Jan 21 07:19:19 ci2-netbsd-kubsan-0 getty[1092]: /dev/ttyE2: Device not configured NetBSD/amd64 (ci2-netbsd-kubsan-0.c.syzkaller.internal) (constty) Warning: Permanently added '10.128.0.251' (ECDSA) to the list of known hosts. 2022/01/21 07:19:29 parsed 1 programs login: [ 35.3057254] kqueue_register: syz-execprog[1056]: event type 0 not supported for file type 5/(null) (error 45) [ 35.3182724] kqueue_register: syz-execprog[1056]: event type 0 not supported for file type 5/(null) (error 45) 2022/01/21 07:19:29 executed programs: 0 2022/01/21 07:19:34 executed programs: 51 2022/01/21 07:19:40 executed programs: 96 2022/01/21 07:19:45 executed programs: 143 [ 55.1255563] panic: kernel diagnostic assertion "searchdir != foundobj" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/vfs_lookup.c", line 943 same vn 0xfffff73fcc63c380 [ 55.1355444] cpu1: Begin traceback... [ 55.1555468] vpanic() at netbsd:vpanic+0x2d0 [ 55.2155469] kern_assert() at netbsd:kern_assert+0x65 [ 55.2655457] lookup_crossmount() at netbsd:lookup_crossmount+0x42c [ 55.3055471] namei_tryemulroot() at netbsd:namei_tryemulroot+0x2c5e [ 55.3455475] namei() at netbsd:namei+0x2e [ 55.3855446] vn_open() at netbsd:vn_open+0x252 [ 55.4255468] do_open() at netbsd:do_open+0x1a3 [ 55.4655514] do_sys_openat() at netbsd:do_sys_openat+0xcb [ 55.5155480] sys_openat() at netbsd:sys_openat+0x5e [ 55.5555455] sys___syscall() at netbsd:sys___syscall+0x1cf [ 55.5955463] syscall() at netbsd:syscall+0x2da [ 55.6055435] --- syscall (number 198) --- [ 55.6155453] netbsd:syscall+0x2da: [ 55.6255461] cpu1: End traceback... [ 55.6255461] fatal breakpoint trap in supervisor mode [ 55.6255461] trap type 1 code 0 rip 0xffffffff80221a95 cs 0x8 rflags 0x246 cr2 0x7a8b67bfb020 ilevel 0 rsp 0xffffd380c8172990 [ 55.6455462] curlwp 0xfffff73fca820340 pid 2238.2431 lowest kstack 0xffffd380c816e2c0 Stopped in pid 2238.2431 (syz-executor.3) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xec vpanic() at netbsd:vpanic+0x2d0 kern_assert() at netbsd:kern_assert+0x65 lookup_crossmount() at netbsd:lookup_crossmount+0x42c namei_tryemulroot() at netbsd:namei_tryemulroot+0x2c5e namei() at netbsd:namei+0x2e vn_open() at netbsd:vn_open+0x252 do_open() at netbsd:do_open+0x1a3 do_sys_openat() at netbsd:do_sys_openat+0xcb sys_openat() at netbsd:sys_openat+0x5e sys___syscall() at netbsd:sys___syscall+0x1cf syscall() at netbsd:syscall+0x2da --- syscall (number 198) --- netbsd:syscall+0x2da: Panic string: kernel diagnostic assertion "searchdir != foundobj" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/vfs_lookup.c", line 943 same vn 0xfffff73fcc63c380 PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 2138 2374 2 0 100 fffff73fcd2e86c0 syz-executor.4 2138 2138 2 0 10000000 fffff73fca237040 syz-executor.4 2535 2535 3 0 0 fffff73fcc535680 syz-executor.2 biolock 2238 2381 3 0 180 fffff73fc9b41b80 syz-executor.3 parked 2238 >2431 7 1 100 fffff73fca820340 syz-executor.3 2238 2238 2 1 10000000 fffff73fcd2e8b00 syz-executor.3 1704 1704 2 0 140 fffff73fcb763a00 syz-executor.4 1475 1475 2 1 140 fffff73fcc535ac0 syz-executor.3 1056 1079 3 0 180 fffff73fcb0e10c0 syz-execprog parked 1056 1084 2 0 140 fffff73fcacd6540 