[ 572.0700461] panic: kernel diagnostic assertion "lwpcnt >= 0" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/kern/kern_uidinfo.c", line 258 uid=60928 diff=-2 lwpcnt=-1 [ 572.0860499] cpu0: Begin traceback... [ 572.1000331] vpanic() at netbsd:vpanic+0x27a sys/kern/subr_prf.c:288 [ 572.1200353] _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0xca60 [ 572.1500379] chglwpcnt() at netbsd:chglwpcnt+0x8a sys/kern/kern_uidinfo.c:258 [ 572.1700351] do_setresuid() at netbsd:do_setresuid+0x6ad sys/kern/kern_prot.c:358 [ 572.2000353] sys___syscall() at netbsd:sys___syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline] [ 572.2000353] sys___syscall() at netbsd:sys___syscall+0x10e sys/kern/sys_syscall.c:90 [ 572.2200359] syscall() at netbsd:syscall+0x35c sy_call sys/sys/syscallvar.h:65 [inline] [ 572.2200359] syscall() at netbsd:syscall+0x35c sy_invoke sys/sys/syscallvar.h:94 [inline] [ 572.2200359] syscall() at netbsd:syscall+0x35c sys/arch/x86/x86/syscall.c:137 [ 572.2300350] --- syscall (number 126 via SYS_syscall) --- [ 572.2400332] netbsd:syscall+0x35c: [ 572.2400332] cpu0: End traceback... [ 572.2500430] fatal breakpoint trap in supervisor mode [ 572.2500430] trap type 1 code 0 rip 0xffffffff8023240d cs 0x8 rflags 0x286 cr2 0x72f0c0def820 ilevel 0 rsp 0xffffad0276f92c30 [ 572.2659527] curlwp 0xffffad001349ba00 pid 14139.11077 lowest kstack 0xffffad0276f8b2c0 Stopped in pid 14139.11077 (syz-executor.4) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:71 vpanic() at netbsd:vpanic+0x27a sys/kern/subr_prf.c:288 _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0xca60 chglwpcnt() at netbsd:chglwpcnt+0x8a sys/kern/kern_uidinfo.c:258 do_setresuid() at netbsd:do_setresuid+0x6ad sys/kern/kern_prot.c:358 sys___syscall() at netbsd:sys___syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0x10e sys/kern/sys_syscall.c:90 syscall() at netbsd:syscall+0x35c sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x35c sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x35c sys/arch/x86/x86/syscall.c:137 --- syscall (number 126 via SYS_syscall) --- netbsd:syscall+0x35c: Panic string: kernel diagnostic assertion "lwpcnt >= 0" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/kern/kern_uidinfo.c", line 258 uid=60928 diff=-2 lwpcnt=-1 PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 5561 5561 3 1 0 ffffad0014b10300 ifconfig mutex 14139 15592 3 0 180 ffffad0012cca9c0 syz-executor.4 parked 14139>11077 7 0 40000 ffffad001349ba00 syz-executor.4 14139 14139 2 0 10000000 ffffad0014dfd500 syz-executor.4 14051 14051 3 0 180 ffffad0012c4a700 syz-executor.3 wait 14049 14049 2 0 40000 ffffad0014e7e140 syz-executor.5 16555 16555 2 0 0 ffffad0014c99080 syz-executor.2 10074 10074 3 1 180 ffffad0014b12780 syz-executor.4 parked 14505 14505 2 0 0 ffffad0012c83780 syz-executor.1 11965 11965 3 0 40 ffffad001499e1c0 syz-executor.4 mutex 11910 11910 3 1 180 ffffad001344b8c0 syz-executor.2 parked 11587 11587 3 1 180 ffffad0012a9a4c0 syz-executor.1 parked 11448 11448 3 0 180 ffffad0014e00980 syz-executor.1 parked 