[ 259.3654628] panic: kernel diagnostic assertion "entry->next != &map->header && entry->next->start <= entry->end" failed: file "/syzkaller/managers/netbsd/kernel/sys/uvm/uvm_fault.c", line 2692 [ 259.3854036] cpu0: Begin traceback... [ 259.4854107] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 259.6154022] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 259.7454041] uvm_fault_unwire_locked() at netbsd:uvm_fault_unwire_locked+0x20f sys/uvm/uvm_fault.c:2694 [ 259.9054059] uvm_fault_unwire() at netbsd:uvm_fault_unwire+0x32 sys/uvm/uvm_fault.c:2650 [ 260.2054082] genfs_directio() at netbsd:genfs_directio+0xa0c genfs_do_directio sys/miscfs/genfs/genfs_io.c:1950 [inline] [ 260.2054082] genfs_directio() at netbsd:genfs_directio+0xa0c sys/miscfs/genfs/genfs_io.c:1815 [ 260.3354049] ffs_write() at netbsd:ffs_write+0x8ba sys/ufs/ufs/ufs_readwrite.c:354 [ 260.4554087] VOP_WRITE() at netbsd:VOP_WRITE+0x118 sys/kern/vnode_if.c:540 [ 260.5854117] vn_write() at netbsd:vn_write+0x25d sys/kern/vfs_vnops.c:612 [ 260.7154051] do_filewritev() at netbsd:do_filewritev+0x4b3 sys/kern/sys_generic.c:472 [ 260.8354084] sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] [ 260.8354084] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 [ 260.9654074] syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] [ 260.9654074] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 260.9654074] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 [ 260.9954168] --- syscall (number 198) --- [ 261.0254072] netbsd:syscall+0x259: [ 261.0362731] cpu0: End traceback... [ 261.0362731] fatal breakpoint trap in supervisor mode [ 261.0362731] trap type 1 code 0 rip 0xffffffff80220a1d cs 0x8 rflags 0x282 cr2 0x77f01e0b9018 ilevel 0 rsp 0xffffcf018a2c7680 [ 261.0565569] curlwp 0xffffcf0012d0b080 pid 4577.4281 lowest kstack 0xffffcf018a2c02c0 Stopped in pid 4577.4281 (syz-executor.0) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure uvm_fault_unwire_locked() at netbsd:uvm_fault_unwire_locked+0x20f sys/uvm/uvm_fault.c:2694 uvm_fault_unwire() at netbsd:uvm_fault_unwire+0x32 sys/uvm/uvm_fault.c:2650 genfs_directio() at netbsd:genfs_directio+0xa0c genfs_do_directio sys/miscfs/genfs/genfs_io.c:1950 [inline] genfs_directio() at netbsd:genfs_directio+0xa0c sys/miscfs/genfs/genfs_io.c:1815 ffs_write() at netbsd:ffs_write+0x8ba sys/ufs/ufs/ufs_readwrite.c:354 VOP_WRITE() at netbsd:VOP_WRITE+0x118 sys/kern/vnode_if.c:540 vn_write() at netbsd:vn_write+0x25d sys/kern/vfs_vnops.c:612 do_filewritev() at netbsd:do_filewritev+0x4b3 sys/kern/sys_generic.c:472 sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 --- syscall (number 198) --- netbsd:syscall+0x259: Panic string: kernel diagnostic assertion "entry->next != &map->header && entry->next->start <= entry->end" failed: file "/syzkaller/managers/netbsd/kernel/sys/uvm/uvm_fault.c", line 2692 PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 4558 4558 2 0 0 ffffcf00143e1ac0 syz-executor.1 4455 4455 2 0 0 ffffcf0012dc9bc0 syz-executor.3 4551 4551 2 0 0 ffffcf0012b7b080 syz-executor.2 4285 3492 2 0 0 ffffcf0012d5c640 syz-executor.5 4285 4581 2 0 0 