login: [ 50.1685384] panic: MSan: Uninitialized Pool Memory From kmem_intr_alloc() [ 50.1685384] cpu1: Begin traceback... [ 50.1885296] vpanic() at netbsd:vpanic+0xc9d [ 50.2485324] panic() at netbsd:panic+0x1b3 sys/kern/subr_prf.c:209 [ 50.2985286] __msan_warning() at netbsd:__msan_warning+0x11e kmsan_report_inline sys/kern/subr_msan.c:250 [inline] [ 50.2985286] __msan_warning() at netbsd:__msan_warning+0x11e sys/kern/subr_msan.c:631 [ 50.3485289] uao_detach() at netbsd:uao_detach+0xbc7 [ 50.4085289] uvm_unmap_detach() at netbsd:uvm_unmap_detach+0x59d [ 50.4585285] lwp_ctl_exit() at netbsd:lwp_ctl_exit+0x5ed [ 50.5185295] exit1() at netbsd:exit1+0xa3b [ 50.5685305] sys_exit() at netbsd:sys_exit+0x1d6 [ 50.6285298] syscall() at netbsd:syscall+0x60c sy_invoke sys/sys/syscallvar.h:94 [inline] [ 50.6285298] syscall() at netbsd:syscall+0x60c sys/arch/x86/x86/syscall.c:138 [ 50.6385289] --- syscall (number 1) --- [ 50.6585316] netbsd:syscall+0x60c: [ 50.6585316] cpu1: End traceback... [ 50.6585316] fatal breakpoint trap in supervisor mode [ 50.6685315] trap type 1 code 0 rip 0xffffffff8023686d cs 0x8 rflags 0x286 cr2 0x785a0a258ff8 ilevel 0x5 rsp 0xffffc400c7b71760 [ 50.6785213] curlwp 0xffffc400135421c0 pid 2251.2251 lowest kstack 0xffffc400c7b6a2c0 Stopped in pid 2251.2251 (syz-executor.0) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 vpanic() at netbsd:vpanic+0xc9d panic() at netbsd:panic+0x1b3 sys/kern/subr_prf.c:209 __msan_warning() at netbsd:__msan_warning+0x11e kmsan_report_inline sys/kern/subr_msan.c:250 [inline] __msan_warning() at netbsd:__msan_warning+0x11e sys/kern/subr_msan.c:631 uao_detach() at netbsd:uao_detach+0xbc7 uvm_unmap_detach() at netbsd:uvm_unmap_detach+0x59d lwp_ctl_exit() at netbsd:lwp_ctl_exit+0x5ed exit1() at netbsd:exit1+0xa3b sys_exit() at netbsd:sys_exit+0x1d6 syscall() at netbsd:syscall+0x60c sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x60c sys/arch/x86/x86/syscall.c:138 --- syscall (number 1) --- netbsd:syscall+0x60c: Panic string: MSan: Uninitialized Pool Memory From kmem_intr_alloc() PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 3527 3130 3 1 0 ffffc400136a76c0 syz-executor.3 amapswpo 3527 3406 3 0 180 ffffc400136a7280 syz-executor.3 parked 3527 3527 2 1 10000000 ffffc40013554640 syz-executor.3 3420 3405 2 0 0 ffffc4001368c680 syz-executor.2 3420 3420 2 0 10000000 ffffc400137d8780 syz-executor.2 3119 3119 2 0 0 ffffc4001341a580 syz-executor.1 3243 3376 3 0 180 ffffc40013554a80 syz-executor.5 parked 3243 3243 2 0 10000000 ffffc40013554200 syz-executor.5 3028 3381 3 0 180 ffffc400137d4740 syz-executor.4 parked 3028 3000 3 0 180 ffffc400137d8340 syz-executor.4 parked 3028 3028 2 0 10040000 ffffc40013539a00 syz-executor.4 2251 >2251 7 1 10040000 ffffc400135421c0 syz-executor.0 1206 1206 3 1 180 ffffc4001368cac0 syz-executor.2 nanoslp 1255 1255 2 0 140 ffffc40013542600 syz-executor.5 1259 1259 2 0 140 ffffc4001341a9c0 syz-executor.0 1235 1235 3 1 180 ffffc4001341a140 syz-executor.3 nanoslp 1240 1240 2 0 140 ffffc40013404980 syz-executor.4 941 > 941 7 0 140 ffffc40013404540 syz-executor.1 1225 325 3 1 180 ffffc400137d4b80 syz-execprog parked 1225 1073 3 1 180 ffffc40013542a40 syz-execprog wait 1225 1204 3 0 180 ffffc400135395c0 syz-execprog wait 1225 1202 3 0 180 