assert failed: fp != NULL (2)

assert failed: fp != NULL (2)

Status: upstream: reported C repro on 2020/09/30 13:47
Reported-by: syzbot+c8d2f683449331142b76@syzkaller.appspotmail.com
First crash: 1312d, last: 236d
▶ ▼ Similar bugs (1)
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
netbsd	assert failed: fp != NULL	syz			3	1511d	1511d	0/3	closed as invalid on 2020/06/24 18:36
▶ ▼ Last patch testing requests (10)

Created	Duration	User	Repo	Result
2023/02/09 09:32	9m	retest repro	netbsd	error OK
2023/02/09 09:32	27m	retest repro	netbsd	error OK
2023/02/09 09:32	18m	retest repro	netbsd	error OK
2023/02/09 08:32	26m	retest repro	netbsd	error OK
2023/02/09 08:32	12m	retest repro	netbsd	error OK
2023/02/09 08:32	11m	retest repro	netbsd	error OK
2023/02/09 07:32	35m	retest repro	netbsd	error OK
2023/02/09 07:32	25m	retest repro	netbsd	error OK
2023/02/09 07:32	13m	retest repro	netbsd	error OK
2022/10/04 12:30	21m (2)	retest repro	netbsd	error OK
Sample crash report:
[  94.4613571] panic: kernel diagnostic assertion "fp != NULL" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/uipc_sem.c", line 1079 
[  94.4613571] cpu0: Begin traceback...
[  94.4813217] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:291
[  94.5513215] kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074
[  94.6213212] sys__ksem_destroy() at netbsd:sys__ksem_destroy+0x42e sys/kern/uipc_sem.c:1079
[  94.6713207] sys_syscall() at netbsd:sys_syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline]
[  94.6713207] sys_syscall() at netbsd:sys_syscall+0x1e4 sys/kern/sys_syscall.c:90
[  94.7313203] syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline]
[  94.7313203] syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline]
[  94.7313203] syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138
[  94.7413209] --- syscall (number 255 via SYS_syscall) ---
[  94.7613230] netbsd:syscall+0x2da:
[  94.7613230] cpu0: End traceback...
[  94.7613230] fatal breakpoint trap in supervisor mode
[  94.7735646] trap type 1 code 0 rip 0xffffffff80235375 cs 0x8 rflags 0x246 cr2 0x7a1d60f38ff8 ilevel 0 rsp 0xffffd682480f4e20
[  94.7863901] curlwp 0xfffff87b2a7e7500 pid 6963.7612 lowest kstack 0xffffd682480f02c0
Stopped in pid 6963.7612 (syz-executor2433) at  netbsd:breakpoint+0x5:  leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:291
kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074
sys__ksem_destroy() at netbsd:sys__ksem_destroy+0x42e sys/kern/uipc_sem.c:1079
sys_syscall() at netbsd:sys_syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline]
sys_syscall() at netbsd:sys_syscall+0x1e4 sys/kern/sys_syscall.c:90
syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138
--- syscall (number 255 via SYS_syscall) ---
netbsd:syscall+0x2da:
Panic string: kernel diagnostic assertion "fp != NULL" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/uipc_sem.c", line 1079
PID    LID S CPU     FLAGS       STRUCT LWP *               NAME WAIT
7125  7125 2   1         0   fffff87b28441100   syz-executor2433
7358  6983 2   0         0   fffff87b2a784680   syz-executor2433
7358  7358 2   0  10000000   fffff87b28e5f140   syz-executor2433
6347  7763 3   0       180   fffff87b28549900   syz-executor2433 parked
6347  6347 2   0  10000000   fffff87b28549080   syz-executor2433
6963 >7612 7   0       100   fffff87b2a7e7500   syz-executor2433
6963  7089 2   0       100   fffff87b2a903740   syz-executor2433
6963  6963 2   1  10000000   fffff87b2ac11280   syz-executor2433
7472  6597 2   0         0   fffff87b275132c0   syz-executor2433
7472  7374 2   0       100   fffff87b2b2c8340   syz-executor2433
7472  7472 2   0  10000000   fffff87b2a6962c0   syz-executor2433
1198  1198 2   1       140   fffff87b28f85a00   syz-executor2433
1241  1241 2   1       140   fffff87b28f855c0   syz-executor2433
941    941 2   1       140   fffff87b28441980   syz-executor2433
1120  1120 2   0       140   fffff87b28629600   syz-executor2433
1243  1243 2   0       140   fffff87b28e5f580   syz-executor2433
1224  1224 2   1       140   fffff87b273e4b00   syz-executor2433
1242  1242 3   0       180   fffff87b28629a40   syz-executor2433 nanoslp
1231  1231 3   0       180   fffff87b286291c0               sshd select
1255  1255 3   1       180   fffff87b27077200              getty nanoslp
1216  1216 3   1       180   fffff87b273e46c0              getty nanoslp
1083  1083 3   0       180   fffff87b273e4280              getty nanoslp
1184  1184 3   1       1c0   fffff87b27095ac0              getty ttyraw
951    951 3   1       180   fffff87b28f85180               sshd select
1094  1094 3   0       180   fffff87b28e5f9c0             powerd kqueue
698    698 3   0       180   fffff87b28441540            syslogd kqueue
746    746 3   1       180   fffff87b27bd38c0             dhcpcd poll
742    742 3   1       180   fffff87b27513700             dhcpcd poll
466    466 3   0       180   fffff87b276a1b80             dhcpcd poll
598    598 3   1       180   fffff87b27bd3040             dhcpcd poll
