Mon Feb 24 23:44:14 UTC 2020 NetBSD/amd64 (ci2-netbsd-6.c.syzkaller.internal) (console) login: Feb 24 23:44:17 ci2-netbsd-6 getty[556]: /dev/ttyE1: Device not configured Feb 24 23:44:17 ci2-netbsd-6 getty[562]: /dev/ttyE2: Device not configured Feb 24 23:44:17 ci2-netbsd-6 getty[496]: /dev/ttyE3: Device not configured Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. 2020/02/24 23:44:28 fuzzer started 2020/02/24 23:44:28 dialing manager at 10.128.0.105:32985 2020/02/24 23:44:29 syscalls: 215 2020/02/24 23:44:29 code coverage: enabled 2020/02/24 23:44:29 comparison tracing: enabled 2020/02/24 23:44:29 extra coverage: support is not implemented in syzkaller 2020/02/24 23:44:29 setuid sandbox: support is not implemented in syzkaller 2020/02/24 23:44:29 namespace sandbox: support is not implemented in syzkaller 2020/02/24 23:44:29 Android sandbox: support is not implemented in syzkaller 2020/02/24 23:44:29 fault injection: support is not implemented in syzkaller 2020/02/24 23:44:29 leak checking: support is not implemented in syzkaller 2020/02/24 23:44:29 net packet injection: support is not implemented in syzkaller 2020/02/24 23:44:29 net device setup: support is not implemented in syzkaller 2020/02/24 23:44:29 concurrency sanitizer: support is not implemented in syzkaller 2020/02/24 23:44:29 devlink PCI setup: support is not implemented in syzkaller 23:44:33 executing program 0: syz_emit_ethernet(0x4a, &(0x7f0000000300)) 23:44:33 executing program 1: syz_emit_ethernet(0x86, &(0x7f00000000c0)) 23:44:33 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') r1 = socket$inet6(0x1e, 0x3, 0x0) bind$inet6(r1, &(0x7f0000000040)={0x18, 0x3}, 0xc) chmod(&(0x7f0000000140)='./file0\x00', 0x1d0) socket$inet6(0x1e, 0x3, 0x0) chroot(&(0x7f0000000080)='.\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/210, 0xd2}, 0x0) sendmsg$unix(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="28000000ffff00000100000008cd7fdf03000000", @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r2, @ANYRES32=r3], 0x28}, 0x0) 23:44:33 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0}, 0x10) 23:44:33 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fe, 0x0, 0x0) 23:44:33 executing program 4: syz_emit_ethernet(0x7a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb8100000086dd6000000000006c00fec0ffff002000000000000001000000fe8000000000000000000000000000aa"]) 23:44:38 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') r1 = socket$inet6(0x1e, 0x3, 0x0) bind$inet6(r1, &(0x7f0000000040)={0x18, 0x3}, 0xc) chmod(&(0x7f0000000140)='./file0\x00', 0x1d0) socket$inet6(0x1e, 0x3, 0x0) chroot(&(0x7f0000000080)='.\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/210, 0xd2}, 0x0) sendmsg$unix(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="28000000ffff00000100000008cd7fdf03000000", @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r2, @ANYRES32=r3], 0x28}, 0x0) 23:44:38 executing program 5: semget(0x2, 0x0, 0x112) 23:44:38 executing program 4: syz_emit_ethernet(0x66, &(0x7f0000000140)) 23:44:39 executing program 1: syz_emit_ethernet(0x7a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb8100000086dd6000000000fc6c0000000000002000000000000001000000fe8000000000000000000000000000aa"]) 23:44:39 executing program 3: r0 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)="24000000200003041dfffd946f6105000a00000a1f000002141008000800049bb7fd918d", 0x24}], 0x1}, 0x0) 23:44:39 executing program 0: mknod(&(0x7f0000000200)='./bus\x00', 0x8000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x2, 0x0) write(r0, &(0x7f0000000040)='Q', 0x1) 23:44:39 executing program 5: syz_emit_ethernet(0xc0, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd60e9ff0000172b00fe8000000000000000000000000000bbfe8000000000000000000000000000aa2c000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000000017800009c51f2511a8bbafe683cbd97a4a633dfd9"]) 23:44:39 executing program 3: syz_emit_ethernet(0x7a, &(0x7f00000000c0)) 23:44:39 executing program 5: syz_emit_ethernet(0xc0, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd60e9ff0000172f00fe8000000000000000000000000000bbfe8000000000000000000000000000aa2c000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000000017800009c51f2511a8bbafe683cbd97a4a633dfd9"]) 23:44:39 executing program 4: syz_emit_ethernet(0x7e, &(0x7f00000000c0)) 23:44:39 executing program 1: syz_emit_ethernet(0x7a, &(0x7f00000000c0)) 23:44:39 executing program 3: r0 = socket(0x100000000011, 0x2, 0x0) recvmsg(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x10000) 23:44:39 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') r1 = socket$inet6(0x1e, 0x3, 0x0) bind$inet6(r1, &(0x7f0000000040)={0x18, 0x3}, 0xc) chmod(&(0x7f0000000140)='./file0\x00', 0x1d0) socket$inet6(0x1e, 0x3, 0x0) chroot(&(0x7f0000000080)='.