[ 145.4258710] panic: kernel diagnostic assertion "powerof2(align)" failed: file "/syzkaller/managers/netbsd/kernel/sys/uvm/uvm_map.c", line 196 [ 145.4358759] cpu1: Begin traceback... [ 145.4559241] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 145.4960167] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 145.5361062] uvm_map_findspace() at netbsd:uvm_map_findspace+0x553 uvm_map_align_va sys/uvm/uvm_map.c:198 [inline] [ 145.5361062] uvm_map_findspace() at netbsd:uvm_map_findspace+0x553 sys/uvm/uvm_map.c:1908 [ 145.5761963] uvm_map_prepare() at netbsd:uvm_map_prepare+0x3b0 sys/uvm/uvm_map.c:1193 [ 145.6162858] uvm_map() at netbsd:uvm_map+0x11f sys/uvm/uvm_map.c:1099 [ 145.6563752] uvm_pagermapin() at netbsd:uvm_pagermapin+0x14f sys/uvm/uvm_pager.c:197 [ 145.6964650] genfs_gop_write() at netbsd:genfs_gop_write+0x48 sys/miscfs/genfs/genfs_io.c:1379 [ 145.7365575] genfs_do_putpages() at netbsd:genfs_do_putpages+0x1259 sys/miscfs/genfs/genfs_io.c:1255 [ 145.7766481] VOP_PUTPAGES() at netbsd:VOP_PUTPAGES+0x140 sys/kern/vnode_if.c:1632 [ 145.8167387] vflushbuf() at netbsd:vflushbuf+0x61 sys/kern/vfs_subr.c:295 [ 145.8468069] ffs_full_fsync() at netbsd:ffs_full_fsync+0x2c7 sys/ufs/ffs/ffs_vnops.c:525 [ 145.8868975] ffs_fsync() at netbsd:ffs_fsync+0x2cb sys/ufs/ffs/ffs_vnops.c:348 [ 145.9269884] VOP_FSYNC() at netbsd:VOP_FSYNC+0x162 sys/kern/vnode_if.c:818 [ 145.9670818] ffs_sync() at netbsd:ffs_sync+0x1ca sys/ufs/ffs/ffs_vfsops.c:1917 [ 145.9971473] VFS_SYNC() at netbsd:VFS_SYNC+0x71 sys/kern/vfs_subr.c:1404 [ 146.0372393] do_sys_sync() at netbsd:do_sys_sync+0x11f sys/kern/vfs_syscalls.c:663 [ 146.0773328] sys_sync() at netbsd:sys_sync+0x19 sys/kern/vfs_syscalls.c:681 [ 146.1174214] sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] [ 146.1174214] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 [ 146.1575105] syscall() at netbsd:syscall+0x431 sy_call sys/sys/syscallvar.h:65 [inline] [ 146.1575105] syscall() at netbsd:syscall+0x431 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 146.1575105] syscall() at netbsd:syscall+0x431 sys/arch/x86/x86/syscall.c:138 [ 146.1675330] --- syscall (number 198) --- [ 146.1875809] 7e58e2243b9a: [ 146.1976026] cpu1: End traceback... [ 146.1976026] fatal breakpoint trap in supervisor mode [ 146.1976026] trap type 1 code 0 rip 0xffffffff8021ccd5 cs 0x8 rflags 0x246 cr2 0x789eca3a3000 ilevel 0 rsp 0xffffa7817c08ed50 [ 146.2176486] curlwp 0xffffa78012223940 pid 2141.4 lowest kstack 0xffffa7817c0882c0 Stopped in pid 2141.4 (syz-executor.0) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xf9 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure uvm_map_findspace() at netbsd:uvm_map_findspace+0x553 uvm_map_align_va sys/uvm/uvm_map.c:198 [inline] uvm_map_findspace() at netbsd:uvm_map_findspace+0x553 sys/uvm/uvm_map.c:1908 uvm_map_prepare() at netbsd:uvm_map_prepare+0x3b0 sys/uvm/uvm_map.c:1193 uvm_map() at netbsd:uvm_map+0x11f sys/uvm/uvm_map.c:1099 uvm_pagermapin() at netbsd:uvm_pagermapin+0x14f sys/uvm/uvm_pager.c:197 genfs_gop_write() at netbsd:genfs_gop_write+0x48 sys/miscfs/genfs/genfs_io.c:1379 