[ 306.6173316] panic: LOCKDEBUG: Reader / writer lock error: rw_vector_enter,305: locking against myself [ 306.6282317] cpu0: Begin traceback... [ 306.6973347] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 306.8173341] snprintf() at netbsd:snprintf [ 306.9473346] lockdebug_more() at netbsd:lockdebug_more [ 307.0773426] lockdebug_wantlock() at netbsd:lockdebug_wantlock+0x34f sys/kern/subr_lockdebug.c:482 [ 307.2673348] rw_enter() at netbsd:rw_enter+0x796 sys/kern/kern_rwlock.c:305 [ 307.5073341] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvmfault_lookup sys/uvm/uvm_fault_i.h:128 [inline] [ 307.5073341] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvm_fault_check sys/uvm/uvm_fault.c:987 [inline] [ 307.5073341] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d sys/uvm/uvm_fault.c:897 [ 307.6173425] trap() at netbsd:trap+0xb3a sys/arch/amd64/amd64/trap.c:520 [ 307.6373337] --- trap (number 6) --- [ 307.7273324] _ustore_8() at netbsd:_ustore_8+0x21 [ 307.8473326] sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] [ 307.8473326] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 [ 307.9673333] syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] [ 307.9673333] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 307.9673333] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 [ 307.9973343] --- syscall (number 198) --- [ 308.0373428] netbsd:syscall+0x259: [ 308.0373428] cpu0: End traceback... [ 308.0373428] fatal breakpoint trap in supervisor mode [ 308.0500319] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x286 cr2 0x20000040 ilevel 0 rsp 0xffffc481a9c47430 [ 308.0626344] curlwp 0xffffc4801395aa80 pid 6399.6229 lowest kstack 0xffffc481a9c402c0 Stopped in pid 6399.6229 (syz-executor.1) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 snprintf() at netbsd:snprintf lockdebug_more() at netbsd:lockdebug_more lockdebug_wantlock() at netbsd:lockdebug_wantlock+0x34f sys/kern/subr_lockdebug.c:482 rw_enter() at netbsd:rw_enter+0x796 sys/kern/kern_rwlock.c:305 uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvmfault_lookup sys/uvm/uvm_fault_i.h:128 [inline] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvm_fault_check sys/uvm/uvm_fault.c:987 [inline] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d sys/uvm/uvm_fault.c:897 trap() at netbsd:trap+0xb3a sys/arch/amd64/amd64/trap.c:520 --- trap (number 6) --- _ustore_8() at netbsd:_ustore_8+0x21 sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 --- syscall (number 198) --- netbsd:syscall+0x259: Panic string: LOCKDEBUG: Reader / writer lock error: rw_vector_enter,305: locking against myself PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 6486 6076 2 0 0 ffffc4801485b740 syz-executor.3 6486 6490 2 0 0 ffffc48013cb5540 syz-executor.3 6486 6172 2 0 0 ffffc48013dc7500 syz-executor.3 6486 6693 2 1 100 ffffc48013d788c0 syz-executor.3 6486 6486 2 1 10000000 ffffc48013ce3600 syz-executor.3 6399 5196 3 1 0 ffffc48013a49bc0 syz-executor.1 tstile 6399 >6229 7 0 40000 ffffc4801395aa80 syz-executor.1 6399 6399 3 1 10040040 ffffc480153fb740 syz-executor.1 tstile 6632 6468 2 0 100 ffffc480154ca080 syz-executor.5 6632 6499 3 1 0 ffffc480153fb300 syz-executor.5 tstile 6632 6632 2 1 10040000 ffffc48013ba69c0 syz-executor.5 6198 6198 3 0 180 ffffc48014846b40 syz-executor.2 parked 5817 5817 3 0 180 ffffc48013c26b00 syz-executor.2 parked 5963 5963 3 1 180 ffffc48013d78480 syz-executor.2 parked 5447 5447 3 1 180 ffffc48015486040 syz-executor.1 parked 1226 1226 2 0 40 ffffc48015277640 syz-executor.4 989 989 2 1 140 ffffc48015277200 syz-executor.5 1075 1075 2 1 140 ffffc48015248a40 syz-executor.3 1071 1071 2 1 0 ffffc48015248600 syz-executor.2 422 422 2 1 140 ffffc48015143a00 syz-executor.1 1221 1221 2 1 40 ffffc48013bdf600 syz-executor.0 1104 1191 