[ 222.8351426] panic: LOCKDEBUG: Mutex error: rw_vector_enter,309: spin lock held [ 222.8451430] cpu1: Begin traceback... [ 222.9051456] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 223.0351448] snprintf() at netbsd:snprintf [ 223.1651458] lockdebug_more() at netbsd:lockdebug_more [ 223.2951485] lockdebug_barrier() at netbsd:lockdebug_barrier+0x11d sys/kern/subr_lockdebug.c:650 [ 223.4151498] rw_enter() at netbsd:rw_enter+0x7ff sys/kern/kern_rwlock.c:309 [ 223.5351497] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvmfault_lookup sys/uvm/uvm_fault_i.h:128 [inline] [ 223.5351497] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvm_fault_check sys/uvm/uvm_fault.c:987 [inline] [ 223.5351497] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d sys/uvm/uvm_fault.c:897 [ 223.6451458] trap() at netbsd:trap+0xb3a sys/arch/amd64/amd64/trap.c:520 [ 223.6651449] --- trap (number 6) --- [ 223.7651457] __asan_load8() at netbsd:__asan_load8+0x62 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:357 [inline] [ 223.7651457] __asan_load8() at netbsd:__asan_load8+0x62 kasan_shadow_check sys/kern/subr_asan.c:411 [inline] [ 223.7651457] __asan_load8() at netbsd:__asan_load8+0x62 sys/kern/subr_asan.c:1198 [ 223.8851448] dosetitimer() at netbsd:dosetitimer+0x612 sys/kern/kern_time.c:1649 [ 224.0151510] sys___setitimer50() at netbsd:sys___setitimer50+0x178 sys/kern/kern_time.c:1591 [ 224.1351491] sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] [ 224.1351491] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 [ 224.2551493] syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] [ 224.2551493] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 224.2551493] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 [ 224.2851439] --- syscall (number 198) --- [ 224.3151487] netbsd:syscall+0x259: [ 224.3251429] cpu1: End traceback... [ 224.3251429] fatal breakpoint trap in supervisor mode [ 224.3251429] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x286 cr2 0xffff900000000028 ilevel 0x8 rsp 0xffffb701a9c8b340 [ 224.3451420] curlwp 0xffffb700153f88c0 pid 2147.1967 lowest kstack 0xffffb701a9c842c0 Stopped in pid 2147.1967 (syz-executor.3) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 snprintf() at netbsd:snprintf lockdebug_more() at netbsd:lockdebug_more lockdebug_barrier() at netbsd:lockdebug_barrier+0x11d sys/kern/subr_lockdebug.c:650 rw_enter() at netbsd:rw_enter+0x7ff sys/kern/kern_rwlock.c:309 uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvmfault_lookup sys/uvm/uvm_fault_i.h:128 [inline] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvm_fault_check sys/uvm/uvm_fault.c:987 [inline] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d sys/uvm/uvm_fault.c:897 trap() at netbsd:trap+0xb3a sys/arch/amd64/amd64/trap.c:520 --- trap (number 6) --- __asan_load8() at netbsd:__asan_load8+0x62 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:357 [inline] __asan_load8() at netbsd:__asan_load8+0x62 kasan_shadow_check sys/kern/subr_asan.c:411 [inline] __asan_load8() at netbsd:__asan_load8+0x62 sys/kern/subr_asan.c:1198 dosetitimer() at netbsd:dosetitimer+0x612 sys/kern/kern_time.c:1649 