292    292 3   1       180   fffff87b27a0e780             dhcpcd poll
485    485 3   1       180   fffff87b27a0e340             dhcpcd poll
291    291 3   1       180   fffff87b27513b40             dhcpcd poll
1        1 3   1       180   fffff87b1ee53980               init wait
0      673 3   0       200   fffff87b27077640            physiod physiod
0      196 3   1       200   fffff87b27095680          pooldrain pooldrain
0      195 2   0       240   fffff87b27095240            ioflush
0      194 3   0       200   fffff87b27077a80           pgdaemon pgdaemon
0      170 3   0       200   fffff87b24fb7a40               usb7 usbevt
0      169 3   1       200   fffff87b24fb7600               usb6 usbevt
0      168 3   0       200   fffff87b24fb71c0               usb5 usbevt
0      167 3   1       200   fffff87b21f22a00               usb4 usbevt
0      166 3   1       200   fffff87b21f225c0               usb3 usbevt
0      165 3   0       200   fffff87b21f22180               usb2 usbevt
0       31 3   0       200   fffff87b1ff059c0               usb1 usbevt
0       63 3   1       200   fffff87b1ff05580               usb0 usbevt
0      126 3   1       200   fffff87b1ff05140         usbtask-dr usbtsk
0      125 3   1       200   fffff87b1ece0740         usbtask-hc usbtsk
0      124 3   0       200   fffff87b1d2a1b00          swwreboot swwreboot
0      123 3   0       200   fffff87b1ece0b80             npfgc0 npfgcw
0      122 3   1       200   fffff87b1ee53540            rt_free rt_free
0      121 3   1       200   fffff87b1ee53100              unpgc unpgc
0      120 3   0       200   fffff87b1ee46940    key_timehandler key_timehandler
0      119 3   1       200   fffff87b1ee46500    icmp6_wqinput/1 icmp6_wqinput
0      118 3   0       200   fffff87b1ee460c0    icmp6_wqinput/0 icmp6_wqinput
0      117 3   0       200   fffff87b1ee31900          nd6_timer nd6_timer
0      116 3   1       200   fffff87b1ee314c0    carp6_wqinput/1 carp6_wqinput
0      115 3   0       200   fffff87b1ee31080    carp6_wqinput/0 carp6_wqinput
0      114 3   1       200   fffff87b1ee148c0     carp_wqinput/1 carp_wqinput
0      113 3   0       200   fffff87b1ee14480     carp_wqinput/0 carp_wqinput
0      112 3   1       200   fffff87b1ee14040     icmp_wqinput/1 icmp_wqinput
0      111 3   0       200   fffff87b1edd7bc0     icmp_wqinput/0 icmp_wqinput
0      110 3   0       200   fffff87b1edd7340           rt_timer rt_timer
0      109 3   0       200   fffff87b1edd7780        vmem_rehash vmem_rehash
0      100 3   1       200   fffff87b1ece0300          entbutler entropy
0       99 3   1       200   fffff87b1e750b40              viomb balloon
0       98 3   1       200   fffff87b1e750700      vioif0_txrx/1 vioif0_txrx
0       97 3   0       200   fffff87b1e7502c0      vioif0_txrx/0 vioif0_txrx
0       30 3   0       200   fffff87b1d2a16c0           scsibus0 sccomp
0       29 3   1       200   fffff87b1d2a1280               pms0 pmsreset
0       28 3   1       200   fffff87b1d1b4ac0            xcall/1 xcall
0       27 1   1       200   fffff87b1d1b4680          softser/1
0       26 1   1       200   fffff87b1d1b4240          softclk/1
0       25 1   1       200   fffff87b1d187a80          softbio/1
0       24 1   1       200   fffff87b1d187640          softnet/1
0       23 1   1       201   fffff87b1d187200             idle/1
0       22 3   1       200   fffff87c4b52da40           lnxsyswq lnxsyswq
0       21 3   1       200   fffff87c4b52d600           lnxubdwq lnxubdwq
0       20 3   0       200   fffff87c4b52d1c0           lnxpwrwq lnxpwrwq
0       19 3   1       200   fffff87c4b534a00           lnxlngwq lnxlngwq
0       18 3   1       200   fffff87c4b5345c0           lnxhipwq lnxhipwq
0       17 3   1       200   fffff87c4b534180           lnxrcugc lnxrcugc
0       16 3   0       200   fffff87c4b5539c0             sysmon smtaskq
0       15 3   1       200   fffff87c4b553580         pmfsuspend pmfsuspend
0       14 3   0       200   fffff87c4b553140           pmfevent pmfevent
0       13 3   1       200   fffff87c4b55e980         sopendfree sopendfr
0       12 3   0       200   fffff87c4b55e540             ifwdog ifwdog
0       11 3   0       200   fffff87c4b55e100            iflnkst iflnkst
0       10 3   1       200   fffff87c4c593940           nfssilly nfssilly
0        9 3   0       200   fffff87c4c593500             vdrain vdrain
0        8 3   1       200   fffff87c4c5930c0          modunload mod_unld
0        7 3   0       200   fffff87c4c5bc900            xcall/0 xcall
0        6 1   0       200   fffff87c4c5bc4c0          softser/0
0        5 1   0       200   fffff87c4c5bc080          softclk/0
0        4 1   0       200   fffff87c4c5e98c0          softbio/0
0        3 1   0       200   fffff87c4c5e9480          softnet/0
0        2 1   0       201   fffff87c4c5e9040             idle/0
0    >   0 7   1       240   ffffffff8673ee00            swapper
[Locks tracked through LWPs]

