[ 272.2056057] panic: kernel diagnostic assertion "powerof2(align)" failed: file "/syzkaller/managers/netbsd/kernel/sys/uvm/uvm_map.c", line 196 [ 272.2281414] cpu0: Begin traceback... [ 272.2457075] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 272.2858301] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 272.3359619] uvm_map_findspace() at netbsd:uvm_map_findspace+0x553 uvm_map_align_va sys/uvm/uvm_map.c:198 [inline] [ 272.3359619] uvm_map_findspace() at netbsd:uvm_map_findspace+0x553 sys/uvm/uvm_map.c:1908 [ 272.3760743] uvm_map_prepare() at netbsd:uvm_map_prepare+0x3b0 sys/uvm/uvm_map.c:1193 [ 272.4161905] uvm_map() at netbsd:uvm_map+0x11f sys/uvm/uvm_map.c:1099 [ 272.4462710] uvm_pagermapin() at netbsd:uvm_pagermapin+0x14f sys/uvm/uvm_pager.c:197 [ 272.4863839] genfs_gop_write() at netbsd:genfs_gop_write+0x48 sys/miscfs/genfs/genfs_io.c:1379 [ 272.5365280] genfs_do_putpages() at netbsd:genfs_do_putpages+0x1259 sys/miscfs/genfs/genfs_io.c:1255 [ 272.5766393] VOP_PUTPAGES() at netbsd:VOP_PUTPAGES+0x140 sys/kern/vnode_if.c:1632 [ 272.6167502] vflushbuf() at netbsd:vflushbuf+0x61 sys/kern/vfs_subr.c:295 [ 272.6568669] ffs_full_fsync() at netbsd:ffs_full_fsync+0x2c7 sys/ufs/ffs/ffs_vnops.c:525 [ 272.6969772] ffs_fsync() at netbsd:ffs_fsync+0x2cb sys/ufs/ffs/ffs_vnops.c:348 [ 272.7270647] VOP_FSYNC() at netbsd:VOP_FSYNC+0x162 sys/kern/vnode_if.c:818 [ 272.7671782] ffs_sync() at netbsd:ffs_sync+0x1ca sys/ufs/ffs/ffs_vfsops.c:1917 [ 272.8072909] VFS_SYNC() at netbsd:VFS_SYNC+0x71 sys/kern/vfs_subr.c:1404 [ 272.8474031] do_sys_sync() at netbsd:do_sys_sync+0x11f sys/kern/vfs_syscalls.c:663 [ 272.8875161] sys_sync() at netbsd:sys_sync+0x19 sys/kern/vfs_syscalls.c:681 [ 272.9176027] sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] [ 272.9176027] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 [ 272.9677434] syscall() at netbsd:syscall+0x431 sy_call sys/sys/syscallvar.h:65 [inline] [ 272.9677434] syscall() at netbsd:syscall+0x431 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 272.9677434] syscall() at netbsd:syscall+0x431 sys/arch/x86/x86/syscall.c:138 [ 272.9777739] --- syscall (number 198) --- [ 272.9978275] 791f6b843b9a: [ 272.9978275] cpu0: End traceback... [ 272.9978275] fatal breakpoint trap in supervisor mode [ 273.0087989] trap type 1 code 0 rip 0xffffffff8021ccd5 cs 0x8 rflags 0x246 cr2 0x791f6a828000 ilevel 0 rsp 0xffff9c817c776d50 [ 273.0218128] curlwp 0xffff9c801428c320 pid 4238.2 lowest kstack 0xffff9c817c7702c0 Stopped in pid 4238.2 (syz-executor.2) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xf9 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure uvm_map_findspace() at netbsd:uvm_map_findspace+0x553 uvm_map_align_va sys/uvm/uvm_map.c:198 [inline] uvm_map_findspace() at netbsd:uvm_map_findspace+0x553 