9628 9628 3 0 180 ffffad0013e06ac0 syz-executor.5 parked 8439 10315 3 0 1100000 ffffad0012c68b80 syz-executor.2 rwlock 8439 9971 2 0 1140000 ffffad0014c994c0 syz-executor.2 8439 8439 2 0 11000040 ffffad00140fa9c0 syz-executor.2 10062 10062 3 1 180 ffffad0014011080 syz-executor.4 parked 9817 9817 3 1 180 ffffad0014a05680 syz-executor.5 parked 10016 10016 3 1 180 ffffad0013e01200 syz-executor.2 parked 9664 9664 3 0 180 ffffad00146c7080 syz-executor.3 parked 10928 10928 3 0 180 ffffad0014329680 syz-executor.5 parked 10983 8094 3 0 1100000 ffffad0014476bc0 syz-executor.4 rwlock 10983 8602 2 0 1140000 ffffad0012a72040 syz-executor.4 10983 10983 2 0 11000040 ffffad0014b09b40 syz-executor.4 8185 8185 3 1 180 ffffad0013435b80 syz-executor.4 parked 7254 7254 3 0 180 ffffad0012cb3500 syz-executor.1 parked 7236 7236 3 0 180 ffffad0012c4a2c0 syz-executor.5 parked 8906 8906 3 0 180 ffffad0012c83340 syz-executor.1 parked 9001 9001 3 0 180 ffffad0013442780 syz-executor.2 parked 6466 6466 3 1 180 ffffad00141c9a40 syz-executor.2 parked 5860 5860 3 1 180 ffffad0012be8600 syz-executor.5 parked 6139 6139 3 0 180 ffffad00134212c0 syz-executor.4 parked 6817 6817 3 0 180 ffffad0013435740 syz-executor.4 parked 6128 6128 3 0 180 ffffad0012b9a140 syz-executor.2 parked 6867 6867 3 0 180 ffffad0012d15b40 syz-executor.1 parked 6494 6209 3 0 1100000 ffffad0012cfdac0 syz-executor.3 rwlock 6494 5763 2 0 1100000 ffffad0014ac2280 syz-executor.3 6494 6494 3 1 11000000 ffffad0012d26300 syz-executor.3 lwpwait 5823 5823 3 0 180 ffffad0012a9a900 syz-executor.1 parked 7647 7647 3 0 180 ffffad0012d26b80 syz-executor.2 parked 4809 4809 3 1 180 ffffad0012d0a280 syz-executor.1 parked 5815 5815 3 1 180 ffffad0014476340 syz-executor.5 parked 6872 6872 3 0 180 ffffad0013d5c1c0 syz-executor.5 parked 4246 4246 3 1 180 ffffad0014400700 getty ttyraw 4488 4488 3 1 180 ffffad001435f280 syz-executor.1 parked 6201 4136 3 1 1100000 ffffad0012c04200 syz-executor.1 vfork 6201 6201 3 1 11000000 ffffad00133569c0 syz-executor.1 lwpwait 6078 6078 3 0 180 ffffad0013435300 syz-executor.5 parked 4826 4826 3 0 180 ffffad00148c99c0 syz-executor.1 parked 4066 4066 3 1 180 ffffad0012d56780 syz-executor.4 parked 4048 4048 3 0 180 ffffad001349b180 syz-executor.1 parked 3988 3988 3 1 180 ffffad0012cf3a80 syz-executor.4 parked 5976 5976 3 1 180 ffffad0012cf3640 syz-executor.3 parked 4700 4700 3 0 180 ffffad0012cd4a00 syz-executor.5 parked 5683 5683 3 0 180 ffffad0012c28280 syz-executor.2 parked 5455 5455 3 1 180 ffffad0014027940 syz-executor.2 parked 3656 3656 3 1 180 ffffad0014322640 syz-executor.2 parked 5555 5555 3 0 180 ffffad0012c4ab40 syz-executor.2 parked 4527 4527 3 1 180 ffffad0012be81c0 syz-executor.2 parked 3218 3218 3 1 180 ffffad0012c17680 syz-executor.4 parked 3234 3234 3 0 180 ffffad0013442bc0 syz-executor.4 parked 2958 2958 3 0 180 ffffad0012a9a080 syz-executor.1 parked 3839 3839 3 1 180 ffffad0012b9a9c0 syz-executor.5 parked 2183 2183 3 0 180 ffffad0014322200 syz-executor.4 parked 4026 4026 3 0 180 ffffad0012c938c0 syz-executor.1 parked 3671 3671 3 0 180 