****** LWP 7125.7125 (syz-executor2433) @ 0xfffff87b28441100, l_stat=2

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:pmap_ctor+0x6d sys/arch/x86/x86/pmap.c:2860)
lock address : fffff87b27693580
type         : sleep/adaptive
initialized  : netbsd:pmap_ctor+0x6d
shared holds :                  0 exclusive:                  0
shares wanted:                  0 exclusive:                  1
relevant cpu :                  1 last held:                  1
relevant lwp : 0xfffff87b28441100 last held: 000000000000000000
last locked  : netbsd:pmap_extract+0xdb
unlocked*    : netbsd:pmap_extract+0x2c8
owner field  : 0xfffff87b28441100 wait/spin:                0/0
Turnstile: no active turnstile for this lock.

****** LWP 6963.7612 (syz-executor2433) @ 0xfffff87b2a7e7500, l_stat=7

*** Locks held:

* Lock 0 (initialized at netbsd:ksem_create+0x174 sys/kern/uipc_sem.c:474)
lock address : fffff87b2a853960
type         : sleep/adaptive
initialized  : netbsd:ksem_create+0x174
shared holds :                  0 exclusive:                  1
shares wanted:                  0 exclusive:                  0
relevant cpu :                  0 last held:                  0
relevant lwp : 0xfffff87b2a7e7500 last held: 0xfffff87b2a7e7500
last locked* : netbsd:ksem_lookup_pshared_locked+0x10e
unlocked     : netbsd:ksem_release+0x108
owner field  : 0xfffff87b2a7e7500 wait/spin:                0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 6963.7089 (syz-executor2433) @ 0xfffff87b2a903740, l_stat=2

*** Locks held:

* Lock 0 (initialized at netbsd:filedesc_ctor+0xa1 sys/kern/kern_descrip.c:1328)
lock address : fffff87b277fb600
type         : sleep/adaptive
initialized  : netbsd:filedesc_ctor+0xa1
shared holds :                  0 exclusive:                  1
shares wanted:                  0 exclusive:                  0
relevant cpu :                  0 last held:                  0
relevant lwp : 0xfffff87b2a903740 last held: 0xfffff87b2a903740
last locked* : netbsd:fd_close+0x1ac
unlocked     : netbsd:fd_alloc+0x59c
owner field  : 0xfffff87b2a903740 wait/spin:                0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 742.742 (dhcpcd) @ 0xfffff87b27513700, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type         : sleep/adaptive
initialized  : netbsd:module_hook_init+0x1c
shared holds :                  0 exclusive:                  0
shares wanted:                  0 exclusive:                  0
relevant cpu :                  1 last held:                  0
relevant lwp : 0xfffff87b27513700 last held: 000000000000000000
last locked  : 0
unlocked*    : 0
owner field  : 000000000000000000 wait/spin:                0/0
Turnstile: no active turnstile for this lock.

****** LWP 466.466 (dhcpcd) @ 0xfffff87b276a1b80, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type         : sleep/adaptive
initialized  : netbsd:module_hook_init+0x1c
shared holds :                  0 exclusive:                  0
shares wanted:                  0 exclusive:                  0
relevant cpu :                  0 last held:                  0
relevant lwp : 0xfffff87b276a1b80 last held: 000000000000000000
last locked  : 0
unlocked*    : 0
owner field  : 000000000000000000 wait/spin:                0/0
Turnstile: no active turnstile for this lock.

****** LWP 485.485 (dhcpcd) @ 0xfffff87b27a0e340, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type         : sleep/adaptive
initialized  : netbsd:module_hook_init+0x1c
shared holds :                  0 exclusive:                  0
shares wanted:                  0 exclusive:                  0
relevant cpu :                  1 last held:                  0
relevant lwp : 0xfffff87b27a0e340 last held: 000000000000000000
last locked  : 0
unlocked*    : 0
owner field  : 000000000000000000 wait/spin:                0/0
Turnstile: no active turnstile for this lock.

