syzbot

 sign-in | mailing list | source | docs
🐞 Open [105]
🐞 Fixed [280]
🐞 Invalid [852]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

assert "refs != ~NUM" failed in kern_synch.c

Status: upstream: reported on 2025/02/08 12:26
Reported-by: syzbot+bee527c059e64ef8bdec@syzkaller.appspotmail.com
First crash: 69d, last: 34m

Sample crash report:
panic: kernel diagnostic assertion "refs != ~0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_synch.c", line 957
Stopped at      db_enter+0x25:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 222486  18013      0     0x14000      0x200    1  reaper
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83456f83) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff834045f2,ffffffff8340ac35,3bd,ffffffff8340ac7d) at __assert+0x29 sys/kern/subr_prf.c:-1
refcnt_finalize(ffff80003c4291c0,ffffffff8334ff83) at refcnt_finalize+0x1c8 sys/kern/kern_synch.c:958
pppx_if_destroy(0,ffff80003c4291b8) at pppx_if_destroy+0x3d sys/net/if_pppx.c:806
pppxclose(205b9a,1,2000,ffff80003c446548) at pppxclose+0xa0 sys/net/if_pppx.c:553
spec_close(ffff80003c430e80) at spec_close+0x412 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8074409708,1,fffffd807f7d34e0,ffff80003c446548) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156
vn_closefile(fffffd805efa3178,ffff80003c446548) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd805efa3178,ffff80003c446548) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd805efa3178,ffff80003c446548) at fdrop+0x126 sys/kern/kern_descrip.c:1265
closef(fffffd805efa3178,ffff80003c446548) at closef+0x192 sys/kern/kern_descrip.c:1249
fdfree(ffff80003c446548) at fdfree+0x116 sys/kern/kern_descrip.c:1181
exit1(ffff80003c446548,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003c446548,ffff80003c4311f0,ffff80003c431140) at sys_exit+0x1a sys/kern/kern_exit.c:-1
end trace frame: 0xffff80003c4311e0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "refs != ~0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_synch.c", line 957
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83456f83) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff834045f2,ffffffff8340ac35,3bd,ffffffff8340ac7d) at __assert+0x29 sys/kern/subr_prf.c:-1
refcnt_finalize(ffff80003c4291c0,ffffffff8334ff83) at refcnt_finalize+0x1c8 sys/kern/kern_synch.c:958
pppx_if_destroy(0,ffff80003c4291b8) at pppx_if_destroy+0x3d sys/net/if_pppx.c:806
pppxclose(205b9a,1,2000,ffff80003c446548) at pppxclose+0xa0 sys/net/if_pppx.c:553
spec_close(ffff80003c430e80) at spec_close+0x412 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8074409708,1,fffffd807f7d34e0,ffff80003c446548) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156
vn_closefile(fffffd805efa3178,ffff80003c446548) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd805efa3178,ffff80003c446548) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd805efa3178,ffff80003c446548) at fdrop+0x126 sys/kern/kern_descrip.c:1265
closef(fffffd805efa3178,ffff80003c446548) at closef+0x192 sys/kern/kern_descrip.c:1249
fdfree(ffff80003c446548) at fdfree+0x116 sys/kern/kern_descrip.c:1181
exit1(ffff80003c446548,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003c446548,ffff80003c4311f0,ffff80003c431140) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003c4311f0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c4311f0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7d2aacb9a350, count: -16
ddb{0}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff80003c430c50
rbx               0xffffffff83893dcf    cpu_info_full_primary+0x2dcf
rdx                                0
rcx               0xffff80003c446548
rax               0xffffffff83892ff0    cpu_info_full_primary+0x1ff0
r8                                 0
r9                0x8080808080808080
r10               0xee046264e280dd50
r11               0x9e132a9546dc69e7
r12               0xffffffff83893bd0    cpu_info_full_primary+0x2bd0
r13                                0
r14                                0
r15                              0x1
rip               0xffffffff8274f485    db_enter+0x25
cs                               0x8
rflags                         0x246
rsp               0xffff80003c430c40
ss                              0x10
db_enter+0x25:  addq    $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=36162 pid=7110 tcnt=0 stat=onproc
    flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
    runpri=32, usrpri=83, slppri=32, nice=20
    wchan=0x0, wmesg=, ps_single=0xffff80003c446548 scnt=-1 ecnt=1
    forw=0xffffffffffffffff, list=0xffff8000ffff02b0,0xffff8000ffff0d00
