syzbot

 sign-in | mailing list | source | docs
🐞 Open [115]
🐞 Fixed [290]
🐞 Invalid [885]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

assert "refs != ~NUM" failed in kern_synch.c

Status: upstream: reported on 2025/02/08 12:26
Reported-by: syzbot+bee527c059e64ef8bdec@syzkaller.appspotmail.com
First crash: 175d, last: now

Sample crash report:
panic: kernel diagnostic assertion "refs != ~0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_synch.c", line 951
Stopped at      db_enter+0x25:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
   3293  71961      0  0x10000002        0x1    1  syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83372c99) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff833acf1b,ffffffff833bd15d,3b7,ffffffff833e70b3) at __assert+0x29 sys/kern/subr_prf.c:-1
refcnt_finalize(ffff80002a33f508,ffffffff833691a2) at refcnt_finalize+0x1db sys/kern/kern_synch.c:952
pppx_if_destroy(0,ffff80002a33f500) at pppx_if_destroy+0x3d sys/net/if_pppx.c:794
pppxclose(205b9a,2,2000,ffff80003c482d30) at pppxclose+0xa0 sys/net/if_pppx.c:541
spec_close(ffff80002a3e1220) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8065f2e7d0,2,fffffd80097fb3a8,ffff80003c482d30) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156
vn_closefile(fffffd805d329ca8,ffff80003c482d30) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd805d329ca8,ffff80003c482d30) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd805d329ca8,ffff80003c482d30) at fdrop+0x121 sys/kern/kern_descrip.c:1267
closef(fffffd805d329ca8,ffff80003c482d30) at closef+0x192 sys/kern/kern_descrip.c:1251
fdfree(ffff80003c482d30) at fdfree+0x116 sys/kern/kern_descrip.c:1182
exit1(ffff80003c482d30,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80003c482d30,ffff80002a3e1590,ffff80002a3e14e0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
end trace frame: 0xffff80002a3e1580, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "refs != ~0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_synch.c", line 951
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83372c99) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff833acf1b,ffffffff833bd15d,3b7,ffffffff833e70b3) at __assert+0x29 sys/kern/subr_prf.c:-1
refcnt_finalize(ffff80002a33f508,ffffffff833691a2) at refcnt_finalize+0x1db sys/kern/kern_synch.c:952
pppx_if_destroy(0,ffff80002a33f500) at pppx_if_destroy+0x3d sys/net/if_pppx.c:794
pppxclose(205b9a,2,2000,ffff80003c482d30) at pppxclose+0xa0 sys/net/if_pppx.c:541
spec_close(ffff80002a3e1220) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8065f2e7d0,2,fffffd80097fb3a8,ffff80003c482d30) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156
vn_closefile(fffffd805d329ca8,ffff80003c482d30) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd805d329ca8,ffff80003c482d30) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd805d329ca8,ffff80003c482d30) at fdrop+0x121 sys/kern/kern_descrip.c:1267
closef(fffffd805d329ca8,ffff80003c482d30) at closef+0x192 sys/kern/kern_descrip.c:1251
fdfree(ffff80003c482d30) at fdfree+0x116 sys/kern/kern_descrip.c:1182
exit1(ffff80003c482d30,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80003c482d30,ffff80002a3e1590,ffff80002a3e14e0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a3e1590) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a3e1590) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x771b783877d0, count: -16
ddb{0}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff80002a3e0ff0
rbx               0xffffffff8380eddf    cpu_info_full_primary+0x2ddf
rdx                                0
rcx               0xffff80003c482d30
rax               0xffffffff8380dff0    cpu_info_full_primary+0x1ff0
r8                 0x101010101010101
r9                0x8080808080808080
r10               0x9c98d92f3cceb4f2
r11               0x6793e5472fc126b8
r12               0xffffffff8380ebe0    cpu_info_full_primary+0x2be0
r13                                0
r14                                0
r15                              0x1
rip               0xffffffff82fcb0c5    db_enter+0x25
cs                               0x8
rflags                         0x246
rsp               0xffff80002a3e0fe0