ffffad001435fb00 syz-executor.5 parked 1956 1956 3 0 180 ffffad00134849c0 syz-executor.5 parked address 0x41b58ab3 is invalid -2097238528 1956 3 0 180 41b58ab3 parked 1899 1899 3 0 180 ffffad001435f6c0 syz-executor.3 parked 1897 1897 3 1 180 ffffad0012ca4080 syz-executor.3 parked 1522 1519 3 0 11100000 ffffad0013442340 syz-executor.3 vfork 1522 1522 3 1 11000000 ffffad0013484140 syz-executor.3 lwpwait 1068 1068 3 0 180 ffffad00141c9600 syz-executor.2 parked 1183 2863 3 0 15100000 ffffad001333e980 syz-executor.2 vfork 1183 1183 3 1 11000000 ffffad0012cfd240 syz-executor.2 lwpwait 1167 1167 3 1 180 ffffad00140fa580 syz-executor.4 parked 3146 3547 3 1 1000000 ffffad0013f7d300 syz-executor.4 lwpwait 3146 2864 3 1 11a0000 ffffad0012cf3200 syz-executor.4 vfork 3146 3146 8 1 111a0000 ffffad0013356140 syz-executor.4 1009 1009 3 0 180 ffffad0012d0ab00 syz-executor.4 parked 1365 1365 3 0 180 ffffad001345f940 syz-executor.4 parked 1490 1364 3 0 1100000 ffffad001345f500 syz-executor.4 vfork 1490 1490 3 1 11000000 ffffad0012d56bc0 syz-executor.4 lwpwait 2603 1477 2 0 1140000 ffffad0012d152c0 syz-executor.5 2603 2603 2 0 11000040 ffffad0014063100 syz-executor.5 2399 2399 3 0 180 ffffad0014011900 syz-executor.2 parked 1640 1640 3 1 180 ffffad0012ce6a40 syz-executor.0 parked 1325 1696 3 1 11100000 ffffad0012c68300 syz-executor.0 vfork 1325 1325 2 0 11000040 ffffad0012cb30c0 syz-executor.0 1244 1244 3 1 180 ffffad0013fff8c0 syz-executor.3 parked 459 459 3 0 180 ffffad0013fff480 syz-executor.3 parked 460 1373 3 1 11100000 ffffad0013fff040 syz-executor.3 vfork 460 460 3 1 11000000 ffffad0012be8a40 syz-executor.3 lwpwait 1237 5810 3 1 100000 ffffad00126d9340 syz-fuzzer mutex 1237 1750 3 1 100000 ffffad00133971c0 syz-fuzzer mutex 1237 1074 2 0 100100 ffffad0013ed12c0 syz-fuzzer 1237 1079 3 1 0 ffffad0013e59b00 syz-fuzzer lwpwait 1237 1206 3 1 100000 ffffad0013e59280 syz-fuzzer mutex 1237 1241 3 1 100000 ffffad0013e06240 syz-fuzzer mutex 1237 1386 3 1 100000 ffffad0013e01a80 syz-fuzzer mutex 1237 990 3 1 100000 ffffad0013e01640 syz-fuzzer mutex 1237 829 2 0 100100 ffffad00133ca6c0 syz-fuzzer 1237 449 2 0 100100 ffffad00133ca280 syz-fuzzer 1237 1120 2 0 100100 ffffad00133a6a80 syz-fuzzer 1237 1229 2 0 100100 ffffad0012cd45c0 syz-fuzzer 1237 1233 3 1 100000 ffffad00129bf280 syz-fuzzer mutex 1237 1230 3 1 100000 ffffad00126d7740 syz-fuzzer mutex 1237 1237 2 0 100100 ffffad001337fa00 syz-fuzzer 1080 1080 2 0 0 ffffad0012a72480 sshd 1224 1224 3 0 180 ffffad0012cca140 getty nanoslp 1222 1222 3 1 180 ffffad0013484580 getty nanoslp 1151 1151 3 1 180 ffffad001349b5c0 getty nanoslp 1107 1107 3 0 180 ffffad00133a6200 sshd select 1088 1088 3 0 180 ffffad0012d15700 powerd kqueue 699 699 3 0 180 ffffad00133cab00 syslogd kqueue 620 620 3 0 180 ffffad00126d9780 dhcpcd poll 747 747 3 0 180 ffffad0012c17ac0 dhcpcd poll 742 742 3 0 180 ffffad0012c286c0 dhcpcd poll 292 292 3 0 180 ffffad0012d8e900 dhcpcd poll 485 485 3 1 180 ffffad0012d8e4c0 dhcpcd poll 291 291 3 0 180 ffffad0012d8e080 dhcpcd poll 1 1 3 0 180 ffffad0012875180 init wait 0 16433 5 