[ 223.2565468] panic: LOCKDEBUG: Reader / writer lock error: rw_vector_enter,305: locking against myself [ 223.2665469] cpu1: Begin traceback... [ 223.3265512] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 223.4565547] snprintf() at netbsd:snprintf [ 223.5965596] lockdebug_more() at netbsd:lockdebug_more [ 223.7265516] lockdebug_wantlock() at netbsd:lockdebug_wantlock+0x34f sys/kern/subr_lockdebug.c:482 [ 223.8465520] rw_enter() at netbsd:rw_enter+0x796 sys/kern/kern_rwlock.c:305 [ 223.9765530] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvmfault_lookup sys/uvm/uvm_fault_i.h:128 [inline] [ 223.9765530] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvm_fault_check sys/uvm/uvm_fault.c:987 [inline] [ 223.9765530] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d sys/uvm/uvm_fault.c:897 [ 224.0965604] trap() at netbsd:trap+0xb3a sys/arch/amd64/amd64/trap.c:520 [ 224.1165575] --- trap (number 6) --- [ 224.2065552] _ustore_8() at netbsd:_ustore_8+0x21 [ 224.3365541] sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] [ 224.3365541] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 [ 224.4665535] syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] [ 224.4665535] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 224.4665535] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 [ 224.4865551] --- syscall (number 198) --- [ 224.5265592] netbsd:syscall+0x259: [ 224.5265592] cpu1: End traceback... [ 224.5365551] fatal breakpoint trap in supervisor mode [ 224.5365551] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x286 cr2 0x20000040 ilevel 0 rsp 0xffffb781a9c5d430 [ 224.5465517] curlwp 0xffffb78013ba49c0 pid 1874.1711 lowest kstack 0xffffb781a9c562c0 Stopped in pid 1874.1711 (syz-executor.4) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 snprintf() at netbsd:snprintf lockdebug_more() at netbsd:lockdebug_more lockdebug_wantlock() at netbsd:lockdebug_wantlock+0x34f sys/kern/subr_lockdebug.c:482 rw_enter() at netbsd:rw_enter+0x796 sys/kern/kern_rwlock.c:305 uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvmfault_lookup sys/uvm/uvm_fault_i.h:128 [inline] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvm_fault_check sys/uvm/uvm_fault.c:987 [inline] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d sys/uvm/uvm_fault.c:897 trap() at netbsd:trap+0xb3a sys/arch/amd64/amd64/trap.c:520 --- trap (number 6) --- _ustore_8() at netbsd:_ustore_8+0x21 sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 --- syscall (number 198) --- netbsd:syscall+0x259: Panic string: LOCKDEBUG: Reader / writer lock error: rw_vector_enter,305: locking against myself PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 1854 1854 2 0 0 ffffb78013b7a980 syz-executor.1 1710 1710 3 0 10040000 ffffb780153706c0 syz-executor.2 xclocv 1853 1853 3 1 40180 ffffb780147b1a00 syz-executor.3 parked 2001 2001 3 0 40180 ffffb78013b7a540 syz-executor.3 parked 1498 1844 5 0 100100 ffffb78013bdea40 syz-executor.0 1498 1498 3 0 10040000 ffffb780152b1680 syz-executor.0 xclocv 1874 1767 3 1 180 ffffb78014881940 syz-executor.4 parked 1874 1891 3 1 180 ffffb78013bc25c0 syz-executor.4 parked 1874 >1711 7 1 0 ffffb78013ba49c0 syz-executor.4 1874 1894 3 0 0 ffffb7801513d5c0 syz-executor.4 tstile 1874 