ss                              0x10
db_enter+0x25:  addq    $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=254615 pid=71222 tcnt=0 stat=onproc
    flags process=1008<EXITING,SINGLEEXIT> proc=2000<WEXIT>
    runpri=32, usrpri=86, slppri=32, nice=20
    wchan=0x0, wmesg=, ps_single=0xffff80003c482d30 scnt=-1 ecnt=1
    forw=0xffffffffffffffff, list=0xffff80002a2c0fb0,0xffff80002a2c02c8
    process=0xffff80003c4e5d68 user=0xffff80002a3dc000, vmspace=0xfffffd806c2ea028
    estcpu=36, cpticks=7, pctcpu=0.0, user=0, sys=2, intr=0
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 58392  336687  70075      0  2           0                syz-executor
 51962  197079   2511      0  2           0                syz-executor
 51962  327265   2511      0  3   0x4000080  fsleep        syz-executor
 51962  438189   2511      0  2   0x4000000                syz-executor
 10446  252015  17588      0  2           0                syz-executor
 10446  220968  17588      0  2   0x4000000                syz-executor
 10446   12136  17588      0  2   0x4000000                syz-executor
 81888  150882  85281      0  2           0                syz-executor
 81888  510435  85281      0  3   0x4000080  sbwait        syz-executor
 81888   75575  85281      0  3   0x4000080  fsleep        syz-executor
  3164  450645  54456      0  3        0x80  nanoslp       syz-executor
  3164  424178  54456      0  3   0x4000080  nanoslp       syz-executor
 70075  318061  77712      0  2       0xc82                syz-executor
 29263  215645  77712      0  3        0x82  nanoslp       syz-executor
 30764  362677      1      0  3    0x100083  ttyin         getty
 17588  384171  77712      0  3        0x82  nanoslp       syz-executor
 54456  462007  77712      0  3        0x82  nanoslp       syz-executor
 76636  433092      0      0  3     0x14200  bored         sosplice
  2511  509366  77712      0  3        0x82  nanoslp       syz-executor
 71961    3293  77712      0  7  0x10000003                syz-executor
  4390  376539  77712      0  2       0xc82                syz-executor
 85281  497905  77712      0  2       0xc82                syz-executor
 77712   42896  64069      0  3        0x82  kqread        syz-executor
 64069   50007  93074      0  3    0x10008a  sigsusp       ksh
 93074  238271  33566      0  3        0x98  kqread        sshd-session
 33566  350297  94758      0  3        0x92  kqread        sshd-session
 94758  408918      1      0  3        0x88  kqread        sshd
 87483  256586  38492     74  3   0x1100092  bpf           pflogd
 38492   18884      1      0  3        0x80  sbwait        pflogd
 15071   26749  43554     73  3   0x1100090  kqread        syslogd
 43554   26054      1      0  3    0x100082  sbwait        syslogd
 60490  475024      1      0  3    0x100080  kqread        resolvd
 14930  382866  61161     77  3    0x100092  kqread        dhcpleased
 54795   77055  61161     77  2    0x100012                dhcpleased
 61161  407032      1      0  3        0x80  kqread        dhcpleased
 47091  336412      0      0  3     0x14200  bored         smr
  2955  145651      0      0  2     0x14200                zerothread
 90575  101310      0      0  3     0x14200  aiodoned      aiodoned
 17827  222665      0      0  3     0x14200  syncer        update
 37093  175383      0      0  3     0x14200  cleaner       cleaner
 92344  100451      0      0  3     0x14200  reaper        reaper
  9725  356362      0      0  3     0x14200  pgdaemon      pagedaemon
 90563  294071      0      0  3     0x14200  bored         viomb
 92290  158040      0      0  3  0x40014200  acpi0         acpi0
 28429  496356      0      0  3  0x40014200                idle1
 25723  523449      0      0  3     0x14200  bored         softnet7
 16476  310889      0      0  3     0x14200  bored         softnet6
 87978   85137      0      0  3     0x14200  bored         softnet5
 97964   73848      0      0  3     0x14200  bored         softnet4
 20039  187208      0      0  3     0x14200  bored         softnet3
   458   22418      0      0  3     0x14200  bored         softnet2
 18088  438066      0      0  3     0x14200  bored         softnet1
