./file1./file0./file1./file0 dÿ[ 68.8726772] panic: Kernel lock error: _kernel_lock,188: locking against myself [ 68.8726772] lock address : 0xffffffff82d84300 type : spin [ 68.8726772] initialized : 0xffffffff81a4fda5 [ 68.8726772] shared holds : 0 exclusive: 1 [ 68.8726772] shares wanted: 0 exclusive: 1 [ 68.8726772] current cpu : 0 last held: 0 [ 68.8726772] current lwp : 0xffffcd000de24000 last held: 0xffffcd0013bd7800 [ 68.8726772] last locked* : 0xffffffff811ad30d unlocked : 0xffffffff802a282c [ 68.8726772] curcpu holds : 0 wanted by: 000000000000000000 [ 68.8726772] kernel diagnostic assertion "ci->ci_biglock_count == 0" failed: file "/syzkaller/managers/netbsd/kernel/sys/sys/userret.h", line 88 [ 68.9496003] cpu1: Begin traceback... [ 68.9627574] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 [ 68.9927947] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure [ 69.0428582] syscall() at netbsd:syscall+0x8d6 mi_userret sys/sys/userret.h:88 [inline] [ 69.0428582] syscall() at netbsd:syscall+0x8d6 userret sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/userret.h:81 [inline] [ 69.0428582] syscall() at netbsd:syscall+0x8d6 sys/arch/x86/x86/syscall.c:166 [ 69.0528683] --- syscall (number 0) --- [ 69.0628835] 459431: [ 69.0728930] cpu1: End traceback... [ 69.0728930] fatal breakpoint trap in supervisor mode [ 69.0829088] trap type 1 code 0 rip 0xffffffff8021e4b5 cs 0x8 rflags 0x246 cr2 0x7b338961d400 ilevel 0 rsp 0xffffcd017e7a7d10 [ 69.0929201] curlwp 0xffffcd00137eb400 pid 603.10 lowest kstack 0xffffcd017e7a02c0 Stopped in pid 603.10 (syz-fuzzer) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xe9 sys/ddb/db_panic.c:67 vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336 _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure syscall() at netbsd:syscall+0x8d6 mi_userret sys/sys/userret.h:88 [inline] syscall() at netbsd:syscall+0x8d6 userret sys/arch/amd64/compile/obj/GENERIC_SYZKALLER/./machine/userret.h:81 [inline] syscall() at netbsd:syscall+0x8d6 sys/arch/x86/x86/syscall.c:166 --- syscall (number 0) --- 459431: ds e524 es dc6b fs 7cf0 gs 7d40 rdi ffffcd000d92b458 rsi ffffcd00137eb6a8 rbp ffffcd017e7a7d10 rbx ffffcd016d893000 rdx 2 rcx ffffffff80d1a151 db_panic+0xd5 rax 0 r8 4 r9 1ffffffff0553ebc r10 ffffffff82a9f5e3 db_onpanic+0x3 r11 10 r12 ffffcd016d8a4000 r13 ffffffff81c2a5e0 x86_features+0x1560 r14 ffffcd017e7a7da0 r15 ffffcd016d893068 rip ffffffff8021e4b5 breakpoint+0x5 cs 8 rflags 246 rsp ffffcd017e7a7d10 ss 10 netbsd:breakpoint+0x5: leave PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 807 1 2 0 40000 ffffcd0011d46400 syz-executor.5 550 3 3 1 4 ffffcd0011d46000 syz-executor.3 biowait 550 1 2 0 10040000 ffffcd0012a63800 syz-executor.3 549 3 3 1 40080 ffffcd00129ee800 syz-executor.1 parked 579 3 3 1 40080 ffffcd0011ff0800 syz-executor.1 parked 130 4 3 1 80 ffffcd0011c94800 syz-executor.4 parked 130 > 3 7 0 20000000 ffffcd0013bd7800 syz-executor.4 130 1 2 0 10040000 ffffcd0011f13c00 syz-executor.4 97 3 3 1 40080 ffffcd0013bd7400 syz-executor.0 parked 98 3 3 0 80 ffffcd0012a0fc00 syz-executor.1 parked 758 3 3 0 80 ffffcd0012a0f800 syz-executor.1 parked 693 3 3 0 80 ffffcd0011eeb400 