[ 451.6751269] panic: kernel diagnostic assertion "entry->next != &map->header && entry->next->start <= entry->end" failed: file "/syzkaller/managers/netbsd/kernel/sys/uvm/uvm_fault.c", line 2692 [ 451.6850820] cpu1: Begin traceback... [ 451.7450871] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 451.8750814] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 452.0050812] uvm_fault_unwire_locked() at netbsd:uvm_fault_unwire_locked+0x20f sys/uvm/uvm_fault.c:2694 [ 452.1250825] uvm_fault_unwire() at netbsd:uvm_fault_unwire+0x32 sys/uvm/uvm_fault.c:2650 [ 452.2550822] genfs_directio() at netbsd:genfs_directio+0xa0c genfs_do_directio sys/miscfs/genfs/genfs_io.c:1950 [inline] [ 452.2550822] genfs_directio() at netbsd:genfs_directio+0xa0c sys/miscfs/genfs/genfs_io.c:1815 [ 452.3850810] ffs_write() at netbsd:ffs_write+0x8ba sys/ufs/ufs/ufs_readwrite.c:354 [ 452.5050810] VOP_WRITE() at netbsd:VOP_WRITE+0x118 sys/kern/vnode_if.c:540 [ 452.6350818] vn_write() at netbsd:vn_write+0x25d sys/kern/vfs_vnops.c:612 [ 452.7650856] do_filewritev() at netbsd:do_filewritev+0x4b3 sys/kern/sys_generic.c:472 [ 452.8950804] sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] [ 452.8950804] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 [ 453.0150811] syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] [ 453.0150811] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 453.0150811] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 [ 453.0450823] --- syscall (number 198) --- [ 453.0850812] netbsd:syscall+0x259: [ 453.0850812] cpu1: End traceback... [ 453.0850812] fatal breakpoint trap in supervisor mode [ 453.0950782] trap type 1 code 0 rip 0xffffffff80220a1d cs 0x8 rflags 0x282 cr2 0x780ac1d3fff8 ilevel 0 rsp 0xffffc6819398b680 [ 453.1050788] curlwp 0xffffc680148b4bc0 pid 4480.9531 lowest kstack 0xffffc681939842c0 Stopped in pid 4480.9531 (syz-executor.2) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure uvm_fault_unwire_locked() at netbsd:uvm_fault_unwire_locked+0x20f sys/uvm/uvm_fault.c:2694 uvm_fault_unwire() at netbsd:uvm_fault_unwire+0x32 sys/uvm/uvm_fault.c:2650 genfs_directio() at netbsd:genfs_directio+0xa0c genfs_do_directio sys/miscfs/genfs/genfs_io.c:1950 [inline] genfs_directio() at netbsd:genfs_directio+0xa0c sys/miscfs/genfs/genfs_io.c:1815 ffs_write() at netbsd:ffs_write+0x8ba sys/ufs/ufs/ufs_readwrite.c:354 VOP_WRITE() at netbsd:VOP_WRITE+0x118 sys/kern/vnode_if.c:540 vn_write() at netbsd:vn_write+0x25d sys/kern/vfs_vnops.c:612 do_filewritev() at netbsd:do_filewritev+0x4b3 sys/kern/sys_generic.c:472 sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 --- syscall (number 198) --- netbsd:syscall+0x259: Panic string: kernel diagnostic assertion "entry->next != &map->header && entry->next->start <= entry->end" failed: file "/syzkaller/managers/netbsd/kernel/sys/uvm/uvm_fault.c", line 2692 PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 4386 5553 3 0 80 ffffc68012ad7780 syz-executor.3 parked 4386 4350 3 0 80 ffffc6801382a5c0 syz-executor.3 parked 4386 9915 3 0 80 ffffc68012dcbbc0 syz-executor.3 parked 4386 4386 2 0 10000000 ffffc680148d68c0 syz-executor.3 4334 4781 2 0 0 ffffc680147f4680 