    process=0xffff8000fffec4c0 user=0xffff80003c42c000, vmspace=0xfffffd806bed4d38
    estcpu=33, cpticks=1, pctcpu=0.5, user=0, sys=1, intr=0
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 36874  515902  14814      0  3        0x80  nanoslp       syz-executor
 36874   76626  14814      0  2   0x4000000                syz-executor
 36874    6598  14814      0  3   0x4000080  fsleep        syz-executor
 36874  485240  14814      0  3   0x4000080  fsleep        syz-executor
 70156  433436  67818      0  2           0                syz-executor
 70156  511563  67818      0  3   0x4000080  fsleep        syz-executor
 70156  368740  67818      0  3   0x4000080  fsleep        syz-executor
 81652  264738  62072  60929  2       0x490                syz-executor
 81652  187414  62072  60929  3   0x4000090  sbwait        syz-executor
 81652  401972  62072  60929  3   0x4000090  fsleep        syz-executor
 81652  373234  62072  60929  3   0x4000090  fsleep        syz-executor
 81652  218700  62072  60929  3   0x4000090  fsleep        syz-executor
 29267  510879      0      0  3     0x14200  acct          acct
 67818  338652  57354      0  2       0x482                syz-executor
 14814   22397  57354      0  3        0x82  nanoslp       syz-executor
 62072  444288  57354      0  2       0x482                syz-executor
 23016  427840  57354      0  2       0x482                syz-executor
  5137  335870      1      0  3    0x100083  ttyopn        getty
   384  347760  57354      0  2       0x482                syz-executor
 27045  126359  57354      0  3        0x82  wait          syz-executor
 62921  249493      0      0  3     0x14200  bored         sosplice
 42652  392829  71700      0  3    0x100082  sbwait        arp
 71700   76883      1      0  3    0x10008a  sigsusp       sh
 34154  496947  57354      0  2       0x482                syz-executor
 87769   82865  57354      0  2         0x2                syz-executor
 57354  434641  29187      0  3        0x82  kqread        syz-executor
 29187  323532  89432      0  3    0x10008a  sigsusp       ksh
 89432   44589    583      0  3        0x98  kqread        sshd-session
   583  152528  24923      0  3        0x92  kqread        sshd-session
 24923  143721      1      0  3        0x88  kqread        sshd
 80873  265648  11783     74  3   0x1100092  bpf           pflogd
 11783  107394      1      0  3        0x80  sbwait        pflogd
 88933  300244  65704     73  3   0x1100090  kqread        syslogd
 65704  271786      1      0  3    0x100082  sbwait        syslogd
  4787  132510      1      0  3    0x100080  kqread        resolvd
 10942  461397  50325     77  3    0x100092  kqread        dhcpleased
 30059  120575  50325     77  3    0x100092  kqread        dhcpleased
 50325  480983      1      0  3        0x80  kqread        dhcpleased
  6564  406505      0      0  3     0x14200  bored         smr
 21116   89095      0      0  2     0x14200                zerothread
 41880  507407      0      0  3     0x14200  aiodoned      aiodoned
 99354  126493      0      0  3     0x14200  syncer        update
 97430   74155      0      0  3     0x14200  cleaner       cleaner
 18013  222486      0      0  7     0x14200                reaper
 38918  167320      0      0  3     0x14200  pgdaemon      pagedaemon
 29035  247635      0      0  3     0x14200  bored         viomb
 75725  320286      0      0  3  0x40014200  acpi0         acpi0
 29123  436126      0      0  3  0x40014200                idle1
 96032  288369      0      0  3     0x14200  bored         softnet3
 49723  305526      0      0  3     0x14200  bored         softnet2
 11506   14551      0      0  3     0x14200  bored         softnet1
 94953  128511      0      0  2     0x14200                softnet0
 80787  335515      0      0  3     0x14200  bored         systqmp
 54201  373079      0      0  3     0x14200  bored         systq
 71654  277826      0      0  3     0x14200  tmoslp        softclockmp
 31924  350967      0      0  2  0x40014200                softclock
 17259  410933      0      0  3  0x40014200                idle0
     1  327219      0      0  3        0x82  wait          init
     0       0     -1      0  3  0x10010200  scheduler     swapper
ddb{0}> show all locks
CPU 1:
uvm_fault(0xfffffd806bed4d38, 0x21c0106442, 0, 1) -> e
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb{0}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 10211  11108K   11394K 166960K     13840        0
            pcb    17     16K      17K 166960K       417        0
