Sun Mar 8 04:57:49 UTC 2020 NetBSD/amd64 (ci2-netbsd-1.c.syzkaller.internal) (console) login: Mar 8 04:57:52 ci2-netbsd-1 getty[495]: /dev/ttyE3: Device not configured Mar 8 04:57:52 ci2-netbsd-1 getty[381]: /dev/ttyE1: Device not configured Mar 8 04:57:52 ci2-netbsd-1 getty[507]: /dev/ttyE2: Device not configured Warning: Permanently added '10.128.1.53' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 91.1787415] panic: ASan: Unauthorized Access In 0xffffffff8118bc9d: Addr 0xffff9d8013ecf550 [8 bytes, read, PoolUseAfterFree] [ 91.1919262] cpu0: Begin traceback... [ 91.1987573] vpanic() at netbsd:vpanic+0x241 [ 91.2288199] snprintf() at netbsd:snprintf [ 91.2588734] kasan_report() at netbsd:kasan_report+0x98 [ 91.2989484] __asan_load8() at netbsd:__asan_load8+0x294 [ 91.3290141] fixjobc() at netbsd:fixjobc+0xfb [ 91.3590633] exit1() at netbsd:exit1+0x4b2 [ 91.3891230] sys_exit() at netbsd:sys_exit+0x77 [ 91.4191783] syscall() at netbsd:syscall+0x57e [ 91.4292003] --- syscall (number 1) --- [ 91.4392155] 76c67c399a6a: [ 91.4494661] cpu0: End traceback... [ 91.4494661] fatal breakpoint trap in supervisor mode [ 91.4494661] trap type 1 code 0 rip 0xffffffff8021e4b5 cs 0x8 rflags 0x246 cr2 0x76c67cd51ff8 ilevel 0 rsp 0xffff9d817e92fac0 [ 91.4692495] curlwp 0xffff9d80116a16c0 pid 900.1 lowest kstack 0xffff9d817e9282c0 Stopped in pid 900.1 (syz-executor4114) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xe9 vpanic() at netbsd:vpanic+0x241 snprintf() at netbsd:snprintf kasan_report() at netbsd:kasan_report+0x98 __asan_load8() at netbsd:__asan_load8+0x294 fixjobc() at netbsd:fixjobc+0xfb exit1() at netbsd:exit1+0x4b2 sys_exit() at netbsd:sys_exit+0x77 syscall() at netbsd:syscall+0x57e --- syscall (number 1) --- 76c67c399a6a: ds e6ac es 7953 fs faa0 gs faf0 rdi ffff9d800d92d488 rsi ffff9d80116a1978 rbp ffff9d817e92fac0 rbx ffffffff82810480 cpu_info_primary rdx 2 rcx ffffffff80d14fa1 db_panic+0xd5 rax 0 r8 4 r9 1ffffffff0554bfc r10 ffffffff82aa5fe3 db_onpanic+0x3 r11 10 r12 ffff9d816d8a4000 r13 ffffffff82440be8 ostype+0x4e268 r14 ffff9d817e92fb50 r15 ffff9d816d893068 rip ffffffff8021e4b5 breakpoint+0x5 cs 8 rflags 246 rsp ffff9d817e92fac0 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 577 2 2 1 1000000 ffff9d8011f9b700 syz-executor4114 946 3 2 1 0 ffff9d8013ef6a80 syz-executor4114 946 2 2 1 0 ffff9d8013d18600 syz-executor4114 946 1 2 0 0 ffff9d8013cc50c0 syz-executor4114 1043 1 2 1 10000000 ffff9d8012057480 syz-executor4114 1006 2 3 0 80 ffff9d8013ef6640 syz-executor4114 parked 1036 2 3 1 80 ffff9d8013ef6200 syz-executor4114 parked 804 2 3 1 80 ffff9d8013cfb180 syz-executor4114 parked 804 1 2 0 0 ffff9d8012023300 syz-executor4114 1132 2 3 1 80 ffff9d8011c8cb80 syz-executor4114 parked 956 2 2 0 0 ffff9d8013db4780 syz-executor4114 956 1 2 0 10000000 ffff9d8012cb22c0 syz-executor4114 1151 1 2 0 10000000 ffff9d8013dc4480 syz-executor4114 616 3 3 1 80 ffff9d8013eda1c0 syz-executor4114 parked 963 2 3 0 40080 ffff9d8012c98ac0 