[ 245.1705527] fatal page fault in supervisor mode [ 245.1705527] trap type 6 code 0 rip 0xffffffff81bb10ab cs 0x8 rflags 0x10283 cr2 0xffff8ffffffffffe ilevel 0 rsp 0xffffab82517a9350 [ 245.1866387] curlwp 0xffffab8012d0a1c0 pid 4529.4919 lowest kstack 0xffffab82517a22c0 kernel: page fault trap, code=0 Stopped in pid 4529.4919 (syz-executor.0) at netbsd:__asan_load8+0x6c: movzbl 0(%rax),%r8d ? __asan_load8() at netbsd:__asan_load8+0x6c kasan_shadow_1byte_isvalid sys/kern/subr_asan.c:311 [inline] __asan_load8() at netbsd:__asan_load8+0x6c kasan_shadow_2byte_isvalid sys/kern/subr_asan.c:324 [inline] __asan_load8() at netbsd:__asan_load8+0x6c kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:344 [inline] __asan_load8() at netbsd:__asan_load8+0x6c kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:364 [inline] __asan_load8() at netbsd:__asan_load8+0x6c kasan_shadow_check sys/kern/subr_asan.c:421 [inline] __asan_load8() at netbsd:__asan_load8+0x6c sys/kern/subr_asan.c:1208 mutex_oncpu() at netbsd:mutex_oncpu+0x9d mutex_oncpu sys/kern/kern_mutex.c:423 [inline] mutex_oncpu() at netbsd:mutex_oncpu+0x9d sys/kern/kern_mutex.c:407 mutex_enter() at netbsd:mutex_enter+0x3bd sys/kern/kern_mutex.c:553 dk_open() at netbsd:dk_open+0x85 sys/dev/dksubr.c:145 cgdopen() at netbsd:cgdopen+0x1c1 cgdopen sys/dev/cgd.c:730 [inline] cgdopen() at netbsd:cgdopen+0x1c1 sys/dev/cgd.c:713 cdev_open() at netbsd:cdev_open+0x2b8 sys/kern/subr_devsw.c:1425 spec_open() at netbsd:spec_open+0x8a6 sys/miscfs/specfs/spec_vnops.c:879 VOP_OPEN() at netbsd:VOP_OPEN+0xf8 sys/kern/vnode_if.c:569 vn_open() at netbsd:vn_open+0x7a8 sys/kern/vfs_vnops.c:331 do_open() at netbsd:do_open+0x235 sys/kern/vfs_syscalls.c:1752 do_sys_openat() at netbsd:do_sys_openat+0x160 sys/kern/vfs_syscalls.c:1835 sys_open() at netbsd:sys_open+0x9a sys/kern/vfs_syscalls.c:1856 sys___syscall() at netbsd:sys___syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0x10e sys/kern/sys_syscall.c:90 syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138 --- syscall (number 5 via SYS_syscall) --- netbsd:syscall+0x25a: Panic string: (null) PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 4769 4769 2 1 0 ffffab80133ec6c0 syz-executor.5 5356 5075 2 0 100100 ffffab8012c592c0 syz-executor.2 5356 5356 3 1 10040000 ffffab8012c98bc0 syz-executor.2 lwpwait 4529 >4919 7 0 0 ffffab8012d0a1c0 syz-executor.0 4529 5299 3 1 180 ffffab80142f3740 syz-executor.0 parked 4529 4529 2 1 10040000 ffffab8012c98340 syz-executor.0 3981 3827 2 0 0 ffffab8012d3e2c0 syz-executor.4 3981 3981 