Warning: Permanently added '10.128.10.54' (ED25519) to the list of known hosts. 2024/05/15 16:20:18 ignoring optional flag "sandboxArg"="0" 2024/05/15 16:20:18 parsed 1 programs 2024/05/15 16:20:18 executed programs: 0 2024/05/15 16:20:23 executed programs: 72 2024/05/15 16:20:28 executed programs: 135 2024/05/15 16:20:34 executed programs: 192 login: [ 55.9567267] panic: kernel diagnostic assertion "mp->mnt_refcnt > 0 || mutex_owned(&mountlist_lock)" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/vfs_mount.c", line 296 [ 55.9567267] cpu1: Begin traceback... [ 55.9667346] vpanic() at netbsd:vpanic+0x2f0 [ 56.0467083] kern_assert() at netbsd:kern_assert+0x65 [ 56.1167084] vfs_ref() at netbsd:vfs_ref+0xc0 [ 56.1667082] mount_domount() at netbsd:mount_domount+0x7ea [ 56.2267081] do_sys_mount() at netbsd:do_sys_mount+0x288 [ 56.2867082] sys___mount50() at netbsd:sys___mount50+0x5d [ 56.3267368] sys___syscall() at netbsd:sys___syscall+0x1e4 [ 56.3667321] syscall() at netbsd:syscall+0x28b [ 56.3767380] --- syscall (number 410 via SYS_syscall) --- [ 56.3867323] netbsd:syscall+0x28b: [ 56.3867323] cpu1: End traceback... [ 56.3967334] fatal breakpoint trap in supervisor mode [ 56.3967334] trap type 1 code 0 rip 0xffffffff80235475 cs 0x8 rflags 0x246 cr2 0x76a775705148 ilevel 0 rsp 0xffffd10248571c20 [ 56.4067207] curlwp 0xffff89cb77d44140 pid 3269.391 lowest kstack 0xffffd1024856d2c0 Stopped in pid 3269.391 (syz-executor.0) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xec vpanic() at netbsd:vpanic+0x2f0 kern_assert() at netbsd:kern_assert+0x65 vfs_ref() at netbsd:vfs_ref+0xc0 mount_domount() at netbsd:mount_domount+0x7ea do_sys_mount() at netbsd:do_sys_mount+0x288 sys___mount50() at netbsd:sys___mount50+0x5d sys___syscall() at netbsd:sys___syscall+0x1e4 syscall() at netbsd:syscall+0x28b --- syscall (number 410 via SYS_syscall) --- netbsd:syscall+0x28b: Panic string: kernel diagnostic assertion "mp->mnt_refcnt > 0 || mutex_owned(&mountlist_lock)" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/vfs_mount.c", line 296 PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 394 398 3 0 180 ffff89cb77734740 syz-executor.5 parked 394 394 2 1 10000000 ffff89cb73faf4c0 syz-executor.5 4191 4191 3 0 40 ffff89cb76cf52c0 syz-executor.5 mutex 3269 393 3 0 100000 ffff89cb77d449c0 syz-executor.0 mutex 3269 392 2 1 100100 ffff89cb77d44580 syz-executor.0 3269 > 391 7 1 100000 ffff89cb77d44140 syz-executor.0 3269 387 3 0 100000 ffff89cb770334c0 syz-executor.0 mutex 3269 4188 3 0 100000 ffff89cb77033900 syz-executor.0 mutex 3269 3918 3 0 100000 ffff89cb78bb0100 syz-executor.0 mutex 3269 3269 3 0 10000000 ffff89cb77033080 syz-executor.0 lwpwait 4019 389 3 0 100000 ffff89cb73faf080 syz-executor.1 mutex 4019 386 2 1 100100 ffff89cb747f8640 syz-executor.1 4019 384 3 0 180 ffff89cb73921480 syz-executor.1 parked 4019 4040 3 0 180 ffff89cb77715780 syz-executor.1 parked 4019 4158 3 0 180 ffff89cb74757ac0 syz-executor.1 parked 4019 4456 3 0 180 ffff89cb73497bc0 syz-executor.1 parked 4019 3641 3 0 180 ffff89cb74227940 syz-executor.1 parked 4019 4019 2 1 10000140 ffff89cb783c1500 syz-executor.1 3148 390 5 0 100000 ffff89cb78bb0980 syz-executor.3 3148 388 5 0 100000 ffff89cb78bb0540 syz-executor.3 3148 385 5 0 100000 ffff89cb77715bc0 syz-executor.3 3148 4012 5 0 100000 