sys___setitimer50() at netbsd:sys___setitimer50+0x178 sys/kern/kern_time.c:1591 sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 --- syscall (number 198) --- netbsd:syscall+0x259: Panic string: LOCKDEBUG: Mutex error: rw_vector_enter,309: spin lock held PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 2147 >1967 7 1 100 ffffb700153f88c0 syz-executor.3 2147 2147 2 1 10000000 ffffb70013cd7600 syz-executor.3 1224 1224 3 1 40180 ffffb70013d0f2c0 syz-executor.1 parked 1709 1874 3 0 180 ffffb70014784580 syz-executor.1 parked 1709 1089 2 1 40000 ffffb70013ce4a80 syz-executor.1 1709 1100 3 0 180 ffffb70013c92900 syz-executor.1 parked 1709 1709 2 0 10040000 ffffb700153f3bc0 syz-executor.1 1498 1720 2 1 1100000 ffffb70013cc3180 syz-executor.0 1498 1498 3 0 11000000 ffffb70015398b40 syz-executor.0 lwpwait 1585 1585 3 1 180 ffffb7001487e500 syz-executor.4 parked 1636 1636 3 1 180 ffffb70013cfe6c0 syz-executor.3 parked 1605 1605 3 0 180 ffffb70013dba940 syz-executor.4 parked 1604 1604 3 0 180 ffffb700147d4a80 syz-executor.4 parked 1365 1365 3 1 180 ffffb70013cc3a00 syz-executor.2 parked 1367 1367 3 1 180 ffffb70013988b00 syz-executor.2 parked 1099 1099 3 0 1c0 ffffb70015328240 syz-executor.5 pipe_rd 1225 1225 3 0 1c0 ffffb70015272640 syz-executor.4 pipe_rd 1076 1076 2 0 140 ffffb70015243a40 syz-executor.3 1065 1065 3 0 1c0 ffffb70015243600 syz-executor.2 pipe_rd 956 956 2 0 140 ffffb700152431c0 syz-executor.1 422 422 3 1 1c0 ffffb70015140a00 syz-executor.0 wait 1110 988 2 1 100 ffffb70015272200 syz-fuzzer 1110 1191 3 1 180 ffffb70013be71c0 syz-fuzzer parked 1110 1222 2 1 100 ffffb70015140180 syz-fuzzer 1110 1219 3 1 180 ffffb7001486c8c0 syz-fuzzer parked 1110 1218 3 1 180 ffffb7001486c480 syz-fuzzer parked 1110 1104 3 1 180 ffffb7001486c040 syz-fuzzer parked 1110 1151 3 1 180 ffffb70013c6dbc0 syz-fuzzer parked 1110 924 3 0 1c0 ffffb70013a4c780 syz-fuzzer parked 1110 >1082 7 0 140 ffffb70013a4c340 syz-fuzzer 1110 1110 2 1 100 ffffb70013bcb5c0 syz-fuzzer 1254 1254 3 1 180 ffffb70013bcba00 sshd select 947 947 3 1 180 ffffb7001487e940 getty nanoslp 1102 1102 3 1 180 ffffb700147e5240 getty nanoslp 1125 1125 3 1 180 ffffb70013ab44c0 getty nanoslp 699 699 3 0 1c0 ffffb70013b600c0 getty ttyraw 1060 1060 3 1 180 ffffb700147fa280 sshd select 942 942 3 0 180 ffffb70014727540 powerd kqueue 690 690 3 1 180 ffffb700147e5ac0 syslogd kqueue 600 600 3 0 180 ffffb70013c4a700 dhcpcd poll 596 596 3 0 180 ffffb70013cb8580 dhcpcd poll 737 737 3 1 180 ffffb70013c5c740 dhcpcd poll 586 586 3 0 180 ffffb70013c5cb80 dhcpcd poll 482 482 3 0 180 ffffb70013d82900 dhcpcd poll 288 288 3 1 180 ffffb70013d824c0 dhcpcd poll 351 351 3 1 180 ffffb70013d82080 dhcpcd poll 1 1 3 1 180 ffffb7001385a140 init wait 0 682 3 0 200 ffffb70013986240 physiod physiod 0 192 3 0 200 ffffb70013988280 pooldrain pooldrain 0 163 3 1 200 ffffb70013986ac0 ioflush syncer 0 168 3 1 200 ffffb70013986680 pgdaemon pgdaemon 0 162 3 1 200 ffffb7001395a640 usb7 usbevt 0 161 3 1 200 ffffb7001395a200 usb6 usbevt 0 31 3 1 200 ffffb7001390ba40 usb5 usbevt 0 63 3 1 200 ffffb7001390b600 usb4 usbevt 0 126 3 1 200 ffffb7001390b1c0 usb3 usbevt 0 125 3 1 200 ffffb700138b8a00 usb2 usbevt 0 124 3 0 200 