ffffcf0012c60600 syz-executor.5 4285 4285 2 1 10000000 ffffcf0012d160c0 syz-executor.5 4411 4520 5 1 100000 ffffcf0014465b80 syz-executor.4 4411 4553 5 1 100000 ffffcf00144fa8c0 syz-executor.4 4411 4309 5 1 100000 ffffcf0014465740 syz-executor.4 4411 4411 3 1 10000040 ffffcf00137af980 syz-executor.4 xclocv 4577 >4281 7 0 100000 ffffcf0012d0b080 syz-executor.0 4577 4313 2 0 100000 ffffcf0012cc62c0 syz-executor.0 4577 4577 2 1 10000040 ffffcf00142f3a80 syz-executor.0 3249 3249 3 0 80 ffffcf0012d40a00 syz-executor.4 parked 4272 4272 3 0 80 ffffcf0012cd7300 syz-executor.4 parked 3686 3686 3 0 80 ffffcf0012d0b4c0 syz-executor.2 parked 3127 3127 3 1 80 ffffcf00137800c0 syz-executor.1 parked 3199 3199 3 0 80 ffffcf0013904980 syz-executor.1 parked 2991 2991 3 1 80 ffffcf0014415700 syz-executor.1 parked 3245 3245 3 0 80 ffffcf00138451c0 syz-executor.1 parked 2125 2125 2 1 40 ffffcf0012c87240 syz-executor.4 1220 1220 2 1 40 ffffcf00142f3640 syz-executor.5 1066 1066 2 1 40 ffffcf00142a4a40 syz-executor.3 1104 1104 2 0 40 ffffcf00142a4600 syz-executor.2 1218 1218 2 1 40 ffffcf00142a41c0 syz-executor.1 419 419 2 0 40 ffffcf00142765c0 syz-executor.0 1080 1219 3 0 80 ffffcf0014276a00 syz-fuzzer parked 1080 1190 2 0 0 ffffcf0014276180 syz-fuzzer 1080 1052 3 1 80 ffffcf0012c601c0 syz-fuzzer parked 1080 1099 2 0 0 ffffcf00138e5480 syz-fuzzer 1080 1078 3 0 80 ffffcf00138e5040 syz-fuzzer parked 1080 1107 3 1 c0 ffffcf0012b7b900 syz-fuzzer parked 1080 1252 3 1 c0 ffffcf0012b7b4c0 syz-fuzzer parked 1080 1086 3 1 c0 ffffcf0012ab1b80 syz-fuzzer parked 1080 1070 2 1 40 ffffcf0012be0940 syz-fuzzer 1080 1080 3 0 80 ffffcf0012c4b180 syz-fuzzer parked 1077 1077 3 1 80 ffffcf0012c4b5c0 sshd select 1110 1110 3 1 80 ffffcf0012cd7740 getty nanoslp 858 858 3 1 80 ffffcf00138da780 getty nanoslp 1105 1105 3 1 80 ffffcf00138fc940 getty nanoslp 939 939 3 1 c0 ffffcf0012a772c0 getty ttyraw 956 956 3 1 80 ffffcf00138cf300 sshd select 1122 1122 3 0 80 ffffcf00137fe9c0 powerd kqueue 716 716 3 1 80 ffffcf00138dabc0 syslogd kqueue 596 596 3 1 80 ffffcf0012cf0780 dhcpcd poll 599 599 3 1 80 ffffcf0012d27980 dhcpcd poll 736 736 3 0 80 ffffcf0012cfc8c0 dhcpcd poll 584 584 3 0 80 ffffcf0012cf0340 dhcpcd poll 350 350 3 1 80 ffffcf0012e024c0 dhcpcd poll 349 349 3 1 80 ffffcf0012e02080 dhcpcd poll 348 348 3 0 80 ffffcf0012de58c0 dhcpcd poll 1 1 3 0 80 ffffcf00128c3980 init wait 0 960 3 0 200 ffffcf00129e6a80 physiod physiod 0 162 3 0 200 ffffcf00129fcac0 pooldrain pooldrain 0 167 2 1 240 ffffcf00129fc680 ioflush 0 165 3 1 200 ffffcf00129fc240 pgdaemon pgdaemon 0 160 3 1 200 ffffcf00129e6200 usb7 usbevt 0 31 3 1 200 ffffcf001299ca40 usb6 usbevt 0 63 3 0 200 ffffcf001299c600 usb5 usbevt 0 126 3 0 200 ffffcf001299c1c0 usb4 usbevt 0 125 3 0 200 ffffcf0012948a00 usb3 usbevt 0 124 3 0 200 ffffcf00129485c0 usb2 usbevt 0 123 3 1 200 ffffcf0012948180 usb1 usbevt 0 122 3 1 200 ffffcf00128d79c0 usb0 usbevt 0 121 3 1 200 ffffcf00128d7580 usbtask-dr usbtsk 0 120 3 0 200 ffffcf000fe34ac0 usbtask-hc usbtsk 0 119 3 1 200 ffffcf00128d7140 npfgc0 npfgcw 0 118 3 1 200 ffffcf00128c3540 rt_free rt_free 0 117 3 0 200 ffffcf00128c3100 unpgc unpgc 