syz-execprog 1056 1080 2 0 100 fffff73fcacd6100 syz-execprog 1056 1072 3 1 180 fffff73fca820bc0 syz-execprog parked 1056 1077 2 0 140 fffff73fcb5769c0 syz-execprog 1056 1075 3 0 180 fffff73fcb0e1940 syz-execprog parked 1056 1068 2 1 40 fffff73fc907dac0 syz-execprog 1056 1071 2 0 140 fffff73fcacd6980 syz-execprog 1056 1056 3 1 180 fffff73fcb576580 syz-execprog parked 1067 1067 3 0 180 fffff73fcb576140 sshd select 853 853 3 0 180 fffff73fca2874c0 getty nanoslp 1092 1092 3 0 180 fffff73fc0ddd300 getty nanoslp 698 698 3 0 180 fffff73fc9402280 getty nanoslp 1093 1093 3 0 1c0 fffff73fc94026c0 getty ttyraw 948 948 3 1 180 fffff73fcb0e1500 sshd select 979 979 3 1 180 fffff73fca287900 powerd kqueue 867 867 3 0 180 fffff73fc8fef640 syslogd kqueue 596 596 3 1 180 fffff73fca2378c0 dhcpcd poll 593 593 3 1 180 fffff73fca820780 dhcpcd poll 591 591 3 0 180 fffff73fc950eb40 dhcpcd poll 430 430 3 0 180 fffff73fc9402b00 dhcpcd poll 350 350 3 0 180 fffff73fc9b41740 dhcpcd poll 349 349 3 0 180 fffff73fc9b41300 dhcpcd poll 348 348 3 0 180 fffff73fc950e700 dhcpcd poll 1 1 3 0 180 fffff73fc0dfe980 init wait 0 848 3 0 200 fffff73fc8fefa80 physiod physiod 0 194 3 1 200 fffff73fc907d680 pooldrain pooldrain 0 193 2 0 240 fffff73fc0ddd740 ioflush 0 192 3 0 200 fffff73fc907d240 pgdaemon pgdaemon 0 166 3 1 200 fffff73fc8fef200 usb7 usbevt 0 165 3 1 200 fffff73fc5f92a40 usb6 usbevt 0 164 3 1 200 fffff73fc5f92600 usb5 usbevt 0 163 3 1 200 fffff73fc5f921c0 usb4 usbevt 0 31 3 1 200 fffff73fc2f3da00 usb3 usbevt 0 63 3 1 200 fffff73fc2f3d5c0 usb2 usbevt 0 126 3 1 200 fffff73fc2f3d180 usb1 usbevt 0 125 3 1 200 fffff73fc1f019c0 usb0 usbevt 0 124 3 1 200 fffff73fc1f01580 usbtask-dr usbtsk 0 123 3 1 200 fffff73fc1f01140 usbtask-hc usbtsk 0 122 3 0 200 fffff73fc073d6c0 npfgc0 npfgcw 0 121 3 1 200 fffff73fc0dfe540 rt_free rt_free 0 120 3 1 200 fffff73fc0dfe100 unpgc unpgc 0 119 3 0 200 fffff73fc0e59940 key_timehandler key_timehandler 0 118 3 1 200 fffff73fc0e59500 icmp6_wqinput/1 icmp6_wqinput 0 117 3 0 200 fffff73fc0e590c0 icmp6_wqinput/0 icmp6_wqinput 0 116 3 0 200 fffff73fc0e34900 nd6_timer nd6_timer 0 115 3 1 200 fffff73fc0e344c0 carp6_wqinput/1 carp6_wqinput 0 114 3 0 200 fffff73fc0e34080 carp6_wqinput/0 carp6_wqinput 0 113 3 1 200 fffff73fc0e0f8c0 carp_wqinput/1 carp_wqinput 0 112 3 0 200 fffff73fc0e0f480 carp_wqinput/0 carp_wqinput 0 111 3 1 200 fffff73fc0e0f040 icmp_wqinput/1 icmp_wqinput 0 110 3 0 200 fffff73fc0df2bc0 icmp_wqinput/0 icmp_wqinput 0 109 3 0 200 fffff73fc0df2780 rt_timer rt_timer 0 108 3 0 200 fffff73fc0df2340 vmem_rehash vmem_rehash 0 107 3 0 200 fffff73fc0dddb80 entbutler entropy 0 98 3 1 200 fffff73fc0772700 viomb balloon 0 97 3 1 200 fffff73fc07722c0 vioif0_txrx/1 vioif0_txrx 0 96 3 0 200 fffff73fc073db00 vioif0_txrx/0 vioif0_txrx 0 29 3 1 200 fffff73fc073d280 scsibus0 sccomp 0 28 3 0 200 fffff73fbf1cbac0 pms0 pmsreset 0 27 3 1 200 fffff73fbf1cb680 xcall/1 xcall 0 26 1 1 200 fffff73fbf1cb240 softser/1 0 25 1 1 200 fffff73fbf19ea80 softclk/1 0 24 1 1 200 fffff73fbf19e640 softbio/1 0 23 1 1 200 fffff73fbf19e200 softnet/1 0 22 1 1 201 fffff740ee13ba40 idle/1 0 21 3 1 200 fffff740ee13b600 lnxsyswq lnxsyswq 0 20 3 0 200 fffff740ee13b1c0 lnxubdwq lnxubdwq 0 19 3 1 200 