0 200 ffffad0014c8f480 (zombie) 0 15137 3 1 200 ffffad0014547040 swapiod swapiod 0 13263 3 1 200 ffffad0014329ac0 ktrace ktrwait 0 13895 3 0 200 ffffad0012dc20c0 ktrace ktrwait 0 9255 3 1 200 ffffad0012d26740 ktrace ktrwait 0 8283 3 1 200 ffffad0014b092c0 ktrace ktrwait 0 3325 3 0 200 ffffad00146c7900 ktrace ktrwait 0 686 3 1 200 ffffad00129bf6c0 physiod physiod 0 196 3 0 200 ffffad00129c1700 pooldrain pooldrain 0 195 3 0 200 ffffad00129c12c0 ioflush syncer 0 194 3 1 200 ffffad00129bfb00 pgdaemon pgdaemon 0 167 3 1 200 ffffad0012976ac0 usb7 usbevt 0 172 3 1 200 ffffad0012976680 usb6 usbevt 0 170 3 0 200 ffffad0012976240 usb5 usbevt 0 168 3 0 200 ffffad001291ea80 usb4 usbevt 0 166 3 1 200 ffffad001291e640 usb3 usbevt 0 165 3 0 200 ffffad001291e200 usb2 usbevt 0 31 3 1 200 ffffad00128caa40 usb1 usbevt 0 63 3 1 200 ffffad00128ca600 usb0 usbevt 0 126 3 1 200 ffffad00128ca1c0 usbtask-dr usbtsk 0 125 3 1 200 ffffad0012875a00 usbtask-hc usbtsk 0 124 3 0 200 ffffad0010d66b00 swwreboot swwreboot 0 123 3 1 200 ffffad00128755c0 npfgc0 npfgcw 0 122 3 1 200 ffffad00128669c0 rt_free rt_free 0 121 3 0 200 ffffad0012866580 unpgc unpgc 0 120 3 1 200 ffffad0012866140 key_timehandler key_timehandler 0 119 3 1 200 ffffad0012703980 icmp6_wqinput/1 icmp6_wqinput 0 118 3 0 200 ffffad0012703540 icmp6_wqinput/0 icmp6_wqinput 0 117 3 1 200 ffffad0012703100 nd6_timer nd6_timer 0 116 3 1 200 ffffad00126fc940 carp6_wqinput/1 carp6_wqinput 0 115 3 0 200 ffffad00126fc500 carp6_wqinput/0 carp6_wqinput 0 114 3 1 200 ffffad00126fc0c0 carp_wqinput/1 carp_wqinput 0 113 3 0 200 ffffad00126ed900 carp_wqinput/0 carp_wqinput 0 112 3 1 200 ffffad00126ed4c0 icmp_wqinput/1 icmp_wqinput 0 111 3 0 200 ffffad00126ed080 icmp_wqinput/0 icmp_wqinput 0 110 2 0 200 ffffad00126db040 rt_timer 0 109 3 0 200 ffffad00126db8c0 vmem_rehash vmem_rehash 0 100 3 1 200 ffffad00126d7300 entbutler entropy 0 99 3 1 200 ffffad00120bdb40 viomb balloon 0 98 3 1 200 ffffad00120bd700 vioif0_txrx/1 vioif0_txrx 0 97 3 0 200 ffffad00120bd2c0 vioif0_txrx/0 vioif0_txrx 0 30 3 0 200 ffffad0010d666c0 scsibus0 sccomp 0 29 3 0 200 ffffad0010d66280 pms0 pmsreset 0 28 3 1 200 ffffad0010cacac0 xcall/1 xcall 0 27 1 1 200 ffffad0010cac680 softser/1 0 26 1 1 200 ffffad0010cac240 softclk/1 0 25 1 1 200 ffffad0010ca9a80 softbio/1 0 24 1 1 200 ffffad0010ca9640 softnet/1 0 > 23 1 1 201 ffffad0010ca9200 idle/1 0 22 3 0 200 ffffad000fb55a40 lnxsyswq lnxsyswq 0 21 3 0 200 ffffad000fb55600 lnxubdwq lnxubdwq 0 20 3 0 200 ffffad000fb551c0 lnxpwrwq lnxpwrwq 0 19 3 0 200 ffffad000fb54a00 lnxlngwq lnxlngwq 0 18 3 0 200 ffffad000fb545c0 lnxhipwq lnxhipwq 0 17 3 0 200 ffffad000fb54180 lnxrcugc lnxrcugc 0 16 3 0 200 ffffad000fb4d9c0 sysmon smtaskq 0 15 3 0 200 ffffad000fb4d580 pmfsuspend pmfsuspend 0 14 3 0 200 ffffad000fb4d140 pmfevent pmfevent 0 13 3 0 200 ffffad000fb4a980 sopendfree sopendfr 0 12 3 1 200 ffffad000fb4a540 ifwdog ifwdog 0 11 3 1 200 ffffad000fb4a100 iflnkst iflnkst 0 10 3 0 200 ffffad000fb3b940 nfssilly nfssilly 0 9 3 0 200 ffffad000fb3b500 pooldisp pooldisp 0 8 3 1 200 ffffad000fb3b0c0 