[[ 87.21ke99226] panic: rnel diagnostic assertion "lwpcnt >= 0" failed: file "/syzkaller/managers/ci2-netbsd-kmsan/kernel/sys/kern/kern_uidinfo.c", line 259 uid=60929 diff=-1 lwpcnt=-1 [ 87.2500167] cpu1: Begin traceback... [ 87.2699720] vpanic() at netbsd:vpanic+0xc9d [ 87.3199000] kern_assert() at netbsd:kern_assert+0x228 [ 87.3899435] chglwpcnt() at netbsd:chglwpcnt+0x22e sys/kern/kern_uidinfo.c:258 [ 87.4599047] lwp_free() at netbsd:lwp_free+0x3e9 [ 87.5299045] lwp_wait() at netbsd:lwp_wait+0x1366 sys/kern/kern_lwp.c:592 [ 87.5999048] exit_lwps() at netbsd:exit_lwps+0x642 sys/kern/kern_exit.c:651 [ 87.6599034] exit1() at netbsd:exit1+0x338 sys/kern/kern_exit.c:210 [ 87.7299060] sys_exit() at netbsd:sys_exit+0x1d6 [ 87.8099044] syscall() at netbsd:syscall+0x576 sy_invoke sys/sys/syscallvar.h:94 [inline] [ 87.8099044] syscall() at netbsd:syscall+0x576 sys/arch/x86/x86/syscall.c:137 [ 87.8199050] --- syscall (number 1) --- [ 87.8499058] netbsd:syscall+0x576: [ 87.8499058] cpu1: End traceback... [ 87.8499058] fatal breakpoint trap in supervisor mode [ 87.8599058] trap type 1 code 0 rip 0xffffffff8023687d cs 0x8 rflags 0x282 cr2 0xffffd280c7afd000 ilevel 0 rsp 0xffffd280c7f87700 [ 87.8699051] curlwp 0xffffd280139ccbc0 pid 2745.2986 lowest kstack 0xffffd280c7f802c0 Stopped in pid 2745.2986 (syz-executor.0) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 vpanic() at netbsd:vpanic+0xc9d kern_assert() at netbsd:kern_assert+0x228 chglwpcnt() at netbsd:chglwpcnt+0x22e sys/kern/kern_uidinfo.c:258 lwp_free() at netbsd:lwp_free+0x3e9 lwp_wait() at netbsd:lwp_wait+0x1366 sys/kern/kern_lwp.c:592 exit_lwps() at netbsd:exit_lwps+0x642 sys/kern/kern_exit.c:651 exit1() at netbsd:exit1+0x338 sys/kern/kern_exit.c:210 sys_exit() at netbsd:sys_exit+0x1d6 syscall() at netbsd:syscall+0x576 sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x576 sys/arch/x86/x86/syscall.c:137 --- syscall (number 1) --- netbsd:syscall+0x576: Panic string: kernel diagnostic assertion "lwpcnt >= 0" failed: file "/syzkaller/managers/ci2-netbsd-kmsan/kernel/sys/kern/kern_uidinfo.c", line 259 uid=60929 diff=-1 lwpcnt=-1 PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 2745 > 2986 7 1 0 ffffd280139ccbc0 syz-executor.0 2745 1710 5 0 100000 ffffd28013839280 syz-executor.0 2388 1477 8 1 120100 ffffd2801350d9c0 syz-executor.1 2388 2388 3 0 10000000 ffffd28013810240 syz-executor.1 xclow 2254 2254 3 1 180 ffffd2801369ea40 syz-executor.2 parked 2016 2016 2 1 0 ffffd2801350d140 syz-executor.3 2096 2096 2 1 0 ffffd280136095c0 syz-executor.5 2237 2237 2 1 0 ffffd28013810680 syz-executor.4 1234 1234 2 1 140 ffffd280134f3100 syz-executor.1 929 929 2 1 140 ffffd28012c10940 syz-executor.0 1239 1886 5 0 100100 ffffd28013768a80 syz-fuzzer 1239 1279 2 1 100100 ffffd2801369e600 syz-fuzzer 1239 1207 2 1 100100 ffffd2801369e1c0 syz-fuzzer 1239 1226 2 1 100100 ffffd28013609180 syz-fuzzer 1239 991 2 1 100100 ffffd280134f3980 syz-fuzzer 1239 1386 2 1 100100 ffffd280134f3540 syz-fuzzer 1239 830 3 0 0 ffffd28012c10500 syz-fuzzer xclow 1239 449 2 1 100100 ffffd28012bf4900 syz-fuzzer 1239 1131 3 0 100000 ffffd28012bf44c0 syz-fuzzer