genfs_do_putpages() at netbsd:genfs_do_putpages+0x1259 sys/miscfs/genfs/genfs_io.c:1255 VOP_PUTPAGES() at netbsd:VOP_PUTPAGES+0x140 sys/kern/vnode_if.c:1632 vflushbuf() at netbsd:vflushbuf+0x61 sys/kern/vfs_subr.c:295 ffs_full_fsync() at netbsd:ffs_full_fsync+0x2c7 sys/ufs/ffs/ffs_vnops.c:525 ffs_fsync() at netbsd:ffs_fsync+0x2cb sys/ufs/ffs/ffs_vnops.c:348 VOP_FSYNC() at netbsd:VOP_FSYNC+0x162 sys/kern/vnode_if.c:818 ffs_sync() at netbsd:ffs_sync+0x1ca sys/ufs/ffs/ffs_vfsops.c:1917 VFS_SYNC() at netbsd:VFS_SYNC+0x71 sys/kern/vfs_subr.c:1404 do_sys_sync() at netbsd:do_sys_sync+0x11f sys/kern/vfs_syscalls.c:663 sys_sync() at netbsd:sys_sync+0x19 sys/kern/vfs_syscalls.c:681 sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 syscall() at netbsd:syscall+0x431 sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x431 sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x431 sys/arch/x86/x86/syscall.c:138 --- syscall (number 198) --- 7e58e2243b9a: ds 33cc es 33a8 fs ed30 gs ed80 rdi ffffa7800d92d458 rsi ffffa78012223c28 rbp ffffa7817c08ed50 rbx ffffa7816d892000 rdx 3ffff rcx ffffa7816f42c000 rax ffffa7800f681ec8 r8 4 r9 1ffffffff05537dc r10 ffffffff82a9bee3 db_onpanic+0x3 r11 10 r12 ffffa7816d8a4000 r13 ffffffff82142300 ulz_pager+0x160 r14 ffffa7817c08ede0 r15 ffffa7816d892058 rip ffffffff8021ccd5 breakpoint+0x5 cs 8 rflags 246 rsp ffffa7817c08ed50 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 2558 1 4 0 1000000 ffffa78013d212e0 syz-executor.2 2403 1 3 0 40080 ffffa780122b4a00 syz-executor.2 parked 2277 2 3 1 80 ffffa7801439e100 syz-executor.5 parked 2277 1 2 1 10040000 ffffa78012d5ebc0 syz-executor.5 2644 2 3 0 40004 ffffa78013d21b60 syz-executor.1 lwpwait 2644 1 2 1 140000 ffffa78013c9eb00 syz-executor.1 1377 4 2 0 0 ffffa78013e008e0 syz-executor.2 1377 3 2 0 0 ffffa780140381c0 syz-executor.2 1377 2 3 0 80 ffffa7801433f940 syz-executor.2 fiford 1377 1 2 0 10040000 ffffa7801419a6e0 syz-executor.2 2340 1 3 0 40080 ffffa7801433e4e0 syz-executor.3 parked 2310 3 3 0 80 ffffa7801435a960 syz-executor.3 parked 2310 2 3 0 80 ffffa780141e3b60 syz-executor.3 parked 2310 1 2 1 10040000 ffffa7801426dbc0 syz-executor.3 2141 > 4 7 1 40000 ffffa78012223940 syz-executor.0 2141 3 3 1 80 ffffa78014181b00 syz-executor.0 parked 2141 2 3 1 80 ffffa78013fb79e0 syz-executor.0 lockf 2141 1 2 1 10040000 ffffa780121c8bc0 syz-executor.0 2214 1 3 0 80 ffffa78012140720 syz-executor.3 parked 2126 1 3 1 80 ffffa78011ea55c0 syz-executor.5 parked 1097 1 3 1 80 ffffa78012304aa0 syz-executor.0 parked 1416 1 4 1 1000000 ffffa78012296140 syz-executor.1 992 1 3 0 80 ffffa7801433f500 syz-executor.1 parked 1039 4 4 0 1000000 ffffa78014003180 syz-executor.1 1039 3 4 0 1000000 ffffa7801433e920 syz-executor.1 1039 2 4 0 1000080 ffffa78011ea65e0 syz-executor.1 netio 1039 1 4 0 11000000 ffffa78013fb75a0 syz-executor.1 1607 1 3 0 80 ffffa780122969c0 syz-executor.2 parked 1618 1 3 1 80 ffffa7801431f4c0 syz-executor.0 parked 1141 1 3 0 80 ffffa780122c55e0 syz-executor.0 parked 1273 1 3 0 80 ffffa7801232e6c0 syz-executor.2 parked 1266 1 3 0 80 ffffa78012e03a20 syz-executor.5 parked 1255 1 3 1 80 