modunload mod_unld 0 7 3 0 200 ffffad000fb32900 xcall/0 xcall 0 6 1 0 200 ffffad000fb324c0 softser/0 0 5 1 0 200 ffffad000fb32080 softclk/0 0 4 1 0 200 ffffad000fb308c0 softbio/0 0 3 1 0 200 ffffad000fb30480 softnet/0 0 2 1 0 201 ffffad000fb30040 idle/0 0 0 3 1 200 ffffffff83350040 swapper uvm [Locks tracked through LWPs] ****** LWP 5561.5561 (ifconfig) @ 0xffffad0014b10300, l_stat=3 *** Locks held: * Lock 0 (initialized at netbsd:pmap_ctor+0x93 sys/arch/x86/x86/pmap.c:2872) lock address : ffffad0012c9b180 type : sleep/adaptive initialized : netbsd:pmap_ctor+0x93 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 1 last held: 1 relevant lwp : 0xffffad0014b10300 last held: 0xffffad0014b10300 last locked* : netbsd:pmap_enter_ma+0x396 unlocked : netbsd:pmap_extract+0x161 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 14139.11077 (syz-executor.4) @ 0xffffad001349ba00, l_stat=7 *** Locks held: * Lock 0 (initialized at netbsd:fork1+0x1246 sys/kern/kern_fork.c:377) lock address : ffffad0014f95f40 type : sleep/adaptive initialized : netbsd:fork1+0x1246 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffad001349ba00 last held: 0xffffad001349ba00 last locked* : netbsd:proc_crmod_enter+0x81 unlocked : netbsd:match_process+0x3a7 owner field : 0xffffad001349ba00 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 14049.14049 (syz-executor.5) @ 0xffffad0014e7e140, l_stat=2 *** Locks held: * Lock 0 (initialized at netbsd:kcov_open+0x3f sys/kern/subr_kcov.c:461) lock address : ffffad0014dd44c0 type : sleep/adaptive initialized : netbsd:kcov_open+0x3f shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffad0014e7e140 last held: 0xffffad0014e7e140 last locked* : netbsd:kcov_fops_ioctl+0x28 unlocked : 0 owner field : 0xffffad0014e7e140 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 16555.16555 (syz-executor.2) @ 0xffffad0014c99080, l_stat=2 *** Locks held: * Lock 0 (initialized at netbsd:kcov_open+0x3f sys/kern/subr_kcov.c:461) lock address : ffffad0014d037c0 type : sleep/adaptive initialized : netbsd:kcov_open+0x3f shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffad0014c99080 last held: 0xffffad0014c99080 last locked* : netbsd:kcov_fops_ioctl+0x28 unlocked : 0 owner field : 0xffffad0014c99080 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 14505.14505 (syz-executor.1) @ 0xffffad0012c83780, l_stat=2 *** Locks held: * Lock 0 (initialized at netbsd:fork1+0x369 sys/kern/kern_fork.c:366) lock address : ffffad0012c12dd0 type : sleep/adaptive initialized : netbsd:fork1+0x369 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffad0012c83780 last held: 0xffffad0012c83780 last locked* : netbsd:exit1+0x2e3 unlocked : netbsd:execve_runproc+0x217f owner/count : 0xffffad0012c83780 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at netbsd:uvm_map_setup+0x11c sys/uvm/uvm_map.c:4786) lock address : netbsd:kernel_map_store+0x8 type : sleep/adaptive initialized : netbsd:uvm_map_setup+0x11c shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffad0012c83780 last held: 0xffffad0012c83780 