syzbot

 sign-in | mailing list | source | docs
🐞 Open [195]
🐞 Fixed [376]
🐞 Invalid [1339]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: rnel diagnostic assertion "lwpcnt >= NUM" failed: file "/syzkaller/managers/ci2-netbsd-kmsan/kernel/sys/kern/kern

Status: closed as dup on 2022/08/07 23:33
Reported-by: syzbot+d4e41fcad09801a1c058@syzkaller.appspotmail.com
First crash: 837d, last: 150d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
assert failed: lwpcnt >= 0 C 16016 150d 2095d

Sample crash report:
[[  87.21ke99226] panic: rnel diagnostic assertion "lwpcnt >= 0" failed: file "/syzkaller/managers/ci2-netbsd-kmsan/kernel/sys/kern/kern_uidinfo.c", line 259 uid=60929 diff=-1 lwpcnt=-1
[  87.2500167] cpu1: Begin traceback...
[  87.2699720] vpanic() at netbsd:vpanic+0xc9d
[  87.3199000] kern_assert() at netbsd:kern_assert+0x228
[  87.3899435] chglwpcnt() at netbsd:chglwpcnt+0x22e sys/kern/kern_uidinfo.c:258
[  87.4599047] lwp_free() at netbsd:lwp_free+0x3e9
[  87.5299045] lwp_wait() at netbsd:lwp_wait+0x1366 sys/kern/kern_lwp.c:592
[  87.5999048] exit_lwps() at netbsd:exit_lwps+0x642 sys/kern/kern_exit.c:651
[  87.6599034] exit1() at netbsd:exit1+0x338 sys/kern/kern_exit.c:210
[  87.7299060] sys_exit() at netbsd:sys_exit+0x1d6
[  87.8099044] syscall() at netbsd:syscall+0x576 sy_invoke sys/sys/syscallvar.h:94 [inline]
[  87.8099044] syscall() at netbsd:syscall+0x576 sys/arch/x86/x86/syscall.c:137
[  87.8199050] --- syscall (number 1) ---
[  87.8499058] netbsd:syscall+0x576:
[  87.8499058] cpu1: End traceback...
[  87.8499058] fatal breakpoint trap in supervisor mode
[  87.8599058] trap type 1 code 0 rip 0xffffffff8023687d cs 0x8 rflags 0x282 cr2 0xffffd280c7afd000 ilevel 0 rsp 0xffffd280c7f87700
[  87.8699051] curlwp 0xffffd280139ccbc0 pid 2745.2986 lowest kstack 0xffffd280c7f802c0
Stopped in pid 2745.2986 (syz-executor.0) at    netbsd:breakpoint+0x5:  leave
?
breakpoint() at netbsd:breakpoint+0x5
vpanic() at netbsd:vpanic+0xc9d
kern_assert() at netbsd:kern_assert+0x228
chglwpcnt() at netbsd:chglwpcnt+0x22e sys/kern/kern_uidinfo.c:258
lwp_free() at netbsd:lwp_free+0x3e9
lwp_wait() at netbsd:lwp_wait+0x1366 sys/kern/kern_lwp.c:592
exit_lwps() at netbsd:exit_lwps+0x642 sys/kern/kern_exit.c:651
exit1() at netbsd:exit1+0x338 sys/kern/kern_exit.c:210
sys_exit() at netbsd:sys_exit+0x1d6
syscall() at netbsd:syscall+0x576 sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x576 sys/arch/x86/x86/syscall.c:137
--- syscall (number 1) ---
netbsd:syscall+0x576:
Panic string: kernel diagnostic assertion "lwpcnt >= 0" failed: file "/syzkaller/managers/ci2-netbsd-kmsan/kernel/sys/kern/kern_uidinfo.c", line 259 uid=60929 diff=-1 lwpcnt=-1
PID     LID S CPU     FLAGS       STRUCT LWP *               NAME WAIT
2745 > 2986 7   1         0   ffffd280139ccbc0     syz-executor.0
2745   1710 5   0    100000   ffffd28013839280     syz-executor.0
2388   1477 8   1    120100   ffffd2801350d9c0     syz-executor.1
2388   2388 3   0  10000000   ffffd28013810240     syz-executor.1 xclow
2254   2254 3   1       180   ffffd2801369ea40     syz-executor.2 parked
2016   2016 2   1         0   ffffd2801350d140     syz-executor.3
2096   2096 2   1         0   ffffd280136095c0     syz-executor.5
2237   2237 2   1         0   ffffd28013810680     syz-executor.4