2 0 10040000 ffffab8013ef1bc0 syz-executor.4 4640 4640 2 1 40 ffffab8012ccf0c0 syz-executor.1 3565 3565 3 1 180 ffffab8012bf3a40 syz-executor.4 nanoslp 2724 2724 3 1 180 ffffab8012ceb140 syz-executor.1 parked 2200 2200 3 1 180 ffffab8014230680 syz-executor.5 nanoslp 3241 3241 4 0 1000000 ffffab8012ceb9c0 syz-executor.1 1945 1945 3 0 180 ffffab8012a49340 syz-executor.1 parked 2779 >2779 7 1 40 ffffab8012c0da80 syz-executor.3 3154 2384 3 0 1100000 ffffab8014230240 syz-executor.1 vfork 3154 3154 3 1 11000000 ffffab8012cf55c0 syz-executor.1 lwpwait 2045 2045 3 1 180 ffffab8012d32b00 syz-executor.4 parked 2655 2655 3 1 180 ffffab80126eb040 syz-executor.4 parked 2032 2032 3 1 180 ffffab8012c59b40 syz-executor.4 parked 1832 1832 3 1 180 ffffab8012b93140 syz-executor.2 nanoslp 3040 3040 3 1 180 ffffab80141fb200 syz-executor.4 parked 3071 3071 3 0 180 ffffab801345b8c0 syz-executor.4 parked 2252 2252 3 1 180 ffffab8013cf4600 syz-executor.4 parked 1784 1784 3 0 180 ffffab8013f5f580 syz-executor.4 parked 1775 1775 3 1 180 ffffab8012cdd980 syz-executor.1 parked 1763 1763 3 0 180 ffffab8013f5f9c0 syz-executor.4 parked 3286 3286 3 1 180 ffffab8012cae040 syz-executor.4 parked 1885 1885 3 1 180 ffffab8012bc8a00 syz-executor.0 nanoslp 412 412 3 0 180 ffffab8013363100 syz-executor.5 parked 411 411 3 0 180 ffffab80133829c0 syz-executor.3 parked 410 410 3 0 180 ffffab80133a35c0 syz-executor.3 parked 1342 1342 3 0 180 ffffab8012bf3600 syz-executor.3 parked 1080 3829 3 1 180 ffffab8012dbc080 syz-fuzzer parked 1080 5198 3 1 1c0 ffffab8012acf0c0 syz-fuzzer parked 1080 5069 3 0 180 ffffab8013f2e080 syz-fuzzer parked 1080 1206 2 1 100 ffffab8013ea3700 syz-fuzzer 1080 801 3 0 1c0 ffffab8013e22b00 syz-fuzzer parked 1080 1245 2 1 100 ffffab8013e22280 syz-fuzzer 1080 991 3 1 1c0 ffffab8013dee240 syz-fuzzer wait 1080 449 3 1 180 ffffab8013dc0a80 syz-fuzzer wait 1080 1244 3 1 1c0 ffffab8012acf500 syz-fuzzer wait 1080 930 3 0 180 ffffab8013cf41c0 syz-fuzzer wait 1080 829 3 1 180 ffffab8013432b40 syz-fuzzer parked 1080 942 3 0 1c0 ffffab8013432700 syz-fuzzer wait 1080 1097 3 1 180 ffffab80134322c0 syz-fuzzer wait 1080 1233 3 1 180 ffffab80133c8a80 syz-fuzzer parked 1080 1231 3 1 180 ffffab80133d4ac0 syz-fuzzer nanoslp 1080 1080 3 1 180 ffffab80133a3a00 syz-fuzzer parked 1237 1237 3 0 180 ffffab8012acf940 sshd select 1224 1224 3 0 180 ffffab80126eabc0 getty nanoslp 1222 1222 3 0 180 ffffab80126ea340 getty nanoslp 1111 1111 3 0 180 ffffab80134b4180 getty nanoslp 1184 1184 3 1 1c0 ffffab80129a1280 getty ttyraw 1095 1095 3 0 180 ffffab80133c8640 