last locked* : netbsd:vm_map_lock+0x8f unlocked : netbsd:uvm_fault_lower_enter+0x630 owner/count : 0xffffad0012c83780 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: * Lock 0 (initialized at netbsd:uvm_km_bootstrap+0x13a sys/uvm/uvm_km.c:294) lock address : netbsd:kernel_map_store+0x18 type : sleep/adaptive initialized : netbsd:uvm_km_bootstrap+0x13a shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 0 relevant lwp : 0xffffad0012c83780 last held: 000000000000000000 last locked : netbsd:vm_map_lock+0x70 unlocked* : netbsd:vm_map_lock+0x7d owner field : 0xffffad0012c83780 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 11965.11965 (syz-executor.4) @ 0xffffad001499e1c0, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:procinit+0x5c sys/kern/kern_proc.c:387) lock address : netbsd:proc_lock type : sleep/adaptive initialized : netbsd:procinit+0x5c shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 2 relevant cpu : 0 last held: 0 relevant lwp : 0xffffad001499e1c0 last held: 0xffffad0014ac2280 last locked* : netbsd:proclist_foreach_call+0xbf unlocked : netbsd:proclist_foreach_call+0x318 owner field : 0xffffad0014ac2280 wait/spin: 1/0 Turnstile: => 0 waiting readers: => 10 waiting writers: 0xffffad001499e1c0 0xffffad0014b10300 0xffffad00126d7740 0xffffad00133971c0 0xffffad0013e59280 0xffffad0013e06240 0xffffad0013e01a80 0xffffad00129bf280 0xffffad0013e01640 0xffffad00126d9340 ****** LWP 8439.10315 (syz-executor.2) @ 0xffffad0012c68b80, l_stat=3 *** Locks held: * Lock 0 (initialized at netbsd:do_posix_spawn+0xfb sys/kern/kern_exec.c:2580) lock address : ffffad001475db00 type : sleep/adaptive initialized : netbsd:do_posix_spawn+0xfb shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffad0012c68b80 last held: 0xffffad0012c68b80 last locked* : netbsd:do_posix_spawn+0x103 unlocked : 0 owner field : 0xffffad0012c68b80 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: * Lock 0 (initialized at netbsd:fork1+0x369 sys/kern/kern_fork.c:366) lock address : ffffad0012a38710 type : sleep/adaptive initialized : netbsd:fork1+0x369 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 1 relevant lwp : 0xffffad0012c68b80 last held: 0xffffad0014c994c0 last locked* : netbsd:execve_loadvm+0x31a unlocked : 0 owner/count : 0xffffad0014c994c0 flags : 0x0000000000000007 Turnstile: => 0 waiting readers: => 1 waiting writers: 0xffffad0012c68b80 ****** LWP 8439.9971 (syz-executor.2) @ 0xffffad0014c994c0, l_stat=2 *** Locks held: * Lock 0 (initialized at netbsd:do_posix_spawn+0xfb sys/kern/kern_exec.c:2580) lock address : ffffad0012db2440 type : sleep/adaptive initialized : netbsd:do_posix_spawn+0xfb shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 1 relevant lwp : 0xffffad0014c994c0 last held: 0xffffad0014c994c0 last locked* : netbsd:do_posix_spawn+0x103 unlocked : 0 owner field : 0xffffad0014c994c0 wait/spin: 0/0 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at netbsd:fork1+0x369 sys/kern/kern_fork.c:366) lock address : ffffad0012a38710 type : sleep/adaptive initialized : netbsd:fork1+0x369 