sys/uvm/uvm_map.c:1908 uvm_map_prepare() at netbsd:uvm_map_prepare+0x3b0 sys/uvm/uvm_map.c:1193 uvm_map() at netbsd:uvm_map+0x11f sys/uvm/uvm_map.c:1099 uvm_pagermapin() at netbsd:uvm_pagermapin+0x14f sys/uvm/uvm_pager.c:197 genfs_gop_write() at netbsd:genfs_gop_write+0x48 sys/miscfs/genfs/genfs_io.c:1379 genfs_do_putpages() at netbsd:genfs_do_putpages+0x1259 sys/miscfs/genfs/genfs_io.c:1255 VOP_PUTPAGES() at netbsd:VOP_PUTPAGES+0x140 sys/kern/vnode_if.c:1632 vflushbuf() at netbsd:vflushbuf+0x61 sys/kern/vfs_subr.c:295 ffs_full_fsync() at netbsd:ffs_full_fsync+0x2c7 sys/ufs/ffs/ffs_vnops.c:525 ffs_fsync() at netbsd:ffs_fsync+0x2cb sys/ufs/ffs/ffs_vnops.c:348 VOP_FSYNC() at netbsd:VOP_FSYNC+0x162 sys/kern/vnode_if.c:818 ffs_sync() at netbsd:ffs_sync+0x1ca sys/ufs/ffs/ffs_vfsops.c:1917 VFS_SYNC() at netbsd:VFS_SYNC+0x71 sys/kern/vfs_subr.c:1404 do_sys_sync() at netbsd:do_sys_sync+0x11f sys/kern/vfs_syscalls.c:663 sys_sync() at netbsd:sys_sync+0x19 sys/kern/vfs_syscalls.c:681 sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 syscall() at netbsd:syscall+0x431 sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x431 sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x431 sys/arch/x86/x86/syscall.c:138 --- syscall (number 198) --- 791f6b843b9a: ds fdb8 es 6d68 fs 6d30 gs 6d80 rdi ffff9c800d92d458 rsi ffff9c801428c608 rbp ffff9c817c776d50 rbx ffffffff8280fc40 cpu_info_primary rdx 3ffff rcx ffff9c817005c000 rax ffff9c8012d9bd08 r8 4 r9 1ffffffff05537dc r10 ffffffff82a9bee3 db_onpanic+0x3 r11 8000000000 r12 ffff9c816d8a4000 r13 ffffffff82142300 ulz_pager+0x160 r14 ffff9c817c776de0 r15 ffff9c816d892058 rip ffffffff8021ccd5 breakpoint+0x5 cs 8 rflags 246 rsp ffff9c817c776d50 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 2829 1 2 1 0 ffff9c80145025a0 syz-executor.0 1966 1 3 0 80 ffff9c80142a5780 syz-executor.0 parked 3741 1 3 1 80 ffff9c8012df8a00 syz-executor.0 parked 4238 4 3 0 80 ffff9c80135a0620 syz-executor.2 parked 4238 3 3 1 80 ffff9c80122b3a00 syz-executor.2 parked 4238 > 2 7 0 0 ffff9c801428c320 syz-executor.2 4238 1 2 0 10000000 ffff9c8014502160 syz-executor.2 3619 1 3 0 80 ffff9c80143b20a0 syz-executor.0 parked 3979 1 3 1 80 ffff9c801216e300 syz-executor.3 parked 2185 3 3 1 80 ffff9c8012ddb9a0 syz-executor.0 parked 2185 2 3 1 80 ffff9c80121f14a0 syz-executor.0 parked 2185 1 2 1 10000000 ffff9c80122889a0 syz-executor.0 3486 1 3 1 80 ffff9c80122220c0 syz-executor.4 parked 3883 1 3 1 80 ffff9c80123b0b60 syz-executor.4 parked 3595 1 3 0 80 ffff9c8014572600 syz-executor.4 parked 4922 1 3 0 80 ffff9c801458d620 syz-executor.4 parked 4710 1 3 1 80 ffff9c8012dc7520 syz-executor.4 parked 1245 1 3 0 80 ffff9c8013f7f140 syz-executor.4 parked 2766 1 3 0 80 ffff9c801411f680 syz-executor.4 parked 2386 1 3 1 80 ffff9c8012d26b80 