ffff89cb77734b80 syz-executor.3 3148 4181 5 0 100000 ffff89cb7439aa00 syz-executor.3 3148 4279 5 0 100000 ffff89cb739218c0 syz-executor.3 3148 3663 5 0 100000 ffff89cb732c72c0 syz-executor.3 3148 3148 2 1 10000000 ffff89cb783c10c0 syz-executor.3 3759 3759 3 0 40 ffff89cb72e96ac0 syz-executor.0 mutex 4014 4014 2 1 0 ffff89cb77715340 syz-executor.2 2763 2763 3 0 40 ffff89cb742270c0 syz-executor.1 mutex 4273 4273 2 1 140 ffff89cb773968c0 syz-executor.3 3668 4061 2 1 100000 ffff89cb76cf5b40 syz-executor.4 3668 4295 2 1 100100 ffff89cb77396480 syz-executor.4 3668 3668 3 0 10040000 ffff89cb783c1940 syz-executor.4 lwpwait 3667 3667 2 1 140 ffff89cb77396040 syz-executor.4 983 2229 3 0 180 ffff89cb77734300 syz-execprog wait 983 1357 3 1 180 ffff89cb74192100 syz-execprog kqueue 983 1353 3 0 1c0 ffff89cb74192540 syz-execprog parked 983 1279 3 0 180 ffff89cb73faf900 syz-execprog wait 983 449 3 1 180 ffff89cb740ed9c0 syz-execprog parked 983 1240 3 0 180 ffff89cb75738280 syz-execprog wait 983 990 3 0 180 ffff89cb75738b00 syz-execprog wait 983 1242 3 1 180 ffff89cb72e53640 syz-execprog parked 983 1241 3 0 180 ffff89cb74757240 syz-execprog parked 983 1238 3 1 180 ffff89cb757386c0 syz-execprog parked 983 829 3 1 180 ffff89cb747f8200 syz-execprog wait 983 1120 3 1 180 ffff89cb74757680 syz-execprog wait 983 941 3 1 180 ffff89cb731b4b00 syz-execprog parked 983 983 3 1 180 ffff89cb74124600 syz-execprog parked 1226 1226 3 0 180 ffff89cb74124a40 sshd select 1222 1222 3 0 180 ffff89cb732c7700 getty nanoslp 1184 1184 3 0 180 ffff89cb73466740 getty nanoslp 1216 1216 3 1 180 ffff89cb731b46c0 getty nanoslp 1195 1195 3 0 180 ffff89cb731b4280 getty ttyraw 820 820 3 0 180 ffff89cb741241c0 sshd select 955 955 3 0 180 ffff89cb747f8a80 powerd kqueue 698 698 3 1 180 ffff89cb7439a180 syslogd kqueue 745 745 3 1 180 ffff89cb73497340 dhcpcd poll 746 746 3 1 180 ffff89cb740ed140 dhcpcd poll 743 743 3 0 180 ffff89cb740ed580 dhcpcd poll 603 603 3 0 180 ffff89cb73497780 dhcpcd poll 292 292 3 0 180 ffff89cb73466b80 dhcpcd poll 485 485 3 0 180 ffff89cb73466300 dhcpcd poll 291 291 3 0 180 ffff89cb73921040 dhcpcd poll 1 1 3 0 180 ffff89cb6ac8d140 init wait 0 399 3 1 200 ffff89cb74227500 ktrace ktrwait 0 397 5 1 200 ffff89cb76cf5700 (zombie) 0 1132 3 1 200 ffff89cb74192980 poolthread pooljob 0 673 3 0 200 ffff89cb6aaff740 physiod physiod 0 196 3 1 200 ffff89cb72e96680 pooldrain pooldrain 0 195 3 0 200 ffff89cb72e96240 ioflush syncer 0 194 3 0 200 ffff89cb72e53a80 pgdaemon pgdaemon 0 170 3 1 200 ffff89cb72e53200 usb7 usbevt 0 169 3 1 200 ffff89cb6fda6a40 usb6 usbevt 0 168 3 1 200 ffff89cb6fda6600 usb5 usbevt 0 167 3 1 200 ffff89cb6fda61c0 usb4 usbevt 0 166 3 1 200 ffff89cb6cd39a00 usb3 usbevt 0 165 3 1 200 ffff89cb6cd395c0 usb2 usbevt 0 31 3 1 200 ffff89cb6cd39180 usb1 usbevt 0 63 3 1 200 ffff89cb6ac8d9c0 usb0 usbevt 0 126 3 1 200 ffff89cb6aaffb80 usbtask-dr usbtsk 0 125 3 1 200 ffff89cb6abde340 usbtask-hc usbtsk 0 124 3 0 200 ffff89cb69095b00 swwreboot swwreboot 0 123 3 0 200 ffff89cb6ac8d580 npfgc0 npfgcw 0 122 3 1 200 ffff89cb6ac62980 rt_free rt_free 0 121 3 1 200 ffff89cb6ac62540 unpgc unpgc 0 120 3 0 200 ffff89cb6ac62100 key_timehandler key_timehandler 0 119 3 1 200 ffff89cb6ac45940 icmp6_wqinput/1 icmp6_wqinput 0 118 3 0 200 ffff89cb6ac45500 icmp6_wqinput/0 icmp6_wqinput 0 117 3 0 200 