ffffa78012d42320 syz-executor.5 parked 1046 1 3 0 80 ffffa780142f4060 syz-executor.0 parked 1040 1 3 1 80 ffffa780142db8c0 syz-executor.0 parked 1169 1 3 1 80 ffffa780142db480 syz-executor.5 parked 939 1 3 1 80 ffffa7801231fae0 syz-executor.3 parked 1770 1 3 1 80 ffffa78012200080 syz-executor.3 parked 1652 1 3 1 80 ffffa78014038a40 syz-executor.3 parked 576 1 3 0 80 ffffa780121402e0 syz-executor.0 parked 898 1 3 1 80 ffffa78013f5c9a0 syz-executor.0 parked 1456 1 3 0 80 ffffa78012d5e340 syz-executor.2 parked 1663 1 3 1 80 ffffa78013f4f540 syz-executor.4 parked 1684 1 3 0 80 ffffa780122a9160 syz-executor.2 parked 1390 1 3 0 80 ffffa78012284120 syz-executor.1 parked 1393 1 3 1 80 ffffa78012d23300 syz-executor.2 parked 991 1 3 1 80 ffffa780122b45c0 syz-executor.1 parked 1502 1 3 0 80 ffffa78012183760 syz-executor.2 parked 972 1 3 0 80 ffffa78012183ba0 syz-executor.2 parked 794 1 3 1 80 ffffa78012dc20e0 syz-executor.2 parked 971 1 3 1 80 ffffa78013e5d920 syz-executor.2 parked 701 1 3 1 80 ffffa7801419a2a0 syz-executor.2 parked 428 1 3 1 80 ffffa78012231520 syz-executor.2 parked 1510 1 3 1 80 ffffa78013de08c0 syz-executor.2 parked 1508 1 3 1 80 ffffa78013e86500 syz-executor.3 parked 1372 1 3 0 80 ffffa78012059b00 syz-executor.5 parked 290 1 3 1 80 ffffa78014158260 syz-executor.5 parked 1435 1 3 1 80 ffffa7801232eb00 syz-executor.5 parked 1309 1 3 0 80 ffffa78012daf0a0 syz-executor.0 parked 1113 1 3 1 80 ffffa78012dce980 syz-executor.0 parked 1367 1 3 0 80 ffffa78014103aa0 syz-executor.3 parked 1107 1 3 1 80 ffffa78013e860c0 syz-executor.1 parked 461 1 3 0 80 ffffa78012dce100 syz-executor.0 parked 1371 1 3 1 80 ffffa78012d6a480 syz-executor.1 parked 321 1 3 1 80 ffffa780140035c0 syz-executor.1 parked 1343 1 3 0 80 ffffa780140225e0 syz-executor.1 parked 764 1 3 1 80 ffffa78012183320 syz-executor.4 parked 632 1 3 0 80 ffffa78012daf920 syz-executor.1 parked 694 1 3 0 80 ffffa78014098200 syz-executor.4 parked 1395 1 3 0 80 ffffa78012dd7560 syz-executor.4 parked 1264 1 3 1 80 ffffa780140881e0 syz-executor.4 parked 367 1 3 1 80 ffffa78012125b40 syz-executor.5 parked 237 1 3 0 80 ffffa78013d0eb40 syz-executor.2 parked 232 1 3 0 80 ffffa780121d3040 syz-executor.2 parked 1317 1 3 1 80 ffffa78013f959c0 syz-executor.2 parked 970 1 3 0 80 ffffa78012296580 syz-executor.1 parked 840 1 3 0 80 ffffa78014038600 syz-executor.2 parked 1350 1 3 0 80 ffffa78014022a20 syz-executor.2 parked 580 1 3 0 80 ffffa78014003a00 syz-executor.5 parked 1203 1 3 0 80 ffffa78013d89320 syz-executor.5 parked 1194 1 3 0 80 ffffa78011ea45a0 syz-executor.5 parked 1214 1 3 0 80 ffffa78012dce540 syz-executor.5 parked 1047 1 3 1 80 ffffa78013d9cbc0 syz-executor.2 parked 1052 1 3 0 80 ffffa780122310e0 syz-executor.3 parked 450 1 3 1 80 ffffa780122134e0 syz-executor.4 parked 1054 1 3 0 80 ffffa78013f95580 syz-executor.4 parked 1038 1 3 0 80 ffffa78013f95140 syz-executor.4 parked 524 1 3 1 80 ffffa78013f5c560 syz-executor.4 parked 1076 1 3 0 80 ffffa78013f4f980 syz-executor.5 parked 778 1 3 0 80 ffffa78013d0e2c0 syz-executor.5 parked 945 1 3 1 80 ffffa78012e031a0 syz-executor.2 parked 787 1 3 0 80 ffffa78012db90c0 