[ 86.4935328] panic: LOCKDEBUG: Reader / writer lock error: rw_vector_enter,305: locking against myself [ 86.5035312] cpu1: Begin traceback... [ 86.5235322] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 86.5735330] snprintf() at netbsd:snprintf [ 86.6235333] lockdebug_more() at netbsd:lockdebug_more [ 86.6735340] lockdebug_wantlock() at netbsd:lockdebug_wantlock+0x34f sys/kern/subr_lockdebug.c:482 [ 86.7235337] rw_enter() at netbsd:rw_enter+0x796 sys/kern/kern_rwlock.c:305 [ 86.7735336] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvmfault_lookup sys/uvm/uvm_fault_i.h:128 [inline] [ 86.7735336] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvm_fault_check sys/uvm/uvm_fault.c:987 [inline] [ 86.7735336] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d sys/uvm/uvm_fault.c:897 [ 86.8235332] trap() at netbsd:trap+0xb3a sys/arch/amd64/amd64/trap.c:520 [ 86.8335331] --- trap (number 6) --- [ 86.8735328] _ustore_8() at netbsd:_ustore_8+0x21 [ 86.9235332] sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] [ 86.9235332] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 [ 86.9735336] syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] [ 86.9735336] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 86.9735336] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 [ 86.9935317] --- syscall (number 198) --- [ 87.0035324] netbsd:syscall+0x259: [ 87.0035324] cpu1: End traceback... [ 87.0135313] fatal breakpoint trap in supervisor mode [ 87.0135313] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x286 cr2 0x20000040 ilevel 0 rsp 0xffff9301a9c80430 [ 87.0235313] curlwp 0xffff9300147ce1c0 pid 1203.1510 lowest kstack 0xffff9301a9c792c0 Stopped in pid 1203.1510 (syz-executor.0) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 snprintf() at netbsd:snprintf lockdebug_more() at netbsd:lockdebug_more lockdebug_wantlock() at netbsd:lockdebug_wantlock+0x34f sys/kern/subr_lockdebug.c:482 rw_enter() at netbsd:rw_enter+0x796 sys/kern/kern_rwlock.c:305 uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvmfault_lookup sys/uvm/uvm_fault_i.h:128 [inline] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvm_fault_check sys/uvm/uvm_fault.c:987 [inline] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d sys/uvm/uvm_fault.c:897 trap() at netbsd:trap+0xb3a sys/arch/amd64/amd64/trap.c:520 --- trap (number 6) --- _ustore_8() at netbsd:_ustore_8+0x21 sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 --- syscall (number 198) --- netbsd:syscall+0x259: Panic string: LOCKDEBUG: Reader / writer lock error: rw_vector_enter,305: locking against myself PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 1604 1485 3 0 180 ffff930015472080 syz-executor.2 parked 1604 1507 3 0 180 ffff9300154718c0 syz-executor.2 parked 1604 1486 3 0 180 ffff930015471480 syz-executor.2 parked 1604 1456 3 0 180 ffff930015471040 syz-executor.2 parked 1604 1604 2 1 10040000 ffff930014793980 syz-executor.2 588 1369 3 1 180 ffff930014793540 syz-executor.3 parked 588 1575 3 1 180 ffff930014793100 syz-executor.3 parked 588 588 2 1 10040140 ffff9300147e3200 syz-executor.3 1203 1452 3 1 180 ffff9300147c3a00 syz-executor.0 parked 1203 1481 3 0 180 