[ 134.4547402] panic: LOCKDEBUG: Reader / writer lock error: rw_destroy,237: assertion failed: (rw->rw_owner & ~RW_NODEBUG) == 0 [ 134.4662401] cpu0: Begin traceback... [ 134.4813704] vpanic() at netbsd:vpanic+0x2f0 sys/kern/subr_prf.c:288 [ 134.5613708] panic() at netbsd:panic+0x49 sys/kern/subr_prf.c:1116 [ 134.6213694] lockdebug_abort1() at netbsd:lockdebug_abort1+0x191 lockdebug_abort1 sys/kern/subr_lockdebug.c:814 [inline] [ 134.6213694] lockdebug_abort1() at netbsd:lockdebug_abort1+0x191 sys/kern/subr_lockdebug.c:796 [ 134.6813711] rw_abort() at netbsd:rw_abort+0x43 sys/kern/kern_rwlock.c:199 [ 134.7313675] rw_destroy() at netbsd:rw_destroy+0xab sys/kern/kern_rwlock.c:237 [ 134.7913671] rw_obj_free() at netbsd:rw_obj_free+0x102 sys/kern/kern_rwlock_obj.c:127 [ 134.8413670] amap_copy() at netbsd:amap_copy+0x1a3 sys/uvm/uvm_amap.c:935 [ 134.8913666] uvm_fault_internal() at netbsd:uvm_fault_internal+0x41fa uvmfault_amapcopy sys/uvm/uvm_fault.c:239 [inline] [ 134.8913666] uvm_fault_internal() at netbsd:uvm_fault_internal+0x41fa uvm_fault_check sys/uvm/uvm_fault.c:1065 [inline] [ 134.8913666] uvm_fault_internal() at netbsd:uvm_fault_internal+0x41fa sys/uvm/uvm_fault.c:901 [ 134.9413667] trap() at netbsd:trap+0xa1b sys/arch/amd64/amd64/trap.c:519 [ 134.9513670] --- trap (number 6) --- [ 134.9513670] 70ccd3009891: [ 134.9633963] cpu0: End traceback... [ 134.9633963] fatal breakpoint trap in supervisor mode [ 134.9718812] trap type 1 code 0 rip 0xffffffff80235475 cs 0x8 rflags 0x246 cr2 0x70ccd32126a4 ilevel 0 rsp 0xffff85025591ba70 [ 134.9829453] curlwp 0xffffb87f4ee7e540 pid 4659.4659 lowest kstack 0xffff8502559172c0 Stopped in pid 4659.4659 (syz-executor.2) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:71 vpanic() at netbsd:vpanic+0x2f0 sys/kern/subr_prf.c:288 panic() at netbsd:panic+0x49 sys/kern/subr_prf.c:1116 lockdebug_abort1() at netbsd:lockdebug_abort1+0x191 lockdebug_abort1 sys/kern/subr_lockdebug.c:814 [inline] lockdebug_abort1() at netbsd:lockdebug_abort1+0x191 sys/kern/subr_lockdebug.c:796 rw_abort() at netbsd:rw_abort+0x43 sys/kern/kern_rwlock.c:199 rw_destroy() at netbsd:rw_destroy+0xab sys/kern/kern_rwlock.c:237 rw_obj_free() at netbsd:rw_obj_free+0x102 sys/kern/kern_rwlock_obj.c:127 amap_copy() at netbsd:amap_copy+0x1a3 sys/uvm/uvm_amap.c:935 uvm_fault_internal() at netbsd:uvm_fault_internal+0x41fa uvmfault_amapcopy sys/uvm/uvm_fault.c:239 [inline] uvm_fault_internal() at netbsd:uvm_fault_internal+0x41fa uvm_fault_check sys/uvm/uvm_fault.c:1065 [inline] uvm_fault_internal() at netbsd:uvm_fault_internal+0x41fa sys/uvm/uvm_fault.c:901 trap() at netbsd:trap+0xa1b sys/arch/amd64/amd64/trap.c:519 --- trap (number 6) --- 70ccd3009891: Panic string: LOCKDEBUG: Reader / writer lock error: rw_destroy,237: assertion failed: (rw->rw_owner & ~RW_NODEBUG) == 0 PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 4659 > 4659 7 0 0 ffffb87f4ee7e540 syz-executor.2 1983 4928 3 1 180 ffffb87f4911a040 syz-executor.4 parked 1983 4153 3 1 180 ffffb87f570e6200 syz-executor.4 parked 1983 1983 2 1 10000140 ffffb87f3a5aa8c0 syz-executor.4 5566 5566 2 1 140 ffffb87f447534c0 syz-executor.2 