomp 0 26 3 0 200 ffffb8800fe5d240 pms0 pmsreset 0 25 2 1 200 ffffb8800fd9ea80 xcall/1 0 24 1 1 200 ffffb8800fd9e640 softser/1 0 23 1 1 200 ffffb8800fd9e200 softclk/1 0 22 1 1 200 ffffb8800fd9ca40 softbio/1 0 21 1 1 200 ffffb8800fd9c600 softnet/1 0 20 1 1 201 ffffb8800fd9c1c0 idle/1 0 19 3 0 200 ffffb8800e80aa00 lnxpwrwq lnxpwrwq 0 18 3 0 200 ffffb8800e80a5c0 lnxlngwq lnxlngwq 0 17 3 0 200 ffffb8800e80a180 lnxsyswq lnxsyswq 0 16 3 0 200 ffffb8800e8039c0 lnxrcugc lnxrcugc 0 15 3 0 200 ffffb8800e803580 sysmon smtaskq 0 14 3 1 200 ffffb8800e803140 pmfsuspend pmfsuspend 0 13 3 0 200 ffffb8800e7fe980 pmfevent pmfevent 0 12 3 0 200 ffffb8800e7fe540 sopendfree sopendfr 0 11 3 1 200 ffffb8800e7fe100 iflnkst iflnkst 0 10 3 0 200 ffffb8800e7f3940 nfssilly nfssilly 0 9 3 0 200 ffffb8800e7f3500 vdrain vdrain 0 8 3 1 200 ffffb8800e7f30c0 modunload mod_unld 0 7 3 0 200 ffffb8800e7e6900 xcall/0 xcall 0 6 1 0 200 ffffb8800e7e64c0 softser/0 0 5 1 0 200 ffffb8800e7e6080 softclk/0 0 4 1 0 200 ffffb8800e7e38c0 softbio/0 0 3 1 0 200 ffffb8800e7e3480 softnet/0 0 2 1 0 201 ffffb8800e7e3040 idle/0 0 > 0 7 0 240 ffffffff82caa080 swapper [Locks tracked through LWPs] ****** LWP 2173.2173 (syz-executor1541) @ 0xffffb88012c85ac0, l_stat=2 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at amap_ctor) lock address : 0xffffb88014404cc0 type : sleep/adaptive initialized : 0xffffffff8161ffe3 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb88012c85ac0 last held: 000000000000000000 last locked : 0xffffffff816249d0 unlocked*: 0xffffffff8163ac31 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. ****** LWP 1492.1468 (syz-executor1541) @ 0xffffb88012cfd0c0, l_stat=7 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at fork1) lock address : 0xffffb88012d39980 type : sleep/adaptive initialized : 0xffffffff816afb1a shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 1 relevant lwp : 0xffffb88012cfd0c0 last held: 000000000000000000 last locked : 0xffffffff816c02ef unlocked*: 0xffffffff81688713 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 2080.2080 (syz-executor1541) @ 0xffffb88012be10c0, l_stat=3 *** Locks held: * Lock 0 (initialized at amap_ctor) lock address : 0xffffb88014404c40 type : sleep/adaptive initialized : 0xffffffff8161ffe3 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb88012be10c0 last held: 0xffffb88012be10c0 last locked* : 0xffffffff8162ebf6 unlocked : 0xffffffff8162c766 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 692.692 (syz-executor1541) @ 0xffffb880147ae040, l_stat=2 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffb88014770c80 type : sleep/adaptive initialized : 0xffffffff81815cd3 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffb880147ae040 last held: 0xffffb880147ae040 last locked* : 0xffffffff8184456e unlocked : 0xffffffff818445d0 owner/count : 0xffffb880147ae040 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at vcache_alloc) lock address : 0xffffb88012c87700 type : sleep/adaptive initialized : 0xffffffff81815cd3 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffb880147ae040 last held: 0xffffb880147ae040 last locked* : 0xffffffff8184456e unlocked : 000000000000000000 owner/count : 0xffffb880147ae040 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 713.713 (syz-executor1541) @ 0xffffb8801385f6c0, l_stat=2 