syz-executor4114 parked 900 > 1 7 0 10040000 ffff9d80116a16c0 syz-executor4114 566 2 3 0 40080 ffff9d8013ecb180 syz-executor4114 parked 883 2 3 1 40080 ffff9d8012c79a00 syz-executor4114 parked 953 2 3 0 40080 ffff9d8012bd02c0 syz-executor4114 parked 819 3 3 1 40080 ffff9d8012c514c0 syz-executor4114 parked 675 3 3 1 40080 ffff9d8012c5c0c0 syz-executor4114 parked 361 2 3 0 40080 ffff9d8012c5c500 syz-executor4114 parked 482 2 3 1 80 ffff9d8013e4e100 syz-executor4114 parked 793 2 3 0 80 ffff9d8012063900 syz-executor4114 parked 794 2 3 0 80 ffff9d8013d83b40 syz-executor4114 parked 988 2 3 1 80 ffff9d8012063080 syz-executor4114 parked 784 3 3 1 80 ffff9d80120bf180 syz-executor4114 parked 394 2 3 0 80 ffff9d801211b280 syz-executor4114 parked 647 2 3 0 80 ffff9d801212c2c0 syz-executor4114 parked 823 2 3 0 80 ffff9d8013d46680 syz-executor4114 parked 571 2 3 0 80 ffff9d8013cc5940 syz-executor4114 parked 762 2 3 0 80 ffff9d8013cc5500 syz-executor4114 parked 752 2 3 1 80 ffff9d8011f9b2c0 syz-executor4114 parked 679 3 3 0 80 ffff9d8011efc1c0 syz-executor4114 parked 555 2 3 1 80 ffff9d8013ccc540 syz-executor4114 parked 671 3 3 1 80 ffff9d8012ca6280 syz-executor4114 parked 856 2 3 1 80 ffff9d8011f2fa80 syz-executor4114 parked 533 2 3 0 80 ffff9d8013db4340 syz-executor4114 parked 843 2 3 1 80 ffff9d80135b8300 syz-executor4114 parked 130 3 3 1 80 ffff9d80121a1580 syz-executor4114 parked 595 3 3 0 80 ffff9d8012141300 syz-executor4114 parked 192 2 3 1 80 ffff9d8013d832c0 syz-executor4114 parked 760 2 3 1 80 ffff9d8011f79b00 syz-executor4114 parked 664 2 3 1 80 ffff9d8013d5eb00 syz-executor4114 parked 580 2 3 0 80 ffff9d8013d5e6c0 syz-executor4114 parked 478 2 3 1 80 ffff9d80120760c0 syz-executor4114 parked 668 2 3 0 80 ffff9d80120ffa80 syz-executor4114 parked 374 2 3 1 80 ffff9d8013d3f640 syz-executor4114 parked 592 2 3 1 80 ffff9d8012087100 syz-executor4114 parked 684 2 3 0 80 ffff9d801202e780 syz-executor4114 parked 298 2 3 1 80 ffff9d801202e340 syz-executor4114 parked 168 2 3 1 80 ffff9d8013cfba00 syz-executor4114 parked 453 2 3 0 80 ffff9d8012cb2700 syz-executor4114 parked 162 3 3 1 80 ffff9d8012ca6b00 syz-executor4114 parked 96 3 3 0 80 ffff9d8011efca40 syz-executor4114 parked 626 2 3 0 80 ffff9d80116a1280 syz-executor4114 parked 500 2 3 0 80 ffff9d8013cd69c0 syz-executor4114 parked 636 2 3 0 80 ffff9d8013cd6580 syz-executor4114 parked 484 1 2 1 0 ffff9d8013c5bbc0 syz-executor4114 483 1 3 1 0 ffff9d8013c5b340 syz-executor4114 tstile 601 1 2 1 0 ffff9d8012ba7b00 syz-executor4114 446 1 2 1 0 ffff9d8012ba76c0 syz-executor4114 607 > 1 7 1 0 ffff9d8012bdab80 syz-executor4114 45 1 3 1 0 ffff9d8012ca66c0 syz-executor4114 tstile 558 1 3 0 80 ffff9d8011efc600 syz-executor4114 nanoslp 41 1 3 1 80 ffff9d80116a1b00 sshd select 495 1 3 0 80 ffff9d8012c84a40 getty nanoslp 507 1 3 1 80 ffff9d8012c84600 getty nanoslp 381 1 3 1 80 ffff9d8012b87680 getty nanoslp 570 1 3 0 80 ffff9d8012c79180 getty ttyraw 455 1 3 0 80 ffff9d8012227a80 cron nanoslp 469 1 3 