[ 126.8823011] panic: kernel diagnostic assertion "uvm_page_locked_p(pg)" failed: file "/syzkaller/managers/netbsd/kernel/sys/arch/x86/x86/pmap.c", line 3526 [ 126.8933947] cpu1: Begin traceback... [ 126.9156192] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 126.9489520] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 127.0045066] pmap_remove_pte() at netbsd:pmap_remove_pte+0x47f pmap_remove_pte sys/arch/x86/x86/pmap.c:3526 [inline] [ 127.0045066] pmap_remove_pte() at netbsd:pmap_remove_pte+0x47f sys/arch/x86/x86/pmap.c:3473 [ 127.0378412] pmap_remove() at netbsd:pmap_remove+0x481 pmap_remove_ptes sys/arch/x86/x86/pmap.c:3432 [inline] [ 127.0378412] pmap_remove() at netbsd:pmap_remove+0x481 sys/arch/x86/x86/pmap.c:3631 [ 127.0822913] uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x61b sys/uvm/uvm_map.c:2317 [ 127.1156297] uvmspace_free() at netbsd:uvmspace_free+0x23b sys/uvm/uvm_map.c:4304 [ 127.1600713] uvm_proc_exit() at netbsd:uvm_proc_exit+0xc4 sys/uvm/uvm_glue.c:443 [ 127.1934019] exit1() at netbsd:exit1+0x3bd sys/kern/kern_exit.c:332 [ 127.2267369] sys_exit() at netbsd:sys_exit+0x77 sys/kern/kern_exit.c:179 [ 127.2711818] syscall() at netbsd:syscall+0x550 sy_call sys/sys/syscallvar.h:65 [inline] [ 127.2711818] syscall() at netbsd:syscall+0x550 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 127.2711818] syscall() at netbsd:syscall+0x550 sys/arch/x86/x86/syscall.c:138 [ 127.2822932] --- syscall (number 1) --- [ 127.3045178] 72ece3999a6a: [ 127.3045178] cpu1: End traceback... [ 127.3045178] fatal breakpoint trap in supervisor mode [ 127.3156266] trap type 1 code 0 rip 0xffffffff8021ccc5 cs 0x8 rflags 0x246 cr2 0x760c40b55000 ilevel 0 rsp 0xffffb7817bed76c0 [ 127.3267368] curlwp 0xffffb78012145720 pid 1027.1 lowest kstack 0xffffb7817bed02c0 Stopped in pid 1027.1 (syz-executor.3) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xf9 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure pmap_remove_pte() at netbsd:pmap_remove_pte+0x47f pmap_remove_pte sys/arch/x86/x86/pmap.c:3526 [inline] pmap_remove_pte() at netbsd:pmap_remove_pte+0x47f sys/arch/x86/x86/pmap.c:3473 pmap_remove() at netbsd:pmap_remove+0x481 pmap_remove_ptes sys/arch/x86/x86/pmap.c:3432 [inline] pmap_remove() at netbsd:pmap_remove+0x481 sys/arch/x86/x86/pmap.c:3631 uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x61b sys/uvm/uvm_map.c:2317 uvmspace_free() at netbsd:uvmspace_free+0x23b sys/uvm/uvm_map.c:4304 uvm_proc_exit() at netbsd:uvm_proc_exit+0xc4 sys/uvm/uvm_glue.c:443 exit1() at netbsd:exit1+0x3bd sys/kern/kern_exit.c:332 sys_exit() at netbsd:sys_exit+0x77 sys/kern/kern_exit.c:179 syscall() at netbsd:syscall+0x550 sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x550 sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x550 sys/arch/x86/x86/syscall.c:138 --- syscall (number 1) --- 72ece3999a6a: ds 76e0 es edd5 fs 76a0 gs 76f0 rdi ffffb7800d92c458 rsi ffffb78012145a08 rbp ffffb7817bed76c0 rbx ffffb7816d892000 rdx 2 rcx ffffffff80cef021 db_panic+0xe5 rax 0 r8 4 r9 1ffffffff05536c0 r10 ffffffff82a9b603 db_onpanic+0x3 r11 8000000000 