1874 2 1 10040140 ffffb78013b7a100 syz-executor.4 1848 1765 2 1 40100 ffffb780154a7100 syz-executor.5 1848 1848 2 1 10040000 ffffb78015485500 syz-executor.5 840 840 3 0 180 ffffb7801488d980 syz-executor.3 parked 1718 1718 3 1 180 ffffb7801486f040 syz-executor.3 parked 1624 1722 3 1 1100000 ffffb78015485940 syz-executor.3 vfork 1624 833 3 0 1100000 ffffb78013a94480 syz-executor.3 vfork 1624 1624 3 0 11000000 ffffb780136ed340 syz-executor.3 lwpwait 1572 1572 3 0 180 ffffb78013c8e900 syz-executor.0 parked 1458 1458 3 0 180 ffffb78013dbc940 syz-executor.0 parked 1244 1244 3 1 180 ffffb78013dbc0c0 syz-executor.1 parked 1371 1371 3 1 180 ffffb78013cb4580 syz-executor.1 parked 1325 1325 3 0 180 ffffb780153ed900 syz-executor.4 parked 1328 1328 3 0 180 ffffb78013c9b0c0 syz-executor.4 parked 1222 1222 3 0 1c0 ffffb780152b1240 syz-executor.3 wait 1077 >1077 7 0 140 ffffb78015259a80 syz-executor.4 989 989 2 1 140 ffffb78015259640 syz-executor.5 1226 1226 2 0 40 ffffb7801523aa40 syz-executor.1 1191 1191 2 0 140 ffffb7801523a600 syz-executor.2 422 422 2 0 140 ffffb7801513da00 syz-executor.0 1103 1109 3 1 1c0 ffffb78015259200 syz-fuzzer parked 1103 1073 2 1 140 ffffb7801523a1c0 syz-fuzzer 1103 1219 3 0 180 ffffb78013bde1c0 syz-fuzzer parked 1103 1225 3 1 180 ffffb7801513d180 syz-fuzzer parked 1103 1221 3 1 1c0 ffffb78013c6bbc0 syz-fuzzer parked 1103 1220 3 0 180 ffffb78014863bc0 syz-fuzzer parked 1103 1084 3 0 180 ffffb780147fd6c0 syz-fuzzer parked 1103 1081 3 1 1c0 ffffb7801486f8c0 syz-fuzzer parked 1103 1052 3 1 180 ffffb7801486f480 syz-fuzzer parked 1103 1110 2 1 140 ffffb780139f72c0 syz-fuzzer 1103 1103 3 0 180 ffffb78013bde600 syz-fuzzer parked 1151 1151 3 0 180 ffffb78013bc2a00 sshd select 1102 1102 3 0 180 ffffb78013ab5900 getty nanoslp 1107 1107 3 1 180 ffffb78013ab54c0 getty nanoslp 1099 1099 3 0 180 ffffb78013b5a0c0 getty nanoslp 699 699 3 1 1c0 ffffb78013a4c340 getty ttyraw 951 951 3 1 180 ffffb78014815b40 sshd select 939 939 3 0 180 ffffb78013dbc500 powerd kqueue 872 872 3 0 180 ffffb780147fd280 syslogd kqueue 596 596 3 0 180 ffffb78013c808c0 dhcpcd poll 737 737 3 0 180 ffffb78013cb4140 dhcpcd poll 599 599 3 0 180 ffffb78013c80480 dhcpcd poll 589 589 3 1 180 ffffb78013c59740 dhcpcd poll 482 482 3 1 180 ffffb78013d82900 dhcpcd poll 288 288 3 1 180 ffffb78013d824c0 dhcpcd poll 351 351 3 0 180 ffffb78013d82080 dhcpcd poll 1 1 3 0 180 ffffb7801385b140 init wait 0 682 3 0 200 ffffb78013986240 physiod physiod 0 192 3 0 200 ffffb78013988280 pooldrain pooldrain 0 163 2 1 240 ffffb78013986ac0 ioflush 0 168 3 1 200 ffffb78013986680 pgdaemon pgdaemon 0 162 3 1 200 ffffb7801395a640 usb7 usbevt 0 161 3 1 200 ffffb7801395a200 usb6 usbevt 0 31 3 0 240 ffffb7801390ba40 usb5 usbxfer 0 63 3 1 200 ffffb7801390b600 usb4 usbevt 0 126 3 1 200 ffffb7801390b1c0 usb3 usbevt 0 125 3 0 200 ffffb780138b8a00 usb2 usbevt 0 124 3 1 200 ffffb780138b85c0 usb1 usbevt 0 123 3 1 200 ffffb780138b8180 usb0 usbevt 0 122 3 1 200 ffffb7801385b9c0 usbtask-dr usbtsk 0 121 3 0 200 ffffb78010dbaac0 usbtask-hc usbtsk 0 120 2 1 240 ffffb7801385b580 npfgc0 0 119 3 1 200 ffffb7801384c980 rt_free rt_free 0 118 3 1 200 ffffb7801384c540 unpgc unpgc 0 117 3 0 200 ffffb7801384c100 key_timehandler key_timehandler 0 116 3 1 200 ffffb7801371b940 icmp6_wqinput/1 