syz-executor.0 parked 547 3 3 1 80 ffffcd0011f79400 syz-executor.0 parked 624 3 3 1 80 ffffcd0011f3c000 syz-executor.5 parked 45 1 2 1 0 ffffcd0013a2ac00 syz-executor.5 606 1 2 1 0 ffffcd0013a2a000 syz-executor.4 587 1 2 1 0 ffffcd0013922c00 syz-executor.3 612 1 3 1 0 ffffcd0013922800 syz-executor.2 biolock 454 1 3 0 4 ffffcd0013922400 syz-executor.1 biowait 41 1 2 0 0 ffffcd0013922000 syz-executor.0 603 12 3 0 80 ffffcd00137ebc00 syz-fuzzer parked 603 11 3 1 80 ffffcd00137eb800 syz-fuzzer parked 603 > 10 7 1 20000000 ffffcd00137eb400 syz-fuzzer 603 9 3 1 80 ffffcd000f3c2c00 syz-fuzzer parked 603 8 3 0 80 ffffcd00137eb000 syz-fuzzer parked 603 7 2 1 0 ffffcd00137e1800 syz-fuzzer 603 6 3 1 80 ffffcd00137e1400 syz-fuzzer parked 603 5 3 0 80 ffffcd00137e1000 syz-fuzzer parked 603 4 3 1 80 ffffcd0012a8c400 syz-fuzzer parked 603 3 3 0 80 ffffcd0012a8c000 syz-fuzzer parked 603 2 2 1 0 ffffcd0012a7e800 syz-fuzzer 603 1 3 0 80 ffffcd0011ae3400 syz-fuzzer parked 453 1 3 1 80 ffffcd0012991c00 sshd select 505 1 3 1 80 ffffcd0012a63c00 getty nanoslp 536 1 3 1 80 ffffcd0012a63400 getty nanoslp 431 1 3 0 80 ffffcd0012a6dc00 getty nanoslp 564 1 3 1 80 ffffcd0012a6d800 getty ttyraw 494 1 3 0 80 ffffcd0011eebc00 cron nanoslp 529 1 3 1 80 ffffcd00129dc800 inetd kqueue 317 1 3 0 80 ffffcd0011f94c00 sshd select 479 1 3 0 80 ffffcd0011e8b800 powerd kqueue 314 1 3 0 80 ffffcd00129cec00 syslogd kqueue 268 1 3 0 80 ffffcd0011f3c400 dhcpcd kqueue 220 1 3 1 80 ffffcd0011e5f000 dhcpcd kqueue 1 1 3 1 80 ffffcd0011c3ec00 init wait 0 58 3 0 204 ffffcd0011c54400 physiod physiod 0 57 3 1 204 ffffcd0011c94400 aiodoned aiodoned 0 56 3 0 204 ffffcd0011c94000 pooldrain pooldrain 0 55 3 0 200 ffffcd0011c54c00 ioflush syncer 0 54 3 1 200 ffffcd0011c54800 pgdaemon pgdaemon 0 51 3 1 200 ffffcd0011c54000 npfgc-0 npfgccv 0 50 3 1 204 ffffcd0011c3e800 rt_free rt_free 0 49 3 1 204 ffffcd0011c3e400 unpgc unpgc 0 48 3 1 204 ffffcd0011c3e000 key_timehandler key_timehandler 0 47 3 1 204 ffffcd0011b08c00 icmp6_wqinput/1 icmp6_wqinput 0 46 3 0 204 ffffcd0011b08800 icmp6_wqinput/0 icmp6_wqinput 0 45 3 0 204 ffffcd0011b08400 nd6_timer nd6_timer 0 44 3 1 204 ffffcd0011b08000 carp6_wqinput/1 carp6_wqinput 0 43 3 0 204 ffffcd0011af3c00 carp6_wqinput/0 carp6_wqinput 0 42 3 1 204 ffffcd0011af3800 carp_wqinput/1 carp_wqinput 0 41 3 0 204 ffffcd0011af3400 carp_wqinput/0 carp_wqinput 0 40 3 1 204 ffffcd0011af3000 icmp_wqinput/1 icmp_wqinput 0 39 3 0 204 ffffcd0011ae3c00 icmp_wqinput/0 icmp_wqinput 0 38 3 1 204 ffffcd0011ae3800 rt_timer rt_timer 0 37 3 0 204 ffffcd0011ae3000 vmem_rehash vmem_rehash 0 27 3 0 204 ffffcd000f3c2400 scsibus0 sccomp 0 26 3 0 200 ffffcd000f3c2000 pms0 pmsreset 0 25 3 1 204 ffffcd000f333c00 xcall/1 xcall 0 24 1 1 200 ffffcd000f333800 softser/1 0 23 1 1 200 ffffcd000f333400 softclk/1 0 22 1 1 200 ffffcd000f333000 softbio/1 0 21 1 1 200 ffffcd000de51c00 softnet/1 0 20 1 1 201 ffffcd000de51800 idle/1 0 19 3 0 204 ffffcd000de51400 lnxpwrwq lnxpwrwq 0 18 3 0 204 ffffcd000de51000 lnxlngwq lnxlngwq 0 17 3 0 204 ffffcd000de4cc00 lnxsyswq lnxsyswq 0 16 3 0 204 ffffcd000de4c800 lnxrcugc lnxrcugc 0 15 3 0 204 ffffcd000de4c400 sysmon smtaskq 0 14 3 0 204 ffffcd000de4c000 