0 116 3 1 200 ffffcf00127f8940 key_timehandler key_timehandler 0 115 3 1 200 ffffcf00127f8500 icmp6_wqinput/1 icmp6_wqinput 0 114 3 0 200 ffffcf00127f80c0 icmp6_wqinput/0 icmp6_wqinput 0 113 3 1 200 ffffcf00127ed900 nd6_timer nd6_timer 0 112 3 1 200 ffffcf00127ed4c0 carp6_wqinput/1 carp6_wqinput 0 111 3 0 200 ffffcf00127ed080 carp6_wqinput/0 carp6_wqinput 0 110 3 1 200 ffffcf00127d98c0 carp_wqinput/1 carp_wqinput 0 109 3 0 200 ffffcf00127d9480 carp_wqinput/0 carp_wqinput 0 108 3 1 200 ffffcf00127d9040 icmp_wqinput/1 icmp_wqinput 0 107 3 0 200 ffffcf00127c8bc0 icmp_wqinput/0 icmp_wqinput 0 106 3 1 200 ffffcf00127c8780 rt_timer rt_timer 0 105 3 1 200 ffffcf00127c8340 vmem_rehash vmem_rehash 0 104 3 1 200 ffffcf00127c5740 entbutler entropy 0 30 3 1 200 ffffcf001213a6c0 vioif0_txrx/1 vioif0_txrx 0 29 3 0 200 ffffcf001213a280 vioif0_txrx/0 vioif0_txrx 0 27 3 0 200 ffffcf000fe34680 scsibus0 sccomp 0 26 3 0 200 ffffcf000fe34240 pms0 pmsreset 0 25 3 1 200 ffffcf000fd89a80 xcall/1 xcall 0 24 1 1 200 ffffcf000fd89640 softser/1 0 23 1 1 200 ffffcf000fd89200 softclk/1 0 22 1 1 200 ffffcf000fd87a40 softbio/1 0 21 1 1 200 ffffcf000fd87600 softnet/1 0 20 1 1 201 ffffcf000fd871c0 idle/1 0 19 3 0 200 ffffcf000e7f8a00 lnxpwrwq lnxpwrwq 0 18 3 0 200 ffffcf000e7f85c0 lnxlngwq lnxlngwq 0 17 3 0 200 ffffcf000e7f8180 lnxsyswq lnxsyswq 0 16 3 0 200 ffffcf000e7f09c0 lnxrcugc lnxrcugc 0 15 3 0 200 ffffcf000e7f0580 sysmon smtaskq 0 14 3 0 200 ffffcf000e7f0140 pmfsuspend pmfsuspend 0 13 3 0 200 ffffcf000e7ec980 pmfevent pmfevent 0 12 3 0 200 ffffcf000e7ec540 sopendfree sopendfr 0 11 3 1 200 ffffcf000e7ec100 iflnkst iflnkst 0 10 3 0 200 ffffcf000e7e0940 nfssilly nfssilly 0 9 3 0 200 ffffcf000e7e0500 vdrain vdrain 0 8 3 0 200 ffffcf000e7e00c0 modunload mod_unld 0 7 2 0 200 ffffcf000e7d3900 xcall/0 0 6 1 0 200 ffffcf000e7d34c0 softser/0 0 5 1 0 200 ffffcf000e7d3080 softclk/0 0 4 1 0 200 ffffcf000e7d18c0 softbio/0 0 3 1 0 200 ffffcf000e7d1480 softnet/0 0 2 1 0 201 ffffcf000e7d1040 idle/0 0 > 0 7 1 240 ffffffff82eecd40 swapper [Locks tracked through LWPs] ****** LWP 4285.4285 (syz-executor.5) @ 0xffffcf0012d160c0, l_stat=2 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at pmap_ctor) lock address : 0xffffcf0012d7c980 type : sleep/adaptive initialized : 0xffffffff808d2c24 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 1 relevant lwp : 0xffffcf0012d160c0 last held: 000000000000000000 last locked : 0xffffffff808d48b2 unlocked*: 0xffffffff808d51b8 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 4411.4520 (syz-executor.4) @ 0xffffcf0014465b80, l_stat=5 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffcf001444a9c0 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 1 exclusive: 2 relevant cpu : 1 last held: 1 relevant lwp : 0xffffcf0014465b80 last held: 0xffffcf0014465740 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. ****** LWP 4411.4553 (syz-executor.4) @ 0xffffcf00144fa8c0, l_stat=5 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffcf001444a9c0 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 1 exclusive: 2 relevant cpu : 1 last held: 1 relevant lwp : 