[ 547.5457056] fatal page fault in supervisor mode [ 547.5457056] trap type 6 code 0x2 rip 0xffffffff81babeae cs 0x8 rflags 0x10282 cr2 0xffff89d051c00000 ilevel 0 rsp 0xffffce8248abab30 [ 547.5556792] curlwp 0xffffce8012bc15c0 pid 15940.14376 lowest kstack 0xffffce8248ab32c0 kernel: page fault trap, code=0 Stopped in pid 15940.14376 (syz-executor.2) at netbsd:kasan_mark+0x71: movb $0,0(%rcx) ? kasan_mark() at netbsd:kasan_mark+0x71 sys/kern/subr_asan.c:284 kern_free() at netbsd:kern_free+0x39 sys/kern/kern_malloc.c:162 netexport_clear() at netbsd:netexport_clear+0x231 setpublicfs sys/nfs/nfs_export.c:748 [inline] netexport_clear() at netbsd:netexport_clear+0x231 sys/nfs/nfs_export.c:673 netexport_unmount() at netbsd:netexport_unmount+0x7d netexport_remove sys/nfs/nfs_export.c:340 [inline] netexport_unmount() at netbsd:netexport_unmount+0x7d sys/nfs/nfs_export.c:191 vfs_hooks_unmount() at netbsd:vfs_hooks_unmount+0x51 sys/kern/vfs_hooks.c:137 dounmount() at netbsd:dounmount+0x20d vfs_set_lowermount sys/kern/vfs_mount.c:429 [inline] dounmount() at netbsd:dounmount+0x20d vfs_set_lowermount sys/kern/vfs_mount.c:401 [inline] dounmount() at netbsd:dounmount+0x20d sys/kern/vfs_mount.c:1015 sys_unmount() at netbsd:sys_unmount+0x297 sys/kern/vfs_syscalls.c:701 sys___syscall() at netbsd:sys___syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0x10e sys/kern/sys_syscall.c:90 syscall() at netbsd:syscall+0x35c sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x35c sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x35c sys/arch/x86/x86/syscall.c:137 --- syscall (number 22 via SYS_syscall) --- netbsd:syscall+0x35c: Panic string: (null) PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 16774>16774 7 0 0 ffffce801349a180 syz-executor.3 16635 16635 2 0 40000 ffffce80146f7300 ifconfig 14077 15356 3 0 180 ffffce80133589c0 syz-executor.0 parked 14077 15759 3 0 180 ffffce8012c17ac0 syz-executor.0 parked 14077 14077 2 0 10040000 ffffce8012c83780 syz-executor.0 14441 14441 3 1 180 ffffce8014301a80 syz-executor.1 wait 15940>14376 7 1 1140000 ffffce8012bc15c0 syz-executor.2 15940 15940 3 0 11000000 ffffce8014be96c0 syz-executor.2 lwpwait 15514 15514 3 0 40 ffffce8012a20740 syz-executor.0 mutex 16114 16114 3 0 180 ffffce8012a72040 init nanoslp 15340 15340 3 1 1c0 ffffce8013f62300 syz-executor.2 wait 11988 11988 3 1 180 ffffce8012d25300 syz-executor.1 parked 10726 10726 3 0 180 ffffce8013391600 syz-executor.1 parked 13126 13126 3 1 180 ffffce8013f002c0 syz-executor.5 parked 11479 6108 3 1 11100000 ffffce8012cd7a00 syz-executor.5 vfork 11479 11479 3 0 11000000 ffffce80149cb540 syz-executor.5 lwpwait 10733 10733 3 0 180 ffffce80142f8a40 dhcpcd poll 10448 10448 3 0 180 ffffce8012d172c0 syz-executor.1 parked 7828 8010 2 0 1140000 ffffce8012d17700 syz-executor.0 7828 7828 3 0 11000000 ffffce8012d25740 syz-executor.0 lwpwait 8633 8633 3 0 180 ffffce8012b9b580 syz-executor.5 parked 8491 8491 3 0 180 ffffce8014124a00 syz-executor.2 parked 7161 7161 3 0 180 ffffce8014be9b00 syz-executor.3 parked 7386 7386 3 1 180 ffffce8014a839c0 syz-executor.1 parked 6533 6533 3 1 180 ffffce80133c66c0 syz-executor.1 parked 6040 6040 3 1 180 ffffce80141159c0 syz-executor.5 parked 6136 6136 3 0 180 ffffce8014afd240 syz-executor.3 parked 7423 7423 3 1 180 ffffce801464f700 