ffffb700138b85c0 usb1 usbevt 0 123 3 1 200 ffffb700138b8180 usb0 usbevt 0 122 3 0 200 ffffb7001385a9c0 usbtask-dr usbtsk 0 121 3 0 200 ffffb70010dbaac0 usbtask-hc usbtsk 0 120 3 1 200 ffffb7001385a580 npfgc0 npfgcw 0 119 3 1 200 ffffb7001384b980 rt_free rt_free 0 118 3 0 200 ffffb7001384b540 unpgc unpgc 0 117 3 0 200 ffffb7001384b100 key_timehandler key_timehandler 0 116 3 1 200 ffffb7001371b940 icmp6_wqinput/1 icmp6_wqinput 0 115 3 0 200 ffffb7001371b500 icmp6_wqinput/0 icmp6_wqinput 0 114 3 0 200 ffffb7001371b0c0 nd6_timer nd6_timer 0 113 3 1 200 ffffb70013710900 carp6_wqinput/1 carp6_wqinput 0 112 3 0 200 ffffb700137104c0 carp6_wqinput/0 carp6_wqinput 0 111 3 1 200 ffffb70013710080 carp_wqinput/1 carp_wqinput 0 110 3 0 200 ffffb700136ff8c0 carp_wqinput/0 carp_wqinput 0 109 3 1 200 ffffb700136ff480 icmp_wqinput/1 icmp_wqinput 0 108 3 0 200 ffffb700136ff040 icmp_wqinput/0 icmp_wqinput 0 107 3 1 200 ffffb700136edbc0 rt_timer rt_timer 0 106 3 0 200 ffffb700136ed780 vmem_rehash vmem_rehash 0 105 3 1 200 ffffb700136ecb80 entbutler entropy 0 96 3 1 200 ffffb700130c0b00 viomb balloon 0 30 3 1 200 ffffb700130c06c0 vioif0_txrx/1 vioif0_txrx 0 29 3 0 200 ffffb700130c0280 vioif0_txrx/0 vioif0_txrx 0 27 3 0 200 ffffb70010dba680 scsibus0 sccomp 0 26 3 0 200 ffffb70010dba240 pms0 pmsreset 0 25 3 1 200 ffffb70010d0ea80 xcall/1 xcall 0 24 1 1 200 ffffb70010d0e640 softser/1 0 23 1 1 200 ffffb70010d0e200 softclk/1 0 22 1 1 200 ffffb70010d0ca40 softbio/1 0 21 1 1 200 ffffb70010d0c600 softnet/1 0 20 1 1 201 ffffb70010d0c1c0 idle/1 0 19 3 0 200 ffffb7000f77da00 lnxpwrwq lnxpwrwq 0 18 3 0 200 ffffb7000f77d5c0 lnxlngwq lnxlngwq 0 17 3 0 200 ffffb7000f77d180 lnxsyswq lnxsyswq 0 16 3 0 200 ffffb7000f7759c0 lnxrcugc lnxrcugc 0 15 3 0 200 ffffb7000f775580 sysmon smtaskq 0 14 3 0 200 ffffb7000f775140 pmfsuspend pmfsuspend 0 13 3 0 200 ffffb7000f771980 pmfevent pmfevent 0 12 3 0 200 ffffb7000f771540 sopendfree sopendfr 0 11 3 0 200 ffffb7000f771100 iflnkst iflnkst 0 10 3 0 200 ffffb7000f765940 nfssilly nfssilly 0 9 3 0 200 ffffb7000f765500 vdrain vdrain 0 8 3 0 200 ffffb7000f7650c0 modunload mod_unld 0 7 3 0 200 ffffb7000f758900 xcall/0 xcall 0 6 1 0 200 ffffb7000f7584c0 softser/0 0 5 1 0 200 ffffb7000f758080 softclk/0 0 4 1 0 40200 ffffb7000f7568c0 softbio/0 0 3 1 0 200 ffffb7000f756480 softnet/0 0 2 1 0 201 ffffb7000f756040 idle/0 0 0 3 1 200 ffffffff82eee300 swapper uvm [Locks tracked through LWPs] ****** LWP 2147.1967 (syz-executor.3) @ 0xffffb700153f88c0, l_stat=7 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at uvm_map_setup) lock address : 0xffffb70013cfb8b8 type : sleep/adaptive initialized : 0xffffffff8184e942 shared holds : 0 exclusive: 0 shares wanted: 1 exclusive: 0 relevant cpu : 1 last held: 65535 relevant lwp : 0xffffb700153f88c0 last held: 000000000000000000 last locked : 0xffffffff8183a34c unlocked*: 0xffffffff81839330 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. ****** LWP 1709.1089 (syz-executor.1) @ 0xffffb70013ce4a80, l_stat=2 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffb700139772c0 type : sleep/adaptive initialized : 0xffffffff81a599b0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffb70013ce4a80 