\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/210, 0xd2}, 0x0) sendmsg$unix(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="28000000ffff00000100000008cd7fdf03000000", @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r2, @ANYRES32=r3], 0x28}, 0x0) 23:44:39 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) lseek(r0, 0x0, 0x9) getdents(r0, &(0x7f0000000100)=""/102400, 0x19000) 23:44:39 executing program 5: syz_emit_ethernet(0xc0, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd60e9ff0000172c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa89ffffff", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000000017800009c51f2511a8bbafe683cbd97a4a633dfd9"]) 23:44:40 executing program 1: r0 = socket$inet6(0xa, 0x400000000001, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000004, 0x0, 0x0) 23:44:40 executing program 4: syz_emit_ethernet(0x6a, &(0x7f00000000c0)) 23:44:40 executing program 0: syz_emit_ethernet(0xc0, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd60e9ff0000172c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa2c000500", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000000017800009c51f2511a8bbafe683cbd97a4a633dfd9"]) 23:44:40 executing program 5: sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="9000000020001f", 0x7, 0x0, 0x0, 0x0) r0 = socket$inet6(0x10, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 23:44:40 executing program 3: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="1c0000001a009b8a14e5f40700000000", 0xd4) 23:44:40 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') r1 = socket$inet6(0x1e, 0x3, 0x0) bind$inet6(r1, &(0x7f0000000040)={0x18, 0x3}, 0xc) chmod(&(0x7f0000000140)='./file0\x00', 0x1d0) socket$inet6(0x1e, 0x3, 0x0) chroot(&(0x7f0000000080)='.\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/210, 0xd2}, 0x0) sendmsg$unix(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="28000000ffff00000100000008cd7fdf03000000", @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r2, @ANYRES32=r3], 0x28}, 0x0) 23:44:40 executing program 3: r0 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0xffffffffffffff14, &(0x7f0000000080)=[{&(0x7f0000000140)="24000000200003041dfffd946f6105000a00000a1f000002141008000800040012080000140000001a00ffffba16a0aa1c09000000000000", 0x38}], 0x1}, 0x0) 23:44:40 executing program 0: 23:44:40 executing program 1: 23:44:40 executing program 1: 23:44:40 executing program 3: 23:44:40 executing program 0: 23:44:40 executing program 3: 23:44:40 executing program 4: 23:44:40 executing program 5: 23:44:40 executing program 1: 23:44:40 executing program 3: 23:44:41 executing program 5: 23:44:41 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') r1 = socket$inet6(0x1e, 0x3, 0x0) bind$inet6(r1, &(0x7f0000000040)={0x18, 0x3}, 0xc) chmod(&(0x7f0000000140)='./file0\x00', 0x1d0) socket$inet6(0x1e, 0x3, 0x0) chroot(&(0x7f0000000080)='.\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) recvmsg(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/210, 0xd2}, 0x0) 23:44:41 executing program 3: 23:44:41 executing program 1: 23:44:41 executing program 0: 23:44:41 executing program 4: 23:44:41 executing program 5: 23:44:41 executing program 4: 23:44:41 executing program 0: 23:44:41 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0}, 0x1c) 23:44:41 executing program 4: 23:44:41 executing program 5: 23:44:41 executing program 3: 23:44:41 executing program 5: 23:44:41 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') r1 = socket$inet6(0x1e, 0x3, 0x0) bind$inet6(r1, &(0x7f0000000040)={0x18, 0x3}, 0xc) chmod(&(0x7f0000000140)='./file0\x00', 0x1d0) socket$inet6(0x1e, 0x3, 0x0) chroot(&(0x7f0000000080)='.