         rtable   178      8K       9K 166960K       730        0
             pf    42     19K      23K 166960K       435        0
         ifaddr    36      6K       7K 166960K       151        0
        ifgroup    58      2K       3K 166960K       258        0
         sysctl     4      1K       2K 166960K         7        0
       counters    68     36K      37K 166960K       250        0
       ioctlops     0      0K       4K 166960K      2011        0
            iov     0      0K      16K 166960K        79        0
          mount     1      1K       1K 166960K         1        0
            log     0      0K       0K 166960K         4        0
         vnodes  1410     89K      89K 166960K      3247        0
      UFS quota     1     32K      32K 166960K         1        0
      UFS mount     5     36K      36K 166960K         5        0
            shm     2      1K       9K 166960K        31        0
         VM map     2      1K       1K 166960K         2        0
            sem    12      0K       0K 166960K       123        0
        dirhash    12      2K       2K 166960K        45        0
           ACPI  1692    195K     286K 166960K     12470        0
      file desc    18     65K     114K 166960K      1865        0
          sigio     0      0K       0K 166960K       171        0
           proc    73     91K     128K 166960K       903        0
        subproc    81      5K       5K 166960K       135        0
    NFS srvsock     1      0K       0K 166960K         1        0
     NFS daemon     1     16K      16K 166960K         1        0
    ip_moptions     0      0K       0K 166960K       290        0
       in_multi    67      5K       6K 166960K       211        0
    ether_multi     1      0K       0K 166960K         9        0
            mrt     1      0K       0K 166960K         6        0
    ISOFS mount     1     32K      32K 166960K         1        0
  MSDOSFS mount     1     16K      16K 166960K         1        0
           ttys   115    519K     519K 166960K       115        0
           exec     0      0K       1K 166960K       663        0
   fusefs mount     1     32K      32K 166960K         1        0
     pfkey data     0      0K       0K 166960K         5        0
            tdb     3      0K       0K 166960K         3        0
        VM swap     8     62K      64K 166960K        10        0
       UVM amap   263    179K     192K 166960K     18451        0
       UVM aobj    40      6K       6K 166960K        46        0
     pinsyscall    44     88K     108K 166960K      3162        0
        memdesc     1      4K       4K 166960K         1        0
    crypto data     1      1K       1K 166960K         1        0
    ip6_options     0      0K       0K 166960K       105        0
            NDP    13      0K       1K 166960K       101        0
           temp    79   8692K    8828K 166960K     67978        0
         kqueue    15     24K      30K 166960K       326        0
      SYN cache     2     16K      16K 166960K         2        0
ddb{0}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       26    0        0     1     0     1     1     0     8    0
rtpcb      120      225    0      221     3     2     1     3     0     8    0
rtentry    176      225    0      153     5     0     5     5     0     8    0
unpcb      144     1320    0     1298    14     8     6     6     0     8    5
syncache   336        6    0        6     1     1     0     1     0     8    0
tcpcb      808      408    0      404     4     3     1     4     0     8    0
arp        128       42    0       23     1     0     1     1     0     8    0
inpcb      384     1852    0     1845    30    22     8     8     0     8    7
nd6        144       46    0       30     1     0     1     1     0     8    0
pkpcb       40       55    0       55     4     3     1     1     0     8    1
kcovpl      48       15    0        6     1     0     1     1     0     8    0
mppekey    1024       1    0        1     1     1     0     1     0     8    0
ppxss      1192      61    0       59     5     4     1     2     0     8    0
pppxif     1504      18    0       17     4     3     1     2     0     8    0
pfstscr     40        2    0        2     1     1     0     1     0     8    0
pffrag     232        6    0        0     1     0     1     1     0   482    0
pffrnode    88        5    0        0     1     0     1     1     0     8    0
pffrent     40        9    0        3     1     0     1     1     0     8    0
pfosfp      40     1428    0     1005     5     0     5     5     0     8    0
pfosfpen   112     1428    0      714    21     0    21    21     0     8    0