pmfsuspend pmfsuspend 0 13 3 0 204 ffffcd000de35c00 pmfevent pmfevent 0 12 3 0 204 ffffcd000de35800 sopendfree sopendfr 0 11 3 0 204 ffffcd000de35400 nfssilly nfssilly 0 10 3 0 200 ffffcd000de35000 cachegc cachegc 0 9 3 0 204 ffffcd000de24c00 vdrain vdrain 0 8 3 1 200 ffffcd000de24800 modunload mod_unld 0 7 3 0 204 ffffcd000de24400 xcall/0 xcall 0 > 6 7 0 20000200 ffffcd000de24000 softser/0 0 5 1 0 200 ffffcd000de1fc00 softclk/0 0 4 1 0 40200 ffffcd000de1f800 softbio/0 0 3 1 0 200 ffffcd000de1f400 softnet/0 0 2 1 0 201 ffffcd000de1f000 idle/0 0 1 3 0 200 ffffffff82b67ac0 swapper uvm [Locks tracked through LWPs] Locks held by an LWP (syz-executor.5): Lock 0 (initialized at uvm_obj_init) lock address : 0xffffcd001378d640 type : sleep/adaptive initialized : 0xffffffff8110caf7 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffcd00137eb400 last held: 0xffffcd0011d46400 last locked* : 0xffffffff810f0759 unlocked : 0xffffffff810edefd owner field : 0xffffcd0011d46400 wait/spin: 0/0 Turnstile chain at 0xffffffff82d8da08 with mutex 0xffffffff82d8cd80. => No active turnstile for this lock. Locks held by an LWP (syz-executor.3): Lock 0 (initialized at vcache_alloc) lock address : 0xffffcd0013b65780 type : sleep/adaptive initialized : 0xffffffff812cc9d2 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffcd00137eb400 last held: 0xffffcd0011d46000 last locked* : 0xffffffff812f98e0 unlocked : 0xffffffff812f979d owner/count : 0xffffcd0011d46000 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d8da30 with mutex 0xffffffff82d8cec0. => No active turnstile for this lock. Lock 1 (initialized at genfs_node_init) lock address : 0xffffcd0013b86f08 type : sleep/adaptive initialized : 0xffffffff812f9a64 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffcd00137eb400 last held: 0xffffcd0011d46000 last locked* : 0xffffffff81057826 unlocked : 0xffffffff812efa05 owner/count : 0xffffcd0011d46000 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d8d920 with mutex 0xffffffff82d8c640. => No active turnstile for this lock. Locks held by an LWP (syz-executor.2): Lock 0 (initialized at vcache_alloc) lock address : 0xffffcd00137ec540 type : sleep/adaptive initialized : 0xffffffff812cc9d2 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffcd00137eb400 last held: 0xffffcd0013922800 last locked* : 0xffffffff812f98e0 unlocked : 0xffffffff812f979d owner/count : 0xffffcd0013922800 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d8d7e8 with mutex 0xffffffff82d8bc80. => No active turnstile for this lock. Lock 1 (initialized at vcache_alloc) lock address : 0xffffcd0013b654c0 type : sleep/adaptive initialized : 0xffffffff812cc9d2 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 current cpu : 1 last held: 1 current lwp : 0xffffcd00137eb400 last held: 0xffffcd0013922800 last locked* : 0xffffffff812f98e0 unlocked : 0xffffffff812f979d owner/count : 0xffffcd0013922800 flags : 0x0000000000000004 Turnstile chain at 0xffffffff82d8d9d8 with mutex 0xffffffff82d8cc00. => No active turnstile for this lock. Lock 2 (initialized at genfs_node_init) lock address : 0xffffcd0013b86408 type : sleep/adaptive initialized : 0xffffffff812f9a64 shared holds : 0