****** LWP 291.291 (dhcpcd) @ 0xfffff87b27513b40, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type         : sleep/adaptive
initialized  : netbsd:module_hook_init+0x1c
shared holds :                  0 exclusive:                  0
shares wanted:                  0 exclusive:                  0
relevant cpu :                  1 last held:                  0
relevant lwp : 0xfffff87b27513b40 last held: 000000000000000000
last locked  : 0
unlocked*    : 0
owner field  : 000000000000000000 wait/spin:                0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.11 (iflnkst) @ 0xfffff87c4b55e100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type         : sleep/adaptive
initialized  : netbsd:module_hook_init+0x1c
shared holds :                  0 exclusive:                  0
shares wanted:                  0 exclusive:                  0
relevant cpu :                  0 last held:                  0
relevant lwp : 0xfffff87c4b55e100 last held: 000000000000000000
last locked  : 0
unlocked*    : 0
owner field  : 000000000000000000 wait/spin:                0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.5 (softclk/0) @ 0xfffff87c4c5bc080, l_stat=1

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type         : sleep/adaptive
initialized  : netbsd:module_hook_init+0x1c
shared holds :                  0 exclusive:                  0
shares wanted:                  0 exclusive:                  0
relevant cpu :                  0 last held:                  0
relevant lwp : 0xfffff87c4c5bc080 last held: 000000000000000000
last locked  : 0
unlocked*    : 0
owner field  : 000000000000000000 wait/spin:                0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.0 (swapper) @ 0xffffffff8673ee00, l_stat=7

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type         : sleep/adaptive
initialized  : netbsd:module_hook_init+0x1c
shared holds :                  0 exclusive:                  0
shares wanted:                  0 exclusive:                  0
relevant cpu :                  1 last held:                  0
relevant lwp : 0xffffffff8673ee00 last held: 000000000000000000
last locked  : 0
unlocked*    : 0
owner field  : 000000000000000000 wait/spin:                0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

******* Locks held on cpu0:

* Lock 0 (initialized at netbsd:kprintf_init+0x72 sys/kern/subr_prf.c:155)
lock address : netbsd:kprintf_mtx
type         : spin
initialized  : netbsd:kprintf_init+0x72
shared holds :                  0 exclusive:                  1
shares wanted:                  0 exclusive:                  0
relevant cpu :                  0 last held:                  0
relevant lwp : 0xfffff87b2a7e7500 last held: 0xfffff87b2a7e7500
last locked* : netbsd:kprintf_lock+0x50
unlocked     : netbsd:kprintf_unlock+0x70
owner field  : 0x0000000000000800 wait/spin:                0/1