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 1 relevant lwp : 0xffffad0014c994c0 last held: 0xffffad0014c994c0 last locked* : netbsd:execve_loadvm+0x31a unlocked : 0 owner/count : 0xffffad0014c994c0 flags : 0x0000000000000007 Turnstile: => 0 waiting readers: => 1 waiting writers: 0xffffad0012c68b80 *** Locks wanted: none ****** LWP 10983.8094 (syz-executor.4) @ 0xffffad0014476bc0, l_stat=3 *** Locks held: * Lock 0 (initialized at netbsd:do_posix_spawn+0xfb sys/kern/kern_exec.c:2580) lock address : ffffad001424ad40 type : sleep/adaptive initialized : netbsd:do_posix_spawn+0xfb shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffad0014476bc0 last held: 0xffffad0014476bc0 last locked* : netbsd:do_posix_spawn+0x103 unlocked : 0 owner field : 0xffffad0014476bc0 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: * Lock 0 (initialized at netbsd:fork1+0x369 sys/kern/kern_fork.c:366) lock address : ffffad0012c7fe90 type : sleep/adaptive initialized : netbsd:fork1+0x369 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 1 relevant lwp : 0xffffad0014476bc0 last held: 0xffffad0012a72040 last locked* : netbsd:execve_loadvm+0x31a unlocked : 0 owner/count : 0xffffad0012a72040 flags : 0x0000000000000007 Turnstile: => 0 waiting readers: => 1 waiting writers: 0xffffad0014476bc0 ****** LWP 10983.8602 (syz-executor.4) @ 0xffffad0012a72040, l_stat=2 *** Locks held: * Lock 0 (initialized at netbsd:do_posix_spawn+0xfb sys/kern/kern_exec.c:2580) lock address : ffffad0012dde4c0 type : sleep/adaptive initialized : netbsd:do_posix_spawn+0xfb shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 1 relevant lwp : 0xffffad0012a72040 last held: 0xffffad0012a72040 last locked* : netbsd:do_posix_spawn+0x103 unlocked : 0 owner field : 0xffffad0012a72040 wait/spin: 0/0 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at netbsd:fork1+0x369 sys/kern/kern_fork.c:366) lock address : ffffad0012c7fe90 type : sleep/adaptive initialized : netbsd:fork1+0x369 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 1 relevant lwp : 0xffffad0012a72040 last held: 0xffffad0012a72040 last locked* : netbsd:execve_loadvm+0x31a unlocked : 0 owner/count : 0xffffad0012a72040 flags : 0x0000000000000007 Turnstile: => 0 waiting readers: => 1 waiting writers: 0xffffad0014476bc0 *** Locks wanted: * Lock 0 (initialized at netbsd:procinit+0x5c sys/kern/kern_proc.c:387) lock address : netbsd:proc_lock type : sleep/adaptive initialized : netbsd:procinit+0x5c shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 2 relevant cpu : 0 last held: 0 relevant lwp : 0xffffad0012a72040 last held: 0xffffad0014ac2280 last locked* : netbsd:proclist_foreach_call+0xbf unlocked : netbsd:proclist_foreach_call+0x318 owner field : 0xffffad0014ac2280 wait/spin: 1/0 Turnstile: => 0 waiting readers: => 10 waiting writers: 0xffffad001499e1c0 0xffffad0014b10300 0xffffad00126d7740 0xffffad00133971c0 0xffffad0013e59280 0xffffad0013e06240 0xffffad0013e01a80 0xffffad00129bf280 0xffffad0013e01640 0xffffad00126d9340 ****** LWP 6494.6209 (syz-executor.3) @ 