\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)) 23:44:41 executing program 4: 23:44:41 executing program 1: 23:44:41 executing program 0: 23:44:41 executing program 3: 23:44:41 executing program 1: 23:44:41 executing program 4: 23:44:41 executing program 1: 23:44:41 executing program 4: 23:44:42 executing program 0: 23:44:42 executing program 3: 23:44:42 executing program 5: 23:44:42 executing program 1: 23:44:42 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') r1 = socket$inet6(0x1e, 0x3, 0x0) bind$inet6(r1, &(0x7f0000000040)={0x18, 0x3}, 0xc) chmod(&(0x7f0000000140)='./file0\x00', 0x1d0) socket$inet6(0x1e, 0x3, 0x0) chroot(&(0x7f0000000080)='.\x00') 23:44:42 executing program 3: 23:44:42 executing program 5: 23:44:42 executing program 0: 23:44:42 executing program 4: 23:44:42 executing program 3: 23:44:42 executing program 1: 23:44:42 executing program 0: 23:44:42 executing program 4: 23:44:42 executing program 3: 23:44:42 executing program 0: 23:44:42 executing program 1: 23:44:42 executing program 3: 23:44:42 executing program 5: 23:44:42 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') r1 = socket$inet6(0x1e, 0x3, 0x0) bind$inet6(r1, &(0x7f0000000040)={0x18, 0x3}, 0xc) chmod(&(0x7f0000000140)='./file0\x00', 0x1d0) socket$inet6(0x1e, 0x3, 0x0) 23:44:42 executing program 4: 23:44:42 executing program 0: 23:44:42 executing program 1: 23:44:43 executing program 0: 23:44:43 executing program 4: 23:44:43 executing program 5: 23:44:43 executing program 3: 23:44:43 executing program 4: 23:44:43 executing program 0: 23:44:43 executing program 5: 23:44:43 executing program 4: 23:44:43 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') r1 = socket$inet6(0x1e, 0x3, 0x0) bind$inet6(r1, &(0x7f0000000040)={0x18, 0x3}, 0xc) chmod(&(0x7f0000000140)='./file0\x00', 0x1d0) 23:44:43 executing program 0: 23:44:43 executing program 3: 23:44:43 executing program 5: 23:44:43 executing program 1: 23:44:43 executing program 1: 23:44:43 executing program 3: 23:44:43 executing program 4: syz_emit_ethernet(0x2e, &(0x7f0000000040)) 23:44:43 executing program 1: syz_emit_ethernet(0x2e, &(0x7f0000000580)) 23:44:43 executing program 3: r0 = msgget(0x0, 0x344) msgctl$IPC_RMID(r0, 0x0) 23:44:43 executing program 0: syz_emit_ethernet(0x4a, &(0x7f0000000080)) 23:44:43 executing program 4: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') r1 = socket$inet6(0x1e, 0x3, 0x0) bind$inet6(r1, &(0x7f0000000040)={0x18, 0x3}, 0xc) chmod(&(0x7f0000000140)='./file0\x00', 0x1d0) socket$inet6(0x1e, 0x3, 0x0) 23:44:44 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') r1 = socket$inet6(0x1e, 0x3, 0x0) bind$inet6(r1, &(0x7f0000000040)={0x18, 0x3}, 0xc) 23:44:44 executing program 5: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') r1 = socket$inet6(0x1e, 0x3, 0x0) bind$inet6(r1, &(0x7f0000000040)={0x18, 0x3}, 0xc) chmod(&(0x7f0000000140)='./file0\x00', 0x1d0) socket$inet6(0x1e, 0x3, 0x0) chroot(&(0x7f0000000080)='.\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)) 23:44:44 executing program 3: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x1000000) getpeername$inet(r0, &(0x7f0000000100), &(0x7f00000001c0)=0xc) r1 = open(&(0x7f0000000180)='./file0\x00', 0x205, 0x14a) utimensat(r1, &(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000080)={{0x6, 0x677}, {0xa63}}, 0x200) r2 = fcntl$getown(r0, 0x5) fcntl$lock(r1, 0x3e79c7f126c9a186, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, r2}) rmdir(&(0x7f0000000140)='./file1\x00') 23:44:44 executing program 0: r0 = semget$private(0x0, 0x9, 0x0) semop(r0, &(0x7f0000000240)=[{0x0, 0xfffffffffffff7ff}], 0x1) semop(r0, &(0x7f0000000480)=[{0x0, 0x1, 0x1000}], 0x1) semctl$IPC_RMID(r0, 0x0, 0x0) semctl$SETVAL(r0, 0x4, 0x8, &(0x7f0000000080)=0x6634) r1 = open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) fchroot(r1) open$dir(&(0x7f0000000000)='./file0\x00', 0x80, 0x80) 23:44:44 executing program 1: r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x2088611, 0x0) setregid(0xee01, 0x0) r1 = getgid() setgroups(0x2, &(0x7f0000000080)=[r1, 0x0]) setuid(0xee01) open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000000), 0x2cfea}], 0x1000000000000013) mknod(&(0x7f00000000c0)='./file0\x00', 0x80, 0xd48) writev(r0, &(0x7f0000000280), 0xd) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000000), 0x1d}], 0x1) 23:44:44 executing program 4: symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') mkdir(&(0x7f0000000440)='./file1\x00', 0x0) r0 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f0000000080)='=', 0x1) connect(r0, &(0x7f0000000000)=@in={0x2, 0x0}, 0xc) rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000000200)='./file0\x00') 23:44:44 executing program 3: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x1000000) getpeername$inet(r0, &(0x7f0000000100), &(0x7f00000001c0)=0xc) r1 = open(&(0x7f0000000180)='./file0\x00', 0x205, 0x14a) utimensat(r1, &(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000080)={{0x6, 0x677}, {0xa63}}, 0x200) r2 = fcntl$getown(r0, 0x5) fcntl$lock(r1, 0x3e79c7f126c9a186, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, r2}) rmdir(&(0x7f0000000140)='./file1\x00') 23:44:44 executing program 4: symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') mkdir(&(0x7f0000000440)='./file1\x00', 0x0) r0 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f0000000080)='=', 0x1) connect(r0, &(0x7f0000000000)=@in={0x2, 0x0}, 0xc) rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000000200)='./file0\x00') 23:44:45 executing program 1: r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x2088611, 0x0) setregid(0xee01, 0x0) r1 = getgid() setgroups(0x2, &(0x7f0000000080)=[r1, 0x0]) setuid(0xee01) open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000000), 0x2cfea}], 0x1000000000000013) mknod(&(0x7f00000000c0)='./file0\x00', 0x80, 0xd48) writev(r0, &(0x7f0000000280), 0xd) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000000), 0x1d}], 0x1) 23:44:45 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') socket$inet6(0x1e, 0x3, 0x0) 23:44:45 executing program 0: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x1000000) getpeername$inet(r0, &(0x7f0000000100), &(0x7f00000001c0)=0xc) r1 = open(&(0x7f0000000180)='./file0\x00', 0x205, 0x14a) utimensat(r1, &(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000080)={{0x6, 0x677}, {0xa63}}, 0x200) r2 = fcntl$getown(r0, 0x5) fcntl$lock(r1, 0x3e79c7f126c9a186, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, r2}) rmdir(&(0x7f0000000140)='./file1\x00') 23:44:45 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) pwritev(r1, &(0x7f00000013c0)=[{0x0}], 0x1, 0x0) r2 = socket(0x2, 0x2, 0x0) setsockopt$inet_opts(r2, 0x0, 0x1, &(0x7f0000000080)='=', 0x1) r3 = dup2(r2, r0) accept$unix(r3, &(0x7f0000001400)=@file={0x0, ""/4096}, &(0x7f0000000000)=0x1002) pipe2(&(0x7f0000000140), 0x1000000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) paccept(r4, &(0x7f00000000c0)=@in6, &(0x7f0000000100)=0xc, 0x0) 23:44:45 executing program 4: open$dir(&(0x7f0000000000)='./file0\x00', 0x2088611, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fcntl$lock(r0, 0x8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000300010005}) sendmsg$unix(r0, &(0x7f0000000200)={&(0x7f0000000040)=@abs={0x1, 0x0, 0x2}, 0x8, &(0x7f0000000080)=[{&(0x7f0000000100)="ec77df0e4839333a83afb167f1d56d601be406c6723c07cb33f2a2baacc215eff699a333a2f7900eecf904a84a37275bea73f0ef040ebed5b4617e6d6a701f101782e372988a06fa1147af1a6990574fd493016fb02c7adc418c59793db6b128b2da3c50dcc1b0dafccef30a3f2c655acbb74d16456ac8cb24c76cf57ec1be1fc4445a1150aeaf70a1d6800fabde0ee4de61305057d581723f68fa441917ef7eaa7f9c404b996a4dae98746f8c7faff3c99dec21eef9ed4cc68becb2d3fb20c264e070be37a9cd6a23ccd5eecf50421640325870bddf760a918a27166ec53f04863ec84ef5c4a8c8030ff4bd47fcce994710", 0xf2}], 0x1, 0x0, 0x0, 0x2}, 0x0) r1 = accept$inet6(r0, &(0x7f0000000240), &(0x7f0000000280)=0xc) recvfrom(r1, &(0x7f00000002c0)=""/86, 0x56, 0x2, 0x0, 0x0) 23:44:45 executing program 3: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x1000000) getpeername$inet(r0, &(0x7f0000000100), &(0x7f00000001c0)=0xc) r1 = open(&(0x7f0000000180)='./file0\x00', 0x205, 0x14a) utimensat(r1, &(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000080)={{0x6, 0x677}, {0xa63}}, 0x200) r2 = fcntl$getown(r0, 0x5) fcntl$lock(r1, 0x3e79c7f126c9a186, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, r2}) rmdir(&(0x7f0000000140)='./file1\x00') 23:44:45 executing program 4: mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0) open$dir(&(0x7f00000000c0)='./file0\x00', 0x200000, 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x2, 0xa0) 