syz-executor.0 parked 5451 5451 3 0 180 ffffce8012a994c0 syz-executor.0 parked 7894 7894 3 1 180 ffffce801481a8c0 syz-executor.0 parked 6451 7601 3 0 1000000 ffffce8012a54780 syz-executor.0 lwpwait 6451 5615 3 1 111a0000 ffffce8013470580 syz-executor.0 vfork 6451 6451 8 1 111a0000 ffffce80146f7740 syz-executor.0 6995 6995 3 1 180 ffffce801464fb40 syz-executor.0 parked 5257 5257 3 0 180 ffffce8012ce8600 syz-executor.2 parked 5540 5162 3 0 1000000 ffffce8012c83340 syz-executor.2 lwpwait 5540 6357 8 0 11a0000 ffffce8013470140 syz-executor.2 5540 5279 3 0 111a0000 ffffce80140ab500 syz-executor.2 vfork 5540 5540 8 0 11a0100 ffffce8013dec640 syz-executor.2 5021 5021 3 1 180 ffffce8013f8c340 syz-executor.5 parked 5039 5039 3 0 180 ffffce8012d62040 syz-executor.1 parked 6104 4967 3 0 1100000 ffffce8012a72480 syz-executor.1 vfork 6104 6104 3 0 11000000 ffffce801337c5c0 syz-executor.1 lwpwait 5720 5720 3 0 180 ffffce801333a540 syz-executor.3 parked 3993 3993 3 0 180 ffffce80140a1080 syz-executor.5 parked 5703 5703 3 1 180 ffffce801481a480 syz-executor.2 parked 4251 4251 3 0 180 ffffce80126d7740 syz-executor.2 parked 4924 4924 3 1 180 ffffce80133b0240 syz-executor.1 parked 4675 4675 3 0 180 ffffce80133c6b00 syz-executor.1 parked 5680 5680 3 0 180 ffffce8014621b00 syz-executor.3 parked 4067 4067 3 0 180 ffffce80142f81c0 syz-executor.0 parked 5320 6072 3 0 1000000 ffffce801479a340 syz-executor.0 lwpwait 5320 3877 3 0 15100000 ffffce8012a99080 syz-executor.0 vfork 5682 5682 3 1 180 ffffce80141245c0 syz-executor.1 parked 3905 3905 3 1 180 ffffce8014301640 syz-executor.1 parked 3901 3901 3 0 180 ffffce80146216c0 syz-executor.5 parked 5176 5176 3 0 180 ffffce8012ca5900 syz-executor.5 parked 4968 3991 3 0 11100000 ffffce8012be81c0 syz-executor.5 vfork 4968 4968 3 0 11000000 ffffce8012bc1180 syz-executor.5 lwpwait 5536 5536 3 1 180 ffffce8012c95480 syz-executor.2 parked 4681 4681 3 0 180 ffffce8012be8a40 syz-executor.1 parked 5226 5226 3 1 180 ffffce80140bf100 syz-executor.3 parked 4819 4819 3 0 180 ffffce8012d25b80 syz-executor.0 parked 2688 2688 3 1 180 ffffce8013fbd8c0 syz-executor.5 parked 3041 3041 3 1 180 ffffce80140ab0c0 syz-executor.0 parked 4411 4411 3 1 180 ffffce8013358140 syz-executor.5 parked 2810 2810 3 0 180 ffffce80129bf280 syz-executor.0 parked 2370 2370 3 1 180 ffffce8012cfd240 syz-executor.2 parked 3895 3525 3 1 11100000 ffffce8013432300 syz-executor.2 vfork 3895 3895 3 0 11000000 ffffce8012ccc580 syz-executor.2 lwpwait 3617 3617 3 1 180 ffffce80140a1900 syz-executor.5 parked 2291 2291 3 0 180 ffffce8014115580 syz-executor.1 parked 1421 1421 3 0 180 ffffce8012ccc140 syz-executor.4 parked 2742 2742 3 0 180 ffffce8012c49b40 syz-executor.4 parked 1425 1430 3 0 11100000 ffffce8012b7d980 syz-executor.4 vfork 1425 1425 3 0 11000000 ffffce8012d17b40 syz-executor.4 lwpwait 1006 1006 3 1 180 ffffce8012d62480 syz-executor.5 parked 756 756 3 0 180 ffffce801343e780 syz-executor.0 parked 1344 1344 3 1 180 ffffce8012cd75c0 syz-executor.1 parked 814 814 3 0 180 ffffce8012ce81c0 syz-executor.5 parked 1069 1069 3 0 180 ffffce8012c27b00 syz-executor.3 parked 294 447 3 1 1100000 ffffce8012d55bc0 syz-executor.1 vfork 294 294 3 0 11000000 ffffce8013f8c780 syz-executor.1 lwpwait 1734 1734 3 1 180 ffffce801333a980 syz-executor.4 parked 1233 3511 3 1 180 ffffce8012c958c0 