pfrktable  1344       3    0        2     2     1     1     1     0     8    0
pftag       88        2    0        0     1     0     1     1     0     8    0
pfstitem    24      107    0       46     1     0     1     1     0     8    0
pfstkey    128      108    0       47     3     0     3     3     0     8    0
pfstate    384      108    0       47     7     0     7     7     0     8    0
pfrule     1344     155    0       85     7     1     6     6     0     8    0
art_heap8  4096       2    0        0     2     0     2     2     0     8    0
art_heap4  256      836    0      510    29     7    22    26     0     8    1
art_table   32      838    0      510     4     1     3     4     0     8    0
art_node    16      216    0      157     1     0     1     1     0     8    0
sysvmsgpl   40        6    0        5     1     0     1     1     0     8    0
semupl     112        1    0        1     1     1     0     1     0     8    0
semapl     112      121    0      111     1     0     1     1     0     8    0
shmpl      112       43    0        6     2     0     2     2     0     8    0
dirhash    1024      40    0       23     3     0     3     3     0     8    0
dino2pl    256     4923    0     3402    96     0    96    96     0     8    0
ffsino     288     4923    0     3402   109     0   109   109     0     8    0
nchpl      144     7414    0     5695    64     0    64    64     0     8    0
rtmask      32       10    0       10     4     4     0     1     0     8    0
uvmvnodes   80     5926    0        0   121     0   121   121     0     8    0
vnodes     216     5926    0        0   330     0   330   330     0     8    0
namei      1024   26079    0    26078     3     2     1     2     0     8    0
percpumem   16      140    0       91     1     0     1     1     0     8    0
kstatmem   264      146    0      120     4     2     2     3     0     8    0
acpiwqpl    32        1    0        1     1     0     1     1     1     8    1
scsiplug    72        8    0        8     3     2     1     1     0     8    1
scxspl     216    21620    0    21620    12    11     1     8     1     8    1
plimitpl   152      364    0      346     1     0     1     1     0     8    0
sigapl     424     2163    0     2110     8     1     7     7     0     8    0
futexpl     64    24976    0    24969     2     1     1     1     0     8    0
knotepl    120      863    0        0    25     0    25    25     0     8    0
kqueuepl   224      565    0      550     3     1     2     2     0     8    0
pipepl     336      510    0      480    15     9     6     8     0     8    3
fdescpl    520     2138    0     2106     3     0     3     3     0     8    0
filepl     160    14321    0    14084    33    16    17    18     0     8    3
lockfpl    104      682    0      679     1     0     1     1     0     8    0
lockfspl    48      250    0      247     1     0     1     1     0     8    0
sessionpl  144       34    0       25     1     0     1     1     0     8    0
pgrppl      48       75    0       57     1     0     1     1     0     8    0
ucredpl    104     2259    0     2244     1     0     1     1     0     8    0
zombiepl   144     2511    0     2507     2     1     1     1     0     8    0
processpl  1192    2163    0     2110     5     0     5     5     0     8    0
procpl     656     5083    0     5021     6     0     6     6     0     8    0
srpgc       96       19    0       19     4     3     1     1     0     8    1
sosppl     168        6    0        6     4     3     1     1     0     8    1
sockpl     728     3481    0     3448    41    30    11    16     0     8    7
mcl64k     65536      5    0        0     1     0     1     1     0     8    0
mcl16k     16384      5    0        0     1     0     1     1     0     8    0
mcl12k     12288      1    0        0     1     0     1     1     0     8    0
mcl8k      8192       3    0        0     1     0     1     1     0     8    0
mcl4k      4096     113    0        0    15     1    14    15     0     8    0
mcl2k2     2112       1    0        0     1     0     1     1     0     8    0
mcl2k      2048      56    0        0     6     1     5     6     0     8    0
mtagpl      96       27    0        0     1     0     1     1     0     8    0
mbufpl     256     1209    0        0    74     0    74    74     0     8    0
bufpl      280     5825    0      135   407     0   407   407     0     8    0
anonpl      32     8319    0        0    67     0    67    67     0   246    0
amapchunkpl 152   62210    0    61658    44    15    29    30     0   158    4