syz-executor.4 parked 786 1 3 1 80 ffffa780122f4200 syz-executor.4 parked 793 1 3 0 80 ffffa78012dc2520 syz-executor.0 parked 775 1 3 0 80 ffffa78013de0480 syz-executor.5 parked 335 1 3 0 80 ffffa78013e9f520 syz-executor.2 parked 942 1 3 1 80 ffffa78013e444c0 syz-executor.2 parked 630 1 3 1 80 ffffa7801231f6a0 syz-executor.3 parked 141 1 3 0 80 ffffa78013581200 syz-executor.3 parked 440 1 3 0 80 ffffa780123af720 syz-executor.4 parked 297 1 3 1 80 ffffa780122f4640 syz-executor.5 parked 643 1 3 0 80 ffffa780121252c0 syz-executor.0 parked 161 1 3 1 80 ffffa78012223500 syz-executor.0 parked 160 1 3 0 80 ffffa78013d4c300 syz-executor.0 parked 570 1 3 1 80 ffffa78013e44080 syz-executor.1 parked 469 1 3 1 80 ffffa78013d4c740 syz-executor.1 parked 523 1 3 0 80 ffffa78011ea49e0 syz-executor.3 parked 509 1 3 1 80 ffffa78012312ac0 syz-executor.1 parked 137 1 3 0 80 ffffa780122d5600 syz-executor.1 parked 98 1 3 0 80 ffffa78012284560 syz-executor.1 parked 470 1 2 0 0 ffffa78013c9e6c0 syz-executor.5 45 1 2 0 0 ffffa78013c9e280 syz-executor.4 562 1 2 0 0 ffffa78013c7bae0 syz-executor.3 569 1 2 0 0 ffffa78013c7b260 syz-executor.2 593 1 2 1 0 ffffa78013b38ac0 syz-executor.1 40 1 2 0 0 ffffa78013b38680 syz-executor.0 464 12 3 0 80 ffffa78013c7b6a0 syz-fuzzer parked 464 11 2 0 0 ffffa78013b38240 syz-fuzzer 464 10 3 0 80 ffffa78013ac5aa0 syz-fuzzer kqueue 464 9 3 1 80 ffffa78012d42760 syz-fuzzer parked 464 8 3 1 80 ffffa78013ac5220 syz-fuzzer parked 464 7 3 0 80 ffffa78012d8e900 syz-fuzzer parked 464 6 3 0 80 ffffa78012d8e4c0 syz-fuzzer parked 464 5 3 0 80 ffffa78012d8e080 syz-fuzzer parked 464 4 3 1 80 ffffa78012dea5a0 syz-fuzzer parked 464 3 3 1 80 ffffa78012e035e0 syz-fuzzer parked 464 2 3 0 80 ffffa78012e141c0 syz-fuzzer parked 464 1 3 0 80 ffffa78011ea61a0 syz-fuzzer parked 567 1 3 1 80 ffffa78011ea4160 sshd select 572 1 3 0 80 ffffa78012dea160 getty nanoslp 551 1 3 0 80 ffffa78012dd7120 getty nanoslp 571 1 3 0 80 ffffa78012de2580 getty nanoslp 491 1 3 1 80 ffffa78012df35c0 getty ttyraw 388 1 3 1 80 ffffa78013581640 cron nanoslp 543 1 3 0 80 ffffa78012d42ba0 inetd kqueue 437 1 3 0 80 ffffa78012343b20 sshd select 474 1 3 0 80 ffffa780122e61e0 powerd kqueue 175 1 3 1 80 ffffa78012d5e780 syslogd kqueue 280 1 3 1 80 ffffa780122e6620 dhcpcd kqueue 236 1 3 1 80 ffffa780122130a0 dhcpcd kqueue 1 1 3 1 80 ffffa7801200f240 init wait 0 58 3 1 204 ffffa7801200fac0 physiod physiod 0 57 3 0 204 ffffa780120586a0 pooldrain pooldrain 0 56 3 0 200 ffffa78012059280 aiodoned tstile 0 > 55 7 0 200 ffffa78012058ae0 ioflush 0 54 3 1 200 ffffa78012058260 pgdaemon pgdaemon 0 51 2 1 200 ffffa7801200f680 npfgc-0 0 50 3 0 204 ffffa78012001aa0 rt_free rt_free 0 49 3 0 204 ffffa78012001660 unpgc unpgc 0 48 3 1 204 ffffa78012001220 key_timehandler key_timehandler 0 47 3 1 204 ffffa78011ff6a80 icmp6_wqinput/1 icmp6_wqinput 0 46 3 0 204 ffffa78011ff6640 icmp6_wqinput/0 icmp6_wqinput 0 45 3 0 204 ffffa78011ff6200 nd6_timer nd6_timer 0 44 3 1 204 ffffa78011ecda60 carp6_wqinput/1 carp6_wqinput 0 43 3 0 204 ffffa78011ecd620 carp6_wqinput/0 carp6_wqinput 0 42 3 1 204 ffffa78011ecd1e0 carp_wqinput/1 carp_wqinput 