              PAGE FLAG   PQ            UOBJECT              UANON
0xffffd68000007180 0045 00000000                0x0                0x0
0xffffd68000007200 0045 00000000                0x0                0x0
0xffffd68000007280 0045 00000000                0x0                0x0
0xffffd68000007300 0045 00000000                0x0                0x0
0xffffd68000007380 0045 00000000                0x0                0x0
0xffffd68000007400 0045 00000000                0x0                0x0
0xffffd68000007480 0045 00000000                0x0                0x0
0xffffd68000007500 0045 00000000                0x0                0x0
0xffffd68000007580 0045 00000000                0x0                0x0
0xffffd68000007600 0045 00000000                0x0                0x0
0xffffd68000007680 0045 00000000                0x0                0x0
0xffffd68000007700 0041 00000000                0x0                0x0
0xffffd68000007780 0041 00000000                0x0                0x0
0xffffd68000007800 0041 00000000                0x0                0x0
0xffffd68000007880 0041 00000000                0x0                0x0
0xffffd68000007900 0045 00000000                0x0                0x0
0xffffd68000007980 0041 00000000                0x0                0x0
0xffffd68000007a00 0041 00000000                0x0                0x0
0xffffd68000007a80 0041 00000000                0x0                0x0
0xffffd68000007b00 0041 00000000                0x0                0x0
0xffffd68000007b80 0041 00000000                0x0                0x0
0xffffd68000007c00 0041 00000000                0x0                0x0
0xffffd68000007c80 0041 00000000                0x0                0x0
0xffffd68000007d00 0041 00000000                0x0                0x0
0xffffd68000007d80 0041 00000000                0x0                0x0
0xffffd68000007e00 0041 00000000                0x0                0x0
0xffffd68000007e80 0041 00000000                0x0                0x0
0xffffd68000007f00 0041 00000000                0x0                0x0
0xffffd68000007f80 0041 00000000                0x0                0x0
0xffffd68000008000 0041 00000000                0x0                0x0
0xffffd68000008080 0041 00000000                0x0                0x0
0xffffd68000008100 0041 00000000                0x0                0x0
0xffffd68000008180 0041 00000000                0x0                0x0
0xffffd68000008200 0041 00000000                0x0                0x0
0xffffd68000008280 0041 00000000                0x0                0x0
0xffffd68000008300 0041 00000000                0x0                0x0
0xffffd68000008380 0041 00000000                0x0                0x0
0xffffd68000008400 0041 00000000                0x0                0x0
0xffffd68000008480 0041 00000000                0x0                0x0
0xffffd68000008500 0041 00000000                0x0                0x0
0xffffd68000008580 0041 00000000                0x0                0x0
0xffffd68000008600 0045 00000000                0x0                0x0
0xffffd68000008680 0041 00000000                0x0                0x0
0xffffd68000008700 0041 00000000                0x0                0x0
0xffffd68000008780 0041 00000000                0x0                0x0
0xffffd68000008800 0045 00000000                0x0                0x0
0xffffd68000008880 0041 00000000                0x0                0x0
0xffffd68000008900 0041 00000000                0x0                0x0
0xffffd68000008980 0041 00000000                0x0                0x0
0xffffd68000008a00 0041 00000000                0x0                0x0
0xffffd68000008a80 0041 00000000                0x0                0x0
0xffffd68000008b00 0041 00000000                0x0                0x0
0xffffd68000008b80 0041 00000000                0x0                0x0
0xffffd68000008c00 0041 00000000                0x0                0x0
0xffffd68000008c80 0041 00000000                0x0                0x0
0xffffd68000008d00 0041 00000000                0x0                0x0
0xffffd68000008d80 0041 00000000                0x0                0x0
0xffffd68000008e00 0041 00000000                0x0                0x0
0xffffd68000008e80 0041 00000000                0x0                0x0
0xffffd68000008f00 0041 00000000                0x0                0x0
0xffffd68000008f80 0041 00000000                0x0                0x0
0xffffd68000009000 0041 00000000                0x0                0x0
0xffffd68000009080 0045 00000000                0x0                0x0
0xffffd68000009100 0041 00000000                0x0                0x0
0xffffd68000009180 0041 00000000                0x0                0x0
0xffffd68000009200 0041 00000000                0x0                0x0
0xffffd68000009280 0041 00000000                0x0                0x0
0xffffd68000009300 0041 00000000                0x0                0x0
0xffffd68000009380 0041 00000000                0x0                0x0
0xffffd68000009400 0041 00000000                0x0                0x0
0xffffd68000009480 0041 00000000                0x0                0x0
0xffffd68000009500 0041 00000000                0x0                0x0
0xffffd68000009580 0041 00000000                0x0                0x0
0xffffd68000009600 0041 00000000                0x0                0x0
0xffffd68000009680 0041 00000000                0x0                0x0
0xffffd68000009700 0041 00000000                0x0                0x0
0xffffd68000009780 0041 00000000                0x0                0x0
0xffffd68000009800 0041 00000000                0x0                0x0
0xffffd68000009880 0041 00000000                0x0                0x0
0xffffd68000009900 0041 00000000                0x0                0x0
0xffffd68000009980 0041 00000000                0x0                0x0
0xffffd68000009a00 0041 00000000                0x0                0x0
0xffffd68000009a80 0041 00000000                0x0                0x0
0xffffd68000009b00 0041 00000000                0x0                0x0
0xffffd68000009b80 0041 00000000                0x0                0x0
