[ 154.3644208] panic: kernel diagnostic assertion "requested_size > 0" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/subr_kmem.c", line 370 kmem_intr_free(0xffffc848d62a9880, 0) [ 154.4144011] cpu1: Begin traceback... [ 154.5244062] vpanic() at netbsd:vpanic+0x2f0 sys/kern/subr_prf.c:288 [ 154.8843929] kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074 [ 155.1743922] kmem_intr_free() at netbsd:kmem_intr_free+0x242 sys/kern/subr_kmem.c:377 [ 155.4143984] kern_free() at netbsd:kern_free+0x86 sys/kern/kern_malloc.c:172 [ 155.6743959] netexport_clear() at netbsd:netexport_clear+0x37a setpublicfs sys/nfs/nfs_export.c:748 [inline] [ 155.6743959] netexport_clear() at netbsd:netexport_clear+0x37a sys/nfs/nfs_export.c:673 [ 155.9543875] netexport_unmount() at netbsd:netexport_unmount+0xa5 netexport_remove sys/nfs/nfs_export.c:340 [inline] [ 155.9543875] netexport_unmount() at netbsd:netexport_unmount+0xa5 sys/nfs/nfs_export.c:191 [ 156.2043848] vfs_hooks_unmount() at netbsd:vfs_hooks_unmount+0x66 sys/kern/vfs_hooks.c:137 [ 156.4543831] dounmount() at netbsd:dounmount+0x306 vfs_set_lowermount sys/kern/vfs_mount.c:429 [inline] [ 156.4543831] dounmount() at netbsd:dounmount+0x306 vfs_set_lowermount sys/kern/vfs_mount.c:401 [inline] [ 156.4543831] dounmount() at netbsd:dounmount+0x306 sys/kern/vfs_mount.c:1015 [ 156.7043957] sys_unmount() at netbsd:sys_unmount+0x224 sys/kern/vfs_syscalls.c:701 [ 156.9443818] sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline] [ 156.9443818] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90 [ 157.2043855] syscall() at netbsd:syscall+0x28b sy_call sys/sys/syscallvar.h:65 [inline] [ 157.2043855] syscall() at netbsd:syscall+0x28b sy_invoke sys/sys/syscallvar.h:94 [inline] [ 157.2043855] syscall() at netbsd:syscall+0x28b sys/arch/x86/x86/syscall.c:137 [ 157.2543902] --- syscall (number 22 via SYS_syscall) --- [ 157.3443850] netbsd:syscall+0x28b: [ 157.3543799] cpu1: End traceback... [ 157.3543799] fatal breakpoint trap in supervisor mode [ 157.3743856] trap type 1 code 0 rip 0xffffffff80235475 cs 0x8 rflags 0x246 cr2 0x20000000 ilevel 0 rsp 0xffff9982486b3c20 [ 157.4043840] curlwp 0xffffc848d5041500 pid 660.662 lowest kstack 0xffff9982486af2c0 Stopped in pid 660.662 (syz-executor.1) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:71 vpanic() at netbsd:vpanic+0x2f0 sys/kern/subr_prf.c:288 kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074 kmem_intr_free() at netbsd:kmem_intr_free+0x242 sys/kern/subr_kmem.c:377 kern_free() at netbsd:kern_free+0x86 sys/kern/kern_malloc.c:172 netexport_clear() at netbsd:netexport_clear+0x37a setpublicfs sys/nfs/nfs_export.c:748 [inline] netexport_clear() at netbsd:netexport_clear+0x37a sys/nfs/nfs_export.c:673 netexport_unmount() at netbsd:netexport_unmount+0xa5 netexport_remove sys/nfs/nfs_export.c:340 [inline] netexport_unmount() at netbsd:netexport_unmount+0xa5 sys/nfs/nfs_export.c:191 vfs_hooks_unmount() at netbsd:vfs_hooks_unmount+0x66 sys/kern/vfs_hooks.c:137 dounmount() at netbsd:dounmount+0x306 vfs_set_lowermount sys/kern/vfs_mount.c:429 [inline] dounmount() at netbsd:dounmount+0x306 vfs_set_lowermount sys/kern/vfs_mount.c:401 [inline] dounmount() at netbsd:dounmount+0x306 sys/kern/vfs_mount.c:1015 sys_unmount() at netbsd:sys_unmount+0x224 sys/kern/vfs_syscalls.c:701 sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90 syscall() at netbsd:syscall+0x28b sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x28b sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x28b sys/arch/x86/x86/syscall.c:137 --- syscall (number 22 via SYS_syscall) --- netbsd:syscall+0x28b: Panic string: kernel diagnostic assertion "requested_size > 0" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/subr_kmem.c", line 370 kmem_intr_free(0xffffc848d62a9880, 0) PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 664 664 2 0 0 ffffc848d5041940 sh 667 667 2 1 0 ffffc848c9d36080 syz-executor.5 1326 1326 2 0 0 ffffc848c9ee7500 ifconfig 660 666 3 1 180 ffffc848d36948c0 syz-executor.1 parked 660 > 662 7 1 0 ffffc848d5041500 syz-executor.1 660 660 2 1 10000000 ffffc848c9e8c100 syz-executor.1 654 654 2 0 10000000 ffffc848d50410c0 syz-executor.2 1791 1791 3 1 180 ffffc848c9c35480 syz-executor.4 wait 1873 1873 3 1 180 ffffc848c9d15140 syz-executor.0 wait 1771 1771 3 0 180 ffffc848ce15ab80 syz-executor.3 parked 1849 1849 2 0 140