3 1 180 ffffc480152481c0 syz-fuzzer parked 1104 1222 2 1 140 ffffc48015143180 syz-fuzzer 1104 1219 3 1 180 ffffc48013c72bc0 syz-fuzzer parked 1104 1218 3 1 180 ffffc48014869bc0 syz-fuzzer parked 1104 1073 3 1 180 ffffc480148758c0 syz-fuzzer parked 1104 1115 3 1 180 ffffc48014875040 syz-fuzzer parked 1104 1254 3 1 1c0 ffffc48013b5a940 syz-fuzzer parked 1104 1082 2 1 140 ffffc48013b5a500 syz-fuzzer 1104 1104 3 1 180 ffffc48013a49340 syz-fuzzer parked 1255 1255 3 1 180 ffffc48013bc35c0 sshd select 1125 1125 3 1 180 ffffc48013ab44c0 getty nanoslp 1070 1070 3 0 180 ffffc48013b5a0c0 getty nanoslp 1072 1072 3 1 180 ffffc480139f5700 getty nanoslp 1102 1102 3 1 1c0 ffffc48013a49780 getty ttyraw 1060 1060 3 1 180 ffffc4801485b300 sshd select 948 948 3 1 180 ffffc480147509c0 powerd kqueue 690 690 3 1 180 ffffc480147e9ac0 syslogd kqueue 446 446 3 1 180 ffffc48013c4b700 dhcpcd poll 600 600 3 0 180 ffffc48013cc5140 dhcpcd poll 596 596 3 0 180 ffffc48013c888c0 dhcpcd poll 589 589 3 1 180 ffffc48013c5d740 dhcpcd poll 482 482 3 1 180 ffffc48013d91900 dhcpcd poll 288 288 3 1 180 ffffc48013d914c0 dhcpcd poll 351 351 3 1 180 ffffc48013d91080 dhcpcd poll 1 1 3 0 180 ffffc4801385a140 init wait 0 682 3 0 200 ffffc48013986240 physiod physiod 0 192 3 0 200 ffffc48013988280 pooldrain pooldrain 0 > 163 7 1 240 ffffc48013986ac0 ioflush 0 168 3 1 200 ffffc48013986680 pgdaemon pgdaemon 0 162 3 1 200 ffffc4801395a640 usb7 usbevt 0 161 3 1 200 ffffc4801395a200 usb6 usbevt 0 31 3 0 200 ffffc4801390ba40 usb5 usbevt 0 63 3 1 200 ffffc4801390b600 usb4 usbevt 0 126 3 1 200 ffffc4801390b1c0 usb3 usbevt 0 125 3 1 200 ffffc480138b8a00 usb2 usbevt 0 124 3 0 200 ffffc480138b85c0 usb1 usbevt 0 123 3 1 200 ffffc480138b8180 usb0 usbevt 0 122 3 0 200 ffffc4801385a9c0 usbtask-dr usbtsk 0 121 3 0 200 ffffc48010dbaac0 usbtask-hc usbtsk 0 120 3 0 200 ffffc4801385a580 npfgc0 npfgcw 0 119 3 1 200 ffffc4801384c980 rt_free rt_free 0 118 3 1 200 ffffc4801384c540 unpgc unpgc 0 117 3 1 200 ffffc4801384c100 key_timehandler key_timehandler 0 116 3 1 200 ffffc4801371b940 icmp6_wqinput/1 icmp6_wqinput 0 115 3 0 200 ffffc4801371b500 icmp6_wqinput/0 icmp6_wqinput 0 114 3 1 200 ffffc4801371b0c0 nd6_timer nd6_timer 0 113 3 1 200 ffffc48013710900 carp6_wqinput/1 carp6_wqinput 0 112 3 0 200 ffffc480137104c0 carp6_wqinput/0 carp6_wqinput 0 111 3 1 200 ffffc48013710080 carp_wqinput/1 carp_wqinput 0 110 3 0 200 ffffc480136ff8c0 carp_wqinput/0 carp_wqinput 0 109 3 1 200 ffffc480136ff480 icmp_wqinput/1 icmp_wqinput 0 108 3 0 200 ffffc480136ff040 icmp_wqinput/0 icmp_wqinput 0 107 3 1 200 ffffc480136edbc0 rt_timer rt_timer 0 106 3 1 200 ffffc480136ed780 vmem_rehash vmem_rehash 0 105 3 1 200 ffffc480136ecb80 entbutler entropy 0 96 2 0 240 ffffc480130c0b00 viomb 0 30 3 1 200 ffffc480130c06c0 vioif0_txrx/1 vioif0_txrx 0 29 3 0 200 ffffc480130c0280 vioif0_txrx/0 vioif0_txrx 0 27 3 0 200 ffffc48010dba680 scsibus0 sccomp 0 26 3 0 200 ffffc48010dba240 pms0 pmsreset 0 25 3 1 200 ffffc48010d0ea80 xcall/1 xcall 0 24 1 1 200 ffffc48010d0e640 softser/1 0 23 1 1 200 ffffc48010d0e200 softclk/1 0 22 1 1 200 ffffc48010d0ca40 softbio/1 0 21 1 1 200 ffffc48010d0c600 softnet/1 0 20 1 1 201 ffffc48010d0c1c0 idle/1 0 19 3 1 200 ffffc4800f77da00 lnxpwrwq lnxpwrwq 0 18 3 1 200 ffffc4800f77d5c0 lnxlngwq lnxlngwq 0 17 3 1 200 ffffc4800f77d180 lnxsyswq lnxsyswq 0 16 3 1 200 ffffc4800f7759c0 lnxrcugc lnxrcugc 0 15 3 0 200 ffffc4800f775580 sysmon smtaskq 0 14 3 1 200 ffffc4800f775140 pmfsuspend pmfsuspend 0 13 3 1 200 ffffc4800f771980 pmfevent pmfevent 0 12 3 0 200 ffffc4800f771540 sopendfree sopendfr 0 11 3 1 200 ffffc4800f771100 iflnkst iflnkst 0 10 3 0 200 ffffc4800f765940 nfssilly nfssilly 0 9 3 0 200 ffffc4800f765500 vdrain vdrain 0 8 3 1 200 ffffc4800f7650c0 modunload mod_unld 0 7 3 0 200 ffffc4800f758900 xcall/0 xcall 