1937 1930 3 0 4000180 ffffb87f4f07e580 syz-executor.3 parked 1937 1951 3 0 180 ffffb87f4ee7e980 syz-executor.3 parked 1937 1950 3 1 180 ffffb87f477db280 syz-executor.3 parked 1937 1937 2 0 10000140 ffffb87f4ee7e100 syz-executor.3 2211 2211 2 1 1000100 ffffb87f3a126b80 syz-executor.5 1671 1671 2 0 140 ffffb87f45452740 syz-executor.3 3265 3265 3 1 180 ffffb87f57deaa00 syz-executor.0 parked 5046 5046 3 0 180 ffffb87f57a251c0 syz-executor.0 parked 1520 1520 2 1 140 ffffb87f45452b80 syz-executor.4 4527 4527 3 1 180 ffffb87f3ae2f0c0 syz-executor.1 parked 912 912 3 0 180 ffffb87f46294940 syz-executor.5 parked 1129 1129 3 1 180 ffffb87f4911a480 syz-executor.2 parked 1713 1713 3 1 180 ffffb87f3c14fa80 syz-executor.3 parked 2113 2113 3 1 180 ffffb87f3ad4a080 syz-executor.4 parked 3637 3768 3 1 11100000 ffffb87f462940c0 syz-executor.4 vfork 3637 3637 2 0 11000040 ffffb87f4911a8c0 syz-executor.4 2654 2654 3 1 180 ffffb87f4351bb40 syz-executor.1 parked 1626 1626 3 0 180 ffffb87f42415bc0 syz-executor.4 parked 1233 3656 3 0 180 ffffb87f46294500 syz-fuzzer wait 1233 1073 3 0 180 ffffb87f3ae2f500 syz-fuzzer parked 1233 1204 3 1 180 ffffb87f3ba27600 syz-fuzzer wait 1233 1235 3 1 180 ffffb87f3ad4a900 syz-fuzzer parked 1233 1202 3 1 180 ffffb87f3ba27a40 syz-fuzzer parked 1233 829 3 1 180 ffffb87f3ae2f940 syz-fuzzer wait 1233 1004 3 0 180 ffffb87f3ada4100 syz-fuzzer parked 1233 1067 3 1 180 ffffb87f3b95f180 syz-fuzzer parked 1233 1237 3 1 180 ffffb87f3b95f5c0 syz-fuzzer parked 1233 1120 3 1 180 ffffb87f3ae249c0 syz-fuzzer parked 1233 1225 2 0 0 ffffb87f3ae24140 syz-fuzzer 1233 1226 3 1 180 ffffb87f3a126300 syz-fuzzer wait 1233 1230 3 0 180 ffffb87f3a5aa480 syz-fuzzer parked 1233 1233 3 1 180 ffffb87f3a126740 syz-fuzzer parked 1229 1229 3 0 180 ffffb87f39a5b640 sshd select 1222 1222 3 0 180 ffffb87f3c14f640 getty nanoslp 1184 1184 3 1 180 ffffb87f3c14f200 getty nanoslp 1131 1131 3 1 180 ffffb87f39dec280 getty nanoslp 1084 1084 3 1 180 ffffb87f39dec6c0 getty ttyraw 951 951 3 0 180 ffffb87f3b95fa00 sshd select 1068 1068 3 0 180 ffffb87f3ba271c0 powerd kqueue 698 698 3 1 180 ffffb87f3ae24580 syslogd kqueue 745 745 3 0 180 ffffb87f39ec7b40 dhcpcd poll 746 746 3 1 180 ffffb87f3a3dc340 dhcpcd poll 743 743 3 1 180 ffffb87f3ada4980 dhcpcd poll 603 603 3 0 180 ffffb87f39ec7700 dhcpcd poll 292 292 3 0 180 ffffb87f3a3dcbc0 dhcpcd poll 485 485 3 1 180 ffffb87f3a3dc780 dhcpcd poll 291 291 3 1 180 ffffb87f39decb00 dhcpcd poll 1 1 3 0 180 ffffb87f3189c140 init wait 0 1602 5 0 200 ffffb87f4351b700 (zombie) 0 4789 3 1 200 ffffb87f42415780 ktrace ktrwait 0 588 3 0 200 ffffb87f4351b2c0 acctwatch actwat 0 1492 3 0 200 ffffb87f3ad4a4c0 swapiod swapiod 0 685 3 0 200 ffffb87f39a5ba80 physiod physiod 0 196 2 0 240 ffffb87f39a96680 ioflush 0 195 3 0 200 ffffb87f316ff740 pooldrain pooldrain 0 194 3 1 200 ffffb87f39a96240 pgdaemon pgdaemon 0 170 3 1 200 ffffb87f39a5b200 usb7 usbevt 0 169 3 1 200 ffffb87f369a6a40 usb6 usbevt 0 168 3 1 200 ffffb87f369a6600 usb5 usbevt 0 167 3 1 200 ffffb87f369a61c0 usb4 usbevt 0 166 3 1 200 ffffb87f33921a00 usb3 usbevt 0 165 3 1 200 ffffb87f339215c0 usb2 usbevt 0 31 3 0 200 ffffb87f33921180 usb1 