syz-executor.4 parked 3151 1 3 1 80 ffff9c80122a79e0 syz-executor.4 parked 840 1 3 1 80 ffff9c8012dc70e0 syz-executor.4 parked 1360 1 3 1 80 ffff9c8012140b60 syz-executor.4 parked 1749 1 3 1 80 ffff9c80120b9b20 syz-executor.4 parked 2115 1 3 1 80 ffff9c8012d45320 syz-executor.4 parked 1110 1 3 1 80 ffff9c8014594aa0 syz-executor.4 parked 1478 1 3 0 80 ffff9c8014594660 syz-executor.4 parked 1484 1 3 0 80 ffff9c8014594220 syz-executor.4 parked 2249 1 3 0 80 ffff9c8013fba9e0 syz-executor.4 parked 1341 1 3 0 80 ffff9c80145721c0 syz-executor.5 parked 4030 1 3 0 80 ffff9c80145661a0 syz-executor.4 parked 4011 1 3 1 80 ffff9c8013d07b40 syz-executor.4 parked 1194 1 3 1 80 ffff9c801205ab00 syz-executor.4 parked 1304 1 3 1 80 ffff9c8013f20960 syz-executor.4 parked 941 1 3 0 80 ffff9c801230fac0 syz-executor.4 parked 1043 1 3 0 80 ffff9c8013f759a0 syz-executor.4 parked 802 1 3 1 80 ffff9c801231dae0 syz-executor.4 parked 1288 1 3 1 80 ffff9c8013fd2180 syz-executor.5 parked 3839 1 3 0 80 ffff9c80140f9640 syz-executor.4 parked 1137 1 3 1 80 ffff9c8013ac6220 syz-executor.1 parked 1107 1 3 1 80 ffff9c801230f680 syz-executor.4 parked 3668 1 3 1 80 ffff9c80121f18e0 syz-executor.4 parked 1080 1 3 0 80 ffff9c80121d48c0 syz-executor.1 parked 3540 1 3 0 80 ffff9c8012222500 syz-executor.0 parked 3231 1 3 1 80 ffff9c8012d26740 syz-executor.0 parked 967 1 3 0 80 ffff9c80122124e0 syz-executor.2 parked 1467 1 3 1 80 ffff9c80141e9b40 syz-executor.4 parked 822 1 3 1 80 ffff9c80141f1b60 syz-executor.4 parked 2839 1 3 0 80 ffff9c8014324060 syz-executor.4 parked 3206 1 3 1 80 ffff9c801442d0e0 syz-executor.0 parked 2565 1 3 0 80 ffff9c801440c940 syz-executor.0 parked 1156 1 3 0 80 ffff9c801411fac0 syz-executor.0 parked 385 1 3 1 80 ffff9c801440c500 syz-executor.0 parked 384 1 3 0 80 ffff9c801440c0c0 syz-executor.0 parked 3310 1 3 1 80 ffff9c8012dbe0c0 syz-executor.0 parked 2737 1 3 0 80 ffff9c80141246a0 syz-executor.4 parked 2113 1 3 1 80 ffff9c8012123700 syz-executor.4 parked 2437 1 3 0 80 ffff9c8012d7e4a0 syz-executor.4 parked 2721 1 3 1 80 ffff9c80141af6c0 syz-executor.5 parked 2511 1 3 0 80 ffff9c8013ea10c0 syz-executor.4 parked 2018 1 3 1 80 ffff9c8012def9e0 syz-executor.4 parked 2424 1 3 0 80 ffff9c8013fd2a00 syz-executor.0 parked 3322 1 3 1 80 ffff9c801428c760 syz-executor.4 parked 2055 1 3 0 80 ffff9c80141f1720 syz-executor.0 parked 3086 1 3 1 80 ffff9c8013cf36e0 syz-executor.4 parked 2723 1 3 0 80 ffff9c8012db40a0 syz-executor.4 parked 2982 1 3 1 80 ffff9c8012dbe940 syz-executor.4 parked 2036 1 3 0 80 ffff9c80122e3a60 syz-executor.4 parked 2020 1 3 0 80 ffff9c8013d52340 syz-executor.4 parked 1746 1 3 0 80 ffff9c8012d7e8e0 syz-executor.4 parked 2711 1 3 1 80 ffff9c80141e92c0 syz-executor.2 parked 1904 1 3 0 80 ffff9c80141b8b20 syz-executor.4 parked 1681 1 3 1 80 ffff9c80121cabc0 