0xffffcf00144fa8c0 last held: 0xffffcf0014465740 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. ****** LWP 4411.4309 (syz-executor.4) @ 0xffffcf0014465740, l_stat=5 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffcf001444a9c0 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 1 exclusive: 2 relevant cpu : 1 last held: 1 relevant lwp : 0xffffcf0014465740 last held: 0xffffcf0014465740 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at vcache_alloc) lock address : 0xffffcf0014505a00 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffcf0014465740 last held: 0xffffcf0014465740 last locked* : 0xffffffff81a85140 unlocked : 000000000000000000 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 4577.4281 (syz-executor.0) @ 0xffffcf0012d0b080, l_stat=7 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffcf001443c700 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 1 relevant lwp : 0xffffcf0012d0b080 last held: 0xffffcf0012d0b080 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 owner/count : 0xffffcf0012d0b080 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at amap_ctor) lock address : 0xffffcf00143f2a00 type : sleep/adaptive initialized : 0xffffffff81824aab shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffcf0012d0b080 last held: 0xffffcf0012d0b080 last locked* : 0xffffffff818495e1 unlocked : 0xffffffff8182a030 owner/count : 0xffffcf0012d0b080 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 1066.1066 (syz-executor.3) @ 0xffffcf00142a4a40, l_stat=2 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffcf00142c4740 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffcf00142a4a40 last held: 0xffffcf00142a4a40 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at vcache_alloc) lock address : 0xffffcf001444a4c0 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffcf00142a4a40 last held: 0xffffcf00142a4a40 last locked* : 0xffffffff81a85140 unlocked : 000000000000000000 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 1218.1218 (syz-executor.1) @ 0xffffcf00142a41c0, l_stat=2 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffcf001429ccc0 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffcf00142a41c0 last held: 0xffffcf00142a41c0 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at vcache_alloc) lock address : 0xffffcf001444a740 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffcf00142a41c0 last held: 0xffffcf00142a41c0 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 [ 261.0565569] Skipping crash dump on recursive panic [ 261.0565569] panic: ASan: Unauthorized Access In 0xffffffff818fe630: Addr 0xffffcf001444a740 [8 bytes, read, PoolUseAfterFree] [ 261.0565569] cpu0: Begin traceback... [ 261.0565569] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 261.0565569] snprintf() at netbsd:snprintf [ 261.0565569] kasan_report() at netbsd:kasan_report+0x8c kasan_code_name sys/kern/subr_asan.c:163 [inline] [ 261.0565569] kasan_report() at netbsd:kasan_report+0x8c sys/kern/subr_asan.c:195 [ 261.0565569] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:345 [inline] [ 261.0565569] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:359 [inline] [ 261.0565569] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_check sys/kern/subr_asan.c:411 [inline] [ 261.0565569] __asan_load8() at netbsd:__asan_load8+0x27e sys/kern/subr_asan.c:1198 [ 261.0565569] rw_dump() at netbsd:rw_dump+0x20 sys/kern/kern_rwlock.c:186 [ 261.0565569] lockdebug_dump() at netbsd:lockdebug_dump+0x23b sys/kern/subr_lockdebug.c:759 [ 261.0565569] lockdebug_show_one() at netbsd:lockdebug_show_one+0xa7 sys/kern/subr_lockdebug.c:839 [ 261.0565569] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x274 lockdebug_show_all_locks_lwp sys/kern/subr_lockdebug.c:877 [inline] [ 261.0565569] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x274 sys/kern/subr_lockdebug.c:941 [ 261.0565569] db_command() at netbsd:db_command+0x310 sys/ddb/db_command.c:942 [ 261.0565569] db_command_loop() at netbsd:db_command_loop+0x293 db_execute_commandlist sys/ddb/db_command.c:439 [inline] [ 261.0565569] db_command_loop() at netbsd:db_command_loop+0x293 sys/ddb/db_command.c:589 [ 261.0565569] db_trap() at netbsd:db_trap+0x22c sys/ddb/db_trap.c:94 [ 261.0565569] kdb_trap() at netbsd:kdb_trap+0x25c sys/arch/amd64/amd64/db_interface.c:250 [ 261.0565569] trap() at netbsd:trap+0x819 sys/arch/amd64/amd64/trap.c:315 [ 261.0565569] --- trap (number 1) --- [ 261.0565569] breakpoint() at netbsd:breakpoint+0x5 [ 261.0565569] db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:67 [ 261.0565569] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 261.0565569] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 261.0565569] uvm_fault_unwire_locked() at netbsd:uvm_fault_unwire_locked+0x20f sys/uvm/uvm_fault.c:2694 [ 261.0565569] uvm_fault_unwire() at netbsd:uvm_fault_unwire+0x32 sys/uvm/uvm_fault.c:2650 [ 261.0565569] genfs_directio() at netbsd:genfs_directio+0xa0c genfs_do_directio sys/miscfs/genfs/genfs_io.c:1950 [inline] [ 261.0565569] genfs_directio() at netbsd:genfs_directio+0xa0c sys/miscfs/genfs/genfs_io.c:1815 [ 261.0565569] ffs_write() at netbsd:ffs_write+0x8ba sys/ufs/ufs/ufs_readwrite.c:354 [ 261.0565569] VOP_WRITE() at netbsd:VOP_WRITE+0x118 sys/kern/vnode_if.c:540 [ 261.0565569] vn_write() at netbsd:vn_write+0x25d sys/kern/vfs_vnops.c:612 [ 261.0565569] do_filewritev() at netbsd:do_filewritev+0x4b3 sys/kern/sys_generic.c:472 [ 261.0565569] sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] [ 261.0565569] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 [ 261.0565569] syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] [ 261.0565569] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 261.0565569] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 [ 261.0565569] --- syscall (number 198) --- [ 261.0565569] netbsd:syscall+0x259: [ 261.0565569] cpu0: End traceback... [ 261.0565569] fatal breakpoint trap in supervisor mode [ 261.0565569] trap type 1 code 0 rip 0xffffffff80220a1d cs 0x8 rflags 0x282 cr2 0x77f01e0b9018 ilevel 0x8 rsp 0xffffcf018a2c6c50 [ 261.0565569] curlwp 0xffffcf0012d0b080 pid 4577.4281 lowest kstack 0xffffcf018a2c02c0 Stopped in pid 4577.4281 (syz-executor.0) at netbsd:breakpoint+0x5: leave