23:44:45 executing program 0: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x1000000) getpeername$inet(r0, &(0x7f0000000100), &(0x7f00000001c0)=0xc) r1 = open(&(0x7f0000000180)='./file0\x00', 0x205, 0x14a) utimensat(r1, &(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000080)={{0x6, 0x677}, {0xa63}}, 0x200) r2 = fcntl$getown(r0, 0x5) fcntl$lock(r1, 0x3e79c7f126c9a186, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, r2}) rmdir(&(0x7f0000000140)='./file1\x00') 23:44:45 executing program 5: setrlimit(0x9, &(0x7f0000000200)) r0 = __clone(0x0, &(0x7f00000004c0)) r1 = __clone(0x0, 0x0) ptrace(0x0, r1, 0x0, 0x2) r2 = __clone(0x0, 0x0) ptrace(0x9, r2, 0x0, 0x0) ptrace(0x8, r2, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0xd5) setpgid(r2, r1) wait4(0xffffffffffffffff, &(0x7f0000000000), 0x1, &(0x7f0000000040)) setpgid(0x0, 0x0) wait4(r0, 0x0, 0x69, 0x0) r3 = __clone(0x0, 0x0) ptrace(0x9, r3, 0x0, 0x0) ptrace(0x8, r3, 0x0, 0x0) r4 = getppid() setpgid(r3, r4) 23:44:45 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') 23:44:46 executing program 0: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x1000000) getpeername$inet(r0, &(0x7f0000000100), &(0x7f00000001c0)=0xc) r1 = open(&(0x7f0000000180)='./file0\x00', 0x205, 0x14a) utimensat(r1, &(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000080)={{0x6, 0x677}, {0xa63}}, 0x200) r2 = fcntl$getown(r0, 0x5) fcntl$lock(r1, 0x3e79c7f126c9a186, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, r2}) rmdir(&(0x7f0000000140)='./file1\x00') 23:44:46 executing program 4: setrlimit(0x9, &(0x7f0000000040)) socket(0x11, 0x0, 0x0) socket(0x0, 0x4, 0x7) 23:44:46 executing program 3: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x1000000) getpeername$inet(r0, &(0x7f0000000100), &(0x7f00000001c0)=0xc) r1 = open(&(0x7f0000000180)='./file0\x00', 0x205, 0x14a) utimensat(r1, &(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000080)={{0x6, 0x677}, {0xa63}}, 0x200) r2 = fcntl$getown(r0, 0x5) fcntl$lock(r1, 0x3e79c7f126c9a186, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, r2}) rmdir(&(0x7f0000000140)='./file1\x00') 23:44:46 executing program 1: r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x2088611, 0x0) setregid(0xee01, 0x0) r1 = getgid() setgroups(0x2, &(0x7f0000000080)=[r1, 0x0]) setuid(0xee01) open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000000), 0x2cfea}], 0x1000000000000013) mknod(&(0x7f00000000c0)='./file0\x00', 0x80, 0xd48) writev(r0, &(0x7f0000000280), 0xd) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000000), 0x1d}], 0x1) 23:44:46 executing program 0: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x1000000) getpeername$inet(r0, &(0x7f0000000100), &(0x7f00000001c0)=0xc) r1 = open(&(0x7f0000000180)='./file0\x00', 0x205, 0x14a) utimensat(r1, &(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000080)={{0x6, 0x677}, {0xa63}}, 0x200) r2 = fcntl$getown(r0, 0x5) fcntl$lock(r1, 0x3e79c7f126c9a186, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, r2}) 23:44:46 executing program 4: mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6000, 0xffffffffffffffff) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 23:44:46 executing program 5: setrlimit(0x9, &(0x7f0000000200)) r0 = __clone(0x0, &(0x7f00000004c0)) r1 = __clone(0x0, 0x0) ptrace(0x0, r1, 0x0, 0x2) r2 = __clone(0x0, 0x0) ptrace(0x9, r2, 0x0, 0x0) ptrace(0x8, r2, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0xd5) setpgid(r2, r1) wait4(0xffffffffffffffff, &(0x7f0000000000), 0x1, &(0x7f0000000040)) setpgid(0x0, 0x0) wait4(r0, 0x0, 0x69, 0x0) r3 = __clone(0x0, 0x0) ptrace(0x9, r3, 0x0, 0x0) ptrace(0x8, r3, 0x0, 0x0) r4 = getppid() setpgid(r3, r4) 23:44:46 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') 23:44:46 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') 23:44:46 executing program 3: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x1000000) getpeername$inet(r0, &(0x7f0000000100), &(0x7f00000001c0)=0xc) r1 = open(&(0x7f0000000180)='./file0\x00', 0x205, 0x14a) utimensat(r1, &(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000080)={{0x6, 0x677}, {0xa63}}, 0x200) r2 = fcntl$getown(r0, 0x5) fcntl$lock(r1, 0x3e79c7f126c9a186, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, r2}) 23:44:46 executing program 5: setrlimit(0x9, &(0x7f0000000200)) r0 = __clone(0x0, &(0x7f00000004c0)) r1 = __clone(0x0, 0x0) ptrace(0x0, r1, 0x0, 0x2) r2 = __clone(0x0, 0x0) ptrace(0x9, r2, 0x0, 0x0) ptrace(0x8, r2, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0xd5) setpgid(r2, r1) wait4(0xffffffffffffffff, &(0x7f0000000000), 0x1, &(0x7f0000000040)) setpgid(0x0, 0x0) wait4(r0, 0x0, 0x69, 0x0) r3 = __clone(0x0, 0x0) ptrace(0x9, r3, 0x0, 0x0) ptrace(0x8, r3, 0x0, 0x0) r4 = getppid() setpgid(r3, r4) 23:44:47 executing program 3: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x1000000) getpeername$inet(r0, &(0x7f0000000100), &(0x7f00000001c0)=0xc) r1 = open(&(0x7f0000000180)='./file0\x00', 0x205, 0x14a) utimensat(r1, &(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000080)={{0x6, 0x677}, {0xa63}}, 0x200) fcntl$lock(r1, 0x3e79c7f126c9a186, &(0x7f0000000000)={0x2}) 23:44:47 executing program 0: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x1000000) getpeername$inet(r0, &(0x7f0000000100), &(0x7f00000001c0)=0xc) r1 = open(&(0x7f0000000180)='./file0\x00', 0x205, 0x14a) utimensat(r1, &(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000080)={{0x6, 0x677}, {0xa63}}, 0x200) fcntl$getown(r0, 0x5) 23:44:47 executing program 4: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='/', r0, &(0x7f0000d06ff8)='./file0\x00') chdir(&(0x7f0000000240)='./file0\x00') 23:44:47 executing program 3: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x1000000) getpeername$inet(r0, &(0x7f0000000100), &(0x7f00000001c0)=0xc) r1 = open(&(0x7f0000000180)='./file0\x00', 0x205, 0x14a) fcntl$lock(r1, 0x3e79c7f126c9a186, &(0x7f0000000000)={0x2}) [ 72.1649081] panic: kernel diagnostic assertion "l->l_stat == LSONPROC" failed: file "/syzkaller/managers/netbsd/kernel/sys/kern/kern_sleepq.c", line 221 [ 72.1749302] cpu1: Begin traceback... [ 72.1749302] vpanic() at netbsd:vpanic+0x241 [ 72.1749302] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 72.1749302] sleepq_enqueue() at netbsd:sleepq_enqueue+0x1c9 [ 72.1749302] turnstile_block() at netbsd:turnstile_block+0x249 [ 72.1749302] mutex_enter() at netbsd:mutex_enter+0x22f [ 72.1749302] pool_put() at netbsd:pool_put+0x86 [ 72.1749302] radix_tree_remove_node() at netbsd:radix_tree_remove_node+0x2a4 [ 72.1749302] exit1() at netbsd:exit1+0x13de [ 72.1749302] sys_exit() at netbsd:sys_exit+0x77 [ 72.1749302] syscall() at netbsd:syscall+0x57e [ 72.1749302] --- syscall (number 1) --- [ 72.1749302] 7a02d4799a6a: [ 72.1749302] cpu1: End traceback... [ 72.1749302] fatal breakpoint trap in supervisor mode [ 72.1749302] trap type 1 code 0 rip 0xffffffff8021e4b5 cs 0x8 rflags 0x246 cr2 0x76d2c1c63000 ilevel 0x8 rsp 0xffffd0818ae847c0 [ 72.1749302] curlwp 0xffffd0801207c540 pid 1086.1 lowest kstack 0xffffd0818ae7d2c0 Stopped in pid 1086.1 (syz-executor.0) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xe9 vpanic() at netbsd:vpanic+0x241 _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure sleepq_enqueue() at netbsd:sleepq_enqueue+0x1c9 turnstile_block() at netbsd:turnstile_block+0x249 mutex_enter() at netbsd:mutex_enter+0x22f pool_put() at netbsd:pool_put+0x86 radix_tree_remove_node() at netbsd:radix_tree_remove_node+0x2a4 exit1() at netbsd:exit1+0x13de sys_exit() at netbsd:sys_exit+0x77 syscall() at netbsd:syscall+0x57e --- syscall (number 1) --- 7a02d4799a6a: ds 47a0 es e11e fs 47a0 gs 47f0 rdi ffffd0800d92d488 rsi ffffd0801207c7f8 rbp ffffd0818ae847c0 rbx ffffd0816d893000 rdx 2 rcx ffffffff80d11b11 db_panic+0xd5 rax 0 r8 4 r9 1ffffffff0554b78 r10 ffffffff82aa5bc3 db_onpanic+0x3 r11 8000000000 r12 ffffd0816d8a4000 r13 ffffffff821a4120 sigprop+0x200 r14 ffffd0818ae84850 r15 ffffd0816d893068 rip ffffffff8021e4b5 breakpoint+0x5 cs 8 rflags 246 rsp ffffd0818ae847c0 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 753 1 2 1 10000000 ffffd0801202f780 syz-executor.3 789 1 2 0 40000 ffffd080120cfa00 syz-executor.5 964 3 3 0 80 ffffd0801204f8c0 syz-executor.1 parked 964 2 3 1 80 ffffd0801210db00 syz-executor.1 parked 964 > 1 7 0 10040000 ffffd080121202c0 syz-executor.1 979 2 4 1 1000000 ffffd08012c95b00 syz-executor.5 1003 2 3 0 80 ffffd0801210d280 syz-executor.5 parked 974 3 4 1 1000000 ffffd080116a1280 syz-executor.5 974 2 4 0 1000080 ffffd0801207c100 syz-executor.5 parked 974 1 4 0 11040000 