r12 ffffb7816d8a4000 r13 ffffffff81c229e0 platform_private_nodes+0x140 r14 ffffb7817bed7750 r15 ffffb7816d892058 rip ffffffff8021ccc5 breakpoint+0x5 cs 8 rflags 246 rsp ffffb7817bed76c0 ss 0 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 716 3 3 1 80 ffffb7801218aba0 syz-executor.2 parked 1039 4 3 0 80 ffffb78012e231c0 syz-executor.0 parked 702 7 3 1 80 ffffb78012308660 syz-executor.3 parked 967 4 3 0 80 ffffb78012dc7940 syz-executor.1 parked 967 3 3 0 80 ffffb780122d8a40 syz-executor.1 parked 967 1 2 0 10000000 ffffb78012d778c0 syz-executor.1 1023 5 4 1 1000000 ffffb780121cfbc0 syz-executor.3 1109 5 3 0 80 ffffb78013d934a0 syz-executor.0 parked 1109 4 3 0 80 ffffb78013d93060 syz-executor.0 parked 1109 3 3 0 80 ffffb78013d848c0 syz-executor.0 parked 1109 1 2 0 10040000 ffffb7801218a320 syz-executor.0 974 4 3 0 80 ffffb78012de59a0 syz-executor.5 parked 974 3 3 0 80 ffffb78013d35320 syz-executor.5 parked 974 1 2 1 10040000 ffffb78012e165e0 syz-executor.5 1027 > 1 7 1 11040000 ffffb78012145720 syz-executor.3 902 5 3 0 80 ffffb78013d11b60 syz-executor.4 parked 1330 5 2 0 0 ffffb78012260980 syz-executor.2 1330 4 3 0 0 ffffb7801239d700 syz-executor.2 tstile 1330 3 2 0 0 ffffb78013f4b9a0 syz-executor.2 1330 1 2 0 10040000 ffffb78012d30300 syz-executor.2 693 3 3 1 80 ffffb78012e161a0 syz-executor.4 parked 799 3 3 0 80 ffffb78012e08a00 syz-executor.5 parked 1246 3 3 0 80 ffffb7801403da60 syz-executor.5 parked 397 3 3 1 80 ffffb78012129700 syz-executor.0 parked 916 4 3 1 80 ffffb78012d858e0 syz-executor.5 parked 1227 3 3 1 80 ffffb780120bd6e0 syz-executor.0 parked 521 3 3 0 80 ffffb78013cc9b00 syz-executor.4 parked 1008 4 3 1 80 ffffb78013f64160 syz-executor.3 parked 1035 3 3 0 80 ffffb780122034c0 syz-executor.5 parked 1029 3 3 0 80 ffffb78012323260 syz-executor.4 parked 578 3 3 1 80 ffffb78012dd0520 syz-executor.0 parked 193 3 3 0 80 ffffb780134fba60 syz-executor.3 parked 657 4 3 0 80 ffffb7801229c9c0 syz-executor.0 parked 750 3 3 1 80 ffffb78011ee9180 syz-executor.4 parked 793 4 3 0 80 ffffb78013d35760 syz-executor.4 parked 856 3 3 1 80 ffffb78012171300 syz-executor.2 parked 328 3 3 1 80 ffffb78012dc7500 syz-executor.2 parked 566 3 3 1 80 ffffb780122f7200 syz-executor.2 parked 661 4 3 0 80 ffffb78012323ae0 syz-executor.2 parked 828 6 3 0 80 ffffb780123346c0 syz-executor.2 parked 850 3 3 1 80 ffffb78012334280 syz-executor.2 parked 803 3 3 1 80 ffffb780123236a0 syz-executor.3 parked 719 3 3 1 80 ffffb78013db1900 syz-executor.3 parked 762 3 3 1 80 ffffb78013f05520 syz-executor.2 parked 760 3 3 1 80 ffffb78013f050e0 syz-executor.2 parked 205 3 3 1 80 ffffb78013e3b940 syz-executor.2 parked 730 3 3 0 80 ffffb780122164e0 syz-executor.5 parked 687 3 3 0 80 ffffb780120bd2a0 syz-executor.5 parked 756 5 3 1 80 ffffb78012129b40 syz-executor.3 parked 160 3 3 1 80 ffffb78012de5120 syz-executor.2 parked 614 3 3 1 80 ffffb78012dd00e0 syz-executor.5 parked 703 3 3 0 80 ffffb78013e234e0 syz-executor.3 parked 349 3 3 0 80 ffffb78012dc70c0 syz-executor.5 parked 724 3 3 1 80 ffffb78012316680 syz-executor.1 parked 467 3 3 1 80 ffffb780122f7a80 syz-executor.0 parked 592 3 3 1 80 ffffb78012316240 syz-executor.0 parked 526 3 3 1 80 ffffb78012308aa0 syz-executor.0 parked 268 4 3 1 80 ffffb780122c71a0 syz-executor.1 parked 615 3 3 1 80 ffffb7801228a9a0 syz-executor.2 parked 582 3 3 0 80 ffffb78013db14c0 syz-executor.0 parked 162 9 3 1 80 ffffb7801229c580 syz-executor.2 parked 97 3 3 1 80 ffffb78013d84480 syz-executor.1 parked 104 3 3 1 80 ffffb78012234960 syz-executor.1 parked 555 1 2 1 0 ffffb78013c4d6a0 syz-executor.2 604 > 1 7 0 0 ffffb78013c4d260 syz-executor.4 607 1 2 0 0 ffffb78013c25ac0 syz-executor.5 45 1 3 1 80 ffffb78013c25680 syz-executor.3 wait 510 1 2 1 0 ffffb78013c25240 syz-executor.1 41 1 2 0 0 ffffb78011ee95c0 syz-executor.0 539 10 3 1 80 ffffb78011eec5e0 syz-fuzzer parked 539 9 3 0 80 ffffb78013acb660 syz-fuzzer kqueue 539 8 3 0 80 ffffb78013acb220 syz-fuzzer parked 539 7 3 0 80 ffffb7801350ba80 syz-fuzzer parked 539 6 3 0 80 ffffb7801350b640 syz-fuzzer parked 539 5 2 0 0 ffffb78012d4eba0 syz-fuzzer 539 4 3 1 80 ffffb78012d4e760 syz-fuzzer parked 539 3 3 0 80 ffffb780123b4b60 syz-fuzzer parked 539 2 2 1 0 ffffb78012ddc980 syz-fuzzer 539 1 3 0 80 ffffb78011ee85a0 syz-fuzzer parked 452 1 2 1 0 ffffb78011ee8160 sshd 569 1 3 1 80 ffffb78012de5560 getty nanoslp 439 1 3 0 80 ffffb78012dfb160 getty nanoslp 501 1 3 0 80 ffffb78012d30740 getty nanoslp 519 1 3 1 80 ffffb78012df0580 getty ttyraw 317 1 3 1 80 ffffb78012334b00 cron nanoslp 549 1 3 0 80 ffffb78012d99900 inetd kqueue 369 1 3 0 80 ffffb78012349b20 sshd select 435 1 3 0 80 ffffb780122ea1e0 powerd kqueue 202 1 3 1 80 ffffb78012d6a780 syslogd kqueue 278 1 3 1 80 ffffb780122ea620 dhcpcd kqueue 236 1 3 1 80 ffffb780122160a0 dhcpcd kqueue 1 1 3 0 80 ffffb78012015240 init wait 0 58 3 0 204 ffffb78012015ac0 physiod physiod 0 57 3 1 204 ffffb7801205d6a0 pooldrain pooldrain 0 56 3 0 204 ffffb7801205e280 aiodoned aiodoned 0 55 3 1 200 ffffb7801205dae0 ioflush syncer 0 54 3 1 200 ffffb7801205d260 pgdaemon pgdaemon 0 51 3 0 200 ffffb7800f7cb9c0 npfgc-0 npfgccv 0 50 3 1 204 ffffb78012007aa0 rt_free rt_free 0 49 3 0 204 ffffb78012007660 unpgc unpgc 0 48 2 1 200 ffffb78012007220 key_timehandler 0 47 3 1 204 ffffb78011ffca80 icmp6_wqinput/1 icmp6_wqinput 0 46 3 0 204 ffffb78011ffc640 icmp6_wqinput/0 icmp6_wqinput 0 45 3 0 204 ffffb78011ffc200 nd6_timer nd6_timer 0 44 3 1 204 ffffb78011f13a60 carp6_wqinput/1 carp6_wqinput 0 43 3 0 204 ffffb78011f13620 carp6_wqinput/0 carp6_wqinput 0 42 3 1 204 ffffb78011f131e0 carp_wqinput/1 carp_wqinput 0 41 3 0 204 ffffb78011efea40 carp_wqinput/0 carp_wqinput 0 40 3 1 204 ffffb78011efe600 icmp_wqinput/1 icmp_wqinput 0 39 3 0 204 ffffb78011efe1c0 icmp_wqinput/0 icmp_wqinput 0 38 2 1 200 ffffb78011eeca20 rt_timer 0 37 3 1 204 ffffb78011eec1a0 vmem_rehash vmem_rehash 0 27 3 0 204 ffffb7800f7cb580 scsibus0 sccomp 0 26 3 0 200 ffffb7800f7cb140 pms0 pmsreset 0 25 3 1 204 ffffb7800f73d9a0 xcall/1 xcall 0 24 1 1 200 ffffb7800f73d560 softser/1 0 23 1 1 200 ffffb7800f73d120 softclk/1 0 22 1 1 200 ffffb7800f739980 softbio/1 0 21 1 1 200 ffffb7800f739540 softnet/1 0 20 1 1 201 ffffb7800f739100 idle/1 0 19 3 1 204 ffffb7800f66f960 lnxpwrwq lnxpwrwq 0 18 3 1 204 ffffb7800f66f520 lnxlngwq lnxlngwq 0 17 3 1 204 ffffb7800f66f0e0 lnxsyswq lnxsyswq 0 16 3 1 204 ffffb7800de54940 lnxrcugc lnxrcugc 0 15 3 0 204 ffffb7800de54500 sysmon smtaskq 0 14 3 1 204 ffffb7800de540c0 pmfsuspend pmfsuspend 0 13 3 0 204 ffffb7800de45920 pmfevent pmfevent 0 12 3 0 204 ffffb7800de454e0 sopendfree sopendfr 0 11 3 1 204 ffffb7800de450a0 nfssilly nfssilly 0 10 3 0 200 ffffb7800de3a900 cachegc cachegc 0 9 3 0 204 ffffb7800de3a4c0 vdrain vdrain 0 8 3 0 200 ffffb7800de3a080 modunload mod_unld 0 7 3 0 204 ffffb7800de2c8e0 xcall/0 xcall 0 6 1 0 200 ffffb7800de2c4a0 softser/0 0 5 1 0 200 ffffb7800de2c060 softclk/0 0 4 1 0 200 ffffb7800de278c0 softbio/0 0 3 1 0 200 ffffb7800de27480 softnet/0 0 2 1 0 201 ffffb7800de27040 idle/0 0 1 2 0 200 ffffffff82b62c80 swapper [Locks tracked through LWPs] Locks held by an LWP (syz-executor.0): Lock 0 (initialized at uvm_obj_init) lock address : 0xffffb78013a41ec0 type : sleep/adaptive initialized : 0xffffffff810e2383 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 0 current lwp : 0xffffb78012145720 last held: 0xffffb7801218a320 last locked* : 0xffffffff810c68de unlocked : 0xffffffff810c3a9c owner field : 0xffffb7801218a320 wait/spin: 0/0 Turnstile chain at 0xffffffff82d82ad8 with mutex 0xffffb7800de1f100. => No active turnstile for this lock. Locks held by an LWP (syz-executor.5): Lock 0 (initialized at uvm_obj_init) lock address : 0xffffb78013c3f400 type : sleep/adaptive initialized : 0xffffffff810e2383 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffb78012145720 last held: 0xffffb78012e165e0 last locked* : 0xffffffff810c68de unlocked : 0xffffffff810c3a9c owner field : 0xffffb78012e165e0 wait/spin: 0/0 Turnstile chain at 0xffffffff82d82980 with mutex 0xffffb7800de1e600. => No active turnstile for this lock. Locks held by an LWP (syz-executor.3): Lock 0 (initialized at fork1) lock address : 0xffffb78013f9f6a8 type : sleep/adaptive initialized : 0xffffffff8113698c shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffb78012145720 last held: 0xffffb78012145720 last locked* : 0xffffffff811330bd unlocked : 000000000000000000 owner/count : 0xffffb78012145720 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d829d0 with mutex 0xffffb7800de1e880. => No active turnstile for this lock. Lock 1 (initialized at amap_copy) lock address : 0xffffb78013c3f280 type : sleep/adaptive initialized : 0xffffffff810b95f0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffb78012145720 last held: 0xffffb78012145720 last locked* : 0xffffffff810d6b91 unlocked : 0xffffffff810c3abb owner field : 0xffffb78012145720 wait/spin: 0/0 Turnstile chain at 0xffffffff82d82950 with mutex 0xffffb7800de1e480. => No active turnstile for this lock. Lock 2 (initialized at pmap_create) lock address : 0xffffb78013506128 type : sleep/adaptive initialized : 0xffffffff802727da shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffb78012145720 last held: 0xffffb78012145720 last locked* : 0xffffffff80275095 unlocked : 0xffffffff80274abf owner field : 0xffffb78012145720 wait/spin: 0/0 Turnstile chain at 0xffffffff82d82720 with mutex 0xffffb7800d9422c0. => No active turnstile for this lock. Locks held by an LWP (syz-executor.2): Lock 0 (initialized at vcache_alloc) lock address : 0xffffb78011eedd80 type : sleep/adaptive initialized : 0xffffffff8129cf7e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 0 current lwp : 0xffffb78012145720 last held: 0xffffb7801239d700 last locked* : 0xffffffff812ca855 unlocked : 0xffffffff812ca888 owner/count : 0xffffb7801239d700 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d82ab0 with mutex 0xffffb7800de1ef80. => No active turnstile for this lock. Locks held by an LWP (syz-executor.2): Lock 0 (initialized at vcache_alloc) lock address : 0xffffb78013e644d0 type : sleep/adaptive initialized : 0xffffffff8129cf7e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 current cpu : 1 last held: 0 current lwp : 0xffffb78012145720 last held: 0xffffb78013f4b9a0 last locked* : 0xffffffff812ca855 unlocked : 0xffffffff812ca888 owner/count : 0xffffb78013f4b9a0 flags : 0x0000000000000007 Turnstile chain at 0xffffffff82d82798 with mutex 0xffffb7800d942680. => Turnstile at 0xffffb78012261380 (wrq=0xffffb780122613a0, rdq=0xffffb780122613b0). => 0 waiting readers: => 1 waiting writers: 0xffffb7801239d700 Locks held by an LWP (syz-executor.2): Lock 0 (initialized at amap_alloc) lock address : 0xffffb78013c3f940 type : sleep/adaptive initialized : 0xffffffff810b5d31 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 0 current lwp : 0xffffb78012145720 last held: 0xffffb78012d30300 last locked* : 0xffffffff810c5483 unlocked : 0xffffffff810c3abb owner field : 000000000000000000 wait/spin: 0/0 Turnstile chain at 0xffffffff82d82a28 with mutex 0xffffb7800de1eb40. => No active turnstile for this lock. Locks held by an LWP (syz-executor.4): Lock 0 (initialized at vcache_alloc) lock address : 0xffffb78013c415f8 type : sleep/adaptive initialized : 0xffffffff8129cf7e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 0 current lwp : 0xffffb78012145720 last held: 0xffffb78013c4d260 last locked* : 0xffffffff812ca855 unlocked : 0xffffffff812ca888 owner/count : 0xffffb78013c4d260 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d829b8 with mutex 0xffffb7800de1e7c0. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffffb78013d228b0 type : sleep/adaptive initialized : 0xffffffff8129cf7e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 0 current lwp : 0xffffb78012145720 last held: 0xffffb78013c4d260 last locked* : 0xffffffff812ca855 unlocked : 0xffffffff812ca888 [ 127.3378469] Skipping crash dump on recursive panic [ 127.3378469] panic: ASan: Unauthorized Access In 0xffffffff81171d10: Addr 0xffffb78013d228b0 [8 bytes, read, PoolUseAfterFree] [ 127.3378469] cpu1: Begin traceback... [ 127.3378469] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 127.3378469] snprintf() at netbsd:snprintf [ 127.3378469] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:172 [inline] [ 127.3378469] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:194 [ 127.3378469] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:344 [inline] [ 