syz-fuzzer wait 1233 1499 3 1 180 ffffce8012cb40c0 syz-fuzzer wait 1233 1388 3 0 180 ffffce8012c27280 syz-fuzzer kqueue 1233 1205 3 1 180 ffffce8013e73b00 syz-fuzzer wait 1233 1245 3 0 180 ffffce8013e73280 syz-fuzzer parked 1233 1106 3 0 180 ffffce8013e40680 syz-fuzzer wait 1233 1382 3 0 180 ffffce8013deca80 syz-fuzzer parked 1233 991 3 1 180 ffffce8013dec200 syz-fuzzer wait 1233 1103 3 1 180 ffffce8013dc51c0 syz-fuzzer wait 1233 930 3 0 180 ffffce80133efb40 syz-fuzzer parked 1233 1223 3 1 180 ffffce80133ef2c0 syz-fuzzer parked 1233 449 3 1 180 ffffce8013432740 syz-fuzzer parked 1233 1229 3 1 180 ffffce80134709c0 syz-fuzzer parked 1233 1230 3 0 180 ffffce8012a728c0 syz-fuzzer parked 1233 1233 3 0 180 ffffce8012acb940 syz-fuzzer parked 1081 1081 3 0 180 ffffce8012acb500 sshd select 1225 1225 3 0 180 ffffce80133a3640 getty nanoslp 947 947 3 0 180 ffffce80126db480 getty nanoslp 1226 1226 3 0 180 ffffce80126d7b80 getty nanoslp 1108 1108 3 1 180 ffffce80133a3a80 sshd select 1096 1096 3 1 180 ffffce8012d55780 powerd kqueue 700 700 3 1 180 ffffce8013432b80 syslogd kqueue 559 559 3 0 180 ffffce8012c67740 dhcpcd poll 747 747 3 0 180 ffffce8012acb0c0 dhcpcd poll 745 745 3 1 180 ffffce8012c83bc0 dhcpcd poll 487 487 3 0 180 ffffce8012da80c0 dhcpcd poll 292 292 3 1 180 ffffce8012d8d900 dhcpcd poll 485 485 3 0 180 ffffce8012d8d4c0 dhcpcd poll 1 1 3 1 180 ffffce8012874180 init wait 0 8068 3 1 200 ffffce8012c95040 ktrace ktrwait 0 13234 5 1 200 ffffce801343ebc0 (zombie) 0 5469 3 1 200 ffffce801479abc0 swapiod swapiod 0 2039 3 0 200 ffffce8012a20300 acctwatch actwat 0 686 3 0 200 ffffce80129bf6c0 physiod physiod 0 196 3 0 200 ffffce80129c1700 pooldrain pooldrain 0 195 3 0 200 ffffce80129c12c0 ioflush syncer 0 194 3 1 200 ffffce80129bfb00 pgdaemon pgdaemon 0 167 3 1 200 ffffce8012976ac0 usb7 usbevt 0 172 3 1 200 ffffce8012976680 usb6 usbevt 0 170 3 1 200 ffffce8012976240 usb5 usbevt 0 168 3 1 200 ffffce801291ea80 usb4 usbevt 0 166 3 0 200 ffffce801291e640 usb3 usbevt 0 165 3 0 200 ffffce801291e200 usb2 usbevt 0 31 3 0 200 ffffce80128caa40 usb1 usbevt 0 63 3 0 200 ffffce80128ca600 usb0 usbevt 0 126 3 0 200 ffffce80128ca1c0 usbtask-dr usbtsk 0 125 3 1 200 ffffce8012874a00 usbtask-hc usbtsk 0 124 3 0 200 ffffce8010d66b00 swwreboot swwreboot 0 123 3 0 200 ffffce80128745c0 npfgc0 npfgcw 0 122 3 0 200 ffffce80128699c0 rt_free rt_free 0 121 3 1 240 ffffce8012869580 unpgc unpgc 0 120 3 0 200 ffffce8012869140 key_timehandler key_timehandler 0 119 3 1 200 ffffce8012707980 icmp6_wqinput/1 icmp6_wqinput 0 118 3 0 200 ffffce8012707540 icmp6_wqinput/0 icmp6_wqinput 0 117 3 0 200 ffffce8012707100 nd6_timer nd6_timer 0 116 3 1 200 ffffce80126fd940 carp6_wqinput/1 carp6_wqinput 0 115 3 0 200 ffffce80126fd500 carp6_wqinput/0 carp6_wqinput 0 114 3 1 200 ffffce80126fd0c0 carp_wqinput/1 carp_wqinput 0 113 3 0 200 ffffce80126ef900 carp_wqinput/0 carp_wqinput 0 112 3 1 200 ffffce80126ef4c0 icmp_wqinput/1 icmp_wqinput 0 111 3 0 200 ffffce80126ef080 icmp_wqinput/0 icmp_wqinput 0 110 3 0 200 ffffce80126db8c0 rt_timer rt_timer 0 109 3 1 200 ffffce80126d9780 vmem_rehash vmem_rehash 0 100 3 0 200 ffffce80126d7300 entbutler entropy 0 99 3 0 200 ffffce80120bdb40 viomb balloon 0 98 3 1 200 ffffce80120bd700 vioif0_txrx/1 vioif0_txrx 0 97 3 0 200 ffffce80120bd2c0 vioif0_txrx/0 vioif0_txrx 