ffff930013d036c0 syz-executor.0 parked 1203 1381 3 0 180 ffff930013d03280 syz-executor.0 parked 1203 >1510 7 1 0 ffff9300147ce1c0 syz-executor.0 1203 1336 3 0 0 ffff9300147e3a80 syz-executor.0 tstile 1203 1203 2 1 10040000 ffff93001472c0c0 syz-executor.0 1364 1573 3 0 180 ffff9300154760c0 syz-executor.5 parked 1364 1606 3 0 180 ffff930015472900 syz-executor.5 parked 1364 1611 3 0 180 ffff9300154724c0 syz-executor.5 parked 1364 1364 2 0 10040000 ffff9300147c35c0 syz-executor.5 456 1363 2 0 40100 ffff930013d848c0 syz-executor.1 456 456 2 1 10040140 ffff930013c78bc0 syz-executor.1 1242 >1334 7 0 100 ffff930013b07080 syz-executor.4 1242 1242 2 0 10040000 ffff930013cab980 syz-executor.4 1444 1444 3 0 180 ffff930013cea200 syz-executor.2 parked 1105 1105 2 1 140 ffff9300152e5200 syz-executor.4 1093 1093 2 1 140 ffff93001526fa40 syz-executor.5 1073 1073 2 1 140 ffff93001526f600 syz-executor.3 939 939 2 1 140 ffff93001526f1c0 syz-executor.2 422 422 2 1 140 ffff93001514ba00 syz-executor.1 1086 1086 2 1 140 ffff930013aa18c0 syz-executor.0 1071 1083 3 0 180 ffff93001514b5c0 syz-fuzzer kqueue 1071 1076 3 1 180 ffff93001485bb80 syz-fuzzer parked 1071 1074 3 1 180 ffff93001485b740 syz-fuzzer parked 1071 1085 3 0 180 ffff93001485b300 syz-fuzzer parked 1071 1023 3 0 180 ffff930013c4fb40 syz-fuzzer parked 1071 1077 3 1 1c0 ffff930013cf6680 syz-fuzzer parked 1071 1079 3 0 180 ffff9300147cea40 syz-fuzzer parked 1071 1071 3 0 180 ffff930013aa1040 syz-fuzzer parked 1256 1256 3 0 180 ffff9300148426c0 sshd select 1056 1056 3 0 180 ffff9300136e9b40 getty nanoslp 698 698 3 0 180 ffff9300136e92c0 getty nanoslp 1098 1098 3 0 180 ffff9300148bd140 getty nanoslp 953 953 3 0 1c0 ffff930013970640 getty ttyraw 956 956 3 1 180 ffff9300147c3180 sshd select 991 991 3 0 180 ffff930013d45740 powerd kqueue 554 554 3 1 180 ffff9300147f9680 syslogd kqueue 599 599 3 1 180 ffff930013bfc200 dhcpcd poll 598 598 3 0 180 ffff930013c8f080 dhcpcd poll 597 597 3 0 180 ffff930013c2cb00 dhcpcd poll 578 578 3 1 180 ffff930013c60300 dhcpcd poll 350 350 3 0 180 ffff930013d84480 dhcpcd poll 349 349 3 0 180 ffff930013d84040 dhcpcd poll 348 348 3 1 180 ffff930013d60bc0 dhcpcd poll 1 1 3 1 180 ffff93001384d980 init wait 0 1197 5 1 600 ffff930015410300 (zombie) 0 796 3 0 200 ffff930013970a80 physiod physiod 0 192 3 0 200 ffff930013987ac0 pooldrain pooldrain 0 163 3 0 240 ffff930013987680 ioflush tstile 0 168 3 1 200 ffff930013987240 pgdaemon pgdaemon 0 162 3 1 200 ffff930013970200 usb7 usbevt 0 161 3 1 200 ffff930013925a40 usb6 usbevt 0 31 3 1 200 ffff930013925600 usb5 usbevt 0 63 2 1 240 ffff9300139251c0 usb4 0 126 3 1 200 ffff9300138d3a00 usb3 usbevt 0 125 3 0 200 ffff9300138d35c0 usb2 usbevt 0 124 2 1 240 ffff9300138d3180 usb1 0 123 3 1 200 ffff9300138619c0 usb0 usbevt 0 122 3 1 200 ffff930013861580 usbtask-dr usbtsk 0 121 3 0 200 ffff930010dbaac0 usbtask-hc usbtsk 0 120 3 0 200 ffff930013861140 npfgc0 npfgcw 0 119 3 1 200 ffff93001384d540 rt_free rt_free 0 118 3 1 200 ffff93001384d100 unpgc unpgc 0 117 3 0 200 ffff930013845940 key_timehandler key_timehandler 0 116 3 1 200 ffff930013845500 icmp6_wqinput/1 icmp6_wqinput 0 115 3 0 200 ffff9300138450c0 icmp6_wqinput/0 icmp6_wqinput 0 114 