syz-executor.4 parked 1324 1 3 1 80 ffff9c80122c21a0 syz-executor.4 parked 1775 1 3 0 80 ffff9c8012242100 syz-executor.4 parked 1933 1 3 1 80 ffff9c80121fd080 syz-executor.4 parked 1218 1 3 0 80 ffff9c80122b3180 syz-executor.2 parked 2139 1 3 1 80 ffff9c8012212920 syz-executor.0 parked 2076 1 3 0 80 ffff9c80122d1a40 syz-executor.0 parked 1659 1 3 0 80 ffff9c80122c2a20 syz-executor.4 parked 672 1 3 1 80 ffff9c80121ca780 syz-executor.4 parked 1348 1 3 0 80 ffff9c8013d3d760 syz-executor.4 parked 2135 1 3 1 80 ffff9c8012dbe500 syz-executor.4 parked 648 1 3 0 80 ffff9c80141b82a0 syz-executor.4 parked 694 1 3 1 80 ffff9c80122f2200 syz-executor.5 parked 690 1 3 0 80 ffff9c8013db44a0 syz-executor.0 parked 563 1 3 0 80 ffff9c801222f960 syz-executor.0 parked 720 1 3 1 80 ffff9c80140c1a40 syz-executor.2 parked 780 1 3 0 80 ffff9c8013d072c0 syz-executor.2 parked 1353 1 3 1 80 ffff9c80120b96e0 syz-executor.2 parked 723 1 3 0 80 ffff9c8014001a20 syz-executor.2 parked 1507 1 3 1 80 ffff9c8012e09a20 syz-executor.2 parked 320 1 3 0 80 ffff9c8013d0f720 syz-executor.4 parked 701 1 3 1 80 ffff9c80121f1060 syz-executor.2 parked 764 1 3 1 80 ffff9c80121232c0 syz-executor.2 parked 296 1 3 1 80 ffff9c8012302aa0 syz-executor.2 parked 871 1 3 1 80 ffff9c8013e0f4e0 syz-executor.4 parked 1756 1 3 1 80 ffff9c801410e220 syz-executor.4 parked 1691 1 3 1 80 ffff9c80140f9a80 syz-executor.4 parked 730 1 3 1 80 ffff9c8012d7e060 syz-executor.4 parked 793 1 3 1 80 ffff9c80140f9200 syz-executor.4 parked 664 1 3 1 80 ffff9c80140dea60 syz-executor.4 parked 470 1 3 0 80 ffff9c80140de1e0 syz-executor.4 parked 917 1 3 1 80 ffff9c80140c1600 syz-executor.4 parked 1870 1 3 0 80 ffff9c801216eb80 syz-executor.4 parked 1475 1 3 1 80 ffff9c8013f7f9c0 syz-executor.2 parked 1033 1 3 1 80 ffff9c8013f40540 syz-executor.2 parked 993 1 3 0 80 ffff9c8013fba160 syz-executor.2 parked 588 1 3 0 80 ffff9c80135b8200 syz-executor.4 parked 1083 1 3 1 80 ffff9c8013ea1940 syz-executor.4 parked 766 1 3 1 80 ffff9c800f7ca9c0 syz-executor.2 parked 688 1 3 1 80 ffff9c8013d26300 syz-executor.2 parked 637 1 3 0 80 ffff9c8011ea49e0 syz-executor.0 parked 687 1 3 0 80 ffff9c8013cf32a0 syz-executor.0 parked 772 1 3 0 80 ffff9c80123412a0 syz-executor.0 parked 853 1 3 0 80 ffff9c8011ea5180 syz-executor.0 parked 831 1 3 0 80 ffff9c8012de79c0 syz-executor.5 parked 502 1 3 1 80 ffff9c8012399700 syz-executor.3 parked 729 1 3 0 80 ffff9c8013f40100 syz-executor.3 parked 814 1 3 0 80 ffff9c8013dc44c0 syz-executor.4 parked 224 1 3 0 80 ffff9c801232c6c0 syz-executor.2 parked 232 1 3 0 80 ffff9c8013e0f920 syz-executor.3 parked 676 1 3 1 80 ffff9c8012288120 syz-executor.3 parked 753 1 3 0 80 ffff9c8012399b40 syz-executor.3 parked 788 1 3 0 80 ffff9c8012184760 syz-executor.4 parked 747 1 3 1 80 ffff9c8012242540 syz-executor.3 