ffffd080120f2a80 syz-executor.5 45 1 3 0 4 ffffd08013b2f100 syz-executor.4 biowait 440 1 2 0 0 ffffd08013ae5940 syz-executor.5 349 1 3 0 80 ffffd08013ae5500 syz-executor.3 nanoslp 601 1 3 0 80 ffffd08013ae50c0 syz-executor.2 pipe_rd 453 1 3 1 80 ffffd08013ac1900 syz-executor.1 nanoslp 40 1 3 0 80 ffffd08013ac1080 syz-executor.0 nanoslp 538 11 3 1 80 ffffd08013ac14c0 syz-fuzzer parked 538 10 3 0 80 ffffd080116a16c0 syz-fuzzer parked 538 9 3 1 80 ffffd08013a308c0 syz-fuzzer parked 538 8 3 1 80 ffffd08013a30040 syz-fuzzer parked 538 7 3 1 80 ffffd08013a2dbc0 syz-fuzzer parked 538 6 3 0 80 ffffd08013a2d780 syz-fuzzer parked 538 5 3 0 80 ffffd08013a2d340 syz-fuzzer parked 538 4 3 0 80 ffffd08012c7da80 syz-fuzzer parked 538 3 3 0 80 ffffd08012c7d640 syz-fuzzer parked 538 2 3 0 80 ffffd08012c86ac0 syz-fuzzer parked 538 1 3 1 80 ffffd08012b9b280 syz-fuzzer kqueue 535 1 3 0 80 ffffd08011c8c740 sshd select 496 1 3 0 80 ffffd08012c65180 getty nanoslp 562 1 3 0 80 ffffd08012c73600 getty nanoslp 556 1 3 0 80 ffffd08012c731c0 getty nanoslp 423 1 3 0 80 ffffd08012c5c580 getty ttyraw 543 1 3 1 80 ffffd08012b81ac0 cron nanoslp 539 1 3 0 80 ffffd08012bccb80 inetd kqueue 431 1 3 0 80 ffffd080121959c0 sshd select 458 1 3 1 80 ffffd08012131740 powerd kqueue 195 1 3 1 80 ffffd08012b9bb00 syslogd kqueue 278 1 3 0 80 ffffd08012142340 dhcpcd kqueue 220 1 3 0 80 ffffd0801205a080 dhcpcd kqueue 1 1 3 0 80 ffffd08011e37100 init wait 0 29 3 0 204 ffffd08011e37980 physiod physiod 0 48 3 0 204 ffffd08011e849c0 pooldrain pooldrain 0 47 3 0 200 ffffd08011e84580 ioflush syncer 0 46 3 0 200 ffffd08011e84140 pgdaemon pgdaemon 0 44 3 1 200 ffffd08011e37540 npfgc-0 npfgccv 0 43 3 1 204 ffffd08011e2a940 rt_free rt_free 0 42 3 1 204 ffffd08011e2a500 unpgc unpgc 0 41 3 0 204 ffffd08011e2a0c0 key_timehandler key_timehandler 0 40 3 1 204 ffffd08011e20900 icmp6_wqinput/1 icmp6_wqinput 0 39 3 0 204 ffffd08011e204c0 icmp6_wqinput/0 icmp6_wqinput 0 38 3 0 204 ffffd08011e20080 nd6_timer nd6_timer 0 37 3 1 204 ffffd08011e168c0 carp6_wqinput/1 carp6_wqinput 0 36 3 0 204 ffffd08011e16480 carp6_wqinput/0 carp6_wqinput 0 35 3 1 204 ffffd08011e16040 carp_wqinput/1 carp_wqinput 0 34 3 0 204 ffffd08011c9dbc0 carp_wqinput/0 carp_wqinput 0 33 3 1 204 ffffd08011c9d780 icmp_wqinput/1 icmp_wqinput 0 32 3 0 204 ffffd08011c9d340 icmp_wqinput/0 icmp_wqinput 0 31 3 0 204 ffffd08011c8cb80 rt_timer rt_timer 0 30 3 0 204 ffffd08011c8c300 vmem_rehash vmem_rehash 0 28 3 0 204 ffffd0800f35dac0 scsibus0 sccomp 0 27 3 0 200 ffffd0800f35d680 pms0 pmsreset 0 26 3 1 204 ffffd0800f35d240 xcall/1 xcall 0 25 1 1 200 ffffd0800f35ca80 softser/1 0 24 1 1 200 ffffd0800f35c640 softclk/1 0 23 1 1 200 ffffd0800f35c200 softbio/1 0 22 1 1 200 ffffd0800f26da40 softnet/1 0 21 1 1 201 ffffd0800f26d600 idle/1 0 20 3 0 204 ffffd0800f26d1c0 lnxpwrwq lnxpwrwq 0 19 3 0 204 ffffd0800f26ba00 lnxlngwq lnxlngwq 0 18 3 0 204 ffffd0800f26b5c0 lnxsyswq lnxsyswq 0 17 3 0 204 ffffd0800f26b180 lnxrcugc lnxrcugc 0 16 3 0 204 ffffd0800de4f9c0 sysmon smtaskq 0 15 3 0 204 ffffd0800de4f580 pmfsuspend pmfsuspend 0 14 3 0 204 ffffd0800de4f140 pmfevent pmfevent 0 13 3 0 204 ffffd0800de40980 sopendfree sopendfr 0 12 3 1 204 ffffd0800de40540 iflnkst iflnkst 0 11 3 0 204 ffffd0800de40100 nfssilly nfssilly 0 10 3 1 200 ffffd0800de34940 cachegc cachegc 0 9 3 0 204 ffffd0800de34500 vdrain vdrain 0 8 3 1 200 ffffd0800de340c0 modunload mod_unld 0 7 3 0 204 ffffd0800de24900 xcall/0 xcall 0 6 1 0 200 ffffd0800de244c0 softser/0 0 5 1 0 200 ffffd0800de24080 softclk/0 0 4 1 0 200 ffffd0800de218c0 softbio/0 0 3 1 0 200 ffffd0800de21480 softnet/0 0 2 1 0 201 ffffd0800de21040 idle/0 0 1 3 1 200 ffffffff82b6e280 swapper uvm [Locks tracked through LWPs] ****** LWP 753.1 (syz-executor.3) @ 0xffffd0801202f780, l_stat=2 *** Locks held: * Lock 0 (initialized at fork1) lock address : 0xffffd080120cbe50 type : sleep/adaptive initialized : 0xffffffff8115d08b shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffd0801202f780 last held: 0xffffd0801202f780 last locked* : 0xffffffff811596b9 unlocked : 000000000000000000 owner/count : 0xffffd0801202f780 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at uvm_obj_init) lock address : 0xffffd080139d66c0 type : sleep/adaptive initialized : 0xffffffff81103fb7 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffd0801202f780 