1234   1234 2   1       140   ffffd280134f3100     syz-executor.1
929     929 2   1       140   ffffd28012c10940     syz-executor.0
1239   1886 5   0    100100   ffffd28013768a80         syz-fuzzer
1239   1279 2   1    100100   ffffd2801369e600         syz-fuzzer
1239   1207 2   1    100100   ffffd2801369e1c0         syz-fuzzer
1239   1226 2   1    100100   ffffd28013609180         syz-fuzzer
1239    991 2   1    100100   ffffd280134f3980         syz-fuzzer
1239   1386 2   1    100100   ffffd280134f3540         syz-fuzzer
1239    830 3   0         0   ffffd28012c10500         syz-fuzzer xclow
1239    449 2   1    100100   ffffd28012bf4900         syz-fuzzer
1239   1131 3   0    100000   ffffd28012bf44c0         syz-fuzzer xclow
1239   1235 2   1    100100   ffffd28012bf4080         syz-fuzzer
1239   1238 2   1    100140   ffffd28012525300         syz-fuzzer
1239   1239 5   0    100100   ffffd2801233b2c0         syz-fuzzer
1244   1244 2   1         0   ffffd2801230f6c0               sshd
1229   1229 3   0       180   ffffd2801230fb00              getty nanoslp
1083   1083 3   1       180   ffffd2801230f280              getty nanoslp
941     941 3   1       180   ffffd28012275ac0              getty nanoslp
1223   1223 3   0       180   ffffd280121d7200              getty ttyraw
1105   1105 3   0       180   ffffd28012b5a8c0               sshd select
1068   1068 3   1       180   ffffd28012b5a480             powerd kqueue
800     800 3   1       180   ffffd28012554bc0            syslogd kqueue
605     605 3   0       180   ffffd28012b5a040             dhcpcd poll
744     744 3   1       180   ffffd28012525b80             dhcpcd poll
748     748 2   1         0   ffffd2801233bb40             dhcpcd
603     603 3   0       180   ffffd28012554780             dhcpcd poll
487     487 3   0       180   ffffd28012554340             dhcpcd poll
292     292 3   0       180   ffffd2801233b700             dhcpcd poll
485     485 2   1         0   ffffd28012525740             dhcpcd
1         1 3   0       180   ffffd28011e53100               init wait
0      2364 5   1       200   ffffd28013768640           (zombie)
0      1864 3   1       200   ffffd280138396c0         poolthread pooljob
0       817 3   1       200   ffffd280121d7640            physiod physiod
0       196 3   1       200   ffffd28012275680          pooldrain pooldrain
0    >  195 7   0       240   ffffd28012275240            ioflush
0       194 3   0       200   ffffd280121d7a80           pgdaemon pgdaemon
0       168 3   1       200   ffffd280121a7a40               usb7 usbevt
0       166 3   0       200   ffffd280121a7600               usb6 usbevt
0       171 3   0       200   ffffd280121a71c0               usb5 usbevt
0       169 3   0       200   ffffd2801211ba00               usb4 usbevt
0       167 3   0       200   ffffd2801211b5c0               usb3 usbevt
0       165 3   0       200   ffffd2801211b180               usb2 usbevt
0        31 3   0       200   ffffd2801206b9c0               usb1 usbevt
0        63 3   0       200   ffffd2801206b580               usb0 usbevt
0       126 3   1       200   ffffd2801206b140         usbtask-dr usbtsk
0       125 3   1       200   ffffd28011e53980         usbtask-hc usbtsk