usbevt 0 63 3 0 200 ffffb87f3189c9c0 usb0 usbevt 0 126 3 1 200 ffffb87f316ffb80 usbtask-dr usbtsk 0 125 3 1 200 ffffb87f317de340 usbtask-hc usbtsk 0 124 3 0 200 ffffb87f2fc95b00 swwreboot swwreboot 0 123 3 1 200 ffffb87f3189c580 npfgc0 npfgcw 0 122 3 1 200 ffffb87f31872980 rt_free rt_free 0 121 3 1 200 ffffb87f31872540 unpgc unpgc 0 120 2 0 200 ffffb87f31872100 key_timehandler 0 119 3 1 200 ffffb87f31845940 icmp6_wqinput/1 icmp6_wqinput 0 118 3 0 200 ffffb87f31845500 icmp6_wqinput/0 icmp6_wqinput 0 117 3 0 200 ffffb87f318450c0 nd6_timer nd6_timer 0 116 3 1 200 ffffb87f31840900 carp6_wqinput/1 carp6_wqinput 0 115 3 0 200 ffffb87f318404c0 carp6_wqinput/0 carp6_wqinput 0 114 3 1 200 ffffb87f31840080 carp_wqinput/1 carp_wqinput 0 113 3 0 200 ffffb87f3181b8c0 carp_wqinput/0 carp_wqinput 0 112 3 1 200 ffffb87f3181b480 icmp_wqinput/1 icmp_wqinput 0 111 3 0 200 ffffb87f3181b040 icmp_wqinput/0 icmp_wqinput 0 110 2 0 200 ffffb87f317debc0 rt_timer 0 109 3 1 200 ffffb87f317de780 vmem_rehash vmem_rehash 0 100 3 1 200 ffffb87f316ff300 entbutler entropy 0 99 3 1 200 ffffb87f3113eb40 viomb balloon 0 98 3 1 200 ffffb87f3113e700 vioif0_txrx/1 vioif0_txrx 0 97 3 0 200 ffffb87f3113e2c0 vioif0_txrx/0 vioif0_txrx 0 30 3 1 200 ffffb87f2fc956c0 scsibus0 sccomp 0 29 3 0 200 ffffb87f2fc95280 pms0 pmsreset 0 28 3 1 200 ffffb87f2fbb5ac0 xcall/1 xcall 0 27 1 1 200 ffffb87f2fbb5680 softser/1 0 26 1 1 200 ffffb87f2fbb5240 softclk/1 0 25 1 1 200 ffffb87f2fb98a80 softbio/1 0 24 1 1 200 ffffb87f2fb98640 softnet/1 0 23 1 1 201 ffffb87f2fb98200 idle/1 0 22 3 1 200 ffffb8805df33a40 lnxsyswq lnxsyswq 0 21 3 1 200 ffffb8805df33600 lnxubdwq lnxubdwq 0 20 3 1 200 ffffb8805df331c0 lnxpwrwq lnxpwrwq 0 19 3 1 200 ffffb8805df42a00 lnxlngwq lnxlngwq 0 18 3 1 200 ffffb8805df425c0 lnxhipwq lnxhipwq 0 17 3 1 200 ffffb8805df42180 lnxrcugc lnxrcugc 0 16 3 0 200 ffffb8805df599c0 sysmon smtaskq 0 15 3 1 200 ffffb8805df59580 pmfsuspend pmfsuspend 0 14 3 1 200 ffffb8805df59140 pmfevent pmfevent 0 13 3 0 200 ffffb8805df6c980 sopendfree sopendfr 0 12 3 0 200 ffffb8805df6c540 ifwdog ifwdog 0 11 3 0 200 ffffb8805df6c100 iflnkst iflnkst 0 10 3 1 200 ffffb8805ef97940 nfssilly nfssilly 0 9 3 1 200 ffffb8805ef97500 pooldisp pooldisp 0 8 3 1 200 ffffb8805ef970c0 modunload mod_unld 0 7 3 0 200 ffffb8805efc2900 xcall/0 xcall 0 6 1 0 200 ffffb8805efc24c0 softser/0 0 5 1 0 200 ffffb8805efc2080 softclk/0 0 4 1 0 200 ffffb8805efed8c0 softbio/0 0 3 1 0 200 ffffb8805efed480 softnet/0 0 2 1 0 201 ffffb8805efed040 idle/0 0 > 0 7 1 240 ffffffff86795cc0 swapper [Locks tracked through LWPs] ****** LWP 4659.4659 (syz-executor.2) @ 0xffffb87f4ee7e540, l_stat=7 *** Locks held: * Lock 0 (initialized at netbsd:uvmspace_alloc+0x335 uvm_map_setup sys/uvm/uvm_map.c:4786 [inline]) * Lock 0 (initialized at netbsd:uvmspace_alloc+0x335 uvmspace_init sys/uvm/uvm_map.c:4129 [inline]) * Lock 0 (initialized at netbsd:uvmspace_alloc+0x335 sys/uvm/uvm_map.c:4108) lock address : ffffb87f4614c908 type : sleep/adaptive initialized : netbsd:uvmspace_alloc+0x335 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb87f4ee7e540 last held: 0xffffb87f4ee7e540 last locked* : netbsd:vm_map_lock+0x146 