sshd select 1088 1088 3 1 180 ffffab8012d90040 powerd kqueue 700 700 3 1 180 ffffab8013452bc0 syslogd kqueue 746 746 3 1 180 ffffab8012c23ac0 dhcpcd poll 747 747 3 0 180 ffffab8012ccf500 dhcpcd poll 742 742 3 1 180 ffffab8012c356c0 dhcpcd poll 602 602 3 1 180 ffffab8012c98780 dhcpcd poll 487 487 3 0 180 ffffab8012dd60c0 dhcpcd poll 292 292 3 0 180 ffffab8012dbc900 dhcpcd poll 485 485 3 0 180 ffffab8012dbc4c0 dhcpcd poll 1 1 3 0 180 ffffab8012877180 init wait 0 4203 3 1 600 ffffab8012c23240 cgd/1 cgd 0 3884 3 0 600 ffffab80142f3b80 cgd/0 cgd 0 4921 3 1 380 ffffab8013ea3b40 ktrace pipe_wr 0 1826 3 1 200 ffffab80134b4a00 ktrace ktrwait 0 2107 3 0 200 ffffab8013363540 acctwatch actwat 0 815 3 0 200 ffffab80129a16c0 physiod physiod 0 196 3 0 200 ffffab80129a3700 pooldrain pooldrain 0 195 3 0 200 ffffab80129a32c0 ioflush syncer 0 194 3 1 200 ffffab80129a1b00 pgdaemon pgdaemon 0 171 3 0 200 ffffab8012961ac0 usb7 usbevt 0 172 3 1 200 ffffab8012961680 usb6 usbevt 0 170 3 1 200 ffffab8012961240 usb5 usbevt 0 168 3 0 200 ffffab8012915a80 usb4 usbevt 0 166 3 0 200 ffffab8012915640 usb3 usbevt 0 165 3 1 200 ffffab8012915200 usb2 usbevt 0 31 3 0 200 ffffab80128d9a40 usb1 usbevt 0 63 3 0 200 ffffab80128d9600 usb0 usbevt 0 126 3 1 200 ffffab80128d91c0 usbtask-dr usbtsk 0 125 3 1 200 ffffab8012877a00 usbtask-hc usbtsk 0 124 3 0 200 ffffab8010d76b00 swwreboot swwreboot 0 123 3 0 200 ffffab80128775c0 npfgc0 npfgcw 0 122 3 0 200 ffffab801286a9c0 rt_free rt_free 0 121 3 0 200 ffffab801286a580 unpgc unpgc 0 120 3 0 200 ffffab801286a140 key_timehandler key_timehandler 0 119 3 1 200 ffffab801271b980 icmp6_wqinput/1 icmp6_wqinput 0 118 3 0 200 ffffab801271b540 icmp6_wqinput/0 icmp6_wqinput 0 117 3 0 200 ffffab801271b100 nd6_timer nd6_timer 0 116 3 1 200 ffffab8012713940 carp6_wqinput/1 carp6_wqinput 0 115 3 0 200 ffffab8012713500 carp6_wqinput/0 carp6_wqinput 0 114 3 1 200 ffffab80127130c0 carp_wqinput/1 carp_wqinput 0 113 3 0 200 ffffab8012703900 carp_wqinput/0 carp_wqinput 0 112 3 1 200 ffffab80127034c0 icmp_wqinput/1 icmp_wqinput 0 111 3 0 200 ffffab8012703080 icmp_wqinput/0 icmp_wqinput 0 110 3 0 200 ffffab80126eb8c0 rt_timer rt_timer 0 109 3 0 200 ffffab80126e7b80 vmem_rehash vmem_rehash 0 100 3 0 200 ffffab80126e7300 entbutler entropy 0 99 3 1 200 ffffab80120bcb40 viomb balloon 0 98 3 1 200 ffffab80120bc700 vioif0_txrx/1 vioif0_txrx 0 97 3 0 200 ffffab80120bc2c0 vioif0_txrx/0 vioif0_txrx 0 30 3 0 200 ffffab8010d766c0 scsibus0 sccomp 0 29 3 0 200 ffffab8010d76280 pms0 pmsreset 0 28 3 1 200 ffffab8010cbcac0 xcall/1 xcall 0 