last held: 0xffffd0801202f780 last locked* : 0xffffffff810f7fb6 unlocked : 0xffffffff812c87b7 owner field : 0xffffd0801202f780 wait/spin: 0/0 Turnstile: no active turnstile for this lock. * Lock 2 (initialized at pmap_ctor) lock address : 0xffffd080120d2f80 type : sleep/adaptive initialized : 0xffffffff80276b39 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffd0801202f780 last held: 0xffffd0801202f780 last locked* : 0xffffffff80277542 unlocked : 0xffffffff802777d7 owner field : 0xffffd0801202f780 wait/spin: 0/0 Turnstile: no active turnstile for this lock. * Lock 3 (initialized at pool_init) lock address : 0xffffd0800d93a0f0 type : sleep/adaptive initialized : 0xffffffff8120b0a9 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 0 relevant lwp : 0xffffd0801202f780 last held: 0xffffd0801202f780 last locked* : 0xffffffff8120d8fc unlocked : 0xffffffff8120d9c3 owner field : 0xffffd0801202f780 wait/spin: 1/0 Turnstile: => 0 waiting readers: => 1 waiting writers: *** Locks wanted: none ****** LWP 964.1 (syz-executor.1) @ 0xffffd080121202c0, l_stat=7 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at uvm_obj_init) lock address : 0xffffd08013afe980 type : sleep/adaptive initialized : 0xffffffff81103fb7 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 0 relevant lwp : 0xffffd080121202c0 last held: 000000000000000000 last locked : 0xffffffff810e7d29 unlocked*: 0xffffffff810e54d2 owner field : 0xffffd080121202c0 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 45.1 (syz-executor.4) @ 0xffffd08013b2f100, l_stat=3 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffd08013a36700 type : sleep/adaptive initialized : 0xffffffff812c7df2 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffd08013b2f100 last held: 0xffffd08013b2f100 last locked* : 0xffffffff812f4c10 unlocked : 0xffffffff812f4acd owner/count : 0xffffd08013b2f100 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at vcache_alloc) lock address : 0xffffd08013cfc440 type : sleep/adaptive initialized : 0xffffffff812c7df2 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffd08013b2f100 last held: 0xffffd08013b2f100 last locked* : 0xffffffff812f4c10 unlocked : 0xffffffff812f4acd [ 72.1749302] Skipping crash dump on recursive panic [ 72.1749302] panic: ASan: Unauthorized Access In 0xffffffff811995f0: Addr 0xffffd08013cfc440 [8 bytes, read, PoolUseAfterFree] [ 72.1749302] cpu1: Begin traceback... [ 72.1749302] vpanic() at netbsd:vpanic+0x241 [ 72.1749302] snprintf() at netbsd:snprintf [ 72.1749302] kasan_report() at netbsd:kasan_report+0x98 [ 72.1749302] __asan_load8() at netbsd:__asan_load8+0x294 [ 72.1749302] rw_dump() at netbsd:rw_dump+0x20 [ 72.1749302] lockdebug_dump() at netbsd:lockdebug_dump+0x28d [ 72.1749302] lockdebug_show_one() at netbsd:lockdebug_show_one+0xca [ 72.1749302] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x303 [ 72.1749302] db_command() at netbsd:db_command+0x2c0 [ 72.1749302] db_command_loop() at netbsd:db_command_loop+0x26c [ 72.1749302] db_trap() at netbsd:db_trap+0x219 [ 72.1749302] kdb_trap() at netbsd:kdb_trap+0x1ce [ 72.1749302] trap() at netbsd:trap+0x66a [ 72.1749302] --- trap (number 1) --- [ 72.1749302] breakpoint() at netbsd:breakpoint+0x5 [ 72.1749302] db_panic() at netbsd:db_panic+0xe9 [ 72.1749302] vpanic() at netbsd:vpanic+0x241 [ 72.1749302] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 72.1749302] sleepq_enqueue() at netbsd:sleepq_enqueue+0x1c9 [ 72.1749302] turnstile_block() at netbsd:turnstile_block+0x249 [ 72.1749302] mutex_enter() at netbsd:mutex_enter+0x22f [ 72.1749302] pool_put() at netbsd:pool_put+0x86 [ 72.1749302] radix_tree_remove_node() at netbsd:radix_tree_remove_node+0x2a4 [ 72.1749302] exit1() at netbsd:exit1+0x13de [ 72.1749302] sys_exit() at netbsd:sys_exit+0x77 [ 72.1749302] syscall() at netbsd:syscall+0x57e [ 72.1749302] --- syscall (number 1) --- [ 72.1749302] 7a02d4799a6a: [ 72.1749302] cpu1: End traceback... [ 72.1749302] fatal breakpoint trap in supervisor mode [ 72.1749302] trap type 1 code 0 rip 0xffffffff8021e4b5 cs 0x8 rflags 0x246 cr2 0x76d2c1c63000 ilevel 0x8 rsp 0xffffd0818ae83d60 [ 72.1749302] curlwp 0xffffd0801207c540 pid 1086.1 lowest kstack 0xffffd0818ae7d2c0 Stopped in pid 1086.1 (syz-executor.0) at netbsd:breakpoint+0x5: leave