fffff740ee140a00 lnxpwrwq lnxpwrwq 0 18 3 1 200 fffff740ee1405c0 lnxlngwq lnxlngwq 0 17 3 1 200 fffff740ee140180 lnxhipwq lnxhipwq 0 16 3 0 200 fffff740ee1619c0 lnxrcugc lnxrcugc 0 15 3 0 200 fffff740ee161580 sysmon smtaskq 0 14 3 1 200 fffff740ee161140 pmfsuspend pmfsuspend 0 13 3 0 200 fffff740ee16a980 pmfevent pmfevent 0 12 3 0 200 fffff740ee16a540 sopendfree sopendfr 0 11 3 1 200 fffff740ee16a100 iflnkst iflnkst 0 10 3 1 200 fffff740ef19b940 nfssilly nfssilly 0 9 3 1 200 fffff740ef19b500 vdrain vdrain 0 8 3 0 200 fffff740ef19b0c0 modunload mod_unld 0 7 3 0 200 fffff740ef1c6900 xcall/0 xcall 0 6 1 0 200 fffff740ef1c64c0 softser/0 0 5 1 0 200 fffff740ef1c6080 softclk/0 0 4 1 0 200 fffff740ef1f38c0 softbio/0 0 3 1 0 200 fffff740ef1f3480 softnet/0 0 2 1 0 201 fffff740ef1f3040 idle/0 0 > 0 7 0 240 ffffffff8657ed80 swapper [Locks tracked through LWPs] ****** LWP 2138.2374 (syz-executor.4) @ 0xfffff73fcd2e86c0, l_stat=2 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xfffff73fccbec980 type : sleep/adaptive initialized : 0xffffffff83a2afa0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xfffff73fcd2e86c0 last held: 0xfffff73fcd2e86c0 last locked* : 0xffffffff83a88a00 unlocked : 000000000000000000 owner/count : 0xfffff73fcd2e86c0 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 2138.2138 (syz-executor.4) @ 0xfffff73fca237040, l_stat=2 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at sched_cpuattach) lock address : 0xfffff740ef674100 type : spin initialized : 0xffffffff8379c529 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 0 relevant lwp : 0xfffff73fca237040 last held: 000000000000000000 last locked : 0xffffffff837762b9 unlocked*: 0xffffffff838edcde owner field : 0x0000000000000700 wait/spin: 0/1 ****** LWP 2535.2535 (syz-executor.2) @ 0xfffff73fcc535680, l_stat=3 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xfffff73fccbec200 type : sleep/adaptive initialized : 0xffffffff83a2afa0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 1 relevant lwp : 0xfffff73fcc535680 last held: 0xfffff73fcc535680 last locked* : 0xffffffff83a88a00 unlocked : 0xffffffff83a88b84 owner/count : 0xfffff73fcc535680 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at vcache_alloc) lock address : 0xfffff73fccbec700 type : sleep/adaptive initialized : 0xffffffff83a2afa0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 1 relevant lwp : 0xfffff73fcc535680 last held: 0xfffff73fcc535680 last locked* : 0xffffffff83a88a00 unlocked : 000000000000000000 owner/count : 0xfffff73fcc535680 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 1056.1068 (syz-execprog) @ 0xfffff73fc907dac0, l_stat=2 *** Locks held: * Lock 0 (initialized at vcache_alloc) lock address : 0xfffff73fcbcb12c0 type : sleep/adaptive initialized : 0xffffffff83a2afa0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xfffff73fc907dac0 last held: 0xfffff73fc907dac0 last locked* : 0xffffffff83a88a00 unlocked : 0xffffffff83a88b84 owner/count : 0xfffff73fc907dac0 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at vcache_alloc) lock address : 0xfffff73fccbec480 type : sleep/adaptive initialized : 0xffffffff83a2afa0 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: