Mon Nov 25 06:47:22 UTC 2019 NetBSD/amd64 (ci2-netbsd-9.c.syzkaller.internal) (console) login: Nov 25 06:47:24 ci2-netbsd-9 getty[560]: /dev/ttyE2: Device not configured Nov 25 06:47:24 ci2-netbsd-9 getty[582]: /dev/ttyE1: Device not configured Nov 25 06:47:24 ci2-netbsd-9 getty[405]: /dev/ttyE3: Device not configured Warning: Permanently added '10.128.1.48' (ECDSA) to the list of known hosts. 2019/11/25 06:47:37 parsed 1 programs 2019/11/25 06:47:37 executed programs: 0 2019/11/25 06:47:43 executed programs: 51 [ 67.3294247] panic: kernel diagnostic assertion "lwp_locked(l, l->l_cpu->ci_schedstate.spc_lwplock)" failed: file "/syzkaller/managers/netbsd/kernel/sys/kern/kern_synch.c", line 910 [ 67.3496557] cpu1: Begin traceback... [ 67.3699065] vpanic() at netbsd:vpanic+0x241 [ 67.4103896] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 67.4508736] setrunnable() at netbsd:setrunnable+0x2d5 [ 67.4812401] lwp_start() at netbsd:lwp_start+0x18b [ 67.5217288] do_lwp_create() at netbsd:do_lwp_create+0x151 [ 67.5622142] sys__lwp_create() at netbsd:sys__lwp_create+0x1fc [ 67.6027025] syscall() at netbsd:syscall+0x526 [ 67.6128266] --- syscall (number 309) --- [ 67.6330643] 75a905a4333a: [ 67.6330643] cpu1: End traceback... [ 67.6330643] fatal breakpoint trap in supervisor mode [ 67.6431824] trap type 1 code 0 rip 0xffffffff8021ccc5 cs 0x8 rflags 0x246 cr2 0x6f8ee2006f60 ilevel 0x8 rsp 0xffffd1816f0b7a90 [ 67.6533053] curlwp 0xffffd1801357aa60 pid 766.1 lowest kstack 0xffffd1816f0b02c0 Stopped in pid 766.1 (syz-executor.1) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xf9 vpanic() at netbsd:vpanic+0x241 _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure setrunnable() at netbsd:setrunnable+0x2d5 lwp_start() at netbsd:lwp_start+0x18b do_lwp_create() at netbsd:do_lwp_create+0x151 sys__lwp_create() at netbsd:sys__lwp_create+0x1fc syscall() at netbsd:syscall+0x526 --- syscall (number 309) --- 75a905a4333a: ds 7aa0 es 200a fs 7a70 gs 7ac0 rdi ffffd1800d92c458 rsi ffffd1801357ad48 rbp ffffd1816f0b7a90 rbx ffffd1816d892000 rdx 2 rcx ffffffff80cee821 db_panic+0xe5 rax 0 r8 4 r9 1ffffffff0553694 r10 ffffffff82a9b4a3 db_onpanic+0x3 r11 8000000000 r12 ffffd1816d8a4000 r13 ffffffff82180b20 __func__.12370+0xce0 r14 ffffd1816f0b7b20 r15 ffffd1816d892058 rip ffffffff8021ccc5 breakpoint+0x5 cs 8 rflags 246 rsp ffffd1816f0b7a90 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 775 1 2 0 0 ffffd18011ee9a00 syz-executor.2 667 1 2 1 0 ffffd18011ee9180 syz-executor.5 766 3 1 1 0 ffffd18012e231c0 syz-executor.1 766 > 1 7 1 0 ffffd1801357aa60 syz-executor.1 780 1 2 1 0 ffffd18012d69bc0 syz-executor.3 631 1 3 1 80 ffffd18012e15a20 syz-executor.5 nanoslp 459 1 2 0 0 ffffd18013b32ae0 syz-executor.1 497 1 2 1 0 ffffd18013b32260 syz-executor.4 45 1 2 0 0 ffffd18013b23ac0 syz-executor.2 568 > 1 7 0 0 ffffd18013b23240 syz-executor.0 590 1 2 1 0 ffffd18013b16660 syz-executor.3 466 10 3 1 80 ffffd18013b23680 syz-execprog parked 466 9 3 0 80 ffffd18013b16aa0 syz-execprog parked 466 8 3 0 80 ffffd18013b16220 syz-execprog parked 466 7 3 0 80 ffffd180120bc2a0 syz-execprog parked 466 6 3 0 80 ffffd1801358a640 syz-execprog kqueue 466 5 3 0 80 ffffd18012ddd980 syz-execprog parked 466 4 2 0 0 ffffd18012ddd540 syz-execprog 466 3 3 1 80 ffffd18012e155e0 syz-execprog parked 466 2 2 1 0 ffffd18012e151a0 syz-execprog 466 1 3 1 80 ffffd18011ee95c0 syz-execprog parked 40 1 3 0 80 ffffd1800f7cb9c0 sshd select 405 1 3 0 80 ffffd18012dfd160 getty nanoslp 560 1 3 1 80 ffffd18012de8120 getty nanoslp 582 1 3 0 80 ffffd18012df39c0 getty nanoslp 575 1 3 0 80 ffffd18012e065c0 getty ttyraw 564 1 3 0 80 ffffd18012d4eba0 cron nanoslp 508 1 3 1 80 ffffd18012d2e740 inetd kqueue 389 1 3 0 80 ffffd18012349b20 sshd select 474 1 3 0 80 ffffd180122f7640 powerd kqueue 323 1 2 0 0 ffffd1801218d320 makemandb 202 1 3 0 80 ffffd18012d69780 syslogd kqueue 278 1 3 0 80 ffffd180122e9620 dhcpcd kqueue 179 1 3 0 80 ffffd180122160a0 dhcpcd kqueue 1 1 3 0 80 ffffd18012013240 init wait 0 58 3 1 204 ffffd18012013ac0 physiod physiod 0 57 3 0 204 ffffd1801205c6a0 pooldrain pooldrain 0 56 3 0 204 ffffd1801205d280 aiodoned aiodoned 0 55 3 1 200 ffffd1801205cae0 ioflush syncer 0 54 3 0 200 ffffd1801205c260 pgdaemon pgdaemon 0 51 3 0 200 ffffd18012013680 npfgc-0 npfgccv 0 50 3 0 204 ffffd18012005aa0 rt_free rt_free 0 49 3 0 204 ffffd18012005660 unpgc unpgc 0 48 3 0 204 ffffd18012005220 key_timehandler key_timehandler 0 47 3 1 204 ffffd18011ffba80 icmp6_wqinput/1 icmp6_wqinput 0 46 3 0 204 ffffd18011ffb640 icmp6_wqinput/0 icmp6_wqinput 0 45 3 0 204 ffffd18011ffb200 nd6_timer nd6_timer 0 44 3 1 204 ffffd18011f12a60 carp6_wqinput/1 carp6_wqinput 0 43 3 0 204 ffffd18011f12620 carp6_wqinput/0 carp6_wqinput 0 42 3 1 204 ffffd18011f121e0 carp_wqinput/1 carp_wqinput 0 41 3 0 204 ffffd18011efea40 carp_wqinput/0 carp_wqinput 0 40 3 1 204 ffffd18011efe600 icmp_wqinput/1 icmp_wqinput 0 39 3 0 204 ffffd18011efe1c0 icmp_wqinput/0 icmp_wqinput 0 38 3 0 204 ffffd18011eeca20 rt_timer rt_timer 0 37 3 1 204 ffffd18011ee85a0 vmem_rehash vmem_rehash 0 27 3 0 204 ffffd1800f7cb580 scsibus0 sccomp 0 26 3 0 200 ffffd1800f7cb140 pms0 pmsreset 0 25 3 1 204 ffffd1800f73d9a0 xcall/1 xcall 0 24 1 1 200 ffffd1800f73d560 softser/1 0 23 1 1 200 ffffd1800f73d120 softclk/1 0 22 1 1 200 ffffd1800f739980 softbio/1 0 21 1 1 200 ffffd1800f739540 softnet/1 0 20 1 1 201 ffffd1800f739100 idle/1 0 19 3 1 204 ffffd1800f66f960 lnxpwrwq lnxpwrwq 0 18 3 1 204 ffffd1800f66f520 lnxlngwq lnxlngwq 0 17 3 1 204 ffffd1800f66f0e0 lnxsyswq lnxsyswq 0 16 3 0 204 ffffd1800de54940 lnxrcugc lnxrcugc 0 15 3 0 204 ffffd1800de54500 sysmon smtaskq 0 14 3 1 204 ffffd1800de540c0 pmfsuspend pmfsuspend 0 13 3 0 204 ffffd1800de45920 pmfevent pmfevent 0 12 3 0 204 ffffd1800de454e0 sopendfree sopendfr 0 11 3 1 204 ffffd1800de450a0 nfssilly nfssilly 0 10 3 1 200 ffffd1800de3a900 cachegc cachegc 0 9 3 0 204 ffffd1800de3a4c0 vdrain vdrain 0 8 3 0 200 ffffd1800de3a080 modunload mod_unld 0 7 3 0 204 ffffd1800de2c8e0 xcall/0 xcall 0 6 1 0 200 ffffd1800de2c4a0 softser/0 0 5 1 0 200 ffffd1800de2c060 softclk/0 0 4 1 0 200 ffffd1800de278c0 softbio/0 0 3 1 0 200 ffffd1800de27480 softnet/0 0 2 1 0 201 ffffd1800de27040 idle/0 0 1 3 1 200 ffffffff82b64320 swapper uvm [Locks tracked through LWPs] Locks held by an LWP (syz-executor.5): Lock 0 (initialized at uvm_obj_init) lock address : 0xffffd1801352c6c0 type : sleep/adaptive initialized : 0xffffffff810e29a3 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffd1801357aa60 last held: 0xffffd18011ee9180 last locked* : 0xffffffff810c6efe unlocked : 0xffffffff810c40bc owner field : 0xffffd18011ee9180 wait/spin: 0/0 Turnstile chain at 0xffffffff82d83ad8 with mutex 0xffffd1800d942880. => No active turnstile for this lock. Locks held by an LWP (syz-executor.1): Lock 0 (initialized at fork1) lock address : 0xffffd1801396a8c0 type : sleep/adaptive initialized : 0xffffffff81136fce shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffd1801357aa60 last held: 0xffffd1801357aa60 last locked* : 0xffffffff8114344f unlocked : 0xffffffff81146b66 owner field : 000000000000000000 wait/spin: 0/0 Turnstile chain at 0xffffffff82d83b18 with mutex 0xffffd1800d942a80. => No active turnstile for this lock. Locks held