0xffffd68000009c00 0041 00000000                0x0                0x0
0xffffd68000009c80 0041 00000000                0x0                0x0
0xffffd68000009d00 0041 00000000                0x0                0x0
0xffffd68000009d80 0041 00000000                0x0                0x0
0xffffd68000009e00 0041 00000000                0x0                0x0
0xffffd68000009e80 0045 00000000                0x0                0x0
0xffffd68000009f00 0041 00000000                0x0                0x0
0xffffd68000009f80 0041 00000000                0x0                0x0
0xffffd6800000a000 0041 00000000                0x0                0x0
0xffffd6800000a080 0041 00000000                0x0                0x0
0xffffd6800000a100 0041 00000000                0x0                0x0
0xffffd6800000a180 0041 00000000                0x0                0x0
0xffffd6800000a200 0041 00000000                0x0                0x0
0xffffd6800000a280 0041 00000000                0x0                0x0
0xffffd6800000a300 0041 00000000                0x0                0x0
0xffffd6800000a380 0041 00000000                0x0                0x0
0xffffd6800000a400 0041 00000000                0x0                0x0
0xffffd6800000a480 0041 00000000                0x0                0x0
0xffffd6800000a500 0041 00000000                0x0                0x0
0xffffd6800000a580 0041 00000000                0x0                0x0
0xffffd6800000a600 0041 00000000                0x0                0x0
0xffffd6800000a680 0041 00000000                0x0                0x0
0xffffd6800000a700 0041 00000000                0x0                0x0
0xffffd6800000a780 0041 00000000                0x0                0x0
0xffffd6800000a800 0041 00000000                0x0                0x0
0xffffd6800000a880 0041 00000000                0x0                0x0
0xffffd6800000a900 0041 00000000                0x0                0x0
0xffffd6800000a980 0041 00000000                0x0                0x0
0xffffd6800000aa00 0041 00000000                0x0                0x0
0xffffd6800000aa80 0041 00000000                0x0                0x0
0xffffd6800000ab00 0041 00000000                0x0                0x0
0xffffd6800000ab80 0041 00000000                0x0                0x0
0xffffd6800000ac00 0041 00000000                0x0                0x0
0xffffd6800000ac80 0041 00000000                0x0                0x0
0xffffd6800000ad00 0041 00000000                0x0                0x0
0xffffd6800000ad80 0041 00000000                0x0                0x0
0xffffd6800000ae00 0041 00000000                0x0                0x0
0xffffd6800000ae80 0041 00000000                0x0                0x0
0xffffd6800000af00 0045 00000000                0x0                0x0
0xffffd6800000af80 0045 00000000                0x0                0x0
0xffffd6800000b000 0041 00000000                0x0                0x0
0xffffd6800000b080 0041 00000000                0x0                0x0
0xffffd6800000b100 0041 00000000                0x0                0x0
0xffffd6800000b180 0045 00000000                0x0                0x0
0xffffd6800000b200 0041 00000000                0x0                0x0
0xffffd6800000b280 0045 00000000                0x0                0x0
0xffffd6800000b300 0045 00000000                0x0                0x0
0xffffd6800000b380 0045 00000000                0x0                0x0
0xffffd6800000b400 0041 00000000                0x0                0x0
0xffffd6800000b480 0041 00000000                0x0                0x0
0xffffd6800000b500 0045 00000000                0x0                0x0
0xffffd6800000b580 0045 00000000                0x0                0x0
0xffffd6800000b600 0045 00000000                0x0                0x0
0xffffd6800000b680 0045 00000000                0x0                0x0
0xffffd6800000b700 0045 00000000                0x0                0x0
0xffffd6800000b780 0045 00000000                0x0                0x0
0xffffd6800000b800 0045 00000000                0x0                0x0
0xffffd6800000b880 0041 00000000                0x0                0x0
0xffffd6800000b900 0045 00000000                0x0                0x0
0xffffd6800000b980 0045 00000000                0x0                0x0
0xffffd6800000ba00 0045 00000000                0x0                0x0
0xffffd6800000ba80 0045 00000000                0x0                0x0
0xffffd6800000bb00 0045 00000000                0x0                0x0
0xffffd6800000bb80 0045 00000000                0x0                0x0
0xffffd6800000bc00 0045 00000000                0x0                0x0
0xffffd6800000bc80 0041 00000000                0x0                0x0
0xffffd6800000bd00 0045 00000000                0x0                0x0
0xffffd6800000bd80 0045 00000000                0x0                0x0
0xffffd6800000be00 0045 00000000                0x0                0x0
0xffffd6800000be80 0045 00000000                0x0                0x0
0xffffd6800000bf00 0045 00000000                0x0                0x0
0xffffd6800000bf80 0045 00000000                0x0                0x0
0xffffd6800000c000 0045 00000000                0x0                0x0
0xffffd6800000c080 0045 00000000                0x0                0x0
0xffffd6800000c100 0045 00000000                0x0                0x0
0xffffd6800000c180 0045 00000000                0x0                0x0
0xffffd6800000c200 0045 00000000                0x0                0x0
0xffffd6800000c280 0045 00000000                0x0                0x0
0xffffd6800000c300 0045 00000000                0x0                0x0
0xffffd6800000c380 0045 00000000                0x0                0x0
0xffffd6800000c400 0045 00000000                0x0                0x0
0xffffd6800000c480 0045 00000000                0x0                0x0
0xffffd6800000c500 0045 00000000                0x0                0x0
0xffffd6800000c580 0045 00000000                0x0                0x0
0xffffd6800000c600 0045 00000000                0x0                0x0
0xffffd6800000c680 0045 00000000                0x0                0x0