0xffffad0012cfdac0, l_stat=3 *** Locks held: * Lock 0 (initialized at netbsd:do_posix_spawn+0xfb sys/kern/kern_exec.c:2580) lock address : ffffad0012a13ec0 type : sleep/adaptive initialized : netbsd:do_posix_spawn+0xfb shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffad0012cfdac0 last held: 0xffffad0012cfdac0 last locked* : netbsd:do_posix_spawn+0x103 unlocked : 0 owner field : 0xffffad0012cfdac0 wait/spin: 0/0 Turnstile: no active turnstile for this lock. *** Locks wanted: * Lock 0 (initialized at netbsd:fork1+0x369 sys/kern/kern_fork.c:366) lock address : ffffad0012cdfa50 type : sleep/adaptive initialized : netbsd:fork1+0x369 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 1 relevant lwp : 0xffffad0012cfdac0 last held: 0xffffad0014ac2280 last locked* : netbsd:execve_loadvm+0x31a unlocked : 0 owner/count : 0xffffad0014ac2280 flags : 0x0000000000000007 Turnstile: => 0 waiting readers: => 1 waiting writers: 0xffffad0012cfdac0 ****** LWP 6494.5763 (syz-executor.3) @ 0xffffad0014ac2280, l_stat=2 *** Locks held: * Lock 0 (initialized at netbsd:do_posix_spawn+0xfb sys/kern/kern_exec.c:2580) lock address : ffffad0012a17880 type : sleep/adaptive initialized : netbsd:do_posix_spawn+0xfb shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 1 relevant lwp : 0xffffad0014ac2280 last held: 0xffffad0014ac2280 last locked* : netbsd:do_posix_spawn+0x103 unlocked : 0 owner field : 0xffffad0014ac2280 wait/spin: 0/0 Turnstile: no active turnstile for this lock. * Lock 1 (initialized at netbsd:fork1+0x369 sys/kern/kern_fork.c:366) lock address : ffffad0012cdfa50 type : sleep/adaptive initialized : netbsd:fork1+0x369 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 1 relevant lwp : 0xffffad0014ac2280 last held: 0xffffad0014ac2280 last locked* : netbsd:execve_loadvm+0x31a unlocked : 0 owner/count : 0xffffad0014ac2280 flags : 0x0000000000000007 Turnstile: => 0 waiting readers: => 1 waiting writers: 0xffffad0012cfdac0 * Lock 2 (initialized at netbsd:procinit+0x5c sys/kern/kern_proc.c:387) lock address : netbsd:proc_lock type : sleep/adaptive initialized : netbsd:procinit+0x5c shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 2 relevant cpu : 0 last held: 0 relevant lwp : 0xffffad0014ac2280 last held: 0xffffad0014ac2280 last locked* : netbsd:proclist_foreach_call+0xbf unlocked : netbsd:proclist_foreach_call+0x318 owner field : 0xffffad0014ac2280 wait/spin: 1/0 Turnstile: => 0 waiting readers: => 10 waiting writers: 0xffffad001499e1c0 0xffffad0014b10300 0xffffad00126d7740 0xffffad00133971c0 0xffffad0013e59280 0xffffad0013e06240 0xffffad0013e01a80 0xffffad00129bf280 0xffffad0013e01640 0xffffad00126d9340 *** Locks wanted: none [ 572.2737437] uvm_fault(0xffffad0014966200, 0x41b58000, 1) -> e [ 572.2737437] fatal page fault in supervisor mode [ 572.2737437] trap type 6 code 0 rip 0xffffffff81beaf04 cs 0x8 rflags 0x10282 cr2 0x41b58e73 ilevel 0x8 rsp 0xffffad0276f922b0 [ 572.2737437] curlwp 0xffffad001349ba00 pid 14139.11077 lowest kstack 0xffffad0276f8b2c0 kernel: page fault trap, code=0 Faulted in DDB; continuing...