Warning: Permanently added '10.128.1.53' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 52.3499520] panic: kernel diagnostic assertion "ci->ci_tlbstate != TLBSTATE_VALID" failed: file "/syzkaller/managers/netbsd/kernel/sys/arch/x86/x86/pmap.c", line 3412 [ 52.3599411] cpu1: Begin traceback... [ 52.3699430] vpanic() at netbsd:vpanic+0x22e [ 52.3999442] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 52.4299495] pmap_activate() at netbsd:pmap_activate+0x173 [ 52.4599432] mi_switch() at netbsd:mi_switch+0x673 [ 52.4799438] kpreempt() at netbsd:kpreempt+0x1fc [ 52.5099441] syscall() at netbsd:syscall+0x8fa [ 52.5199435] --- syscall (number 0) --- [ 52.5299478] netbsd:syscall+0x8fa: [ 52.5299478] cpu1: End traceback... [ 52.5399427] fatal breakpoint trap in supervisor mode [ 52.5399427] trap type 1 code 0 rip 0xffffffff8022094d cs 0x8 rflags 0x282 cr2 0x761fa7606ca0 ilevel 0x8 rsp 0xffffb981805dfb80 [ 52.5499416] curlwp 0xffffb98012c0da40 pid 2253.2253 lowest kstack 0xffffb981805d82c0 Stopped in pid 2253.2253 (syz-executor0827) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xe9 vpanic() at netbsd:vpanic+0x22e _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure pmap_activate() at netbsd:pmap_activate+0x173 mi_switch() at netbsd:mi_switch+0x673 kpreempt() at netbsd:kpreempt+0x1fc syscall() at netbsd:syscall+0x8fa --- syscall (number 0) --- netbsd:syscall+0x8fa: ds fc40 es c19e fs fb60 gs fbb0 rdi ffffffff82bd8280 db_onpanic rsi 1ffffffff057b050 rbp ffffb981805dfb80 rbx ffffb9816e699000 rdx 0 rcx ffffffff8126bf59 db_panic+0xd5 rax ffffb98012c0da40 r8 4 r9 1ffffffff057b050 r10 ffffffff82bd8283 db_onpanic+0x3 r11 8000000000 r12 ffffb9816e6aa000 r13 ffffffff81f89140 platform_private_nodes+0x160 r14 ffffb981805dfc10 r15 ffffb9816e699060 rip ffffffff8022094d breakpoint+0x5 cs 8 rflags 282 rsp ffffb981805dfb80 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 2266 2266 2 0 0 ffffb980137d80c0 syz-executor0827 2175 1575 2 0 100000 ffffb98012aefbc0 syz-executor0827 2175 2175 2 0 10000000 ffffb98012a88740 syz-executor0827 2090 2090 2 0 0 ffffb98012c6c2c0 syz-executor0827 2253 2229 2 0 0 ffffb98013846300 syz-executor0827 2253 2098 3 1 80 ffffb98012c0d600 syz-executor0827 parked 2253 >2253 7 1 0 ffffb98012c0da40 syz-executor0827 1659 1659 2 0 40 ffffb980147ae4c0 syz-executor0827 700 700 3 1 80 ffffb980147ae080 syz-executor0827 nanoslp 698 698 2 0 40 ffffb98013805a00 syz-executor0827 696 696 3 1 80 ffffb9801382cb00 syz-executor0827 nanoslp 695 695 3 0 40 ffffb9801382c6c0 syz-executor0827 xclocv 697 697 2 0 40 ffffb9801376ab80 syz-executor0827 694 694 3 0 80 ffffb98012747300 syz-executor0827 nanoslp 685 685 3 1 80 ffffb98012744700 sshd select 1509 1509 3 1 80 ffffb980138055c0 getty nanoslp 684 684 3 0 80 ffffb98013823240 getty nanoslp 1638 1638 3 1 80 ffffb98013817a80 getty nanoslp 871 871 3 1 c0 ffffb98013817200 getty ttyraw 1380 1380 3 1 80 ffffb980141548c0 cron nanoslp 724 724 