0xffffd6800000c700 0041 00000000                0x0                0x0
0xffffd6800000c780 0041 00000000                0x0                0x0
0xffffd6800000c800 0045 00000000                0x0                0x0
0xffffd6800000c880 0045 00000000                0x0                0x0
0xffffd6800000c900 0045 00000000                0x0                0x0
0xffffd6800000c980 0045 00000000                0x0                0x0
0xffffd6800000ca00 0045 00000000                0x0                0x0
0xffffd6800000ca80 0045 00000000                0x0                0x0
0xffffd6800000cb00 0041 00000000                0x0                0x0
0xffffd6800000cb80 0041 00000000                0x0                0x0
0xffffd6800000cc00 0045 00000000                0x0                0x0
0xffffd6800000cc80 0045 00000000                0x0                0x0
0xffffd6800000cd00 0045 00000000                0x0                0x0
0xffffd6800000cd80 0041 00000000                0x0                0x0
0xffffd6800000ce00 0045 00000000                0x0                0x0
0xffffd6800000ce80 0041 00000000                0x0                0x0
0xffffd6800000cf00 0041 00000000                0x0                0x0
0xffffd6800000cf80 0041 00000000                0x0                0x0
0xffffd6800000d000 0041 00000000                0x0                0x0
0xffffd6800000d080 0045 00000000                0x0                0x0
0xffffd6800000d100 0041 00000000                0x0                0x0
0xffffd6800000d180 0041 00000000                0x0                0x0
0xffffd6800000d200 0041 00000000                0x0                0x0
0xffffd6800000d280 0041 00000000                0x0                0x0
0xffffd6800000d300 0045 00000000                0x0                0x0
0xffffd6800000d380 0041 00000000                0x0                0x0
0xffffd6800000d400 0041 00000000                0x0                0x0
0xffffd6800000d480 0045 00000000                0x0                0x0
0xffffd6800000d500 0041 00000000                0x0                0x0
0xffffd6800000d580 0041 00000000                0x0                0x0
0xffffd6800000d600 0041 00000000                0x0                0x0
0xffffd6800000d680 0041 00000000                0x0                0x0
0xffffd6800000d700 0041 00000000                0x0                0x0
0xffffd6800000d780 0045 00000000                0x0                0x0
0xffffd6800000d800 0041 00000000                0x0                0x0
0xffffd6800000d880 0041 00000000                0x0                0x0
0xffffd6800000d900 0041 00000000                0x0                0x0
0xffffd6800000d980 0041 00000000                0x0                0x0
0xffffd6800000da00 0041 00000000                0x0                0x0
0xffffd6800000da80 0045 00000000                0x0                0x0
0xffffd6800000db00 0045 00000000                0x0                0x0
0xffffd6800000db80 0045 00000000                0x0                0x0
0xffffd6800000dc00 0041 00000000                0x0                0x0
0xffffd6800000dc80 0041 00000000                0x0                0x0
0xffffd6800000dd00 0041 00000000                0x0                0x0
0xffffd6800000dd80 0041 00000000                0x0                0x0
0xffffd6800000de00 0041 00000000                0x0                0x0
0xffffd6800000de80 0041 00000000                0x0                0x0
0xffffd6800000df00 0045 00000000                0x0                0x0
0xffffd6800000df80 0045 00000000                0x0                0x0
0xffffd6800000e000 0045 00000000                0x0                0x0
0xffffd6800000e080 0041 00000000                0x0                0x0
0xffffd6800000e100 0041 00000000                0x0                0x0
0xffffd6800000e180 0045 00000000                0x0                0x0
0xffffd6800000e200 0041 00000000                0x0                0x0
0xffffd6800000e280 0041 00000000                0x0                0x0
0xffffd6800000e300 0045 00000000                0x0                0x0
0xffffd6800000e380 0041 00000000                0x0                0x0
0xffffd6800000e400 0045 00000000                0x0                0x0
0xffffd6800000e480 0041 00000000                0x0                0x0
0xffffd6800000e500 0045 00000000                0x0                0x0
0xffffd6800000e580 0041 00000000                0x0                0x0
0xffffd6800000e600 0045 00000000                0x0                0x0
0xffffd6800000e680 0045 00000000                0x0                0x0
0xffffd6800000e700 0041 00000000                0x0                0x0
0xffffd6800000e780 0041 00000000                0x0                0x0
0xffffd6800000e800 0045 00000000                0x0                0x0
0xffffd6800000e880 0045 00000000                0x0                0x0
0xffffd6800000e900 0041 00000000                0x0                0x0
0xffffd6800000e980 0041 00000000                0x0                0x0
0xffffd6800000ea00 0041 00000000                0x0                0x0
0xffffd6800000ea80 0041 00000000                0x0                0x0
0xffffd6800000eb00 0041 00000000                0x0                0x0
0xffffd6800000eb80 0045 00000000                0x0                0x0
0xffffd6800000ec00 0041 00000000                0x0                0x0
0xffffd6800000ec80 0041 00000000                0x0                0x0
0xffffd6800000ed00 0041 00000000                0x0                0x0
0xffffd6800000ed80 0041 00000000                0x0                0x0
0xffffd6800000ee00 0041 00000000                0x0                0x0
0xffffd6800000ee80 0045 00000000                0x0                0x0
0xffffd6800000ef00 0041 00000000                0x0                0x0
0xffffd6800000ef80 0041 00000000                0x0                0x0
0xffffd6800000f000 0041 00000000                0x0                0x0
0xffffd6800000f080 0045 00000000                0x0                0x0
0xffffd6800000f100 0041 00000000                0x0                0x0
0xffffd6800000f180 0041 00000000                0x0                0x0