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffb880147db7c0 type : sleep/adaptive initialized : 0xffffffff81815cd3 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb8801385f6c0 last held: 0xffffb8801385f6c0 last locked* : 0xffffffff8184456e unlocked : 0xffffffff818445d0 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at vcache_alloc) lock address : 0xffffb88012c87480 type : sleep/adaptive initialized : 0xffffffff81815cd3 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb8801385f6c0 last held: 0xffffb8801385f6c0 last locked* : 0xffffffff8184456e unlocked : 000000000000000000 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 712.712 (syz-executor1541) @ 0xffffb880138375c0, l_stat=2 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffb88014770500 type : sleep/adaptive initialized : 0xffffffff81815cd3 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 1 relevant lwp : 0xffffb880138375c0 last held: 0xffffb880138375c0 last locked* : 0xffffffff8184456e unlocked : 0xffffffff818445d0 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at vcache_alloc) lock address : 0xffffb8801388ec40 type : sleep/adaptive initialized : 0xffffffff81815cd3 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 1 relevant lwp : 0xffffb880138375c0 last held: 0xffffb880138375c0 last locked* : 0xffffffff8184456e unlocked : 0xffffffff818445d0 [ 42.2728714] Skipping crash dump on recursive panic [ 42.2728714] panic: ASan: Unauthorized Access In 0xffffffff816e6a20: Addr 0xffffb8801388ec40 [8 bytes, read, PoolUseAfterFree] [ 42.2728714] cpu1: Begin traceback... [ 42.2728714] vpanic() at netbsd:vpanic+0x22e [ 42.2728714] snprintf() at netbsd:snprintf [ 42.2728714] kasan_report() at netbsd:kasan_report+0x9c [ 42.2728714] __asan_load8() at netbsd:__asan_load8+0x294 [ 42.2728714] rw_dump() at netbsd:rw_dump+0x20 [ 42.2728714] lockdebug_dump() at netbsd:lockdebug_dump+0x207 [ 42.2728714] lockdebug_show_one() at netbsd:lockdebug_show_one+0xb7 [ 42.2728714] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x26b [ 42.2728714] db_command() at netbsd:db_command+0x2ad [ 42.2728714] db_command_loop() at netbsd:db_command_loop+0x26c [ 42.2728714] db_trap() at netbsd:db_trap+0x206 [ 42.2728714] kdb_trap() at netbsd:kdb_trap+0x1ce [ 42.2728714] trap() at netbsd:trap+0x57e [ 42.2728714] --- trap (number 1) --- [ 42.2728714] breakpoint() at netbsd:breakpoint+0x5 [ 42.2728714] db_panic() at netbsd:db_panic+0xe9 [ 42.2728714] vpanic() at netbsd:vpanic+0x22e [ 42.2728714] snprintf() at netbsd:snprintf [ 42.2728714] kasan_report() at netbsd:kasan_report+0x9c [ 42.2728714] __asan_load8() at netbsd:__asan_load8+0x294 [ 42.2728714] mutex_oncpu() at netbsd:mutex_oncpu+0x38 [ 42.2728714] mutex_enter() at netbsd:mutex_enter+0x1a1 [ 42.2728714] lwp_exit() at netbsd:lwp_exit+0x32e [ 42.2728714] lwp_userret() at netbsd:lwp_userret+0x1f5 [ 42.2728714] syscall() at netbsd:syscall+0x85e [ 42.2728714] --- syscall (number 4) --- [ 42.2728714] 75685d0ade7a: [ 42.2728714] cpu1: End traceback... [ 42.2728714] fatal breakpoint trap in supervisor mode [ 42.2728714] trap type 1 code 0 rip 0xffffffff802209c5 cs 0x8 rflags 0x246 cr2 0x75685d3fb729 ilevel 0x8 rsp 0xffffb8817f63f130 [ 42.2728714] curlwp 0xffffb88012cfd0c0 pid 1492.1468 lowest kstack 0xffffb8817f6382c0 Stopped in pid 1492.1468 (syz-executor1541) at netbsd:breakpoint+0x5: leave