0 41 3 0 204 ffffa78011ebaa40 carp_wqinput/0 carp_wqinput 0 40 3 1 204 ffffa78011eba600 icmp_wqinput/1 icmp_wqinput 0 39 3 0 204 ffffa78011eba1c0 icmp_wqinput/0 icmp_wqinput 0 38 3 0 204 ffffa78011ea6a20 rt_timer rt_timer 0 37 3 0 204 ffffa78011ea5a00 vmem_rehash vmem_rehash 0 27 3 0 204 ffffa7800f7ca580 scsibus0 sccomp 0 26 3 0 200 ffffa7800f7ca140 pms0 pmsreset 0 25 3 1 204 ffffa7800f73c9a0 xcall/1 xcall 0 24 1 1 200 ffffa7800f73c560 softser/1 0 23 1 1 200 ffffa7800f73c120 softclk/1 0 22 1 1 200 ffffa7800f738980 softbio/1 0 21 1 1 200 ffffa7800f738540 softnet/1 0 20 1 1 201 ffffa7800f738100 idle/1 0 19 3 1 204 ffffa7800f66e960 lnxpwrwq lnxpwrwq 0 18 3 1 204 ffffa7800f66e520 lnxlngwq lnxlngwq 0 17 3 1 204 ffffa7800f66e0e0 lnxsyswq lnxsyswq 0 16 3 1 204 ffffa7800de53940 lnxrcugc lnxrcugc 0 15 3 0 204 ffffa7800de53500 sysmon smtaskq 0 14 3 1 204 ffffa7800de530c0 pmfsuspend pmfsuspend 0 13 3 0 204 ffffa7800de43920 pmfevent pmfevent 0 12 3 0 204 ffffa7800de434e0 sopendfree sopendfr 0 11 3 1 204 ffffa7800de430a0 nfssilly nfssilly 0 10 2 1 200 ffffa7800de39900 cachegc 0 9 3 0 204 ffffa7800de394c0 vdrain vdrain 0 8 3 0 200 ffffa7800de39080 modunload mod_unld 0 7 3 0 204 ffffa7800de2b8e0 xcall/0 xcall 0 6 1 0 200 ffffa7800de2b4a0 softser/0 0 5 1 0 200 ffffa7800de2b060 softclk/0 0 4 1 0 200 ffffa7800de268c0 softbio/0 0 3 1 0 200 ffffa7800de26480 softnet/0 0 2 1 0 201 ffffa7800de26040 idle/0 0 1 3 1 200 ffffffff82b647e0 swapper uvm [Locks tracked through LWPs] Locks held by an LWP (syz-executor.1): Lock 0 (initialized at amap_alloc) lock address : 0xffffa780138a2c80 type : sleep/adaptive initialized : 0xffffffff810b9a71 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffa78012223940 last held: 0xffffa78013c9eb00 last locked* : 0xffffffff810c91c3 unlocked : 0xffffffff810c77fb owner field : 0xffffa78013c9eb00 wait/spin: 0/0 Turnstile chain at 0xffffffff82d7ffc0. => No active turnstile for this lock. Locks held by an LWP (syz-executor.3): Lock 0 (initialized at uvm_obj_init) lock address : 0xffffa78013cc0b40 type : sleep/adaptive initialized : 0xffffffff810e5f93 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffa78012223940 last held: 0xffffa7801426dbc0 last locked* : 0xffffffff810ca614 unlocked : 0xffffffff810c77dc owner field : 0xffffa7801426dbc0 wait/spin: 0/0 Turnstile chain at 0xffffffff82d80140. => No active turnstile for this lock. Locks held by an LWP (syz-executor.0): Lock 0 (initialized at vfs_mountalloc) lock address : 0xffffa78012050d58 type : sleep/adaptive initialized : 0xffffffff81280871 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffa78012223940 last held: 0xffffa78012223940 last locked* : 0xffffffff8128f659 unlocked : 0xffffffff8128f626 owner field : 0xffffa78012223940 wait/spin: 0/0 Turnstile chain at 0xffffffff82d80170. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffffa78013acb5e8 type : sleep/adaptive initialized : 0xffffffff8129e03e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffa78012223940 last held: 0xffffa78012223940 last locked* : 0xffffffff812cb645 unlocked : 0xffffffff812cb678 owner/count : 0xffffa78012223940 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d80290. => No active turnstile for this lock. Lock 2 (initialized at uvm_map_setup) lock address : 0xffffa7800d907050 type : sleep/adaptive initialized : 0xffffffff810da4fd shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 current cpu : 1 last held: 1 current lwp : 0xffffa78012223940 last held: 0xffffa78012223940 last locked* : 0xffffffff810d43ec unlocked : 0xffffffff810db665 owner/count : 0xffffa78012223940 flags : 0x0000000000000007 Turnstile chain at 0xffffffff82d7ff60. => Turnstile at 0xffffa78011ecc6c0 (wrq=0xffffa78011ecc6e0, rdq=0xffffa78011ecc6f0). => 0 waiting readers: => 1 waiting writers: 0xffffa78012059280 Locks held by an LWP (syz-executor.0): Lock 0 (initialized at uvm_map_setup) lock address : 0xffffa7801228ea38 type : sleep/adaptive initialized : 0xffffffff810da4fd shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffa78012223940 last held: 0xffffa780121c8bc0 last locked* : 0xffffffff810d4394 unlocked : 0xffffffff810cb4c3 owner/count : 0xffffa780121c8bc0 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d7ff30. => No active turnstile for this lock. Locks held by an LWP (syz-executor.4): Lock 0 (initialized at vcache_alloc) lock address : 0xffffa78013c75f58 type : sleep/adaptive initialized : 0xffffffff8129e03e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffa78012223940 last held: 0xffffa78013c9e280 last locked* : 0xffffffff812cb645 unlocked : 0xffffffff812cb678 owner/count : 0xffffa78013c9e280 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d80170. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffffa7801416b918 type : sleep/adaptive initialized : 0xffffffff8129e03e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffa78012223940 last held: 0xffffa78013c9e280 last locked* : 0xffffffff812cb645 unlocked : 0xffffffff812cb678 [ 146.2176486] Skipping crash dump on recursive panic [ 146.2176486] panic: ASan: Unauthorized Access In 0xffffffff81172db0: Addr 0xffffa7801416b918 [8 bytes, read, PoolUseAfterFree] [ 146.2176486] cpu1: Begin traceback... [ 146.2176486] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 146.2176486] snprintf() at netbsd:snprintf [ 146.2176486] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:172 [inline] [ 146.2176486] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:194 [ 146.2176486] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:344 [inline] [ 146.2176486] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:358 [inline] [ 146.2176486] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:410 [inline] [ 146.2176486] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1180 [ 146.2176486] rw_dump() at netbsd:rw_dump+0x20 sys/kern/kern_rwlock.c:176 [ 146.2176486] lockdebug_dump() at netbsd:lockdebug_dump+0x289 sys/kern/subr_lockdebug.c:777 [ 146.2176486] lockdebug_show_one() at netbsd:lockdebug_show_one+0xb9 sys/kern/subr_lockdebug.c:855 [ 146.2176486] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f lockdebug_show_all_locks_lwp sys/kern/subr_lockdebug.c:886 [inline] [ 146.2176486] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f