icmp6_wqinput 0 115 3 0 200 ffffb7801371b500 icmp6_wqinput/0 icmp6_wqinput 0 114 3 0 200 ffffb7801371b0c0 nd6_timer nd6_timer 0 113 3 1 200 ffffb78013710900 carp6_wqinput/1 carp6_wqinput 0 112 3 0 200 ffffb780137104c0 carp6_wqinput/0 carp6_wqinput 0 111 3 1 200 ffffb78013710080 carp_wqinput/1 carp_wqinput 0 110 3 0 200 ffffb780136ff8c0 carp_wqinput/0 carp_wqinput 0 109 3 1 200 ffffb780136ff480 icmp_wqinput/1 icmp_wqinput 0 108 3 0 200 ffffb780136ff040 icmp_wqinput/0 icmp_wqinput 0 107 3 0 200 ffffb780136edbc0 rt_timer rt_timer 0 106 3 0 200 ffffb780136ed780 vmem_rehash vmem_rehash 0 105 3 1 200 ffffb780136ecb80 entbutler entropy 0 96 3 1 200 ffffb780130c0b00 viomb balloon 0 30 3 1 200 ffffb780130c06c0 vioif0_txrx/1 vioif0_txrx 0 29 3 0 200 ffffb780130c0280 vioif0_txrx/0 vioif0_txrx 0 27 3 0 200 ffffb78010dba680 scsibus0 sccomp 0 26 3 0 200 ffffb78010dba240 pms0 pmsreset 0 25 2 1 200 ffffb78010d0ea80 xcall/1 0 24 1 1 200 ffffb78010d0e640 softser/1 0 23 1 1 200 ffffb78010d0e200 softclk/1 0 22 1 1 200 ffffb78010d0ca40 softbio/1 0 21 1 1 200 ffffb78010d0c600 softnet/1 0 20 1 1 201 ffffb78010d0c1c0 idle/1 0 19 3 1 200 ffffb7800f77da00 lnxpwrwq lnxpwrwq 0 18 3 1 200 ffffb7800f77d5c0 lnxlngwq lnxlngwq 0 17 3 0 200 ffffb7800f77d180 lnxsyswq lnxsyswq 0 16 3 0 200 ffffb7800f7759c0 lnxrcugc lnxrcugc 0 15 3 0 200 ffffb7800f775580 sysmon smtaskq 0 14 3 1 200 ffffb7800f775140 pmfsuspend pmfsuspend 0 13 3 0 200 ffffb7800f771980 pmfevent pmfevent 0 12 3 0 200 ffffb7800f771540 sopendfree sopendfr 0 11 3 1 200 ffffb7800f771100 iflnkst iflnkst 0 10 3 0 200 ffffb7800f765940 nfssilly nfssilly 0 9 3 0 200 ffffb7800f765500 vdrain vdrain 0 8 3 1 200 ffffb7800f7650c0 modunload mod_unld 0 7 3 0 200 ffffb7800f758900 xcall/0 xcall 0 6 1 0 200 ffffb7800f7584c0 softser/0 0 5 1 0 200 ffffb7800f758080 softclk/0 0 4 1 0 200 ffffb7800f7568c0 softbio/0 0 3 1 0 200 ffffb7800f756480 softnet/0 0 2 1 0 201 ffffb7800f756040 idle/0 0 0 2 1 240 ffffffff82eee200 swapper [Locks tracked through LWPs] ****** LWP 1710.1710 (syz-executor.2) @ 0xffffb780153706c0, l_stat=3 *** Locks held: * Lock 0 (initialized at amap_ctor) lock address : 0xffffb7801514de80 type : sleep/adaptive initialized : 0xffffffff8182910b shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb780153706c0 last held: 0xffffb780153706c0 last locked* : 0xffffffff818398fd unlocked : 0xffffffff818374c6 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 1874.1894 (syz-executor.4) @ 0xffffb7801513d5c0, l_stat=3 *** Locks held: * Lock 0 (initialized at amap_ctor) lock address : 0xffffb780139b3400 type : sleep/adaptive initialized : 0xffffffff8182910b shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb7801513d5c0 last held: 0xffffb7801513d5c0 last locked* : 0xffffffff8182e5ed unlocked : 0xffffffff8184dc96 [ 224.5565516] Skipping crash dump on recursive panic [ 224.5565516] panic: ASan: Unauthorized Access In 0xffffffff81903dd0: Addr 0xffffb780139b3400 [8 bytes, read, PoolUseAfterFree] [ 224.5565516] cpu1: Begin traceback... [ 224.5565516] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 224.5565516] snprintf() at netbsd:snprintf [ 224.5565516] kasan_report() at netbsd:kasan_report+0x8c kasan_code_name sys/kern/subr_asan.c:163 [inline] [ 224.5565516] kasan_report() at