0 30 3 0 200 ffffce8010d666c0 scsibus0 sccomp 0 29 3 0 200 ffffce8010d66280 pms0 pmsreset 0 28 3 1 200 ffffce8010cacac0 xcall/1 xcall 0 27 1 1 200 ffffce8010cac680 softser/1 0 26 1 1 200 ffffce8010cac240 softclk/1 0 25 1 1 200 ffffce8010ca9a80 softbio/1 0 24 1 1 200 ffffce8010ca9640 softnet/1 0 23 1 1 201 ffffce8010ca9200 idle/1 0 22 3 0 200 ffffce800fb55a40 lnxsyswq lnxsyswq 0 21 3 1 200 ffffce800fb55600 lnxubdwq lnxubdwq 0 20 3 1 200 ffffce800fb551c0 lnxpwrwq lnxpwrwq 0 19 3 1 200 ffffce800fb54a00 lnxlngwq lnxlngwq 0 18 3 1 200 ffffce800fb545c0 lnxhipwq lnxhipwq 0 17 3 1 200 ffffce800fb54180 lnxrcugc lnxrcugc 0 16 3 0 200 ffffce800fb4d9c0 sysmon smtaskq 0 15 3 0 200 ffffce800fb4d580 pmfsuspend pmfsuspend 0 14 3 0 200 ffffce800fb4d140 pmfevent pmfevent 0 13 3 0 200 ffffce800fb4a980 sopendfree sopendfr 0 12 3 0 200 ffffce800fb4a540 ifwdog ifwdog 0 11 3 0 200 ffffce800fb4a100 iflnkst iflnkst 0 10 3 0 200 ffffce800fb3b940 nfssilly nfssilly 0 9 3 0 200 ffffce800fb3b500 pooldisp pooldisp 0 8 3 1 200 ffffce800fb3b0c0 modunload mod_unld 0 7 3 0 200 ffffce800fb32900 xcall/0 xcall 0 6 1 0 200 ffffce800fb324c0 softser/0 0 5 1 0 200 ffffce800fb32080 softclk/0 0 4 1 0 200 ffffce800fb308c0 softbio/0 0 3 1 0 200 ffffce800fb30480 softnet/0 0 2 1 0 201 ffffce800fb30040 idle/0 0 0 3 1 200 ffffffff83350040 swapper uvm [Locks tracked through LWPs] ****** LWP 16774.16774 (syz-executor.3) @ 0xffffce801349a180, l_stat=7 *** Locks held: * Lock 0 (initialized at netbsd:kcov_open+0x3f sys/kern/subr_kcov.c:461) lock address : ffffce8014f99400 type : sleep/adaptive initialized : netbsd:kcov_open+0x3f shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffce801349a180 last held: 0xffffce801349a180 last locked* : netbsd:kcov_fops_ioctl+0x28 unlocked : 0 owner field : 0xffffce801349a180 wait/spin: 0/0 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at netbsd:uvm_obj_init+0xa0 sys/uvm/uvm_object.c:70) lock address : ffffce8014f99d00 type : sleep/adaptive initialized : netbsd:uvm_obj_init+0xa0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffce801349a180 last held: 0xffffce801349a180 last locked* : netbsd:uvm_fault_internal+0x1801 unlocked : netbsd:uvm_fault_lower_enter+0x5f0 owner/count : 0xffffce801349a180 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 16635.16635 (ifconfig) @ 0xffffce80146f7300, l_stat=2 *** Locks held: * Lock 0 (initialized at netbsd:amap_ctor+0x39 sys/uvm/uvm_amap.c:265) lock address : ffffce80150997c0 type : sleep/adaptive initialized : netbsd:amap_ctor+0x39 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffce80146f7300 last held: 0xffffce80146f7300 last locked* : netbsd:uvm_fault_internal+0x89b unlocked : 0 owner/count : 0xffffce80146f7300 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 14077.14077 (syz-executor.0) @ 0xffffce8012c83780, l_stat=2 *** Locks held: * Lock 0 (initialized at netbsd:pmap_ctor+0x93 sys/arch/x86/x86/pmap.c:2872) lock address : ffffce8013392580 type : sleep/adaptive initialized : netbsd:pmap_ctor+0x93 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffce8012c83780 last held: 0xffffce8012c83780 last locked* : netbsd:pmap_enter_ma+0x396 unlocked : netbsd:pmap_enter_ma+0x1024 owner field : 0xffffce8012c83780 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 15940.14376 (syz-executor.2) @ 