sys/kern/subr_lockdebug.c:933 [ 146.2176486] db_command() at netbsd:db_command+0x2c0 sys/ddb/db_command.c:935 [ 146.2176486] db_command_loop() at netbsd:db_command_loop+0x26c db_execute_commandlist sys/ddb/db_command.c:432 [inline] [ 146.2176486] db_command_loop() at netbsd:db_command_loop+0x26c sys/ddb/db_command.c:582 [ 146.2176486] db_trap() at netbsd:db_trap+0x219 sys/ddb/db_trap.c:94 [ 146.2176486] kdb_trap() at netbsd:kdb_trap+0x1ce sys/arch/amd64/amd64/db_interface.c:246 [ 146.2176486] trap() at netbsd:trap+0x55f sys/arch/amd64/amd64/trap.c:313 [ 146.2176486] --- trap (number 1) --- [ 146.2176486] breakpoint() at netbsd:breakpoint+0x5 [ 146.2176486] db_panic() at netbsd:db_panic+0xf9 sys/ddb/db_panic.c:67 [ 146.2176486] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 146.2176486] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 146.2176486] uvm_map_findspace() at netbsd:uvm_map_findspace+0x553 uvm_map_align_va sys/uvm/uvm_map.c:198 [inline] [ 146.2176486] uvm_map_findspace() at netbsd:uvm_map_findspace+0x553 sys/uvm/uvm_map.c:1908 [ 146.2176486] uvm_map_prepare() at netbsd:uvm_map_prepare+0x3b0 sys/uvm/uvm_map.c:1193 [ 146.2176486] uvm_map() at netbsd:uvm_map+0x11f sys/uvm/uvm_map.c:1099 [ 146.2176486] uvm_pagermapin() at netbsd:uvm_pagermapin+0x14f sys/uvm/uvm_pager.c:197 [ 146.2176486] genfs_gop_write() at netbsd:genfs_gop_write+0x48 sys/miscfs/genfs/genfs_io.c:1379 [ 146.2176486] genfs_do_putpages() at netbsd:genfs_do_putpages+0x1259 sys/miscfs/genfs/genfs_io.c:1255 [ 146.2176486] VOP_PUTPAGES() at netbsd:VOP_PUTPAGES+0x140 sys/kern/vnode_if.c:1632 [ 146.2176486] vflushbuf() at netbsd:vflushbuf+0x61 sys/kern/vfs_subr.c:295 [ 146.2176486] ffs_full_fsync() at netbsd:ffs_full_fsync+0x2c7 sys/ufs/ffs/ffs_vnops.c:525 [ 146.2176486] ffs_fsync() at netbsd:ffs_fsync+0x2cb sys/ufs/ffs/ffs_vnops.c:348 [ 146.2176486] VOP_FSYNC() at netbsd:VOP_FSYNC+0x162 sys/kern/vnode_if.c:818 [ 146.2176486] ffs_sync() at netbsd:ffs_sync+0x1ca sys/ufs/ffs/ffs_vfsops.c:1917 [ 146.2176486] VFS_SYNC() at netbsd:VFS_SYNC+0x71 sys/kern/vfs_subr.c:1404 [ 146.2176486] do_sys_sync() at netbsd:do_sys_sync+0x11f sys/kern/vfs_syscalls.c:663 [ 146.2176486] sys_sync() at netbsd:sys_sync+0x19 sys/kern/vfs_syscalls.c:681 [ 146.2176486] sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] [ 146.2176486] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 [ 146.2176486] syscall() at netbsd:syscall+0x431 sy_call sys/sys/syscallvar.h:65 [inline] [ 146.2176486] syscall() at netbsd:syscall+0x431 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 146.2176486] syscall() at netbsd:syscall+0x431 sys/arch/x86/x86/syscall.c:138 [ 146.2176486] --- syscall (number 198) --- [ 146.2176486] 7e58e2243b9a: [ 146.2176486] cpu1: End traceback... [ 146.2176486] fatal breakpoint trap in supervisor mode [ 146.2176486] trap type 1 code 0 rip 0xffffffff8021ccd5 cs 0x8 rflags 0x246 cr2 0x789eca3a3000 ilevel 0x8 rsp 0xffffa7817c08e310 [ 146.2176486] curlwp 0xffffa78012223940 pid 2141.4 lowest kstack 0xffffa7817c0882c0 Stopped in pid 2141.4 (syz-executor.0) at netbsd:breakpoint+0x5: leave