ffff89cb6ac450c0 nd6_timer nd6_timer 0 116 3 1 200 ffff89cb6ac40900 carp6_wqinput/1 carp6_wqinput 0 115 3 0 200 ffff89cb6ac404c0 carp6_wqinput/0 carp6_wqinput 0 114 3 1 200 ffff89cb6ac40080 carp_wqinput/1 carp_wqinput 0 113 3 0 200 ffff89cb6ac1b8c0 carp_wqinput/0 carp_wqinput 0 112 3 1 200 ffff89cb6ac1b480 icmp_wqinput/1 icmp_wqinput 0 111 3 0 200 ffff89cb6ac1b040 icmp_wqinput/0 icmp_wqinput 0 110 2 1 200 ffff89cb6abdebc0 rt_timer 0 109 3 0 200 ffff89cb6abde780 vmem_rehash vmem_rehash 0 100 3 0 200 ffff89cb6aaff300 entbutler entropy 0 99 3 0 200 ffff89cb6a53eb40 viomb balloon 0 98 3 1 200 ffff89cb6a53e700 vioif0_txrx/1 vioif0_txrx 0 97 3 0 200 ffff89cb6a53e2c0 vioif0_txrx/0 vioif0_txrx 0 30 3 1 200 ffff89cb690956c0 scsibus0 sccomp 0 29 3 0 200 ffff89cb69095280 pms0 pmsreset 0 28 3 1 200 ffff89cb68fb5ac0 xcall/1 xcall 0 27 1 1 200 ffff89cb68fb5680 softser/1 0 26 1 1 200 ffff89cb68fb5240 softclk/1 0 25 1 1 200 ffff89cb68f98a80 softbio/1 0 24 1 1 200 ffff89cb68f98640 softnet/1 0 23 1 1 201 ffff89cb68f98200 idle/1 0 22 3 1 200 ffff89cc97333a40 lnxsyswq lnxsyswq 0 21 3 0 200 ffff89cc97333600 lnxubdwq lnxubdwq 0 20 3 1 200 ffff89cc973331c0 lnxpwrwq lnxpwrwq 0 19 3 1 200 ffff89cc97342a00 lnxlngwq lnxlngwq 0 18 3 1 200 ffff89cc973425c0 lnxhipwq lnxhipwq 0 17 3 1 200 ffff89cc97342180 lnxrcugc lnxrcugc 0 16 3 0 200 ffff89cc973599c0 sysmon smtaskq 0 15 3 1 200 ffff89cc97359580 pmfsuspend pmfsuspend 0 14 3 1 200 ffff89cc97359140 pmfevent pmfevent 0 13 3 0 200 ffff89cc9736c980 sopendfree sopendfr 0 12 3 0 200 ffff89cc9736c540 ifwdog ifwdog 0 11 3 0 200 ffff89cc9736c100 iflnkst iflnkst 0 10 3 1 200 ffff89cc98397940 nfssilly nfssilly 0 9 3 1 200 ffff89cc98397500 pooldisp pooldisp 0 8 3 1 200 ffff89cc983970c0 modunload mod_unld 0 7 3 0 200 ffff89cc983c2900 xcall/0 xcall 0 6 1 0 200 ffff89cc983c24c0 softser/0 0 5 1 0 200 ffff89cc983c2080 softclk/0 0 4 1 0 200 ffff89cc983ed8c0 softbio/0 0 3 1 0 200 ffff89cc983ed480 softnet/0 0 > 2 1 0 201 ffff89cc983ed040 idle/0 0 0 3 0 240 ffffffff867959c0 swapper mutex [Locks tracked through LWPs] ****** LWP 394.398 (syz-executor.5) @ 0xffff89cb77734740, l_stat=3 *** Locks held: * Lock 0 (initialized at netbsd:fstrans_init+0x20) lock address : netbsd:vfs_suspend_lock type : sleep/adaptive initialized : netbsd:fstrans_init+0x20 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffff89cb77734740 last held: 0xffff89cb77734740 last locked* : netbsd:vfs_suspend+0x27e unlocked : netbsd:dounmount+0x57e owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at netbsd:fstrans_init+0x33) lock address : netbsd:fstrans_lock type : sleep/adaptive initialized : netbsd:fstrans_init+0x33 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 7 relevant cpu : 0 last held: 0 relevant lwp : 0xffff89cb77734740 last held: 0xffff89cb77734740 last locked* : netbsd:fstrans_setstate+0x1d5 unlocked : netbsd:fstrans_done+0x6e6 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 4019.389 (syz-executor.1) @ 0xffff89cb73faf080, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:fork1+0x19f9) lock address : ffff89cb77776a00 type : sleep/adaptive initialized : netbsd:fork1+0x19f9 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 1 relevant lwp : 0xffff89cb73faf080 last held: 0xffff89cb783c1500 last locked* : netbsd:sys_exit+0x6f unlocked : netbsd:match_process+0x60a