 15552  418314      0      0  3     0x14200  bored         softnet0
 59517  191637      0      0  3     0x14200  smrbar        systqmp
 88209   70005      0      0  3     0x14200  bored         systq
 18771  445029      0      0  3     0x14200  tmoslp        softclockmp
 97988  125087      0      0  3  0x40014200  tmoslp        softclock
  6232  283094      0      0  3  0x40014200                idle0
     1  455629      0      0  3        0x82  wait          init
     0       0     -1      0  3  0x10010200  scheduler     swapper
ddb{0}> show all locks
Process 81888 (syz-executor) thread 0xffff80002a2c1ca8 (510435)
exclusive rwlock sbufrcv r = 0 (0xffff800001547928)
#0  witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1  rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2  sblock+0xb6 sys/kern/uipc_socket2.c:536
#3  soreceive+0x27d sys/kern/uipc_socket.c:870
#4  recvit+0x40b sys/kern/uipc_syscalls.c:1072
#5  sys_recvmmsg+0x410 sys/kern/uipc_syscalls.c:963
#6  syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6  syscall+0xbd4 sys/arch/amd64/amd64/trap.c:748
#7  Xsyscall+0x128
Process 59517 (systqmp) thread 0xffff8000ffffe000 (191637)
shared rwlock systqmp r = 0 (0xffffffff8380feb8)
#0  witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0  witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1  taskq_thread+0x12a sys/kern/kern_task.c:442
#2  proc_trampoline+0x10
ddb{0}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim
         devbuf 10244  11050K   11746K 166960K     14077        0
            pcb    17     19K      33K 166960K       612        0
         rtable   188     12K      13K 166960K      1027        0
             pf    41     18K      82K 166960K       253        0
         ifaddr    38      6K       8K 166960K       251        0
        ifgroup    64      2K       3K 166960K       282        0
         sysctl     4      1K       9K 166960K        19        0
       counters    74     37K      38K 166960K       300        0
       ioctlops     0      0K       4K 166960K      1949        0
            iov     1      4K      32K 166960K       403        0
          mount     1      1K       1K 166960K         1        0
            log     0      0K       0K 166960K         4        0
         vnodes  1515     95K      96K 166960K      3869        0
      UFS quota     1     32K      32K 166960K         1        0
      UFS mount     5     36K      36K 166960K         5        0
            shm     5     17K      21K 166960K        67        0
         VM map     2      1K       1K 166960K         2        0
            sem    12      0K       1K 166960K       123        0
        dirhash    12      2K       3K 166960K        78        0
           ACPI  1692    195K     286K 166960K     12470        0
      file desc    17     61K     240K 166960K      2773        0
          sigio     0      0K       0K 166960K       161        0
           proc    72    115K     164K 166960K      1275        0
        subproc    72      4K       4K 166960K       216        0
    NFS srvsock     1      0K       0K 166960K         1        0
     NFS daemon     1     16K      16K 166960K         1        0
    ip_moptions     0      0K       0K 166960K       298        0
       in_multi    67      5K       7K 166960K       353        0
    ether_multi     1      0K       0K 166960K        18        0
            mrt     0      0K       0K 166960K        17        0
    ISOFS mount     1     32K      32K 166960K         1        0
  MSDOSFS mount     1     16K      16K 166960K         1        0
           ttys   175    784K     784K 166960K       175        0
           exec     0      0K       1K 166960K       978        0
   fusefs mount     1     32K      32K 166960K         1        0
     pfkey data     0      0K       0K 166960K         4        0
            tdb     3      0K       0K 166960K         3        0
        VM swap     8     62K      64K 166960K        10        0
       UVM amap   246    170K     185K 166960K     26052        0
       UVM aobj    60      2K       3K 166960K        63        0
     pinsyscall    42     84K     104K 166960K      4270        0
        memdesc     1      4K       4K 166960K         1        0