by an LWP (syz-executor.3): Lock 0 (initialized at amap_alloc) lock address : 0xffffd18013aa1800 type : sleep/adaptive initialized : 0xffffffff810b6351 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffd1801357aa60 last held: 0xffffd18012d69bc0 last locked* : 0xffffffff810c5aa3 unlocked : 0xffffffff810c3a66 owner field : 0xffffd18012d69bc0 wait/spin: 0/0 Turnstile chain at 0xffffffff82d83d00 with mutex 0xffffd1800de1ea00. => No active turnstile for this lock. Locks held by an LWP (syz-executor.2): Lock 0 (initialized at amap_alloc) lock address : 0xffffd18013b26c40 type : sleep/adaptive initialized : 0xffffffff810b6351 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 0 current lwp : 0xffffd1801357aa60 last held: 0xffffd18013b23ac0 last locked* : 0xffffffff810c5aa3 unlocked : 0xffffffff810c3a66 owner field : 0xffffd18013b23ac0 wait/spin: 0/0 Turnstile chain at 0xffffffff82d83b88 with mutex 0xffffd1800d942e00. => No active turnstile for this lock. Locks held by an LWP (syz-executor.0): Lock 0 (initialized at vcache_alloc) lock address : 0xffffd18013b22ca8 type : sleep/adaptive initialized : 0xffffffff8129d49e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffd1801357aa60 last held: 0xffffd18013b23240 last locked* : 0xffffffff812cad75 unlocked : 0xffffffff812cada8 owner/count : 0xffffd18013b23240 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d83b90 with mutex 0xffffd1800d942e40. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffffd18013be3218 type : sleep/adaptive initialized : 0xffffffff8129d49e shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffd1801357aa60 last held: 0xffffd18013b23240 last locked* : 0xffffffff812cad75 unlocked : 0xffffffff812cada8 [ 67.6634259] Skipping crash dump on recursive panic [ 67.6634259] panic: ASan: Unauthorized Access In 0xffffffff811722a0: Addr 0xffffd18013be3218 [8 bytes, read, PoolUseAfterFree] [ 67.6634259] cpu1: Begin traceback... [ 67.6634259] vpanic() at netbsd:vpanic+0x241 [ 67.6634259] snprintf() at netbsd:snprintf [ 67.6634259] kasan_report() at netbsd:kasan_report+0x8f [ 67.6634259] __asan_load8() at netbsd:__asan_load8+0x294 [ 67.6634259] rw_dump() at netbsd:rw_dump+0x20 [ 67.6634259] lockdebug_dump() at netbsd:lockdebug_dump+0x289 [ 67.6634259] lockdebug_show_one() at netbsd:lockdebug_show_one+0xb9 [ 67.6634259] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x12f [ 67.6634259] db_command() at netbsd:db_command+0x2c0 [ 67.6634259] db_command_loop() at netbsd:db_command_loop+0x26c [ 67.6634259] db_trap() at netbsd:db_trap+0x219 [ 67.6634259] kdb_trap() at netbsd:kdb_trap+0x1ce [ 67.6634259] trap() at netbsd:trap+0x61a [ 67.6634259] --- trap (number 1) --- [ 67.6634259] breakpoint() at netbsd:breakpoint+0x5 [ 67.6634259] db_panic() at netbsd:db_panic+0xf9 [ 67.6634259] vpanic() at netbsd:vpanic+0x241 [ 67.6634259] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 67.6634259] setrunnable() at netbsd:setrunnable+0x2d5 [ 67.6634259] lwp_start() at netbsd:lwp_start+0x18b [ 67.6634259] do_lwp_create() at netbsd:do_lwp_create+0x151 [ 67.6634259] sys__lwp_create() at netbsd:sys__lwp_create+0x1fc [ 67.6634259] syscall() at netbsd:syscall+0x526 [ 67.6634259] --- syscall (number 309) --- [ 67.6634259] 75a905a4333a: [ 67.6634259] cpu1: End traceback... [ 67.6634259] fatal breakpoint trap in supervisor mode [ 67.6634259] trap type 1 code 0 rip 0xffffffff8021ccc5 cs 0x8 rflags 0x246 cr2 0x6f8ee2006f60 ilevel 0x8 rsp 0xffffd1816f0b7050 [ 67.6634259] curlwp 0xffffd1801357aa60 pid 766.1 lowest kstack 0xffffd1816f0b02c0 Stopped in pid 766.1 (syz-executor.1) at netbsd:breakpoint+0x5: leave