owner field : 0xffff89cb783c1500 wait/spin: 1/0 Turnstile: => 0 waiting readers: => 2 waiting writers: 0xffff89cb742270c0 0xffff89cb73faf080 ****** LWP 4019.4019 (syz-executor.1) @ 0xffff89cb783c1500, l_stat=2 *** Locks held: * Lock 0 (initialized at netbsd:fork1+0x19f9) lock address : ffff89cb77776a00 type : sleep/adaptive initialized : netbsd:fork1+0x19f9 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 1 last held: 1 relevant lwp : 0xffff89cb783c1500 last held: 0xffff89cb783c1500 last locked* : netbsd:sys_exit+0x6f unlocked : netbsd:match_process+0x60a owner field : 0xffff89cb783c1500 wait/spin: 1/0 Turnstile: => 0 waiting readers: => 2 waiting writers: 0xffff89cb742270c0 0xffff89cb73faf080 *** Locks wanted: none ****** LWP 3148.390 (syz-executor.3) @ 0xffff89cb78bb0980, l_stat=5 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:fstrans_init+0x33) lock address : netbsd:fstrans_lock type : sleep/adaptive initialized : netbsd:fstrans_init+0x33 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 7 relevant cpu : 0 last held: 0 relevant lwp : 0xffff89cb78bb0980 last held: 0xffff89cb77734740 last locked* : netbsd:fstrans_setstate+0x1d5 unlocked : netbsd:fstrans_done+0x6e6 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 3148.388 (syz-executor.3) @ 0xffff89cb78bb0540, l_stat=5 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:fstrans_init+0x33) lock address : netbsd:fstrans_lock type : sleep/adaptive initialized : netbsd:fstrans_init+0x33 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 7 relevant cpu : 0 last held: 0 relevant lwp : 0xffff89cb78bb0540 last held: 0xffff89cb77734740 last locked* : netbsd:fstrans_setstate+0x1d5 unlocked : netbsd:fstrans_done+0x6e6 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 3148.385 (syz-executor.3) @ 0xffff89cb77715bc0, l_stat=5 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:fstrans_init+0x33) lock address : netbsd:fstrans_lock type : sleep/adaptive initialized : netbsd:fstrans_init+0x33 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 7 relevant cpu : 0 last held: 0 relevant lwp : 0xffff89cb77715bc0 last held: 0xffff89cb77734740 last locked* : netbsd:fstrans_setstate+0x1d5 unlocked : netbsd:fstrans_done+0x6e6 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 3148.4012 (syz-executor.3) @ 0xffff89cb77734b80, l_stat=5 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:fstrans_init+0x33) lock address : netbsd:fstrans_lock type : sleep/adaptive initialized : netbsd:fstrans_init+0x33 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 7 relevant cpu : 0 last held: 0 relevant lwp : 0xffff89cb77734b80 last held: 0xffff89cb77734740 last locked* : netbsd:fstrans_setstate+0x1d5 unlocked : netbsd:fstrans_done+0x6e6 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 3148.4181 (syz-executor.3) @ 0xffff89cb7439aa00, l_stat=5 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:fstrans_init+0x33) lock address : netbsd:fstrans_lock type : sleep/adaptive initialized : netbsd:fstrans_init+0x33 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 7 relevant cpu : 0 last held: 0 relevant lwp : 0xffff89cb7439aa00 last held: 0xffff89cb77734740 last locked* : netbsd:fstrans_setstate+0x1d5 unlocked : netbsd:fstrans_done+0x6e6 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LW