    crypto data     1      1K       1K 166960K         1        0
    ip6_options     0      0K       0K 166960K       134        0
            NDP    16      0K       2K 166960K       134        0
           temp    82   8648K    8904K 166960K    126864        0
         kqueue    14     22K      32K 166960K       464        0
      SYN cache     2      0K      16K 166960K         4        0
ddb{0}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache    128       26    0        0     1     0     1     1     0     8    0
rtpcb      120      416    0      413     5     4     1     3     0     8    0
rtentry    176      383    0      321     5     0     5     5     0     8    0
unpcb      144     1965    0     1944    19    15     4     6     0     8    3
syncache   336       20    0       20     6     5     1     1     0     8    1
tcpqe       32        6    0        6     5     5     0     1     0     8    0
tcpcb      736     1082    0     1074    26    19     7     7     0     8    5
arp        128       46    0       37     1     0     1     1     0     8    0
inpcb      328     3345    0     3334    50    43     7    18     0     8    5
nd6        144       57    0       47     1     0     1     1     0     8    0
pkpcb       40       27    0       26     6     5     1     1     0     8    0
kcovpl      48       24    0       16     1     0     1     1     0     8    0
ppxss      1192      83    0       82     4     3     1     1     0     8    0
pppxif     1504      12    0       11     5     4     1     1     0     8    0
pfstscr     40        2    0        1     1     0     1     1     0     8    0
pffrag     232       18    0        9     1     0     1     1     0   482    0
pffrnode    88       16    0        7     1     0     1     1     0     8    0
pffrent     40       26    0       17     1     0     1     1     0     8    0
pfosfp      40     1428    0     1428     5     5     0     5     0     8    0
pfosfpen   112     1428    0     1428    21    21     0    21     0     8    0
pfrktable  1344       1    0        1     1     1     0     1     0     8    0
pftag       88        1    0        0     1     0     1     1     0     8    0
pfstitem    24      216    0      108     1     0     1     1     0     8    0
pfstkey    128      222    0      114     4     0     4     4     0     8    0
pfstate    384      218    0      111    13     2    11    11     0     8    0
pfrule     1344      32    0       27     2     1     1     2     0     8    0
rttmr      136        5    0        5     4     4     0     1     0     8    0
art_heap8  4096       4    0        1     4     1     3     4     0     8    0
art_heap4  256     1378    0     1021    39    14    25    31     0     8    1
art_table   40     1382    0     1022     5     0     5     5     0     8    0
art_node    32      376    0      321     2     1     1     2     0     8    0
sysvmsgpl   40       14    0       10     1     0     1     1     0     8    0
semupl     112        1    0        1     1     1     0     1     0     8    0
semapl     112      119    0      109     1     0     1     1     0     8    0
shmpl      112       60    0        3     2     0     2     2     0     8    0
dirhash    1024      61    0       44     3     0     3     3     0     8    0
dino2pl    256     6212    0     4676    97     0    97    97     0     8    0
ffsino     296     6212    0     4676   119     0   119   119     0     8    0
nchpl      144     9623    0     7863    66     0    66    66     0     8    0
rtmask      32       23    0       23     5     4     1     1     0     8    1
uvmvnodes   80     5926    0        0   121     0   121   121     0     8    0
vnodes     216     5926    0        0   330     0   330   330     0     8    0
namei      1024   35580    0    35580     6     5     1     3     0     8    1
percpumem   16      165    0      113     1     0     1     1     0     8    0
kstatmem   264      178    0      144     4     1     3     3     0     8    0
acpiwqpl    32        1    0        1     1     0     1     1     1     8    1
scsiplug    72       11    0       11     8     7     1     1     0     8    1