0       124 3   0       200   ffffd280103d3b00          swwreboot swwreboot
0       123 3   0       200   ffffd28011e53540             npfgc0 npfgcw
0       122 3   1       200   ffffd28011e48940            rt_free rt_free
0       121 3   1       200   ffffd28011e48500              unpgc unpgc
0       120 3   0       200   ffffd28011e480c0    key_timehandler key_timehandler
0       119 3   1       200   ffffd28011e43900    icmp6_wqinput/1 icmp6_wqinput
0       118 3   0       200   ffffd28011e434c0    icmp6_wqinput/0 icmp6_wqinput
0       117 3   0       200   ffffd28011e43080          nd6_timer nd6_timer
0       116 3   1       200   ffffd28011cccbc0    carp6_wqinput/1 carp6_wqinput
0       115 3   0       200   ffffd28011ccc780    carp6_wqinput/0 carp6_wqinput
0       114 3   1       200   ffffd28011ccc340     carp_wqinput/1 carp_wqinput
0       113 3   0       200   ffffd28011cc9b80     carp_wqinput/0 carp_wqinput
0       112 3   1       200   ffffd28011cc9740     icmp_wqinput/1 icmp_wqinput
0       111 3   0       200   ffffd28011ccd8c0     icmp_wqinput/0 icmp_wqinput
0       110 3   0       200   ffffd28011ccd480           rt_timer rt_timer
0       109 3   1       200   ffffd28011ccd040        vmem_rehash vmem_rehash
0       100 3   0       200   ffffd28011cc9300          entbutler entropy
0        99 3   0       200   ffffd280117c0b40              viomb balloon
0        98 3   1       200   ffffd280117c0700      vioif0_txrx/1 vioif0_txrx
0        97 3   0       200   ffffd280117c02c0      vioif0_txrx/0 vioif0_txrx
0        30 3   0       200   ffffd280103d36c0           scsibus0 sccomp
0        29 3   0       200   ffffd280103d3280               pms0 pmsreset
0        28 2   1       200   ffffd280103baac0            xcall/1
0        27 1   1       200   ffffd280103ba680          softser/1
0        26 1   1       200   ffffd280103ba240          softclk/1
0        25 1   1       200   ffffd280103b7a80          softbio/1
0        24 1   1       200   ffffd280103b7640          softnet/1
0        23 1   1       201   ffffd280103b7200             idle/1
0        22 3   1       200   ffffd2800f1d2a40           lnxsyswq lnxsyswq
0        21 3   0       200   ffffd2800f1d2600           lnxubdwq lnxubdwq
0        20 3   0       200   ffffd2800f1d21c0

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/06/24 17:23 netbsd ef911aaccf6f edc5149a .config console log report [disk image] [netbsd.gdb] ci2-netbsd-kmsan panic: rnel diagnostic assertion "lwpcnt >= NUM" failed: file "/syzkaller/managers/ci2-netbsd-kmsan/kernel/sys/kern/kern
2024/05/27 19:07 netbsd 7d8e907f96b4 761766e6 .config console log report [disk image] [netbsd.gdb] ci2-netbsd-kmsan panic: rnel diagnostic assertion "lwpcnt >= NUM" failed: file "/syzkaller/managers/ci2-netbsd-kmsan/kernel/sys/kern/kern
2023/05/10 23:10 netbsd c003556540a3 14b12a99 .config console log report ci2-netbsd-kmsan panic: rnel diagnostic assertion "lwpcnt >= NUM" failed: file "/syzkaller/managers/ci2-netbsd-kmsan/kernel/sys/kern/kern
2022/08/06 23:40 netbsd e43aa3d0a720 88e3a122 .config console log report ci2-netbsd-kmsan panic: rnel diagnostic assertion "lwpcnt >= NUM" failed: file "/syzkaller/managers/ci2-netbsd-kmsan/kernel/sys/kern/kern
* Struck through repros no longer work on HEAD.