last held: 0xffffb70013ce4a80 last locked* : 0xffffffff81a8c780 unlocked : 0xffffffff81a8c7e2 owner/count : 0xffffb70013ce4a80 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffb70013977a40 type : sleep/adaptive initialized : 0xffffffff81a599b0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 0 relevant lwp : 0xffffb70013ce4a80 last held: 0xffffb70013c92900 last locked* : 0xffffffff81a8c780 unlocked : 0xffffffff81a8c7e2 owner/count : 000000000000000000 flags : 0x0000000000000002 Turnstile: no active turnstile for this lock. ****** LWP 1709.1100 (syz-executor.1) @ 0xffffb70013c92900, l_stat=3 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffb70013977a40 type : sleep/adaptive initialized : 0xffffffff81a599b0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb70013c92900 last held: 0xffffb70013c92900 last locked* : 0xffffffff81a8c780 unlocked : 0xffffffff81a8c7e2 owner/count : 000000000000000000 flags : 0x0000000000000002 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 1498.1720 (syz-executor.0) @ 0xffffb70013cc3180, l_stat=2 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffb700154b2a00 type : sleep/adaptive initialized : 0xffffffff81a599b0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffb70013cc3180 last held: 0xffffb70013cc3180 last locked* : 0xffffffff81a8c780 unlocked : 0xffffffff81a8c7e2 owner/count : 0xffffb70013cc3180 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at genfs_node_init) lock address : 0xffffb700154b1a20 type : sleep/adaptive initialized : 0xffffffff81a8c94c shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffb70013cc3180 last held: 0xffffb70013cc3180 last locked* : 0xffffffff8178d850 unlocked : 0xffffffff81a81a44 owner/count : 0xffffb70013cc3180 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 1225.1225 (syz-executor.4) @ 0xffffb70015272640, l_stat=3 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xffffb7001397a200 type : sleep/adaptive initialized : 0xffffffff81a599b0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb70015272640 last held: 0xffffb70015272640 last locked* : 0xffffffff81a8c780 unlocked : 0xffffffff81a8c7e2 [ 224.3451420] Skipping crash dump on recursive panic [ 224.3451420] panic: ASan: Unauthorized Access In 0xffffffff81904d50: Addr 0xffffb7001397a200 [8 bytes, read, PoolUseAfterFree] [ 224.3451420] cpu1: Begin traceback... [ 224.3451420] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 224.3451420] snprintf() at netbsd:snprintf [ 224.3451420] kasan_report() at netbsd:kasan_report+0x8c kasan_code_name sys/kern/subr_asan.c:163 [inline] [ 224.3451420] kasan_report() at netbsd:kasan_report+0x8c sys/kern/subr_asan.c:195 [ 224.3451420] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:345 [inline] [ 224.3451420] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:359 [inline] [ 224.3451420] __asan_load8() at netbsd:__asan_load8+0x27e kasan_shadow_check sys/kern/subr_asan.c:411 [inline] [ 224.3451420] __asan_load8() at netbsd:__asan_load8+0x27e sys/kern/subr_asan.c:1198 [ 224.3451420] rw_dump() at netbsd:rw_dump+0x20 sys/kern/kern_rwlock.c:186 [ 224.3451420] lockdebug_dump() at netbsd:lockdebug_dump+0x23b