scxspl     216    61692    0    61692    15    13     2     8     1     8    2
plimitpl   152      597    0      580     1     0     1     1     0     8    0
sigapl     424     3012    0     2957     9     1     8     9     0     8    0
knotepl    120      588    0        0    18     0    18    18     0     8    0
kqueuepl   224     1022    0     1011    15    14     1     5     0     8    0
pipepl     344      479    0      452    16    13     3     9     0     8    0
fdescpl    528     2959    0     2928     3     0     3     3     0     8    0
filepl     160    20164    0    19945    37    24    13    19     0     8    2
lockfpl    104     1369    0     1367     6     5     1     2     0     8    0
lockfspl    48      459    0      457     1     0     1     1     0     8    0
sessionpl  144       55    0       46     1     0     1     1     0     8    0
pgrppl      48      113    0       96     1     0     1     1     0     8    0
ucredpl    104     3143    0     3129     1     0     1     1     0     8    0
zombiepl   144     4079    0     4076     1     0     1     1     0     8    0
processpl  1248    3012    0     2957     6     0     6     6     0     8    0
procpl     664     7123    0     7061     8     1     7     8     0     8    0
sosppl     168       14    0       14     5     4     1     1     0     8    1
sockpl     752     5943    0     5906    88    77    11    27     0     8    6
mcl64k     65536     18    0        0     3     0     3     3     0     8    0
mcl16k     16384      9    0        0     2     0     2     2     0     8    0
mcl12k     12288      1    0        0     1     0     1     1     0     8    0
mcl9k      9216       3    0        0     1     0     1     1     0     8    0
mcl8k      8192       9    0        0     2     0     2     2     0     8    0
mcl4k      4096     125    0        0    16     0    16    16     0     8    0
mcl2k2     2112       1    0        0     1     0     1     1     0     8    0
mcl2k      2048      27    0        0     4     0     4     4     0     8    0
mtagpl      96        7    0        0     1     0     1     1     0     8    0
mbufpl     256      377    0        0    21     0    21    21     0     8    0
bufpl      280    25227    0    19084   440     1   439   440     0     8    0
anonpl      32    16024    0        0   130     1   129   129     0   246    0
amapchunkpl 152   90919    0    90342    59    24    35    35     0   158    9
amappl16   200     9984    0     9920    57    36    21    31     0     8    5
amappl15   192        1    0        1     1     1     0     1     0     8    0
amappl14   184      176    0      163     1     0     1     1     0     8    0
amappl13   176       12    0       12     1     1     0     1     0     8    0
amappl12   168     3893    0     3862     4     1     3     3     0     8    0
amappl11   160       52    0       37     1     0     1     1     0     8    0
amappl10   152        6    0        5     1     0     1     1     0     8    0
amappl9    144      252    0      252     1     1     0     1     0     8    0
amappl8    136       26    0       22     1     0     1     1     0     8    0
amappl7    128      177    0      164     1     0     1     1     0     8    0
amappl6    120      349    0      345     1     0     1     1     0     8    0
amappl5    112      190    0      180     1     0     1     1     0     8    0
amappl4    104      383    0      362     1     0     1     1     0     8    0
amappl3     96    17963    0    17852     5     1     4     4     0     8    0
amappl2     88      972    0      910     2     0     2     2     0     8    0
amappl1     80    23045    0    22438    15     0    15    15     0     8    0
amappl      88    24664    0    24493     5     0     5     5     0    92    0
dma32768   32768      1    0        1     1     1     0     1     0     8    0
dma4096    4096       2    0        2     2     2     0     1     0     8    0
dma1024    1024       1    0        0     1     0     1     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma128     128      255    0      255     3     3     0     1     0     8    0
dma64       64        7    0        7     2     1     1     1     0     8    1