amappl16   200     4563    0     4527    28    20     8    15     0     8    4
amappl15   192       37    0       36     1     0     1     1     0     8    0
amappl14   184      136    0      123     1     0     1     1     0     8    0
amappl13   176        8    0        8     2     2     0     1     0     8    0
amappl12   168     2906    0     2873     4     1     3     3     0     8    0
amappl11   160       54    0       40     1     0     1     1     0     8    0
amappl10   152       24    0       24     1     1     0     1     0     8    0
amappl9    144      251    0      251     1     1     0     1     0     8    0
amappl8    136       24    0       21     1     0     1     1     0     8    0
amappl7    128      130    0      117     1     0     1     1     0     8    0
amappl6    120      250    0      245     1     0     1     1     0     8    0
amappl5    112      156    0      147     1     0     1     1     0     8    0
amappl4    104      371    0      349     1     0     1     1     0     8    0
amappl3     96    12830    0    12708     4     0     4     4     0     8    0
amappl2     88      771    0      706     2     0     2     2     0     8    0
amappl1     80    16416    0    15786    16     0    16    16     0     8    0
amappl      88    17287    0    17104     5     0     5     5     0    92    0
dma16384   16384      1    0        1     1     0     1     1     0     8    1
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      258    0      258     4     3     1     1     0     8    1
dma64       64        6    0        6     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       19    0       18     1     0     1     1     0     8    0
aobjpl      72       45    0        6     1     0     1     1     0     8    0
uaddrrnd    24     2138    0     2106     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24     2138    0     2106     1     0     1     1     0     8    0
vmmpekpl   168    17914    0    17856     3     0     3     3     0     8    0
vmmpepl    168   136666    0   134606   123    22   101   105     0   357    5
vmsppl     480     2137    0     2106     5     0     5     5     0     8    0
rwobjpl     72    40650    0    33671   128     0   128   128     0     8    0
pdppl      4096    4283    0     4212   119    44    75    87     0     8    4
pvpl        32    16273    0        0   131     0   131   131     0   265    0
pmappl     256     2137    0     2106     3     0     3     3     0     8    0
extentpl    40       45    0       27     1     0     1     1     0     8    0
phpool     112      487    0       71    12     0    12    12     0     8    0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83456f83) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff834045f2,ffffffff8340ac35,3bd,ffffffff8340ac7d) at __assert+0x29 sys/kern/subr_prf.c:-1
refcnt_finalize(ffff80003c4291c0,ffffffff8334ff83) at refcnt_finalize+0x1c8 sys/kern/kern_synch.c:958
pppx_if_destroy(0,ffff80003c4291b8) at pppx_if_destroy+0x3d sys/net/if_pppx.c:806
pppxclose(205b9a,1,2000,ffff80003c446548) at pppxclose+0xa0 sys/net/if_pppx.c:553
spec_close(ffff80003c430e80) at spec_close+0x412 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8074409708,1,fffffd807f7d34e0,ffff80003c446548) at VOP_CLOSE+0x133 sys/kern/vfs_vops.c:156
vn_closefile(fffffd805efa3178,ffff80003c446548) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd805efa3178,ffff80003c446548) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd805efa3178,ffff80003c446548) at fdrop+0x126 sys/kern/kern_descrip.c:1265
closef(fffffd805efa3178,ffff80003c446548) at closef+0x192 sys/kern/kern_descrip.c:1249
fdfree(ffff80003c446548) at fdfree+0x116 sys/kern/kern_descrip.c:1181
exit1(ffff80003c446548,0,0,1) at exit1+0x58f sys/kern/kern_exit.c:214
sys_exit(ffff80003c446548,ffff80003c4311f0,ffff80003c431140) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80003c4311f0) at syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c4311f0) at syscall+0xb08 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7d2aacb9a350, count: -16
ddb{0}> machine ddbcpu 1
Stopped at      x86_ipi_db+0x27:        addq    $0x8,%rsp
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83a009a0) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff83a009a0) at __mp_lock+0x199 sys/kern/kern_lock.c:144
reaper(ffff8000ffffc7b8) at reaper+0x24b sys/kern/kern_exit.c:479
end trace frame: 0x0, count: 10
ddb{1}> trace
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83a009a0) at __mp_lock+0x199 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff83a009a0) at __mp_lock+0x199 sys/kern/kern_lock.c:144