parked 200 1 3 0 80 ffff9c8013d0fb60 syz-executor.3 parked 696 1 3 1 80 ffff9c8012d8f4c0 syz-executor.3 parked 403 1 3 0 80 ffff9c8012dd3980 syz-executor.5 parked 498 1 3 0 80 ffff9c8012d6e8c0 syz-executor.5 parked 527 1 3 1 80 ffff9c8012d61bc0 syz-executor.4 parked 298 1 3 0 80 ffff9c8012d6e040 syz-executor.4 parked 679 1 3 1 80 ffff9c80123b0720 syz-executor.3 parked 677 1 3 0 80 ffff9c8013db48e0 syz-executor.2 parked 162 1 3 1 80 ffff9c80122f2640 syz-executor.3 parked 572 1 3 0 80 ffff9c8012302220 syz-executor.2 parked 692 1 3 1 80 ffff9c80121fd4c0 syz-executor.2 parked 607 1 3 1 80 ffff9c80122d11c0 syz-executor.3 parked 593 1 3 0 80 ffff9c8013c5e6c0 syz-executor.4 pipe_rd 600 1 3 0 80 ffff9c8013c5e280 syz-executor.5 pipe_rd 45 1 3 1 80 ffff9c8013c3bae0 syz-executor.3 pipe_rd 582 1 2 1 0 ffff9c8013c3b6a0 syz-executor.2 583 1 2 1 0 ffff9c8013ae6ac0 syz-executor.0 41 1 3 1 80 ffff9c8013ae6680 syz-executor.1 pipe_rd 538 12 3 1 80 ffff9c8013c3b260 syz-fuzzer parked 538 11 3 1 80 ffff9c8013ae6240 syz-fuzzer parked 538 10 3 1 80 ffff9c8011ea5a00 syz-fuzzer parked 538 9 3 1 80 ffff9c8013ac6aa0 syz-fuzzer parked 538 8 3 1 80 ffff9c8013ac6660 syz-fuzzer parked 538 7 2 1 0 ffff9c80135b8a80 syz-fuzzer 538 6 3 0 80 ffff9c80135b8640 syz-fuzzer parked 538 5 3 0 80 ffff9c8012d45ba0 syz-fuzzer parked 538 4 3 1 80 ffff9c8012d45760 syz-fuzzer parked 538 3 3 1 80 ffff9c8012def5a0 syz-fuzzer kqueue 538 2 2 1 0 ffff9c8012e095e0 syz-fuzzer 538 1 2 0 0 ffff9c8012d8f080 syz-fuzzer 567 1 3 1 80 ffff9c8011ea55c0 sshd select 349 1 3 0 80 ffff9c8012dd3100 getty nanoslp 587 1 3 1 80 ffff9c8012def160 getty nanoslp 569 1 3 0 80 ffff9c8012ddb560 getty nanoslp 581 1 3 0 80 ffff9c8012df85c0 getty ttyraw 478 1 3 0 80 ffff9c801232c280 cron nanoslp 371 1 3 0 80 ffff9c8012d8f900 inetd kqueue 402 1 3 0 80 ffff9c8012341b20 sshd select 400 1 3 1 80 ffff9c80122e31e0 powerd kqueue 202 1 2 0 0 ffff9c8012d61780 syslogd 278 1 3 0 80 ffff9c80122e3620 dhcpcd kqueue 236 1 3 0 80 ffff9c80122120a0 dhcpcd kqueue 1 1 3 0 80 ffff9c8012010240 init wait 0 58 3 1 204 ffff9c8012010ac0 physiod physiod 0 57 3 0 204 ffff9c80120596a0 pooldrain pooldrain 0 56 3 1 204 ffff9c801205a280 aiodoned aiodoned 0 55 2 0 200 ffff9c8012059ae0 ioflush 0 54 3 0 200 ffff9c8012059260 pgdaemon pgdaemon 0 51 3 1 200 ffff9c8012010680 npfgc-0 npfgccv 0 50 3 1 204 ffff9c8012000aa0 rt_free rt_free 0 49 3 1 204 ffff9c8012000660 unpgc unpgc 0 48 2 0 200 ffff9c8012000220 key_timehandler 0 47 3 1 204 ffff9c8011ff6a80 icmp6_wqinput/1 icmp6_wqinput 0 46 3 0 204 ffff9c8011ff6640 icmp6_wqinput/0 icmp6_wqinput 0 45 3 1 204 ffff9c8011ff6200 nd6_timer nd6_timer 0 44 3 1 204 ffff9c8011ecda60 carp6_wqinput/1 carp6_wqinput 0 43 3 0 204 ffff9c8011ecd620 carp6_wqinput/0 carp6_wqinput 0 42 3 1 204 ffff9c8011ecd1e0 carp_wqinput/1 carp_wqinput 0 