0xffffce8012bc15c0, l_stat=7 *** Locks held: * Lock 0 (initialized at netbsd:vfsinit+0x27f sys/kern/vfs_init.c:440) lock address : netbsd:vfs_hooks_lock type : sleep/adaptive initialized : netbsd:vfsinit+0x27f shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffce8012bc15c0 last held: 0xffffce8012bc15c0 last locked* : netbsd:vfs_hooks_unmount+0x21 unlocked : netbsd:vfs_hooks_reexport+0xa0 owner field : 0xffffce8012bc15c0 wait/spin: 0/0 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at netbsd:nfsserver_modcmd+0xdf sys/nfs/nfs_serv.c:125) lock address : netbsd:netexport_lock type : sleep/adaptive initialized : netbsd:nfsserver_modcmd+0xdf shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 0 relevant lwp : 0xffffce8012bc15c0 last held: 0xffffce8012bc15c0 last locked* : netbsd:netexport_unmount+0x32 unlocked : netbsd:mountd_set_exports_list+0x4e3 owner/count : 0xffffce8012bc15c0 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 15514.15514 (syz-executor.0) @ 0xffffce8012a20740, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:procinit+0x5c sys/kern/kern_proc.c:387) lock address : netbsd:proc_lock type : sleep/adaptive initialized : netbsd:procinit+0x5c shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 0 relevant lwp : 0xffffce8012a20740 last held: 0xffffce8012d17700 last locked* : netbsd:proclist_foreach_call+0xbf unlocked : netbsd:proclist_foreach_call+0x318 owner field : 0xffffce8012d17700 wait/spin: 1/0 Turnstile: => 0 waiting readers: => 1 waiting writers: 0xffffce8012a20740 ****** LWP 7828.8010 (syz-executor.0) @ 0xffffce8012d17700, l_stat=2 *** Locks held: * Lock 0 (initialized at netbsd:do_posix_spawn+0xfb sys/kern/kern_exec.c:2580) lock address : ffffce8014176e00 type : sleep/adaptive initialized : netbsd:do_posix_spawn+0xfb shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffce8012d17700 last held: 0xffffce8012d17700 last locked* : netbsd:do_posix_spawn+0x103 unlocked : 0 owner field : 0xffffce8012d17700 wait/spin: 0/0 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at netbsd:fork1+0x369 sys/kern/kern_fork.c:366) lock address : ffffce8012cbcbd0 type : sleep/adaptive initialized : netbsd:fork1+0x369 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffce8012d17700 last held: 0xffffce8012d17700 last locked* : netbsd:execve_loadvm+0x31a unlocked : 0 owner/count : 0xffffce8012d17700 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 2 (initialized at netbsd:procinit+0x5c sys/kern/kern_proc.c:387) lock address : netbsd:proc_lock type : sleep/adaptive initialized : netbsd:procinit+0x5c shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 0 relevant lwp : 0xffffce8012d17700 last held: 0xffffce8012d17700 last locked* : netbsd:proclist_foreach_call+0xbf unlocked : netbsd:proclist_foreach_call+0x318 owner field : 0xffffce8012d17700 wait/spin: 1/0 Turnstile: => 0 waiting readers: => 1 waiting writers: 0xffffce8012a20740 *** Locks wanted: none ****** LWP -1.-1065006906 (fatal protection fault in supervisor mode [ 547.5656193] trap type 4 code 0 rip 0xffffffff81bac5fa cs 0x8 rflags 0x10282 cr2 0xffff89d051c00000 ilevel 0x8 rsp 0xffffce8248ab9fa0 [ 547.5656193] curlwp 0xffffce8012bc15c0 pid 15940.14376 lowest kstack 0xffffce8248ab32c0 kernel: protection fault trap, code=0 Faulted in DDB; continuing...