reaper(ffff8000ffffc7b8) at reaper+0x24b sys/kern/kern_exit.c:479
end trace frame: 0x0, count: -5

Crashes (133):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/04/19 06:32 openbsd ebe9080c87a7 552876f8 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/18 09:33 openbsd d8bca26c1181 552876f8 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/04/17 07:50 openbsd 96fb1b485f5f a95239b1 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/15 23:37 openbsd 35b2ae8d3cd2 a95239b1 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/15 18:20 openbsd 2766c3c8c83b 85125322 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/04/15 05:02 openbsd 2d3b308e3c4b 0bd6db41 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/04/14 09:03 openbsd 76a00bd59e53 0bd6db41 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/13 15:07 openbsd fe0564919a5a 0bd6db41 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/13 13:35 openbsd fe0564919a5a 0bd6db41 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/13 10:57 openbsd fe0564919a5a 0bd6db41 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/04/13 02:35 openbsd ade9dbe6546b 0bd6db41 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/11 20:41 openbsd 5990a1963d9d 12ba9c21 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/11 07:36 openbsd 5990a1963d9d 94486846 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/11 00:41 openbsd 5990a1963d9d 94486846 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/10 12:37 openbsd 5990a1963d9d 1ef3ab4d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/10 11:30 openbsd 5990a1963d9d 1ef3ab4d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/09 19:47 openbsd b3131ce4cbd9 47d015b1 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/09 14:51 openbsd b3131ce4cbd9 47d015b1 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/09 13:01 openbsd b3131ce4cbd9 47d015b1 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/04/09 11:42 openbsd b3131ce4cbd9 47d015b1 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/09 02:04 openbsd d4602f96699d b133e63a .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/08 19:15 openbsd f2dcb3709379 a775275d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/08 18:06 openbsd f2dcb3709379 a775275d .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/08 03:50 openbsd 98b93c7c6d47 a2ada0e7 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/07 12:09 openbsd ca8ab885e23f 2f0c9720 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/07 05:07 openbsd c3618c0b45a0 1c65791e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/06 15:52 openbsd c16771e8b440 1c65791e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/05 11:21 openbsd f526d97c66b8 1c65791e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/05 09:17 openbsd f526d97c66b8 1c65791e .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/04 19:26 openbsd f526d97c66b8 c53ea9c9 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/04 17:18 openbsd f526d97c66b8 c53ea9c9 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/04 17:17 openbsd f526d97c66b8 c53ea9c9 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/04/03 21:15 openbsd 8c5bd08c043b d7ae3a11 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/04/03 03:46 openbsd 106a406f22e5 996a9618 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/04/02 18:20 openbsd 351a734b4a2d b0cc4801 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/04/02 10:10 openbsd 351a734b4a2d c799dfdd .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/03/15 19:46 openbsd d50894551f06 e2826670 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/03/14 15:56 openbsd 00df6ea29c1b e2826670 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/03/13 17:20 openbsd dd809e4cd4f7 44be8b44 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/03/13 11:21 openbsd dd809e4cd4f7 44be8b44 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/03/13 08:50 openbsd dd809e4cd4f7 44be8b44 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/03/12 08:49 openbsd c328ddbe3d16 ee70e6db .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/03/12 05:57 openbsd c328ddbe3d16 ee70e6db .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/03/11 20:50 openbsd 2747bf3bb72f f2eee6b3 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/03/11 18:03 openbsd 2747bf3bb72f f2eee6b3 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/02/08 12:25 openbsd 2347e6edcd5e ef44b750 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
* Struck through repros no longer work on HEAD.