3 0 200 ffff930013712900 nd6_timer nd6_timer 0 113 3 1 200 ffff9300137124c0 carp6_wqinput/1 carp6_wqinput 0 112 3 0 200 ffff930013712080 carp6_wqinput/0 carp6_wqinput 0 111 3 1 200 ffff9300136ff8c0 carp_wqinput/1 carp_wqinput 0 110 3 0 200 ffff9300136ff480 carp_wqinput/0 carp_wqinput 0 109 3 1 200 ffff9300136ff040 icmp_wqinput/1 icmp_wqinput 0 108 3 0 200 ffff9300136edbc0 icmp_wqinput/0 icmp_wqinput 0 107 3 0 200 ffff9300136ed780 rt_timer rt_timer 0 106 3 1 200 ffff9300136ecb80 vmem_rehash vmem_rehash 0 105 3 1 200 ffff9300136ec300 entbutler entropy 0 96 3 1 200 ffff9300130c0b00 viomb balloon 0 30 3 1 200 ffff9300130c06c0 vioif0_txrx/1 vioif0_txrx 0 29 3 0 200 ffff9300130c0280 vioif0_txrx/0 vioif0_txrx 0 27 3 0 200 ffff930010dba680 scsibus0 sccomp 0 26 3 0 200 ffff930010dba240 pms0 pmsreset 0 25 3 1 200 ffff930010d0ea80 xcall/1 xcall 0 24 1 1 200 ffff930010d0e640 softser/1 0 23 1 1 200 ffff930010d0e200 softclk/1 0 22 1 1 200 ffff930010d0ca40 softbio/1 0 21 1 1 200 ffff930010d0c600 softnet/1 0 20 1 1 201 ffff930010d0c1c0 idle/1 0 19 3 0 200 ffff93000f77da00 lnxpwrwq lnxpwrwq 0 18 3 0 200 ffff93000f77d5c0 lnxlngwq lnxlngwq 0 17 3 0 200 ffff93000f77d180 lnxsyswq lnxsyswq 0 16 3 0 200 ffff93000f7759c0 lnxrcugc lnxrcugc 0 15 3 0 200 ffff93000f775580 sysmon smtaskq 0 14 3 1 200 ffff93000f775140 pmfsuspend pmfsuspend 0 13 3 0 200 ffff93000f771980 pmfevent pmfevent 0 12 3 0 200 ffff93000f771540 sopendfree sopendfr 0 11 3 0 200 ffff93000f771100 iflnkst iflnkst 0 10 3 0 200 ffff93000f765940 nfssilly nfssilly 0 9 3 0 200 ffff93000f765500 vdrain vdrain 0 8 3 0 200 ffff93000f7650c0 modunload mod_unld 0 7 3 0 200 ffff93000f758900 xcall/0 xcall 0 6 1 0 200 ffff93000f7584c0 softser/0 0 5 1 0 200 ffff93000f758080 softclk/0 0 4 1 0 200 ffff93000f7568c0 softbio/0 0 3 1 0 200 ffff93000f756480 softnet/0 0 2 1 0 201 ffff93000f756040 idle/0 0 0 3 0 200 ffffffff82eee880 swapper uvm [Locks tracked through LWPs] ****** LWP 1604.1456 (syz-executor.2) @ 0xffff930015471040, l_stat=3 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffff930015468c00 type : sleep/adaptive initialized : 0xffffffff81a5a1b0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffff930015471040 last held: 0xffff930015471040 last locked* : 0xffffffff81a8cf80 unlocked : 0xffffffff81a8cfe2 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 1203.1336 (syz-executor.0) @ 0xffff9300147e3a80, l_stat=3 *** Locks held: * Lock 0 (initialized at amap_ctor) lock address : 0xffff930013ae9ec0 type : sleep/adaptive initialized : 0xffffffff8182acdb shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffff9300147e3a80 last held: 0xffff9300147e3a80 last locked* : 0xffffffff818301bd unlocked : 0xffffffff8184f866 [ 87.0335330] Skipping crash dump on recursive panic [ 87.0335330] panic: ASan: Unauthorized Access In 0xffffffff819058c0: Addr 0xffff930013ae9ec0 [8 bytes, read, PoolUseAfterFree] [ 87.0335330] cpu1: Begin traceback... [ 87.0335330] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 87.0335330] snprintf() at netbsd:snprintf [ 87.0335330] kasan_report() at netbsd:kasan_report+0x8c kasan_code_name sys/kern/subr_asan.c:163 [inline] [ 87.0335330] kasan_report() at netbsd:kasan_report+0x8c