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       20    0       19     1     0     1     1     0     8    0
aobjpl      72       62    0        3     2     0     2     2     0     8    0
uaddrrnd    24     2959    0     2928     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24     2959    0     2928     1     0     1     1     0     8    0
vmmpekpl   168    24294    0    24246     3     0     3     3     0     8    0
vmmpepl    168   194473    0   192421   127    16   111   117     0   357    6
vmsppl     488     2958    0     2928     6     1     5     5     0     8    0
rwobjpl     80    57974    0    51005   155     4   151   154     0     8    3
pdppl      4096    5925    0     5856   129    56    73    85     0     8    4
pvpl        32    25925    0        0   211     2   209   209     0   265    0
pmappl     256     2958    0     2928     3     0     3     3     0     8    0
extentpl    40       45    0       27     1     0     1     1     0     8    0
phpool     112      366    0      104     8     0     8     8     0     8    0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83372c99) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff833acf1b,ffffffff833bd15d,3b7,ffffffff833e70b3) at __assert+0x29 sys/kern/subr_prf.c:-1
refcnt_finalize(ffff80002a33f508,ffffffff833691a2) at refcnt_finalize+0x1db sys/kern/kern_synch.c:952
pppx_if_destroy(0,ffff80002a33f500) at pppx_if_destroy+0x3d sys/net/if_pppx.c:794
pppxclose(205b9a,2,2000,ffff80003c482d30) at pppxclose+0xa0 sys/net/if_pppx.c:541
spec_close(ffff80002a3e1220) at spec_close+0x417 sys/kern/spec_vnops.c:-1
VOP_CLOSE(fffffd8065f2e7d0,2,fffffd80097fb3a8,ffff80003c482d30) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156
vn_closefile(fffffd805d329ca8,ffff80003c482d30) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:292 [inline]
vn_closefile(fffffd805d329ca8,ffff80003c482d30) at vn_closefile+0x12b sys/kern/vfs_vnops.c:615
fdrop(fffffd805d329ca8,ffff80003c482d30) at fdrop+0x121 sys/kern/kern_descrip.c:1267
closef(fffffd805d329ca8,ffff80003c482d30) at closef+0x192 sys/kern/kern_descrip.c:1251
fdfree(ffff80003c482d30) at fdfree+0x116 sys/kern/kern_descrip.c:1182
exit1(ffff80003c482d30,0,0,1) at exit1+0x576 sys/kern/kern_exit.c:215
sys_exit(ffff80003c482d30,ffff80002a3e1590,ffff80002a3e14e0) at sys_exit+0x1a sys/kern/kern_exit.c:-1
syscall(ffff80002a3e1590) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80002a3e1590) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:748
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x771b783877d0, count: -16
ddb{0}> machine ddbcpu 1
Stopped at      x86_ipi_db+0x27:        addq    $0x8,%rsp
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c kd_curproc sys/dev/kcov.c:584 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c sys/dev/kcov.c:153
__mp_lock(ffffffff838b0ba8) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:134 [inline]
__mp_lock(ffffffff838b0ba8) at __mp_lock+0x1a3 sys/kern/kern_lock.c:165
ktrsysret(ffff8000ffff22a8,5b,4,ffff80002a3bda70) at ktrsysret+0xde ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline]
ktrsysret(ffff8000ffff22a8,5b,4,ffff80002a3bda70) at ktrsysret+0xde sys/kern/kern_ktrace.c:209
syscall(ffff80002a3bdb20) at syscall+0xa50 mi_syscall_return sys/sys/syscall_mi.h:204 [inline]
syscall(ffff80002a3bdb20) at syscall+0xa50 sys/arch/amd64/amd64/trap.c:769
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7ee06028ae00, count: 7
ddb{1}> trace
x86_ipi_db(ffff8000299edff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c kd_curproc sys/dev/kcov.c:584 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x2c sys/dev/kcov.c:153
__mp_lock(ffffffff838b0ba8) at __mp_lock+0x1a3 __mp_lock_spin sys/kern/kern_lock.c:134 [inline]
__mp_lock(ffffffff838b0ba8) at __mp_lock+0x1a3 sys/kern/kern_lock.c:165
ktrsysret(ffff8000ffff22a8,5b,4,ffff80002a3bda70) at ktrsysret+0xde ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline]
ktrsysret(ffff8000ffff22a8,5b,4,ffff80002a3bda70) at ktrsysret+0xde sys/kern/kern_ktrace.c:209
syscall(ffff80002a3bdb20) at syscall+0xa50 mi_syscall_return sys/sys/syscall_mi.h:204 [inline]
syscall(ffff80002a3bdb20) at syscall+0xa50 sys/arch/amd64/amd64/trap.c:769