1 80 ffff9d8012c028c0 inetd kqueue 421 1 3 0 80 ffff9d80121b6a00 sshd select 491 1 3 0 80 ffff9d8012141b80 powerd kqueue 202 1 3 1 80 ffff9d8012bd0700 syslogd kqueue 278 1 3 0 80 ffff9d8012152780 dhcpcd kqueue 230 1 3 1 80 ffff9d80120578c0 dhcpcd kqueue 1 1 3 0 80 ffff9d8011e2d540 init wait 0 29 3 0 204 ffff9d8011e84140 physiod physiod 0 48 3 0 204 ffff9d8011e86180 pooldrain pooldrain 0 47 3 0 200 ffff9d8011e849c0 ioflush syncer 0 46 3 1 200 ffff9d8011e84580 pgdaemon pgdaemon 0 44 3 0 200 ffff9d8011e2d980 npfgc-0 npfgccv 0 43 3 1 204 ffff9d8011e2d100 rt_free rt_free 0 42 3 1 204 ffff9d8011e25940 unpgc unpgc 0 41 3 1 204 ffff9d8011e25500 key_timehandler key_timehandler 0 40 3 1 204 ffff9d8011e250c0 icmp6_wqinput/1 icmp6_wqinput 0 39 3 0 204 ffff9d8011e1b900 icmp6_wqinput/0 icmp6_wqinput 0 38 3 0 204 ffff9d8011e1b4c0 nd6_timer nd6_timer 0 37 3 1 204 ffff9d8011e1b080 carp6_wqinput/1 carp6_wqinput 0 36 3 0 204 ffff9d8011e168c0 carp6_wqinput/0 carp6_wqinput 0 35 3 1 204 ffff9d8011e16480 carp_wqinput/1 carp_wqinput 0 34 3 0 204 ffff9d8011e16040 carp_wqinput/0 carp_wqinput 0 33 3 1 204 ffff9d8011c9bbc0 icmp_wqinput/1 icmp_wqinput 0 32 3 0 204 ffff9d8011c9b780 icmp_wqinput/0 icmp_wqinput 0 31 3 0 204 ffff9d8011c9b340 rt_timer rt_timer 0 30 2 0 200 ffff9d8011c8c300 vmem_rehash 0 28 3 0 204 ffff9d800f35dac0 scsibus0 sccomp 0 27 3 0 200 ffff9d800f35d680 pms0 pmsreset 0 26 3 1 204 ffff9d800f35d240 xcall/1 xcall 0 25 1 1 200 ffff9d800f35ca80 softser/1 0 24 1 1 200 ffff9d800f35c640 softclk/1 0 23 1 1 200 ffff9d800f35c200 softbio/1 0 22 1 1 200 ffff9d800f26ea40 softnet/1 0 21 1 1 201 ffff9d800f26e600 idle/1 0 20 3 1 204 ffff9d800f26e1c0 lnxpwrwq lnxpwrwq 0 19 3 1 204 ffff9d800f26ca00 lnxlngwq lnxlngwq 0 18 3 0 204 ffff9d800f26c5c0 lnxsyswq lnxsyswq 0 17 3 1 204 ffff9d800f26c180 lnxrcugc lnxrcugc 0 16 3 0 204 ffff9d800de4f9c0 sysmon smtaskq 0 15 3 0 204 ffff9d800de4f580 pmfsuspend pmfsuspend 0 14 3 1 204 ffff9d800de4f140 pmfevent pmfevent 0 13 3 0 204 ffff9d800de40980 sopendfree sopendfr 0 12 3 1 204 ffff9d800de40540 iflnkst iflnkst 0 11 3 0 204 ffff9d800de40100 nfssilly nfssilly 0 10 3 0 200 ffff9d800de34940 cachegc cachegc 0 9 3 0 204 ffff9d800de34500 vdrain vdrain 0 8 3 0 200 ffff9d800de340c0 modunload mod_unld 0 7 3 0 204 ffff9d800de24900 xcall/0 xcall 0 6 1 0 200 ffff9d800de244c0 softser/0 0 5 1 0 200 ffff9d800de24080 softclk/0 0 4 1 0 200 ffff9d800de218c0 softbio/0 0 3 1 0 200 ffff9d800de21480 softnet/0 0 2 1 0 201 ffff9d800de21040 idle/0 0 1 3 1 200 ffffffff82b6efc0 swapper uvm [Locks tracked through LWPs] ****** LWP 577.2 (syz-executor4114) @ 0xffff9d8011f9b700, l_stat=2 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at module_hook_init) lock address : 0xffffffff82d90240 type : sleep/adaptive initialized : 0xffffffff8117f252 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffff9d8011f9b700 last held: 000000000000000000 last locked : 000000000000000000 unlocked*: 000000000000000000 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 