syz-executor.5 4334 4334 2 0 10000000 ffffc68012c02980 syz-executor.5 8773 8773 3 0 80 ffffc680147b11c0 syz-executor.4 parked 8493 8493 3 0 80 ffffc680139000c0 syz-executor.4 parked 4480 5552 3 0 0 ffffc680147f0200 syz-executor.2 tstile 4480 5556 3 0 0 ffffc68012d16500 syz-executor.2 tstile 4480 9007 3 1 0 ffffc68012a2f280 syz-executor.2 tstile 4480 4384 3 1 0 ffffc680138d3300 syz-executor.2 tstile 4480 4349 3 1 0 ffffc68012cf0780 syz-executor.2 tstile 4480 >9531 7 1 0 ffffc680148b4bc0 syz-executor.2 4480 4480 2 1 10000040 ffffc680144d62c0 syz-executor.2 4572 4572 3 1 80 ffffc68014865300 syz-executor.5 parked 4085 4085 3 0 80 ffffc68012d51a40 init nanoslp 4705 4705 3 0 80 ffffc68012d96300 syz-executor.4 parked 9036 9036 3 0 80 ffffc68012b804c0 syz-executor.4 parked 9148 9148 3 0 80 ffffc68012de5040 syz-executor.4 parked 8900 8900 3 0 80 ffffc680127c2700 syz-executor.0 parked 3365 3365 3 0 80 ffffc68012d43180 syz-executor.0 parked 4197 4197 3 1 80 ffffc68012d87700 syz-executor.0 parked 8423 8423 3 0 80 ffffc68012ad7bc0 syz-executor.3 parked 3770 3770 3 1 80 ffffc680147f0640 syz-executor.0 parked 8000 8000 3 0 80 ffffc68012d0b4c0 syz-executor.0 parked 3680 3680 3 0 80 ffffc68014615900 syz-executor.4 parked 2539 2539 3 0 80 ffffc68012c61600 syz-executor.2 parked 3513 3513 3 0 80 ffffc68014701940 syz-executor.2 parked 2781 2781 3 0 80 ffffc68012c88680 syz-executor.2 parked 2449 2449 3 0 80 ffffc68014434680 syz-executor.2 parked 2343 2343 3 0 80 ffffc68013867680 syz-executor.2 parked 2519 2519 3 1 80 ffffc680137f2100 syz-executor.0 parked 6940 6940 3 0 80 ffffc68012aaf300 syz-executor.0 parked 6954 6954 3 1 80 ffffc680147f0a80 syz-executor.0 parked 3455 3455 3 0 80 ffffc680138f34c0 syz-executor.0 parked 1416 1416 4 1 1000000 ffffc68012cd8740 syz-executor.1 6846 6846 3 1 80 ffffc68012c61a40 syz-executor.1 parked 2493 1437 4 1 1000000 ffffc68014735140 syz-executor.1 2493 1433 4 1 1000080 ffffc68012a77b40 syz-executor.1 parked 2493 2493 4 1 11000040 ffffc68012d96740 syz-executor.1 6462 6462 3 1 80 ffffc680146154c0 syz-executor.5 parked 5829 5829 3 0 80 ffffc680144d6b40 syz-executor.5 parked 2256 2256 3 0 80 ffffc680147010c0 syz-executor.2 parked 1215 1215 3 1 80 ffffc68014613480 syz-executor.2 parked 6315 6315 3 0 80 ffffc68012d87b40 syz-executor.2 parked 1315 1315 3 0 80 ffffc680147b1a40 syz-executor.1 parked 1175 1175 3 1 80 ffffc680138f3900 syz-executor.3 parked 1179 1179 3 1 80 ffffc68012c4ba00 syz-executor.3 parked 6556 6556 3 1 80 ffffc68012d43a00 syz-executor.3 parked 1176 1176 3 0 80 ffffc680142ae180 syz-executor.1 parked 5190 5190 3 1 80 ffffc68012c88ac0 syz-executor.1 parked 6347 6347 3 0 80 ffffc68012c88240 syz-executor.1 parked 5163 5163 3 1 80 ffffc6801472b540 syz-executor.2 parked 4937 4937 3 0 80 ffffc68014434240 syz-executor.0 parked 4783 4783 3 1 80 ffffc68012c2f9c0 syz-executor.0 parked 4818 4818 3 1 80 ffffc68012c2f140 syz-executor.0 parked 4561 4561 3 1 80 ffffc68012a2f6c0 syz-executor.0 parked 2905 2905 3 1 80 ffffc680144d6700 syz-executor.1 parked 2047 2047 3 1 80 ffffc68012ca7b00 syz-executor.1 parked 3110 3110 3 0 80 ffffc68013848a40 syz-executor.1 parked 2482 2482 3 1 80 ffffc680127c2b40 syz-executor.3 parked 2232 2232 2 1 40 ffffc68012d872c0 syz-executor.0 1441 1441 3 1 80 ffffc680138de340 syz-executor.1 parked 1334 1334 3 1 80 ffffc680138d3740 syz-executor.3 parked 986 986 3 1 80 ffffc680144ecb80 syz-executor.4 parked 826 826 3 0 80 ffffc680144ec740 syz-executor.4 parked 1218 >1218 7 0 40 ffffc6801432e200 syz-executor.5 1253 1253 2 1 40 ffffc680142dfa40 syz-executor.4 1070 1070 2 0 40 ffffc680142df600 syz-executor.3 1102 1102 2 1 40 ffffc680142aea00 syz-executor.2 419 419 2 1 40 ffffc680142ae5c0 syz-executor.1 1073 1076 3 1 c0 ffffc680142df1c0 syz-fuzzer parked 1073 1085 3 1 80 ffffc68012c72200 syz-fuzzer parked 1073 1077 2 1 0 ffffc680140f69c0 syz-fuzzer 1073 1072 3 1 40080 ffffc680138de780 syz-fuzzer parked 1073 1081 3 1 80 ffffc680138e98c0 syz-fuzzer parked 1073 1104 3 1 80 ffffc680138e9040 syz-fuzzer parked 1073 1248 3 1 c0 ffffc68013900940 syz-fuzzer parked 1073 1079 3 1 c0 ffffc68012c02100 syz-fuzzer parked 1073 1068 2 1 40 ffffc68012be0500 syz-fuzzer 1073 1073 3 0 80 ffffc68012c4b5c0 syz-fuzzer parked 1110 1110 3 1 80 ffffc68012c611c0 sshd select 1064 1064 3 1 80 ffffc68012aafb80 getty nanoslp 1101 1101 3 0 80 ffffc68012ad7340 getty nanoslp 1249 1249 3 1 80 ffffc68012be0940 getty nanoslp 967 967 3 1 80 ffffc68013874280 sshd select 1122 1122 3 0 80 ffffc68012d6c240 powerd kqueue 867 867 3 1 80 ffffc680138debc0 syslogd kqueue 596 596 3 1 80 ffffc68012cfc8c0 dhcpcd poll 599 599 3 1 80 ffffc68012d35580 dhcpcd poll 435 435 3 0 80 ffffc68012cfc480 dhcpcd poll 350 350 3 1 80 ffffc68012e044c0 dhcpcd poll 349 349 3 0 80 ffffc68012e04080 dhcpcd poll 348 348 3 0 80 ffffc68012de58c0 dhcpcd poll 1 1 3 0 80 ffffc680128c3980 init wait 0 4147 3 1 600 ffffc6801449c6c0 cgd/1 cgd 0 3979 3 0 600 ffffc68014505340 cgd/0 cgd 0 851 3 1 200 ffffc680129e6a80 physiod physiod 0 162 3 0 200 ffffc680129fcac0 pooldrain pooldrain 0 167 2 1 240 ffffc680129fc680 ioflush 0 165 3 1 200 ffffc680129fc240 pgdaemon pgdaemon 0 160 3 1 200 ffffc680129e6200 usb7 usbevt 0 31 3 0 200 ffffc6801299ca40 usb6 usbevt 0 63 3 1 200 ffffc6801299c600 usb5 usbevt 0 126 3 0 200 ffffc6801299c1c0 usb4 usbevt 0 125 3 1 200 ffffc68012949a00 usb3 usbevt 0 124 3 1 200 ffffc680129495c0 usb2 usbevt 0 123 3 1 200 ffffc68012949180 usb1 usbevt 0 122 3 1 200 ffffc680128d79c0 usb0 usbevt 0 121 3 1 200 ffffc680128d7580 usbtask-dr usbtsk 0 120 3 0 200 ffffc6800fe34ac0 usbtask-hc usbtsk 0 119 3 1 200 ffffc680128d7140 npfgc0 npfgcw 0 118 3 1 200 ffffc680128c3540 rt_free rt_free 0 117 3 0 200 ffffc680128c3100 unpgc unpgc 0 116 2 1 200 ffffc680127f8940 key_timehandler 0 115 3 1 200 ffffc680127f8500 icmp6_wqinput/1 icmp6_wqinput 0 114 3 0 200 ffffc680127f80c0 icmp6_wqinput/0 icmp6_wqinput 0 113 2 1 200 ffffc680127ed900 nd6_timer 0 112 3 1 200 ffffc680127ed4c0 carp6_wqinput/1 carp6_wqinput 0 111 3 0 200 ffffc680127ed080 carp6_wqinput/0 carp6_wqinput 0 110 3 1 200 ffffc680127d98c0 carp_wqinput/1 carp_wqinput 0 109 3 0 200 ffffc680127d9480 carp_wqinput/0 carp_wqinput 0 108 3 1 200 ffffc680127d9040 icmp_wqinput/1 icmp_wqinput 0 107 3 0 200 ffffc680127c8bc0 icmp_wqinput/0 icmp_wqinput 0 106 2 1 200 ffffc680127c8780 rt_timer 0 105 3 1 200 ffffc680127c8340 vmem_rehash vmem_rehash 0 104 3 1 200 ffffc680127c5740 entbutler entropy 0 30 3 1 200 ffffc6801213a6c0 vioif0_txrx/1 vioif0_txrx 0 29 3 0 200 ffffc6801213a280 vioif0_txrx/0 vioif0_txrx 0 27 3 0 200 ffffc6800fe34680 scsibus0 sccomp 0 26 3 0 200 ffffc6800fe34240 pms0 pmsreset 0 25 3 1 200 ffffc6800fd89a80 xcall/1 xcall 0 24 1 1 200 ffffc6800fd89640 softser/1 0 23 1 1 200 ffffc6800fd89200 softclk/1 0 22 1 1 200 ffffc6800fd87a40 softbio/1 0 21 1 1 200 ffffc6800fd87600 softnet/1 0 20 1 1 201 ffffc6800fd871c0 idle/1 0 19 3 0 200 ffffc6800e7f8a00 lnxpwrwq lnxpwrwq 0 18 3 0 200 ffffc6800e7f85c0 lnxlngwq lnxlngwq 0 17 3 0 200 ffffc6800e7f8180 lnxsyswq lnxsyswq 0 16 3 0 200 ffffc6800e7f09c0 lnxrcugc lnxrcugc 0 15 3 0 200 ffffc6800e7f0580 sysmon smtaskq 0 14 3 0 200 ffffc6800e7f0140 pmfsuspend pmfsuspend 0 13 3 0 200 ffffc6800e7ec980 pmfevent pmfevent 0 12 3 0 200 ffffc6800e7ec540 sopendfree sopendfr 0 11 2 1 200 ffffc6800e7ec100 iflnkst 0 10 3 0 200 ffffc6800e7e0940 nfssilly nfssilly 0 9 3 0 200 ffffc6800e7e0500 vdrain vdrain 0 8 3 0 200 ffffc6800e7e00c0 modunload mod_unld 0 7 3 0 200 ffffc6800e7d3900 xcall/0 xcall 0 6 1 0 200 ffffc6800e7d34c0 softser/0 0 5 1 0 200 ffffc6800e7d3080 softclk/0 0 4 1 0 200 ffffc6800e7d18c0 softbio/0 0 3 1 0 200 ffffc6800e7d1480 softnet/0 0 2 1 0 201 ffffc6800e7d1040 idle/0 0 0 2 1 240 ffffffff82eecd40 swapper [Locks tracked through LWPs] ****** LWP 4480.5552 (syz-executor.2) @ 0xffffc680147f0200, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffc68012cf6cc0 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 3 relevant cpu : 0 last held: 1 relevant lwp : 0xffffc680147f0200 last held: 0xffffc680148b4bc0 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 owner/count : 0xffffc680148b4bc0 flags : 0x0000000000000007 Turnstile: => 0 waiting readers: => 3 waiting writers: 0xffffc68012cf0780 0xffffc68012a2f280 0xffffc680147f0200 ****** LWP 4480.9007 (syz-executor.2) @ 0xffffc68012a2f280, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffc68012cf6cc0 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 3 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc68012a2f280 last held: 0xffffc680148b4bc0 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 owner/count : 0xffffc680148b4bc0 flags : 0x0000000000000007 Turnstile: => 0 waiting readers: => 3 waiting writers: 0xffffc68012cf0780 0xffffc68012a2f280 0xffffc680147f0200 ****** LWP 4480.4384 (syz-executor.2) @ 0xffffc680138d3300, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffc680147c0c40 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc680138d3300 last held: 0xffffc68012cf0780 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 owner/count : 0xffffc68012cf0780 flags : 0x0000000000000007 Turnstile: => 0 waiting readers: => 1 waiting writers: 0xffffc680138d3300 ****** LWP 4480.4349 (syz-executor.2) @ 0xffffc68012cf0780, l_stat=3 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffc680147c0c40 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc68012cf0780 last held: 0xffffc68012cf0780 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 owner/count : 0xffffc68012cf0780 flags : 0x0000000000000007 Turnstile: => 0 waiting readers: => 1 waiting writers: 0xffffc680138d3300 *** Locks wanted: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffc68012cf6cc0 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 3 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc68012cf0780 last held: 0xffffc680148b4bc0 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 owner/count : 0xffffc680148b4bc0 flags : 0x0000000000000007 Turnstile: => 0 waiting readers: => 3 waiting writers: 0xffffc68012cf0780 0xffffc68012a2f280 0xffffc680147f0200 ****** LWP 4480.9531 (syz-executor.2) @ 0xffffc680148b4bc0, l_stat=7 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffc68012cf6cc0 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 3 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc680148b4bc0 last held: 0xffffc680148b4bc0 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 owner/count : 0xffffc680148b4bc0 flags : 0x0000000000000007 Turnstile: => 0 waiting readers: => 3 waiting writers: 0xffffc68012cf0780 0xffffc68012a2f280 0xffffc680147f0200 * Lock 1 (initialized at amap_ctor) lock address : 0xffffc6801471b5c0 type : sleep/adaptive initialized : 0xffffffff81824aab shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc680148b4bc0 last held: 0xffffc680148b4bc0 last locked* : 0xffffffff818495e1 unlocked : 0xffffffff81832ee6 owner/count : 0xffffc680148b4bc0 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 2232.2232 (syz-executor.0) @ 0xffffc68012d872c0, l_stat=2 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffc68014509e80 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc68012d872c0 last held: 0xffffc68012d872c0 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 owner/count : 0xffffc68012d872c0 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at vcache_alloc) lock address : 0xffffc680129ecf40 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc68012d872c0 last held: 0xffffc68012d872c0 last locked* : 0xffffffff81a85140 unlocked : 000000000000000000 owner/count : 0xffffc68012d872c0 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 1218.1218 (syz-executor.5) @ 0xffffc6801432e200, l_stat=7 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffc680142fec40 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffc6801432e200 last held: 0xffffc6801432e200 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at vcache_alloc) lock address : 0xffffc68012c84e80 type : sleep/adaptive initialized : 0xffffffff81a523a0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffc6801432e200 last held: 0xffffc6801432e200 last locked* : 0xffffffff81a85140 unlocked : 0xffffffff81a851a2 [ 453.1150774] Skipping crash dump on recursive panic [ 453.1150774] panic: ASan: Unauthorized Access In 0xffffffff818fe630: Addr 0xffffc68012c84e80 [8 bytes, read, PoolUseAfterFree] [ 453.1150774] cpu1: Begin traceback... [ 453.1150774] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 453.1150774] snprintf() at netbsd:snprintf [ 453.1150774] kasan_report() at netbsd:kasan_report+0x8c kasan_code_name sys/kern/subr_asan.c:163 [inline] [ 453.1150774] kasan_report() at netbsd:kasan_report+0x8c sys/kern/subr_asan.c:195 [ 453.1150774] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:345 [inline] [ 453.1150774] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:359 [inline] [ 453.1150774] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_check sys/kern/subr_asan.c:411 [inline] [ 453.1150774] __asan_load8() at netbsd:__asan_load8+0x27e sys/kern/subr_asan.c:1198 [ 453.1150774] rw_dump() at netbsd:rw_dump+0x20 sys/kern/kern_rwlock.c:186 [ 453.1150774] lockdebug_dump() at netbsd:lockdebug_dump+0x23b sys/kern/subr_lockdebug.c:759 [ 453.1150774] lockdebug_show_one() at netbsd:lockdebug_show_one+0xa7 sys/kern/subr_lockdebug.c:839 [ 453.1150774] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x274 lockdebug_show_all_locks_lwp sys/kern/subr_lockdebug.c:877 [inline] [ 453.1150774] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x274 sys/kern/subr_lockdebug.c:941 [ 453.1150774] db_command() at netbsd:db_command+0x310 sys/ddb/db_command.c:942 [ 453.1150774] db_command_loop() at netbsd:db_command_loop+0x293 db_execute_commandlist sys/ddb/db_command.c:439 [inline] [ 453.1150774] db_command_loop() at netbsd:db_command_loop+0x293 sys/ddb/db_command.c:589 [ 453.1150774] db_trap() at netbsd:db_trap+0x22c sys/ddb/db_trap.c:94 [ 453.1150774] kdb_trap() at netbsd:kdb_trap+0x25c sys/arch/amd64/amd64/db_interface.c:250 [ 453.1150774] trap() at netbsd:trap+0x819 sys/arch/amd64/amd64/trap.c:315 [ 453.1150774] --- trap (number 1) --- [ 453.1150774] breakpoint() at netbsd:breakpoint+0x5 [ 453.1150774] db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:67 [ 453.1150774] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 453.1150774] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 453.1150774] uvm_fault_unwire_locked() at netbsd:uvm_fault_unwire_locked+0x20f sys/uvm/uvm_fault.c:2694 [ 453.1150774] uvm_fault_unwire() at netbsd:uvm_fault_unwire+0x32 sys/uvm/uvm_fault.c:2650 [ 453.1150774] genfs_directio() at netbsd:genfs_directio+0xa0c genfs_do_directio sys/miscfs/genfs/genfs_io.c:1950 [inline] [ 453.1150774] genfs_directio() at netbsd:genfs_directio+0xa0c sys/miscfs/genfs/genfs_io.c:1815 [ 453.1150774] ffs_write() at netbsd:ffs_write+0x8ba sys/ufs/ufs/ufs_readwrite.c:354 [ 453.1150774] VOP_WRITE() at netbsd:VOP_WRITE+0x118 sys/kern/vnode_if.c:540 [ 453.1150774] vn_write() at netbsd:vn_write+0x25d sys/kern/vfs_vnops.c:612 [ 453.1150774] do_filewritev() at netbsd:do_filewritev+0x4b3 sys/kern/sys_generic.c:472 [ 453.1150774] sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] [ 453.1150774] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 [ 453.1150774] syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] [ 453.1150774] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 453.1150774] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 [ 453.1150774] --- syscall (number 198) --- [ 453.1150774] netbsd:syscall+0x259: [ 453.1150774] cpu1: End traceback... [ 453.1150774] fatal breakpoint trap in supervisor mode [ 453.1150774] trap type 1 code 0 rip 0xffffffff80220a1d cs 0x8 rflags 0x282 cr2 0x780ac1d3fff8 ilevel 0x8 rsp 0xffffc6819398ac50 [ 453.1150774] curlwp 0xffffc680148b4bc0 pid 4480.9531 lowest kstack 0xffffc681939842c0 Stopped in pid 4480.9531 (syz-executor.2) at netbsd:breakpoint+0x5: leave