sys/kern/subr_asan.c:195 [ 87.0335330] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:345 [inline] [ 87.0335330] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:359 [inline] [ 87.0335330] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_check sys/kern/subr_asan.c:411 [inline] [ 87.0335330] __asan_load8() at netbsd:__asan_load8+0x27e sys/kern/subr_asan.c:1198 [ 87.0335330] rw_dump() at netbsd:rw_dump+0x20 sys/kern/kern_rwlock.c:186 [ 87.0335330] lockdebug_dump() at netbsd:lockdebug_dump+0x23b sys/kern/subr_lockdebug.c:759 [ 87.0335330] lockdebug_show_one() at netbsd:lockdebug_show_one+0xa7 sys/kern/subr_lockdebug.c:839 [ 87.0335330] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x274 lockdebug_show_all_locks_lwp sys/kern/subr_lockdebug.c:877 [inline] [ 87.0335330] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x274 sys/kern/subr_lockdebug.c:941 [ 87.0335330] db_command() at netbsd:db_command+0x310 sys/ddb/db_command.c:957 [ 87.0335330] db_command_loop() at netbsd:db_command_loop+0x293 db_execute_commandlist sys/ddb/db_command.c:454 [inline] [ 87.0335330] db_command_loop() at netbsd:db_command_loop+0x293 sys/ddb/db_command.c:604 [ 87.0335330] db_trap() at netbsd:db_trap+0x22c sys/ddb/db_trap.c:94 [ 87.0335330] kdb_trap() at netbsd:kdb_trap+0x25c sys/arch/amd64/amd64/db_interface.c:250 [ 87.0335330] trap() at netbsd:trap+0x819 sys/arch/amd64/amd64/trap.c:315 [ 87.0335330] --- trap (number 1) --- [ 87.0335330] breakpoint() at netbsd:breakpoint+0x5 [ 87.0335330] db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:67 [ 87.0335330] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 87.0335330] snprintf() at netbsd:snprintf [ 87.0335330] lockdebug_more() at netbsd:lockdebug_more [ 87.0335330] lockdebug_wantlock() at netbsd:lockdebug_wantlock+0x34f sys/kern/subr_lockdebug.c:482 [ 87.0335330] rw_enter() at netbsd:rw_enter+0x796 sys/kern/kern_rwlock.c:305 [ 87.0335330] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvmfault_lookup sys/uvm/uvm_fault_i.h:128 [inline] [ 87.0335330] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvm_fault_check sys/uvm/uvm_fault.c:987 [inline] [ 87.0335330] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d sys/uvm/uvm_fault.c:897 [ 87.0335330] trap() at netbsd:trap+0xb3a sys/arch/amd64/amd64/trap.c:520 [ 87.0335330] --- trap (number 6) --- [ 87.0335330] _ustore_8() at netbsd:_ustore_8+0x21 [ 87.0335330] sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] [ 87.0335330] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 [ 87.0335330] syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] [ 87.0335330] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 87.0335330] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 [ 87.0335330] --- syscall (number 198) --- [ 87.0335330] netbsd:syscall+0x259: [ 87.0335330] cpu1: End traceback... [ 87.0335330] fatal breakpoint trap in supervisor mode [ 87.0335330] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x286 cr2 0x20000040 ilevel 0x8 rsp 0xffff9301a9c7fa00 [ 87.0335330] curlwp 0xffff9300147ce1c0 pid 1203.1510 lowest kstack 0xffff9301a9c792c0 Stopped in pid 1203.1510 (syz-executor.0) at netbsd:breakpoint+0x5: leave