3 1 80 ffffb980136f5700 inetd kqueue 1445 1445 3 1 80 ffffb98012ce8a00 sshd select 739 739 3 0 80 ffffb98012c0d1c0 powerd kqueue 1249 1249 2 1 40000 ffffb98012b09480 makemandb 449 449 3 1 80 ffffb9801376a300 syslogd kqueue 303 303 3 0 80 ffffb98012c9a480 dhcpcd kqueue 338 338 3 0 80 ffffb98012bb4100 dhcpcd kqueue 1 1 3 0 80 ffffb980128f5140 init wait 0 932 3 0 200 ffffb9801294da00 physiod physiod 0 63 3 0 200 ffffb9801295ca40 pooldrain pooldrain 0 > 126 7 0 240 ffffb9801295c600 ioflush 0 125 3 1 200 ffffb9801295c1c0 pgdaemon pgdaemon 0 122 3 0 200 ffffb9801294d180 usb0 usbevt 0 121 3 1 200 ffffb980128f59c0 usbtask-dr usbtsk 0 120 3 1 200 ffffb9800fe5cac0 usbtask-hc usbtsk 0 119 3 1 200 ffffb980128f5580 npfgc-0 npfgccv 0 118 3 1 200 ffffb980128e4980 rt_free rt_free 0 117 3 1 200 ffffb980128e4540 unpgc unpgc 0 116 3 0 200 ffffb980128e4100 key_timehandler key_timehandler 0 115 3 1 200 ffffb980128dc940 icmp6_wqinput/1 icmp6_wqinput 0 114 3 0 200 ffffb980128dc500 icmp6_wqinput/0 icmp6_wqinput 0 113 3 0 200 ffffb980128dc0c0 nd6_timer nd6_timer 0 112 3 1 200 ffffb980128d2900 carp6_wqinput/1 carp6_wqinput 0 111 3 0 200 ffffb980128d24c0 carp6_wqinput/0 carp6_wqinput 0 110 3 1 200 ffffb980128d2080 carp_wqinput/1 carp_wqinput 0 109 3 0 200 ffffb980127598c0 carp_wqinput/0 carp_wqinput 0 108 3 1 200 ffffb98012759480 icmp_wqinput/1 icmp_wqinput 0 107 3 0 200 ffffb98012759040 icmp_wqinput/0 icmp_wqinput 0 106 3 0 200 ffffb98012747b80 rt_timer rt_timer 0 105 3 1 200 ffffb98012748bc0 vmem_rehash vmem_rehash 0 104 3 1 200 ffffb98012748780 entbutler entropy 0 30 3 1 200 ffffb980121626c0 vioif0_txrx/1 vioif0_txrx 0 29 3 0 200 ffffb98012162280 vioif0_txrx/0 vioif0_txrx 0 27 3 0 200 ffffb9800fe5c680 scsibus0 sccomp 0 26 3 0 200 ffffb9800fe5c240 pms0 pmsreset 0 25 2 1 200 ffffb9800fd9da80 xcall/1 0 24 1 1 200 ffffb9800fd9d640 softser/1 0 23 1 1 200 ffffb9800fd9d200 softclk/1 0 22 1 1 200 ffffb9800fd9ba40 softbio/1 0 21 1 1 200 ffffb9800fd9b600 softnet/1 0 20 1 1 201 ffffb9800fd9b1c0 idle/1 0 19 3 0 200 ffffb9800e80aa00 lnxpwrwq lnxpwrwq 0 18 3 0 200 ffffb9800e80a5c0 lnxlngwq lnxlngwq 0 17 3 0 200 ffffb9800e80a180 lnxsyswq lnxsyswq 0 16 3 0 200 ffffb9800e8049c0 lnxrcugc lnxrcugc 0 15 3 0 200 ffffb9800e804580 sysmon smtaskq 0 14 3 0 200 ffffb9800e804140 pmfsuspend pmfsuspend 0 13 3 0 200 ffffb9800e7ff980 pmfevent pmfevent 0 12 3 0 200 ffffb9800e7ff540 sopendfree sopendfr 0 11 3 0 200 ffffb9800e7ff100 iflnkst iflnkst 0 10 3 0 200 ffffb9800e7f3940 nfssilly nfssilly 0 9 3 0 200 ffffb9800e7f3500 vdrain vdrain 0 8 3 0 200 ffffb9800e7f30c0 modunload mod_unld 0 7 3 0 200 ffffb9800e7e6900 xcall/0 xcall 0 6 1 0 200 ffffb9800e7e64c0 softser/0 0 5 1 0 200 ffffb9800e7e6080 softclk/0 0 4 1 0 200 ffffb9800e7e48c0 softbio/0 0 3 1 0 200 ffffb9800e7e4480 softnet/0 0 2 1 0 201 ffffb9800e7e4040 idle/0 0 0 3 0 200 ffffffff82ca3700 swapper uvm [Locks tracked through LWPs] ****** LWP 2090.2090 (syz-executor0827) @ 0xffffb98012c6c2c0, l_stat=2 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at amap_ctor) lock address : 0xffffb980143ba240 type : sleep/adaptive initialized : 0xffffffff81629013 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb98012c6c2c0 last held: 000000000000000000 last locked : 0xffffffff81637e26 unlocked*: 0xffffffff81635dd8 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. ****** LWP 698.698 (syz-executor0827) @ 0xffffb98013805a00, l_stat=2 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffb980147cfa40 type : sleep/adaptive initialized : 0xffffffff81823e43 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb98013805a00 last held: 0xffffb98013805a00 last locked* : 0xffffffff81852c3f unlocked : 0xffffffff81852ca1 owner/count : 0xffffb98013805a00 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at vcache_alloc) lock address : 0xffffb9801485f700 type : sleep/adaptive initialized : 0xffffffff81823e43 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb98013805a00 last held: 0xffffb98013805a00 last locked* : 0xffffffff81852c3f unlocked : 0xffffffff81852ca1 [ 52.5599392] Skipping crash dump on recursive panic [ 52.5599392] panic: ASan: Unauthorized Access In 0xffffffff816ef6f0: Addr 0xffffb9801485f700 [8 bytes, read, PoolUseAfterFree] [ 52.5599392] cpu1: Begin traceback... [ 52.5599392] vpanic() at netbsd:vpanic+0x22e [ 52.5599392] snprintf() at netbsd:snprintf [ 52.5599392] kasan_report() at netbsd:kasan_report+0x9c [ 52.5599392] __asan_load8() at netbsd:__asan_load8+0x294 [ 52.5599392] rw_dump() at netbsd:rw_dump+0x20 [ 52.5599392] lockdebug_dump() at netbsd:lockdebug_dump+0x205 [ 52.5599392] lockdebug_show_one() at netbsd:lockdebug_show_one+0xb7 [ 52.5599392] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x26a [ 52.5599392] db_command() at netbsd:db_command+0x2ad [ 52.5599392] db_command_loop() at netbsd:db_command_loop+0x26c [ 52.5599392] db_trap() at netbsd:db_trap+0x206 [ 52.5599392] kdb_trap() at netbsd:kdb_trap+0x1ce [ 52.5599392] trap() at netbsd:trap+0x579 [ 52.5599392] --- trap (number 1) --- [ 52.5599392] breakpoint() at netbsd:breakpoint+0x5 [ 52.5599392] db_panic() at netbsd:db_panic+0xe9 [ 52.5599392] vpanic() at netbsd:vpanic+0x22e [ 52.5599392] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 52.5599392] pmap_activate() at netbsd:pmap_activate+0x173 [ 52.5599392] mi_switch() at netbsd:mi_switch+0x673 [ 52.5599392] kpreempt() at netbsd:kpreempt+0x1fc [ 52.5599392] syscall() at netbsd:syscall+0x8fa [ 52.5599392] --- syscall (number 0) --- [ 52.5599392] netbsd:syscall+0x8fa: [ 52.5599392] cpu1: End traceback... [ 52.5599392] fatal breakpoint trap in supervisor mode [ 52.5599392] trap type 1 code 0 rip 0xffffffff8022094d cs 0x8 rflags 0x282 cr2 0x761fa7606ca0 ilevel 0x8 rsp 0xffffb981805df120 [ 52.5599392] curlwp 0xffffb98012c0da40 pid 2253.2253 lowest kstack 0xffffb981805d82c0 Stopped in pid 2253.2253 (syz-executor0827) at netbsd:breakpoint+0x5: leave