xclow 1239 1235 2 1 100100 ffffd28012bf4080 syz-fuzzer 1239 1238 2 1 100140 ffffd28012525300 syz-fuzzer 1239 1239 5 0 100100 ffffd2801233b2c0 syz-fuzzer 1244 1244 2 1 0 ffffd2801230f6c0 sshd 1229 1229 3 0 180 ffffd2801230fb00 getty nanoslp 1083 1083 3 1 180 ffffd2801230f280 getty nanoslp 941 941 3 1 180 ffffd28012275ac0 getty nanoslp 1223 1223 3 0 180 ffffd280121d7200 getty ttyraw 1105 1105 3 0 180 ffffd28012b5a8c0 sshd select 1068 1068 3 1 180 ffffd28012b5a480 powerd kqueue 800 800 3 1 180 ffffd28012554bc0 syslogd kqueue 605 605 3 0 180 ffffd28012b5a040 dhcpcd poll 744 744 3 1 180 ffffd28012525b80 dhcpcd poll 748 748 2 1 0 ffffd2801233bb40 dhcpcd 603 603 3 0 180 ffffd28012554780 dhcpcd poll 487 487 3 0 180 ffffd28012554340 dhcpcd poll 292 292 3 0 180 ffffd2801233b700 dhcpcd poll 485 485 2 1 0 ffffd28012525740 dhcpcd 1 1 3 0 180 ffffd28011e53100 init wait 0 2364 5 1 200 ffffd28013768640 (zombie) 0 1864 3 1 200 ffffd280138396c0 poolthread pooljob 0 817 3 1 200 ffffd280121d7640 physiod physiod 0 196 3 1 200 ffffd28012275680 pooldrain pooldrain 0 > 195 7 0 240 ffffd28012275240 ioflush 0 194 3 0 200 ffffd280121d7a80 pgdaemon pgdaemon 0 168 3 1 200 ffffd280121a7a40 usb7 usbevt 0 166 3 0 200 ffffd280121a7600 usb6 usbevt 0 171 3 0 200 ffffd280121a71c0 usb5 usbevt 0 169 3 0 200 ffffd2801211ba00 usb4 usbevt 0 167 3 0 200 ffffd2801211b5c0 usb3 usbevt 0 165 3 0 200 ffffd2801211b180 usb2 usbevt 0 31 3 0 200 ffffd2801206b9c0 usb1 usbevt 0 63 3 0 200 ffffd2801206b580 usb0 usbevt 0 126 3 1 200 ffffd2801206b140 usbtask-dr usbtsk 0 125 3 1 200 ffffd28011e53980 usbtask-hc usbtsk 0 124 3 0 200 ffffd280103d3b00 swwreboot swwreboot 0 123 3 0 200 ffffd28011e53540 npfgc0 npfgcw 0 122 3 1 200 ffffd28011e48940 rt_free rt_free 0 121 3 1 200 ffffd28011e48500 unpgc unpgc 0 120 3 0 200 ffffd28011e480c0 key_timehandler key_timehandler 0 119 3 1 200 ffffd28011e43900 icmp6_wqinput/1 icmp6_wqinput 0 118 3 0 200 ffffd28011e434c0 icmp6_wqinput/0 icmp6_wqinput 0 117 3 0 200 ffffd28011e43080 nd6_timer nd6_timer 0 116 3 1 200 ffffd28011cccbc0 carp6_wqinput/1 carp6_wqinput 0 115 3 0 200 ffffd28011ccc780 carp6_wqinput/0 carp6_wqinput 0 114 3 1 200 ffffd28011ccc340 carp_wqinput/1 carp_wqinput 0 113 3 0 200 ffffd28011cc9b80 carp_wqinput/0 carp_wqinput 0 112 3 1 200 ffffd28011cc9740 icmp_wqinput/1 icmp_wqinput 0 111 3 0 200 ffffd28011ccd8c0 icmp_wqinput/0 icmp_wqinput 0 110 3 0 200 ffffd28011ccd480 rt_timer rt_timer 0 109 3 1 200 ffffd28011ccd040 vmem_rehash vmem_rehash 0 100 3 0 200 ffffd28011cc9300 entbutler entropy 0 99 3 0 200 ffffd280117c0b40 viomb balloon 0 98 3 1 200 ffffd280117c0700 vioif0_txrx/1 vioif0_txrx 0 97 3 0 200 ffffd280117c02c0 vioif0_txrx/0 vioif0_txrx 0 30 3 0 200 ffffd280103d36c0 scsibus0 sccomp 0 29 3 0 200 ffffd280103d3280 pms0 pmsreset 0 28 2 1 200 ffffd280103baac0 xcall/1 0 27 1 1 200 ffffd280103ba680 softser/1 0 26 1 1 200 ffffd280103ba240 softclk/1 0 25 1 1 200 ffffd280103b7a80 softbio/1 0 24 1 1 200 ffffd280103b7640 softnet/1 0 23 1 1 201 ffffd280103b7200 idle/1 0 22 3 1 200 ffffd2800f1d2a40 lnxsyswq lnxsyswq 0 21 3 0 200 ffffd2800f1d2600 lnxubdwq lnxubdwq 0 20 3 0 200 ffffd2800f1d21c0