127.3378469] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:358 [inline] [ 127.3378469] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:410 [inline] [ 127.3378469] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1180 [ 127.3378469] rw_dump() at netbsd:rw_dump+0x20 sys/kern/kern_rwlock.c:191 [ 127.3378469] lockdebug_dump() at netbsd:lockdebug_dump+0x289 sys/kern/subr_lockdebug.c:777 [ 127.3378469] lockdebug_show_one() at netbsd:lockdebug_show_one+0xb9 sys/kern/subr_lockdebug.c:855 [ 127.3378469] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f lockdebug_show_all_locks_lwp sys/kern/subr_lockdebug.c:886 [inline] [ 127.3378469] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f sys/kern/subr_lockdebug.c:933 [ 127.3378469] db_command() at netbsd:db_command+0x2c0 sys/ddb/db_command.c:935 [ 127.3378469] db_command_loop() at netbsd:db_command_loop+0x26c db_execute_commandlist sys/ddb/db_command.c:432 [inline] [ 127.3378469] db_command_loop() at netbsd:db_command_loop+0x26c sys/ddb/db_command.c:582 [ 127.3378469] db_trap() at netbsd:db_trap+0x219 sys/ddb/db_trap.c:94 [ 127.3378469] kdb_trap() at netbsd:kdb_trap+0x1ce sys/arch/amd64/amd64/db_interface.c:246 [ 127.3378469] trap() at netbsd:trap+0x641 sys/arch/amd64/amd64/trap.c:313 [ 127.3378469] --- trap (number 1) --- [ 127.3378469] breakpoint() at netbsd:breakpoint+0x5 [ 127.3378469] db_panic() at netbsd:db_panic+0xf9 sys/ddb/db_panic.c:67 [ 127.3378469] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 127.3378469] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 127.3378469] pmap_remove_pte() at netbsd:pmap_remove_pte+0x47f pmap_remove_pte sys/arch/x86/x86/pmap.c:3526 [inline] [ 127.3378469] pmap_remove_pte() at netbsd:pmap_remove_pte+0x47f sys/arch/x86/x86/pmap.c:3473 [ 127.3378469] pmap_remove() at netbsd:pmap_remove+0x481 pmap_remove_ptes sys/arch/x86/x86/pmap.c:3432 [inline] [ 127.3378469] pmap_remove() at netbsd:pmap_remove+0x481 sys/arch/x86/x86/pmap.c:3631 [ 127.3378469] uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x61b sys/uvm/uvm_map.c:2317 [ 127.3378469] uvmspace_free() at netbsd:uvmspace_free+0x23b sys/uvm/uvm_map.c:4304 [ 127.3378469] uvm_proc_exit() at netbsd:uvm_proc_exit+0xc4 sys/uvm/uvm_glue.c:443 [ 127.3378469] exit1() at netbsd:exit1+0x3bd sys/kern/kern_exit.c:332 [ 127.3378469] sys_exit() at netbsd:sys_exit+0x77 sys/kern/kern_exit.c:179 [ 127.3378469] syscall() at netbsd:syscall+0x550 sy_call sys/sys/syscallvar.h:65 [inline] [ 127.3378469] syscall() at netbsd:syscall+0x550 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 127.3378469] syscall() at netbsd:syscall+0x550 sys/arch/x86/x86/syscall.c:138 [ 127.3378469] --- syscall (number 1) --- [ 127.3378469] 72ece3999a6a: [ 127.3378469] cpu1: End traceback... [ 127.3378469] fatal breakpoint trap in supervisor mode [ 127.3378469] trap type 1 code 0 rip 0xffffffff8021ccc5 cs 0x8 rflags 0x246 cr2 0x760c40b55000 ilevel 0x8 rsp 0xffffb7817bed6c80 [ 127.3378469] curlwp 0xffffb78012145720 pid 1027.1 lowest kstack 0xffffb7817bed02c0 Stopped in pid 1027.1 (syz-executor.3) at netbsd:breakpoint+0x5: leave