0 6 1 0 200 ffffc4800f7584c0 softser/0 0 5 1 0 200 ffffc4800f758080 softclk/0 0 4 1 0 200 ffffc4800f7568c0 softbio/0 0 3 1 0 200 ffffc4800f756480 softnet/0 0 2 1 0 201 ffffc4800f756040 idle/0 0 0 2 0 240 ffffffff82eee300 swapper [Locks tracked through LWPs] ****** LWP 6399.5196 (syz-executor.1) @ 0xffffc48013a49bc0, l_stat=3 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffc4801533f280 type : sleep/adaptive initialized : 0xffffffff81a599b0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc48013a49bc0 last held: 0xffffc48013a49bc0 last locked* : 0xffffffff81a8c780 unlocked : 0xffffffff81a8c7e2 owner/count : 0xffffc48013a49bc0 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at genfs_node_init) lock address : 0xffffc48013c65b30 type : sleep/adaptive initialized : 0xffffffff81a8c94c shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc48013a49bc0 last held: 0xffffc48013a49bc0 last locked* : 0xffffffff81773858 unlocked : 0xffffffff81a8119c owner/count : 0xffffc48013a49bc0 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: * Lock 0 (initialized at uvm_obj_init) lock address : 0xffffc4801535e7c0 type : sleep/adaptive initialized : 0xffffffff8185c03a shared holds : 1 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 0 relevant lwp : 0xffffc48013a49bc0 last held: 0xffffc4801395aa80 last locked : 0xffffffff81858fe8 unlocked*: 0xffffffff81a83339 owner/count : 0x0000000000000020 flags : 0x0000000000000003 Turnstile: => 0 waiting readers: => 2 waiting writers: 0xffffc48013a49bc0 0xffffc480153fb740 ****** LWP 1226.1226 (syz-executor.4) @ 0xffffc48015277640, l_stat=2 *** Locks held: * Lock 0 (initialized at fork1) lock address : 0xffffc48013c6bb50 type : sleep/adaptive initialized : 0xffffffff818c64be shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffc48015277640 last held: 0xffffc48015277640 last locked* : 0xffffffff818c2841 unlocked : 0xffffffff818bfdce owner/count : 0xffffc48015277640 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at uvm_map_setup) lock address : 0xffffffff8307d3e8 type : sleep/adaptive initialized : 0xffffffff8184e942 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffc48015277640 last held: 0xffffc48015277640 last locked* : 0xffffffff818480b4 unlocked : 0xffffffff81852581 owner/count : 0xffffc48015277640 flags : 0x0000000000000005 Turnstile: => 1 waiting readers: 0xffffc480153fb300 => 0 waiting writers: * Lock 2 (initialized at uvm_obj_init) lock address : 0xffffc480152d7980 type : sleep/adaptive initialized : 0xffffffff8185c03a shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffc48015277640 last held: 0xffffc48015277640 last locked* : 0xffffffff8184ebab unlocked : 0xffffffff818392ec owner/count : 0xffffc48015277640 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: * Lock 0 (initialized at pmap_bootstrap) lock address : 0xffffffff82ff3540 type : sleep/adaptive initialized : 0xffffffff808d0450 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 0 relevant lwp : 0xffffc48015277640 last held: 000000000000000000 last locked : 0xffffffff808d5150 unlocked*: 0xffffffff808d5374 owner field : 0xffffc48015277640 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 1071.1071 (syz-executor.2) @ 0xffffc48015248600, l_stat=2 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffc4801526c4c0 type : sleep/adaptive initialized : 0xffffffff81a599b0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc48015248600 last held: 0xffffc48015248600 last locked* : 0xffffffff81a8c780 unlocked : 0xffffffff81a8c7e2 owner/count : 0xffffc48015248600 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at vcache_alloc) lock address : 0xffffc48013c8d700 type : sleep/adaptive initialized : 0xffffffff81a599b0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc48015248600 last held: 0xffffc48015248600 