netbsd:kasan_report+0x8c sys/kern/subr_asan.c:195 [ 224.5565516] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:345 [inline] [ 224.5565516] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:359 [inline] [ 224.5565516] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_check sys/kern/subr_asan.c:411 [inline] [ 224.5565516] __asan_load8() at netbsd:__asan_load8+0x27e sys/kern/subr_asan.c:1198 [ 224.5565516] rw_dump() at netbsd:rw_dump+0x20 sys/kern/kern_rwlock.c:186 [ 224.5565516] lockdebug_dump() at netbsd:lockdebug_dump+0x23b sys/kern/subr_lockdebug.c:759 [ 224.5565516] lockdebug_show_one() at netbsd:lockdebug_show_one+0xa7 sys/kern/subr_lockdebug.c:839 [ 224.5565516] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x274 lockdebug_show_all_locks_lwp sys/kern/subr_lockdebug.c:877 [inline] [ 224.5565516] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x274 sys/kern/subr_lockdebug.c:941 [ 224.5565516] db_command() at netbsd:db_command+0x310 sys/ddb/db_command.c:957 [ 224.5565516] db_command_loop() at netbsd:db_command_loop+0x293 db_execute_commandlist sys/ddb/db_command.c:454 [inline] [ 224.5565516] db_command_loop() at netbsd:db_command_loop+0x293 sys/ddb/db_command.c:604 [ 224.5565516] db_trap() at netbsd:db_trap+0x22c sys/ddb/db_trap.c:94 [ 224.5565516] kdb_trap() at netbsd:kdb_trap+0x25c sys/arch/amd64/amd64/db_interface.c:250 [ 224.5565516] trap() at netbsd:trap+0x819 sys/arch/amd64/amd64/trap.c:315 [ 224.5565516] --- trap (number 1) --- [ 224.5565516] breakpoint() at netbsd:breakpoint+0x5 [ 224.5565516] db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:67 [ 224.5565516] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 224.5565516] snprintf() at netbsd:snprintf [ 224.5565516] lockdebug_more() at netbsd:lockdebug_more [ 224.5565516] lockdebug_wantlock() at netbsd:lockdebug_wantlock+0x34f sys/kern/subr_lockdebug.c:482 [ 224.5565516] rw_enter() at netbsd:rw_enter+0x796 sys/kern/kern_rwlock.c:305 [ 224.5565516] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvmfault_lookup sys/uvm/uvm_fault_i.h:128 [inline] [ 224.5565516] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvm_fault_check sys/uvm/uvm_fault.c:987 [inline] [ 224.5565516] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d sys/uvm/uvm_fault.c:897 [ 224.5565516] trap() at netbsd:trap+0xb3a sys/arch/amd64/amd64/trap.c:520 [ 224.5565516] --- trap (number 6) --- [ 224.5565516] _ustore_8() at netbsd:_ustore_8+0x21 [ 224.5565516] sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] [ 224.5565516] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 [ 224.5565516] syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] [ 224.5565516] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 224.5565516] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 [ 224.5565516] --- syscall (number 198) --- [ 224.5565516] netbsd:syscall+0x259: [ 224.5565516] cpu1: End traceback... [ 224.5565516] fatal breakpoint trap in supervisor mode [ 224.5565516] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x286 cr2 0x20000040 ilevel 0x8 rsp 0xffffb781a9c5ca00 [ 224.5565516] curlwp 0xffffb78013ba49c0 pid 1874.1711 lowest kstack 0xffffb781a9c562c0 Stopped in pid 1874.1711 (syz-executor.4) at netbsd:breakpoint+0x5: leave