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7ee06028ae00, count: -8

Crashes (323):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/02 17:54 openbsd d2170a9a220c 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/08/02 16:28 openbsd abd775332ea5 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/08/02 00:14 openbsd 8693ef6a6ffe 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/08/01 20:21 openbsd 8693ef6a6ffe 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/08/01 16:06 openbsd 8693ef6a6ffe 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/08/01 12:55 openbsd 3b565b651350 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/31 20:38 openbsd 788294299689 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/31 18:21 openbsd 788294299689 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/30 20:54 openbsd e727a61a1a01 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/30 15:05 openbsd 8eeaa0a347fe 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/30 09:43 openbsd 8eeaa0a347fe 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/29 22:19 openbsd b403f214b97b 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/29 18:03 openbsd b403f214b97b 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/29 11:07 openbsd fff03f7679b7 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/28 13:33 openbsd 9a7e4271aee8 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/27 20:13 openbsd 7b0d12c26b01 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/27 14:50 openbsd 7b0d12c26b01 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/26 00:58 openbsd c5645c128364 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/25 15:31 openbsd 55a498f41818 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/25 12:49 openbsd 55a498f41818 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/25 02:41 openbsd 24bd93804efe 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/24 02:41 openbsd 484d3a4d3e0d 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/23 18:17 openbsd ceb7068b172a 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/23 16:44 openbsd ceb7068b172a 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/23 00:06 openbsd 7a953c5f736e 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/22 16:26 openbsd 96ef5c3d9d86 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/22 11:00 openbsd 96ef5c3d9d86 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/21 17:18 openbsd df9e633562d5 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/20 05:43 openbsd 33fc78536c1f 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/19 21:42 openbsd 0e7ce4eb8da0 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/19 09:24 openbsd a137aca31385 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/19 01:24 openbsd 3b798ac8b890 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/18 15:09 openbsd 3b798ac8b890 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/17 22:25 openbsd c54b87435855 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/17 20:44 openbsd c54b87435855 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/17 09:12 openbsd 9ce74a582983 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/16 17:39 openbsd 054bb2fd459c 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/16 09:36 openbsd 054bb2fd459c 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/16 00:28 openbsd 86f69b9e7bb3 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/15 22:30 openbsd 86f69b9e7bb3 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/15 15:15 openbsd feb5a82c5bff 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/07/14 05:14 openbsd 40f26cfbae82 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/12 22:44 openbsd 2fd78fb00a47 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/12 20:42 openbsd 2fd78fb00a47 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
2025/07/12 19:30 openbsd 2fd78fb00a47 3cda49cf .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "refs != ~NUM" failed in kern_synch.c
2025/02/08 12:25 openbsd 2347e6edcd5e ef44b750 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main assert "refs != ~NUM" failed in kern_synch.c
* Struck through repros no longer work on HEAD.