0xffffd6800000f200 0041 00000000                0x0                0x0
0xffffd6800000f280 0041 00000000                0x0                0x0
0xffffd6800000f300 0041 00000000                0x0                0x0
0xffffd6800000f380 0041 00000000                0x0                0x0
0xffffd6800000f400 0045 00000000                0x0                0x0
0xffffd6800000f480 0041 00000000                0x0                0x0
0xffffd6800000f500 0041 00000000                0x0                0x0
0xffffd6800000f580 0041 00000000                0x0                0x0
0xffffd6800000f600 0041 00000000                0x0                0x0
0xffffd6800000f680 0045 00000000                0x0                0x0
0xffffd6800000f700 0041 00000000                0x0                0x0
0xffffd6800000f780 0041 00000000                0x0                0x0
0xffffd6800000f800 0041 00000000                0x0                0x0
0xffffd6800000f880 0045 00000000                0x0                0x0
0xffffd6800000f900 0041 00000000                0x0                0x0
0xffffd6800000f980 0045 00000000                0x0                0x0
0xffffd6800000fa00 0041 00000000                0x0                0x0
0xffffd6800000fa80 0041 00000000                0x0                0x0
0xffffd6800000fb00 0041 00000000                0x0                0x0
0xffffd6800000fb80 0041 00000000                0x0                0x0
0xffffd6800000fc00 0045 00000000                0x0                0x0
0xffffd6800000fc80 0041 00000000                0x0                0x0
0xffffd6800000fd00 0045 00000000                0x0                0x0
0xffffd6800000fd80 0041 00000000                0x0                0x0
0xffffd6800000fe00 0041 00000000                0x0                0x0
0xffffd6800000fe80 0041 00000000                0x0                0x0
0xffffd6800000ff00 0041 00000000                0x0                0x0
0xffffd6800000ff80 0041 00000000                0x0                0x0
0xffffd68000010000 0041 00000000                0x0                0x0
0xffffd68000010080 0041 00000000                0x0                0x0
0xffffd68000010100 0041 00000000                0x0                0x0
0xffffd68000010180 0045 00000000                0x0                0x0
0xffffd68000010200 0045 00000000                0x0                0x0
0xffffd68000010280 0041 00000000                0x0                0x0
0xffffd68000010300 0041 00000000                0x0                0x0
0xffffd68000010380 0041 00000000                0x0                0x0
0xffffd68000010400 0041 00000000                0x0                0x0
0xffffd68000010480 0045 00000000                0x0                0x0
0xffffd68000010500 0045 00000000                0x0                0x0
0xffffd68000010580 0041 00000000                0x0                0x0
0xffffd68000010600 0041 00000000                0x0                0x0
0xffffd68000010680 0041 00000000                0x0                0x0
0xffffd68000010700 0041 00000000                0x0                0x0
0xffffd68000010780 0041 00000000                0x0                0x0
0xffffd68000010800 0041 00000000                0x0                0x0
0xffffd68000010880 0041 00000000                0x0                0x0
0xffffd68000010900 0041 00000000                0x0                0x0
0xffffd68000010980 0045 00000000                0x0                0x0
0xffffd68000010a00 0045 00000000                0x0                0x0
0xffffd68000010a80 0045 00000000                0x0                0x0
0xffffd68000010b00 0041 00000000                0x0                0x0
0xffffd68000010b80 0041 00000000                0x0                0x0
0xffffd68000010c00 0041 00000000                0x0                0x0
0xffffd68000010c80 0045 00000000                0x0                0x0
0xffffd68000010d00 0041 00000000                0x0                0x0
0xffffd68000010d80 0041 00000000                0x0                0x0
0xffffd68000010e00 0041 00000000
Crashes (16):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Assets (help?)	Manager	Title
2022/11/01 06:36	netbsd	adc7b5ab56de	a1d8560a	.config	console log	report	syz	C	[disk image] [netbsd.gdb]	ci2-netbsd-kubsan	assert failed: fp != NULL
2022/11/01 06:05	netbsd	adc7b5ab56de	a1d8560a	.config	console log	report	syz	C	[disk image] [netbsd.gdb]	ci2-netbsd	assert failed: fp != NULL
2022/06/26 08:15	netbsd	2105c30e6ce6	a371c43c	.config	console log	report	syz	C		ci2-netbsd-kubsan	assert failed: fp != NULL
2020/12/05 01:48	netbsd	653f4d699d41	20366b87	.config	console log	report	syz	C		ci2-netbsd-kmsan
2022/11/01 06:34	netbsd	adc7b5ab56de	a1d8560a	.config	console log	report	syz		[disk image] [netbsd.gdb]	ci2-netbsd-kmsan	assert failed: fp != NULL
2022/06/26 06:55	netbsd	2105c30e6ce6	a371c43c	.config	console log	report	syz			ci2-netbsd	assert failed: fp != NULL
2022/06/26 06:38	netbsd	2105c30e6ce6	a371c43c	.config	console log	report	syz			ci2-netbsd-kmsan	assert failed: fp != NULL
2020/12/05 02:35	netbsd	653f4d699d41	20366b87	.config	console log	report	syz			ci2-netbsd-kubsan
2020/12/05 00:01	netbsd	653f4d699d41	20366b87	.config	console log	report	syz			ci2-netbsd
2023/09/11 08:28	netbsd	23ee83f7c0ae	6654cf89	.config	console log	report			[disk image] [netbsd.gdb]	ci2-netbsd	assert failed: fp != NULL
2023/04/24 20:42	netbsd	fca07fef41df	fdc18293	.config	console log	report			[disk image] [netbsd.gdb]	ci2-netbsd-kmsan	assert failed: fp != NULL
2022/11/01 05:44	netbsd	adc7b5ab56de	a1d8560a	.config	console log	report			[disk image] [netbsd.gdb]	ci2-netbsd	assert failed: fp != NULL
2022/06/26 06:24	netbsd	2105c30e6ce6	a371c43c	.config	console log	report				ci2-netbsd-kmsan	assert failed: fp != NULL
2021/12/27 09:38	netbsd	a49f7bc6382f	e4f103c4	.config	console log	report				ci2-netbsd	assert failed: fp != NULL
2020/12/04 23:39	netbsd	653f4d699d41	20366b87	.config	console log	report				ci2-netbsd
2020/09/30 13:46	netbsd	68ae015e59d1	8516f6d3	.config	console log	report				ci2-netbsd-kmsan
* ~~Struck through~~ repros no longer work on HEAD.