ffffc40013539180 syz-execprog kqueue 1225 1198 3 0 180 ffffc40013404100 syz-execprog wait 1225 990 3 1 180 ffffc40012c46940 syz-execprog wait 1225 1242 3 0 180 ffffc40012c46500 syz-execprog wait 1225 1241 3 1 180 ffffc40012c460c0 syz-execprog parked 1225 1120 3 0 180 ffffc40012bb9900 syz-execprog parked 1225 829 3 0 180 ffffc40012bb94c0 syz-execprog parked 1225 1224 3 0 180 ffffc40012bb9080 syz-execprog parked 1225 449 3 1 180 ffffc400122ffb00 syz-execprog parked 1225 1225 3 1 180 ffffc400122ff6c0 syz-execprog wait 1226 1226 3 0 180 ffffc400123902c0 sshd select 1004 1004 3 0 180 ffffc4001251c300 getty nanoslp 1184 1184 3 0 180 ffffc400122ff280 getty nanoslp 1216 1216 3 0 180 ffffc400121ffac0 getty nanoslp 1193 1193 3 0 1c0 ffffc400121fc200 getty ttyraw 1105 1105 3 0 180 ffffc400125f9bc0 sshd select 955 955 3 0 180 ffffc40012b89480 powerd kqueue 767 767 3 0 180 ffffc40012b898c0 syslogd kqueue 746 746 3 0 180 ffffc40012b89040 dhcpcd poll 742 742 3 0 180 ffffc4001251c740 dhcpcd poll 466 466 3 0 180 ffffc40012390700 dhcpcd poll 603 603 3 1 180 ffffc400125f9780 dhcpcd poll 292 292 3 0 180 ffffc400125f9340 dhcpcd poll 485 485 3 0 180 ffffc40012390b40 dhcpcd poll 291 291 3 0 180 ffffc4001251cb80 dhcpcd poll 1 1 3 0 180 ffffc40011edd100 init wait 0 1367 3 0 200 ffffc4001368c240 swapiod swapiod 0 1245 5 0 200 ffffc400137d8bc0 (zombie) 0 673 3 0 200 ffffc400121fc640 physiod physiod 0 196 3 0 200 ffffc400121ff680 pooldrain pooldrain 0 195 3 1 200 ffffc400121ff240 ioflush syncer 0 194 3 1 200 ffffc400121fca80 pgdaemon pgdaemon 0 167 3 0 200 ffffc4001216ba40 usb7 usbevt 0 172 3 0 200 ffffc4001216b600 usb6 usbevt 0 170 3 0 200 ffffc4001216b1c0 usb5 usbevt 0 168 3 0 200 ffffc4001213ca00 usb4 usbevt 0 166 3 0 200 ffffc4001213c5c0 usb3 usbevt 0 165 3 0 200 ffffc4001213c180 usb2 usbevt 0 31 3 0 200 ffffc400120859c0 usb1 usbevt 0 63 3 0 200 ffffc40012085580 usb0 usbevt 0 126 3 1 200 ffffc40012085140 usbtask-dr usbtsk 0 125 3 1 200 ffffc40011edd980 usbtask-hc usbtsk 0 124 3 0 200 ffffc400103f4b00 swwreboot swwreboot 0 123 3 0 200 ffffc40011edd540 npfgc0 npfgcw 0 122 3 1 200 ffffc40011ed0940 rt_free rt_free 0 121 3 1 200 ffffc40011ed0500 unpgc unpgc 0 120 3 0 200 ffffc40011ed00c0 key_timehandler key_timehandler 0 119 3 1 200 ffffc40011ecb900 icmp6_wqinput/1 icmp6_wqinput 0 118 3 0 200 ffffc40011ecb4c0 icmp6_wqinput/0 icmp6_wqinput 0 117 3 0 200 ffffc40011ecb080 nd6_timer nd6_timer 0 116 3 1 200 ffffc40011eaa8c0 carp6_wqinput/1 carp6_wqinput 0 115 3 0 200 ffffc40011eaa480 carp6_wqinput/0 carp6_wqinput 0 114 3 1 200 ffffc40011cecb80 carp_wqinput/1 carp_wqinput 0 113 3 0 200 ffffc40011cec740 carp_wqinput/0 carp_wqinput 0 112 3 1 200 ffffc40011ceebc0 icmp_wqinput/1 icmp_wqinput 0 111 3 0 200 ffffc40011cee780 icmp_wqinput/0 icmp_wqinput 0 110 3 0 200 ffffc40011eaa040 rt_timer rt_timer 0 109 3 0 200 ffffc40011cee340 vmem_rehash vmem_rehash 0 100 3 0 200 ffffc40011cec300 entbutler entropy 0 99 3 1 200 ffffc400117e0b40 viomb balloon 0 98 3 1 200 ffffc400117e0700 vioif0_txrx/1 vioif0_txrx 0 97 3 0 200 ffffc400117e02c0 vioif0_txrx/0 vioif0_txrx 0 30 3 0 200 ffffc400103f46c0 scsibus0 sccomp 0 29 3 0 200 ffffc400103f4280 pms0 pmsreset 0 28 3 1 200 ffffc400103d9ac0 xcall/1 xcall 0 27 1 1 200 ffffc400103d9680 softser/1 0 26 1 1 200 ffffc400103d9240 softclk/1 0 