unlocked : netbsd:uvm_fault_internal+0x38f0 owner/count : 0xffffb87f4ee7e540 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 1983.4153 (syz-executor.4) @ 0xffffb87f570e6200, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132) lock address : netbsd:module_hook type : sleep/adaptive initialized : netbsd:module_hook_init+0x1c shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffb87f570e6200 last held: 000000000000000000 last locked : 0 unlocked* : 0 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 1983.1983 (syz-executor.4) @ 0xffffb87f3a5aa8c0, l_stat=2 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:sched_cpuattach+0x299 sys/kern/kern_runq.c:147) lock address : ffffb8805dea3580 type : spin initialized : netbsd:sched_cpuattach+0x299 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 1 relevant lwp : 0xffffb87f3a5aa8c0 last held: 000000000000000000 last locked : netbsd:lwp_lock+0x7f unlocked* : netbsd:lwp_unpark+0x218 owner field : 0x0000000000000700 wait/spin: 0/1 ****** LWP 1937.1950 (syz-executor.3) @ 0xffffb87f477db280, l_stat=3 *** Locks held: * Lock 0 (initialized at netbsd:uvm_swap_init+0x40 sys/uvm/uvm_swap.c:278) lock address : netbsd:swap_syscall_lock type : sleep/adaptive initialized : netbsd:uvm_swap_init+0x40 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 0 relevant lwp : 0xffffb87f477db280 last held: 0xffffb87f477db280 last locked* : netbsd:sys_swapctl+0x80 unlocked : netbsd:sys_swapctl+0xf2 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at netbsd:vcache_alloc+0xbf sys/kern/vfs_vnode.c:1438) lock address : ffffb87f525dd980 type : sleep/adaptive initialized : netbsd:vcache_alloc+0xbf shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffb87f477db280 last held: 0xffffb87f477db280 last locked* : netbsd:genfs_lock+0x220 unlocked : netbsd:genfs_unlock+0x50 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. *** Locks wanted: * Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132) lock address : netbsd:module_hook type : sleep/adaptive initialized : netbsd:module_hook_init+0x1c shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffb87f477db280 last held: 000000000000000000 last locked : 0 unlocked* : 0 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 2211.2211 (syz-executor.5) @ 0xffffb87f3a126b80, l_stat=2 *** Locks held: * Lock 0 (initialized at netbsd:fork1+0x4c5 sys/kern/kern_fork.c:366) lock address : ffffb87f3ad834d0 type : sleep/adaptive initialized : netbsd:fork1+0x4c5 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffb87f3a126b80 last held: 0xffffb87f3a126b80 last locked* : netbsd:exit1+0x393 unlocked : netbsd:do_ptrace+0x88f owner/count : 0xffffb87f3a126b80 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at netbsd:uvm_obj_init+0xee sys/uvm/uvm_object.c:70) lock address : ffffb87f410f64c0 type : sleep/adaptive initialized : netbsd:uvm_obj_init+0xee shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffb87f3a126b80 last held: 0xffffb87f3a126b80 last locked* : netbsd:uao_detach+0x2c5 unlocked : netbsd:uvm_unmap_remove+0xbf3 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. *** Locks wante