sys/kern/subr_lockdebug.c:759 [ 224.3451420] lockdebug_show_one() at netbsd:lockdebug_show_one+0xa7 sys/kern/subr_lockdebug.c:839 [ 224.3451420] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x274 lockdebug_show_all_locks_lwp sys/kern/subr_lockdebug.c:877 [inline] [ 224.3451420] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x274 sys/kern/subr_lockdebug.c:941 [ 224.3451420] db_command() at netbsd:db_command+0x310 sys/ddb/db_command.c:957 [ 224.3451420] db_command_loop() at netbsd:db_command_loop+0x293 db_execute_commandlist sys/ddb/db_command.c:454 [inline] [ 224.3451420] db_command_loop() at netbsd:db_command_loop+0x293 sys/ddb/db_command.c:604 [ 224.3451420] db_trap() at netbsd:db_trap+0x22c sys/ddb/db_trap.c:94 [ 224.3451420] kdb_trap() at netbsd:kdb_trap+0x25c sys/arch/amd64/amd64/db_interface.c:250 [ 224.3451420] trap() at netbsd:trap+0x819 sys/arch/amd64/amd64/trap.c:315 [ 224.3451420] --- trap (number 1) --- [ 224.3451420] breakpoint() at netbsd:breakpoint+0x5 [ 224.3451420] db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:67 [ 224.3451420] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290 [ 224.3451420] snprintf() at netbsd:snprintf [ 224.3451420] lockdebug_more() at netbsd:lockdebug_more [ 224.3451420] lockdebug_barrier() at netbsd:lockdebug_barrier+0x11d sys/kern/subr_lockdebug.c:650 [ 224.3451420] rw_enter() at netbsd:rw_enter+0x7ff sys/kern/kern_rwlock.c:309 [ 224.3451420] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvmfault_lookup sys/uvm/uvm_fault_i.h:128 [inline] [ 224.3451420] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d uvm_fault_check sys/uvm/uvm_fault.c:987 [inline] [ 224.3451420] uvm_fault_internal() at netbsd:uvm_fault_internal+0x34d sys/uvm/uvm_fault.c:897 [ 224.3451420] trap() at netbsd:trap+0xb3a sys/arch/amd64/amd64/trap.c:520 [ 224.3451420] --- trap (number 6) --- [ 224.3451420] __asan_load8() at netbsd:__asan_load8+0x62 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:357 [inline] [ 224.3451420] __asan_load8() at netbsd:__asan_load8+0x62 kasan_shadow_check sys/kern/subr_asan.c:411 [inline] [ 224.3451420] __asan_load8() at netbsd:__asan_load8+0x62 sys/kern/subr_asan.c:1198 [ 224.3451420] dosetitimer() at netbsd:dosetitimer+0x612 sys/kern/kern_time.c:1649 [ 224.3451420] sys___setitimer50() at netbsd:sys___setitimer50+0x178 sys/kern/kern_time.c:1591 [ 224.3451420] sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline] [ 224.3451420] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77 [ 224.3451420] syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline] [ 224.3451420] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 224.3451420] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138 [ 224.3451420] --- syscall (number 198) --- [ 224.3451420] netbsd:syscall+0x259: [ 224.3451420] cpu1: End traceback... [ 224.3451420] fatal breakpoint trap in supervisor mode [ 224.3451420] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x282 cr2 0xffff900000000028 ilevel 0x8 rsp 0xffffb701a9c8a910 [ 224.3451420] curlwp 0xffffb700153f88c0 pid 2147.1967 lowest kstack 0xffffb701a9c842c0 Stopped in pid 2147.1967 (syz-executor.3) at netbsd:breakpoint+0x5: leave