1043.1 (syz-executor4114) @ 0xffff9d8012057480, l_stat=2 *** Locks held: * Lock 0 (initialized at fork1) lock address : 0xffff9d8011f75e90 type : sleep/adaptive initialized : 0xffffffff81166c81 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffff9d8012057480 last held: 0xffff9d8012057480 last locked* : 0xffffffff811632a9 unlocked : 000000000000000000 owner/count : 0xffff9d8012057480 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at uvm_obj_init) lock address : 0xffff9d8011c6b540 type : sleep/adaptive initialized : 0xffffffff8110ca30 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffff9d8012057480 last held: 0xffff9d8012057480 last locked* : 0xffffffff81100a0b unlocked : 0xffffffff81100a90 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. * Lock 2 (initialized at pmap_ctor) lock address : 0xffff9d8012c69980 type : sleep/adaptive initialized : 0xffffffff802772c1 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffff9d8012057480 last held: 0xffff9d8012057480 last locked* : 0xffffffff8027793e unlocked : 0xffffffff80277bd5 [ 91.4766322] Skipping crash dump on recursive panic [ 91.4766322] panic: ASan: Unauthorized Access In 0xffffffff8117fe00: Addr 0xffff9d8012c69980 [8 bytes, read, PoolUseAfterFree] [ 91.4766322] cpu0: Begin traceback... [ 91.4766322] vpanic() at netbsd:vpanic+0x241 [ 91.4766322] snprintf() at netbsd:snprintf [ 91.4766322] kasan_report() at netbsd:kasan_report+0x98 [ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 [ 91.4766322] mutex_dump() at netbsd:mutex_dump+0x20 [ 91.4766322] lockdebug_dump() at netbsd:lockdebug_dump+0x28d [ 91.4766322] lockdebug_show_one() at netbsd:lockdebug_show_one+0xca [ 91.4766322] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x303 [ 91.4766322] db_command() at netbsd:db_command+0x2c0 [ 91.4766322] db_command_loop() at netbsd:db_command_loop+0x26c [ 91.4766322] db_trap() at netbsd:db_trap+0x219 [ 91.4766322] kdb_trap() at netbsd:kdb_trap+0x1ce [ 91.4766322] trap() at netbsd:trap+0x66a [ 91.4766322] --- trap (number 1) --- [ 91.4766322] breakpoint() at netbsd:breakpoint+0x5 [ 91.4766322] db_panic() at netbsd:db_panic+0xe9 [ 91.4766322] vpanic() at netbsd:vpanic+0x241 [ 91.4766322] snprintf() at netbsd:snprintf [ 91.4766322] kasan_report() at netbsd:kasan_report+0x98 [ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 [ 91.4766322] fixjobc() at netbsd:fixjobc+0xfb [ 91.4766322] exit1() at netbsd:exit1+0x4b2 [ 91.4766322] sys_exit() at netbsd:sys_exit+0x77 [ 91.4766322] syscall() at netbsd:syscall+0x57e [ 91.4766322] --- syscall (number 1) --- [ 91.4766322] 76c67c399a6a: [ 91.4766322] cpu0: End traceback... [ 91.4766322] fatal breakpoint trap in supervisor mode [ 91.4766322] trap type 1 code 0 rip 0xffffffff8021e4b5 cs 0x8 rflags 0x246 cr2 0x76c67cd51ff8 ilevel 0x8 rsp 0xffff9d817e92f060 [ 91.4766322] curlwp 0xffff9d80116a16c0 pid 900.1 lowest kstack 0xffff9d817e9282c0 Stopped in pid 900.1 (syz-executor4114) at netbsd:breakpoint+0x5: leave