last locked* : 0xffffffff81a8c780 unlocked : 0xffffffff81a8c7e2 [ 308.0703149] Skipping crash dump on recursive panic [ 308.0703149] panic: ASan: Unauthorized Access In 0xffffffff81904d50: Addr 0xffffc48013c8d700 [8 bytes, read, PoolUseAfterFree] [ 308.0703149] cpu0: Begin traceback... [ 308.0703149] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 308.0703149] snprintf() at netbsd:snprintf [ 308.0703149] kasan_report() at netbsd:kasan_report+0x8c kasan_code_name sys/kern/subr_asan.c:163 [inline] [ 308.0703149] kasan_report() at netbsd:kasan_report+0x8c sys/kern/subr_asan.c:195 [ 308.0703149] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:345 [inline] [ 308.0703149] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:359 [inline] [ 308.0703149] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_check sys/kern/subr_asan.c:411 [inline] [ 308.0703149] __asan_load8() at netbsd:__asan_load8+0x27e sys/kern/subr_asan.c:1198 [ 308.0703149] rw_dump() at netbsd:rw_dump+0x20 sys/kern/kern_rwlock.c:186 [ 308.0703149] lockdebug_dump() at netbsd:lockdebug_dump+0x23b sys/kern/subr_lockdebug.c:759 [ 308.0703149] lockdebug_show_one() at netbsd:lockdebug_show_one+0xa7 sys/kern/subr_lockdebug.c:839 [ 308.0703149] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x274 lockdebug_show_all_locks_lwp sys/kern/subr_lockdebug.c:877 [inline] [ 308.0703149] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x274 sys/kern/subr_lockdebug.c:941 [ 308.0703149] db_command() at netbsd:db_command+0x310 sys/ddb/db_command.c:957 [ 308.0703149] db_command_loop() at netbsd:db_command_loop+0x293 db_execute_commandlist sys/ddb/db_command.c:454 [inline] [ 308.0703149] db_command_loop() at netbsd:db_command_loop+0x293 sys/ddb/db_command.c:604 [ 308.0703149] db_trap() at netbsd:db_trap+0x22c sys/ddb/db_trap.c:94 [ 308.0703149] kdb_trap() at netbsd:kdb_trap+0x25c sys/arch/amd64/amd64/db_interface.c:250 [ 308.0703149] trap() at netbsd:trap+0x819 sys/arch/amd64/amd64/trap.c:315 [ 308.0703149] --- trap (number 1) --- [ 308.0703149] breakpoint() at netbsd:breakpoint+0x5 [ 308.0703149] db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:67 [ 308.0703149] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 308.0703149] snprintf() at netbsd:snprintf [ 308.0703149] lockdebug_more() at netbsd:lockdebug_more [ 308.0703149] lockdebug_wantlock() at netbsd:lockdebug_wantlock+0x34f sys/kern/subr_lockdebug.c:482 [ 308.0703149] rw_enter() at netbsd:rw_enter+0x796 sys/kern/kern_rwlock.c:305 [ 308.0703149] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvmfault_lookup sys/uvm/uvm_fault_i.h:128 [inline] [ 308.0703149] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvm_fault_check sys/uvm/uvm_fault.c:987 [inline] [ 308.0703149] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d sys/uvm/uvm_fault.c:897 [ 308.0703149] trap() at netbsd:trap+0xb3a sys/arch/amd64/amd64/trap.c:520 [ 308.0703149] --- trap (number 6) --- [ 308.0703149] _ustore_8() at netbsd:_ustore_8+0x21 [ 308.0703149] sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] [ 308.0703149] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 [ 308.0703149] syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] [ 308.0703149] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 308.0703149] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 [ 308.0703149] --- syscall (number 198) --- [ 308.0703149] netbsd:syscall+0x259: [ 308.0703149] cpu0: End traceback... [ 308.0703149] fatal breakpoint trap in supervisor mode [ 308.0703149] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x286 cr2 0x20000040 ilevel 0x8 rsp 0xffffc481a9c46a00 [ 308.0703149] curlwp 0xffffc4801395aa80 pid 6399.6229 lowest kstack 0xffffc481a9c402c0 Stopped in pid 6399.6229 (syz-executor.1) at netbsd:breakpoint+0x5: leave