27 1 1 200 ffffab8010cbc680 softser/1 0 26 1 1 200 ffffab8010cbc240 softclk/1 0 25 1 1 200 ffffab8010cb9a80 softbio/1 0 24 1 1 200 ffffab8010cb9640 softnet/1 0 23 1 1 201 ffffab8010cb9200 idle/1 0 22 3 0 200 ffffab800fb56a40 lnxsyswq lnxsyswq 0 21 3 1 200 ffffab800fb56600 lnxubdwq lnxubdwq 0 20 3 1 200 ffffab800fb561c0 lnxpwrwq lnxpwrwq 0 19 3 1 200 ffffab800fb55a00 lnxlngwq lnxlngwq 0 18 3 1 200 ffffab800fb555c0 lnxhipwq lnxhipwq 0 17 3 0 200 ffffab800fb55180 lnxrcugc lnxrcugc 0 16 3 0 200 ffffab800fb4e9c0 sysmon smtaskq 0 15 3 0 200 ffffab800fb4e580 pmfsuspend pmfsuspend 0 14 3 0 200 ffffab800fb4e140 pmfevent pmfevent 0 13 3 0 200 ffffab800fb49980 sopendfree sopendfr 0 12 3 0 200 ffffab800fb49540 ifwdog ifwdog 0 11 3 0 200 ffffab800fb49100 iflnkst iflnkst 0 10 3 0 200 ffffab800fb3c940 nfssilly nfssilly 0 9 3 0 200 ffffab800fb3c500 vdrain vdrain 0 8 3 0 200 ffffab800fb3c0c0 modunload mod_unld 0 7 3 0 200 ffffab800fb33900 xcall/0 xcall 0 6 1 0 200 ffffab800fb334c0 softser/0 0 5 1 0 200 ffffab800fb33080 softclk/0 0 4 1 0 200 ffffab800fb318c0 softbio/0 0 3 1 0 200 ffffab800fb31480 softnet/0 0 2 1 0 201 ffffab800fb31040 idle/0 0 0 3 0 200 ffffffff83348ec0 swapper uvm [Locks tracked through LWPs] ****** LWP 4769.4769 (syz-executor.5) @ 0xffffab80133ec6c0, l_stat=2 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:pmap_ctor+0x93 sys/arch/x86/x86/pmap.c:2860) lock address : ffffab8012c21180 type : sleep/adaptive initialized : netbsd:pmap_ctor+0x93 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 1 relevant lwp : 0xffffab80133ec6c0 last held: 000000000000000000 last locked : netbsd:pmap_extract+0xde unlocked* : netbsd:pmap_extract+0x345 owner field : 0xffffab80133ec6c0 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 4529.4919 (syz-executor.0) @ 0xffffab8012d0a1c0, l_stat=7 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:disk_init+0x3e sys/kern/subr_disk.c:169) lock address : 0 type : sleep/adaptive initialized : netbsd:disk_init+0x3e shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 0 relevant lwp : 0xffffab8012d0a1c0 last held: 000000000000000000 last locked : netbsd:dk_close+0x77 unlocked* : netbsd:dk_close+0x157 [ 245.1973087] uvm_fault(0xffffab8012c27050, 0x0, 1) -> e [ 245.1973087] fatal page fault in supervisor mode [ 245.1973087] trap type 6 code 0 rip 0xffffffff81b3da40 cs 0x8 rflags 0x10286 cr2 0 ilevel 0x8 rsp 0xffffab82517a8630 [ 245.1973087] curlwp 0xffffab8012d0a1c0 pid 4529.4919 lowest kstack 0xffffab82517a22c0 kernel: page fault trap, code=0 Faulted in DDB; continuing...