25 1 1 200 ffffc400103d7a80 softbio/1 0 24 1 1 200 ffffc400103d7640 softnet/1 0 23 1 1 201 ffffc400103d7200 idle/1 0 22 3 1 200 ffffc4000f1e3a40 lnxsyswq lnxsyswq 0 21 3 1 200 ffffc4000f1e3600 lnxubdwq lnxubdwq 0 20 3 1 200 ffffc4000f1e31c0 lnxpwrwq lnxpwrwq 0 19 3 0 200 ffffc4000f1e1a00 lnxlngwq lnxlngwq 0 18 3 1 200 ffffc4000f1e15c0 lnxhipwq lnxhipwq 0 17 3 0 200 ffffc4000f1e1180 lnxrcugc lnxrcugc 0 16 3 0 200 ffffc4000f1db9c0 sysmon smtaskq 0 15 3 0 200 ffffc4000f1db580 pmfsuspend pmfsuspend 0 14 3 0 200 ffffc4000f1db140 pmfevent pmfevent 0 13 3 0 200 ffffc4000f1d9980 sopendfree sopendfr 0 12 3 0 200 ffffc4000f1d9540 ifwdog ifwdog 0 11 3 0 200 ffffc4000f1d9100 iflnkst iflnkst 0 10 3 0 200 ffffc4000f1cf940 nfssilly nfssilly 0 9 3 0 200 ffffc4000f1cf500 vdrain vdrain 0 8 3 1 200 ffffc4000f1cf0c0 modunload mod_unld 0 7 3 0 200 ffffc4000ebdb900 xcall/0 xcall 0 6 1 0 200 ffffc4000ebdb4c0 softser/0 0 5 1 0 200 ffffc4000ebdb080 softclk/0 0 4 1 0 200 ffffc4000ebd98c0 softbio/0 0 3 1 0 200 ffffc4000ebd9480 softnet/0 0 2 1 0 201 ffffc4000ebd9040 idle/0 0 0 3 1 200 ffffffff8686ea80 swapper uvm [Locks tracked through LWPs] ****** LWP 3527.3130 (syz-executor.3) @ 0xffffc400136a76c0, l_stat=3 *** Locks held: * Lock 0 (initialized at netbsd:uvm_swap_init+0x68 sys/uvm/uvm_swap.c:278) lock address : netbsd:swap_syscall_lock type : sleep/adaptive initialized : netbsd:uvm_swap_init+0x68 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc400136a76c0 last held: 0xffffc400136a76c0 last locked* : netbsd:sys_swapctl+0x1d4 unlocked : netbsd:sys_swapctl+0x3df owner/count : 0xffffc400136a76c0 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at netbsd:vcache_alloc+0xc6 sys/kern/vfs_vnode.c:1376) lock address : ffffc4001355cf80 type : sleep/adaptive initialized : netbsd:vcache_alloc+0xc6 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc400136a76c0 last held: 0xffffc400136a76c0 last locked* : netbsd:genfs_lock+0x1d6 unlocked : netbsd:genfs_unlock+0x55 owner/count : 0xffffc400136a76c0 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 3119.3119 (syz-executor.1) @ 0xffffc4001341a580, l_stat=2 *** Locks held: * Lock 0 (initialized at netbsd:amap_ctor+0xdf sys/uvm/uvm_amap.c:265) lock address : ffffc40013533540 type : sleep/adaptive initialized : netbsd:amap_ctor+0xdf shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffc4001341a580 last held: 0xffffc4001341a580 last locked* : netbsd:uvm_fault_internal+0x1d08 unlocked : netbsd:amap_extend+0x3bdb owner/count : 0xffffc4001341a580 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 2251.2251 (syz-executor.0) @ 0xffffc400135421c0, l_stat=7 *** Locks held: * Lock 0 (initialized at netbsd:uao_init+0xaa sys/uvm/uvm_aobj.c:564) lock address : netbsd:uao_list_lock type : sleep/adaptive initialized : netbsd:uao_init+0xaa shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffc400135421c0 last held: 0xffffc400135421c0 last locked* : netbsd:uao_detach+0x164 unlocked : netbsd:uao_swap_off+0x132 owner field : 0xffffc400135421c0 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 742.742 (dhcpcd) @ 0xffffc4001251c740, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:module_hook_init+0x43 sys/kern/kern_module_hook.c:132) lock address : netbsd:module_hook type : sleep/adaptive initialized :