41 3 0 204 ffff9c8011ebaa40 carp_wqinput/0 carp_wqinput 0 40 3 1 204 ffff9c8011eba600 icmp_wqinput/1 icmp_wqinput 0 39 3 0 204 ffff9c8011eba1c0 icmp_wqinput/0 icmp_wqinput 0 38 2 0 200 ffff9c8011ea6a20 rt_timer 0 37 2 0 200 ffff9c8011ea45a0 vmem_rehash 0 27 3 0 204 ffff9c800f7ca580 scsibus0 sccomp 0 26 3 0 200 ffff9c800f7ca140 pms0 pmsreset 0 25 3 1 204 ffff9c800f73c9a0 xcall/1 xcall 0 24 1 1 200 ffff9c800f73c560 softser/1 0 23 1 1 200 ffff9c800f73c120 softclk/1 0 22 1 1 200 ffff9c800f738980 softbio/1 0 21 1 1 200 ffff9c800f738540 softnet/1 0 20 1 1 201 ffff9c800f738100 idle/1 0 19 3 1 204 ffff9c800f66e960 lnxpwrwq lnxpwrwq 0 18 3 1 204 ffff9c800f66e520 lnxlngwq lnxlngwq 0 17 3 1 204 ffff9c800f66e0e0 lnxsyswq lnxsyswq 0 16 3 1 204 ffff9c800de53940 lnxrcugc lnxrcugc 0 15 3 0 204 ffff9c800de53500 sysmon smtaskq 0 14 3 1 204 ffff9c800de530c0 pmfsuspend pmfsuspend 0 13 3 0 204 ffff9c800de43920 pmfevent pmfevent 0 12 3 0 204 ffff9c800de434e0 sopendfree sopendfr 0 11 3 1 204 ffff9c800de430a0 nfssilly nfssilly 0 10 2 1 200 ffff9c800de39900 cachegc 0 9 2 0 200 ffff9c800de394c0 vdrain 0 8 3 0 200 ffff9c800de39080 modunload mod_unld 0 7 3 0 204 ffff9c800de2b8e0 xcall/0 xcall 0 6 1 0 200 ffff9c800de2b4a0 softser/0 0 5 1 0 200 ffff9c800de2b060 softclk/0 0 4 1 0 200 ffff9c800de268c0 softbio/0 0 3 1 0 200 ffff9c800de26480 softnet/0 0 2 1 0 201 ffff9c800de26040 idle/0 0 > 1 7 1 200 ffffffff82b647e0 swapper [Locks tracked through LWPs] Locks held by an LWP (syz-executor.2): Lock 0 (initialized at vfs_mountalloc) lock address : 0xffff9c8012051d58 type : sleep/adaptive initialized : 0xffffffff81280871 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 0 current lwp : 0xffff9c801428c320 last held: 0xffff9c801428c320 last locked* : 0xffffffff8128f659 unlocked : 0xffffffff8128f626 owner field : 0xffff9c801428c320 wait/spin: 0/0 Turnstile chain at 0xffffffff82d80170. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffff9c8013acc5e8 type : sleep/adaptive initialized : 0xffffffff8129e03e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 0 current lwp : 0xffff9c801428c320 last held: 0xffff9c801428c320 last locked* : 0xffffffff812cb645 unlocked : 0xffffffff812cb678 owner/count : 0xffff9c801428c320 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d80290. => No active turnstile for this lock. Lock 2 (initialized at uvm_map_setup) lock address : 0xffff9c800d907050 type : sleep/adaptive initialized : 0xffffffff810da4fd shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 0 current lwp : 0xffff9c801428c320 last held: 0xffff9c801428c320 last locked* : 0xffffffff810d43ec unlocked : 0xffffffff810edfc2 owner/count : 0xffff9c801428c320 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d7ff60. => No active turnstile for this lock. Locks held by an LWP (syz-executor.0): Lock 0 (initialized at uvm_obj_init) lock address : 0xffff9c8013c42200 type : sleep/adaptive initialized : 0xffffffff810e5f93 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 1 current lwp : 0xffff9c801428c320 last held: 0xffff9c80122889a0 last locked* : 0xffffffff810ca614 unlocked : 0xffffffff810c77dc owner field : 000000000000000000 wait/spin: 0/0 Turnstile chain at 0xffffffff82d7fec0. => No active turnstile for this lock. Locks held by an LWP (syz-executor.3): Lock 0 (initialized at vcache_alloc) lock address : 0xffff9c8013e9b8e8 type : sleep/adaptive initialized : 0xffffffff8129e03e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 1 current lwp : 0xffff9c801428c320 last held: 0xffff9c8013c3bae0 last locked* : 0xffffffff812cb645 unlocked : 0xffffffff812cb678 owner/count : 0xffff9c8013c3bae0 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d80090. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffff9c8014465ee8 type : sleep/adaptive initialized : 0xffffffff8129e03e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 0 last held: 1 current lwp : 0xffff9c801428c320 last held: 0xffff9c8013c3bae0 last locked* : 0xffffffff812cb600 unlocked : 0xffffffff812cb678 [ 273.0292758] Skipping crash dump on recursive panic [ 273.0292758] panic: ASan: Unauthorized Access In 0xffffffff81172db0: Addr 0xffff9c8014465ee8 [8 bytes, read, PoolUseAfterFree] [ 273.0292758] cpu0: Begin traceback... [ 273.0292758] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 273.0292758] snprintf() at netbsd:snprintf [ 273.0292758] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:172 [inline] [ 273.0292758] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:194 [ 273.0292758] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:344 [inline] [ 273.0292758] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:358 [inline] [ 273.0292758] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:410 [inline] [ 273.0292758] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1180 [ 273.0292758] rw_dump() at netbsd:rw_dump+0x20 sys/kern/kern_rwlock.c:176 [ 273.0292758] lockdebug_dump() at netbsd:lockdebug_dump+0x289 sys/kern/subr_lockdebug.c:777 [ 273.0292758] lockdebug_show_one() at netbsd:lockdebug_show_one+0xb9 sys/kern/subr_lockdebug.c:855 [ 273.0292758] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f lockdebug_show_all_locks_lwp sys/kern/subr_lockdebug.c:886 [inline] [ 273.0292758] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f sys/kern/subr_lockdebug.c:933 [ 273.0292758] db_command() at netbsd:db_command+0x2c0 sys/ddb/db_command.c:935 [ 273.0292758] db_command_loop() at netbsd:db_command_loop+0x26c db_execute_commandlist sys/ddb/db_command.c:432 [inline] [ 273.0292758] db_command_loop() at netbsd:db_command_loop+0x26c sys/ddb/db_command.c:582 [ 273.0292758] db_trap() at netbsd:db_trap+0x219 sys/ddb/db_trap.c:94 [ 273.0292758] kdb_trap() at netbsd:kdb_trap+0x1ce sys/arch/amd64/amd64/db_interface.c:246 [ 273.0292758] trap() at netbsd:trap+0x55f sys/arch/amd64/amd64/trap.c:313 [ 273.0292758] --- trap (number 1) --- [ 273.0292758] breakpoint() at netbsd:breakpoint+0x5 [ 273.0292758] db_panic() at netbsd:db_panic+0xf9 sys/ddb/db_panic.c:67 [ 273.0292758] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 273.0292758] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 273.0292758] uvm_map_findspace() at netbsd:uvm_map_findspace+0x553 uvm_map_align_va sys/uvm/uvm_map.c:198 [inline] [ 273.0292758] uvm_map_findspace() at netbsd:uvm_map_findspace+0x553 sys/uvm/uvm_map.c:1908 [ 273.0292758] uvm_map_prepare() at netbsd:uvm_map_prepare+0x3b0 sys/uvm/uvm_map.c:1193 [ 273.0292758] uvm_map() at netbsd:uvm_map+0x11f sys/uvm/uvm_map.c:1099 [ 273.0292758] uvm_pagermapin() at netbsd:uvm_pagermapin+0x14f sys/uvm/uvm_pager.c:197 [ 273.0292758] genfs_gop_write() at netbsd:genfs_gop_write+0x48 sys/miscfs/genfs/genfs_io.c:1379 [ 273.0292758] genfs_do_putpages() at netbsd:genfs_do_putpages+0x1259 sys/miscfs/genfs/genfs_io.c:1255 [ 273.0292758] VOP_PUTPAGES() at netbsd:VOP_PUTPAGES+0x140 sys/kern/vnode_if.c:1632 [ 273.0292758] vflushbuf() at netbsd:vflushbuf+0x61 sys/kern/vfs_subr.c:295 [ 273.0292758] ffs_full_fsync() at netbsd:ffs_full_fsync+0x2c7 sys/ufs/ffs/ffs_vnops.c:525 [ 273.0292758] ffs_fsync() at netbsd:ffs_fsync+0x2cb sys/ufs/ffs/ffs_vnops.c:348 [ 273.0292758] VOP_FSYNC() at netbsd:VOP_FSYNC+0x162 sys/kern/vnode_if.c:818 [ 273.0292758] ffs_sync() at netbsd:ffs_sync+0x1ca sys/ufs/ffs/ffs_vfsops.c:1917 [ 273.0292758] VFS_SYNC() at netbsd:VFS_SYNC+0x71 sys/kern/vfs_subr.c:1404 [ 273.0292758] do_sys_sync() at netbsd:do_sys_sync+0x11f sys/kern/vfs_syscalls.c:663 [ 273.0292758] sys_sync() at netbsd:sys_sync+0x19 sys/kern/vfs_syscalls.c:681 [ 273.0292758] sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline] [ 273.0292758] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77 [ 273.0292758] syscall() at netbsd:syscall+0x431 sy_call sys/sys/syscallvar.h:65 [inline] [ 273.0292758] syscall() at netbsd:syscall+0x431 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 273.0292758] syscall() at netbsd:syscall+0x431 sys/arch/x86/x86/syscall.c:138 [ 273.0292758] --- syscall (number 198) --- [ 273.0292758] 791f6b843b9a: [ 273.0292758] cpu0: End traceback... [ 273.0292758] fatal breakpoint trap in supervisor mode [ 273.0292758] trap type 1 code 0 rip 0xffffffff8021ccd5 cs 0x8 rflags 0x246 cr2 0x791f6a828000 ilevel 0x8 rsp 0xffff9c817c776310 [ 273.0292758] curlwp 0xffff9c801428c320 pid 4238.2 lowest kstack 0xffff9c817c7702c0 Stopped in pid 4238.2 (syz-executor.2) at netbsd:breakpoint+0x5: leave