[ 107.7662319] panic: kernel diagnostic assertion "tmp != NULL" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/fs/tmpfs/tmpfs.h", line 324 [ 107.7762108] cpu1: Begin traceback... [ 107.7962143] vpanic() at netbsd:vpanic+0x27a sys/kern/subr_prf.c:288 [ 107.8362137] _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0xc9f4 [ 107.8762125] tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x199 VFS_TO_TMPFS sys/fs/tmpfs/tmpfs.h:324 [inline] [ 107.8762125] tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x199 VFS_TO_TMPFS sys/fs/tmpfs/tmpfs.h:320 [inline] [ 107.8762125] tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x199 sys/fs/tmpfs/tmpfs_vfsops.c:406 [ 107.9162145] VFS_STATVFS() at netbsd:VFS_STATVFS+0x68 sys/kern/vfs_subr.c:1571 [ 107.9562134] layerfs_statvfs() at netbsd:layerfs_statvfs+0x85 sys/miscfs/genfs/layer_vfsops.c:169 [ 107.9962131] VFS_STATVFS() at netbsd:VFS_STATVFS+0x68 sys/kern/vfs_subr.c:1571 [ 108.0362159] dostatvfs() at netbsd:dostatvfs+0x3e9 sys/kern/vfs_syscalls.c:1263 [ 108.0762167] do_sys_getvfsstat() at netbsd:do_sys_getvfsstat+0x152 sys/kern/vfs_syscalls.c:1413 [ 108.1162147] compat_20_sys_getfsstat() at netbsd:compat_20_sys_getfsstat+0x63 sys/compat/common/vfs_syscalls_20.c:157 [ 108.1562160] sys___syscall() at netbsd:sys___syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline] [ 108.1562160] sys___syscall() at netbsd:sys___syscall+0x10e sys/kern/sys_syscall.c:90 [ 108.1962154] syscall() at netbsd:syscall+0x35c sy_call sys/sys/syscallvar.h:65 [inline] [ 108.1962154] syscall() at netbsd:syscall+0x35c sy_invoke sys/sys/syscallvar.h:94 [inline] [ 108.1962154] syscall() at netbsd:syscall+0x35c sys/arch/x86/x86/syscall.c:137 [ 108.2062130] --- syscall (number 18 via SYS_syscall) --- [ 108.2262137] netbsd:syscall+0x35c: [ 108.2262137] cpu1: End traceback... [ 108.2362138] fatal breakpoint trap in supervisor mode [ 108.2362138] trap type 1 code 0 rip 0xffffffff8023240d cs 0x8 rflags 0x282 cr2 0x20002000 ilevel 0 rsp 0xffffb782516cb9e0 [ 108.2462110] curlwp 0xffffb78012a51780 pid 1618.834 lowest kstack 0xffffb782516c42c0 Stopped in pid 1618.834 (syz-executor.3) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:71 vpanic() at netbsd:vpanic+0x27a sys/kern/subr_prf.c:288 _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0xc9f4 tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x199 VFS_TO_TMPFS sys/fs/tmpfs/tmpfs.h:324 [inline] tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x199 VFS_TO_TMPFS sys/fs/tmpfs/tmpfs.h:320 [inline] tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x199 sys/fs/tmpfs/tmpfs_vfsops.c:406 VFS_STATVFS() at netbsd:VFS_STATVFS+0x68 sys/kern/vfs_subr.c:1571 layerfs_statvfs() at netbsd:layerfs_statvfs+0x85 sys/miscfs/genfs/layer_vfsops.c:169 VFS_STATVFS() at netbsd:VFS_STATVFS+0x68 sys/kern/vfs_subr.c:1571 dostatvfs() at netbsd:dostatvfs+0x3e9 sys/kern/vfs_syscalls.c:1263 do_sys_getvfsstat() at netbsd:do_sys_getvfsstat+0x152 sys/kern/vfs_syscalls.c:1413 compat_20_sys_getfsstat() at netbsd:compat_20_sys_getfsstat+0x63 sys/compat/common/vfs_syscalls_20.c:157 sys___syscall() at netbsd:sys___syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0x10e sys/kern/sys_syscall.c:90 syscall() at netbsd:syscall+0x35c sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x35c sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x35c sys/arch/x86/x86/syscall.c:137 --- syscall (number 18 via SYS_syscall) --- netbsd:syscall+0x35c: Panic string: kernel diagnostic assertion "tmp != NULL" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/fs/tmpfs/tmpfs.h", line 324 PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 1484 1484 3 0 0 ffffb78013337540 sh mutex 1618 > 834 7 1 0 ffffb78012a51780 syz-executor.3 1618 > 1618 7 0 10000000 ffffb78012c91040 syz-executor.3 1984 1984 3 1 180 ffffb78012c25b00 syz-executor.2 wait 1851 1851 2 1 140 ffffb78012c01200 syz-executor.3 1340 1340 2 0 40000 ffffb78012c25280 syz-executor.4 1313 1313 2 0 10000000 ffffb78012d09280 syz-executor.1 905 905 3 0 180 ffffb78012ca04c0 syz-executor.0 parked 2004 2280 3 0 11100000 ffffb78012a20740 syz-executor.0 vfork 2004 2004 3 0 11000000 ffffb780129c1b40 syz-executor.0 lwpwait 764 764 3 0 180 ffffb78014304100 syz-executor.4 parked 657 657 3 0 180 ffffb7801432a9c0 syz-executor.1 wait 551 551 3 1 1c0 ffffb78013466980 syz-executor.0 wait 506 506 3 0 180 ffffb78012cae940 syz-executor.0 parked 1353 1353 3 1 180 ffffb78013df4a80 syz-executor.3 parked 324 965 2 1 1140000 ffffb78012c01a80 syz-executor.3 324 324 3 0 11000000 ffffb78012c01640 syz-executor.3 lwpwait 323 323 3 0 180 ffffb78012c48700 syz-executor.5 parked 447 447 3 1 180 ffffb78013351580 syz-executor.5 parked 1334 2231 3 1 1100000 ffffb78012b79980 syz-executor.5 vfork 1334 1334 3 0 11000000 ffffb78013f73b80 syz-executor.5 lwpwait 1440 1440 3 0 180 ffffb78013fcc040 syz-executor.2 parked 1451 459 3 0 11100000 ffffb78012d78480 syz-executor.2 vfork 1451 1451 3 0 11000000 ffffb78012d78040 syz-executor.2 lwpwait 1230 1085 3 1 180 ffffb780140724c0 syz-fuzzer wait 1230 1449 3 1 180 ffffb78012be6a40 syz-fuzzer wait 1230 1211 3 1 180 ffffb78013ebd2c0 syz-fuzzer parked 1230 1209 3 0 180 ffffb78013e78b00 syz-fuzzer wait 1230 1074 2 1 0 ffffb78013e786c0 syz-fuzzer 1230 1206 3 0 180 ffffb78013e78280 syz-fuzzer parked 1230 1245 3 0 180 ffffb78012ac6940 syz-fuzzer parked 1230 942 3 1 180 ffffb78013dd1a40 syz-fuzzer wait 1230 1239 3 0 180 ffffb78013dd11c0 syz-fuzzer parked 1230 1223 3 0 180 ffffb780133c8b00 syz-fuzzer parked 1230 1241 3 1 180 ffffb780133c86c0 syz-fuzzer wait 1230 947 3 0 180 ffffb780133b1ac0 syz-fuzzer wait 1230 1233 3 0 180 ffffb78012cc79c0 syz-fuzzer parked 1230 1230 3 0 180 ffffb78013379a00 syz-fuzzer parked 1237 1237 3 0 180 ffffb78012a6f480 sshd select 1224 1224 3 0 180 ffffb78013481580 getty nanoslp 1222 1222 3 0 180 ffffb780126d7b80 getty nanoslp 1151 1151 3 1 180 ffffb780134985c0 getty nanoslp 1225 1225 3 0 180 ffffb78013498180 getty ttyraw 1107 1107 3 0 180 ffffb780133a3200 sshd select 1088 1088 3 0 180 ffffb78012d12700 powerd kqueue 700 700 3 1 180 ffffb78013421b40 syslogd kqueue 746 746 3 0 180 ffffb780126d9780 dhcpcd poll 747 747 3 0 180 ffffb78012c15ac0 dhcpcd poll 742 742 3 1 180 ffffb78012c256c0 dhcpcd poll 602 602 3 1 180 ffffb78012c7f780 dhcpcd poll 487 487 3 1 180 ffffb78012da30c0 dhcpcd poll 292 292 3 0 180 ffffb78012d8f900 dhcpcd poll 485 485 3 1 180 ffffb78012d8f4c0 dhcpcd poll 1 1 3 1 180 ffffb78012870180 init wait 0 1488 3 1 200 ffffb78012b98140 ktrace ktrwait 0 552 5 1 200 ffffb780133519c0 (zombie) 0 668 3 1 200 ffffb78013481140 poolthread pooljob 0 413 3 1 200 ffffb78012a20b80 ktrace ktrwait 0 673 3 0 200 ffffb780129bf6c0 physiod physiod 0 196 3 0 200 ffffb780129c1700 pooldrain pooldrain 0 195 3 1 200 ffffb780129c12c0 ioflush syncer 0 194 3 1 200 ffffb780129bfb00 pgdaemon pgdaemon 0 167 3 1 200 ffffb78012976ac0 usb7 usbevt 0 172 3 1 200 ffffb78012976680 usb6 usbevt 0 170 3 1 200 ffffb78012976240 usb5 usbevt 0 168 3 0 200 ffffb7801291ea80 usb4 usbevt 0 166 3 1 200 ffffb7801291e640 usb3 usbevt 0 165 3 1 200 ffffb7801291e200 usb2 usbevt 0 31 3 0 200 ffffb780128caa40 usb1 usbevt 0 63 3 0 200 ffffb780128ca600 usb0 usbevt 0 126 3 1 200 ffffb780128ca1c0 usbtask-dr usbtsk 0 125 3 1 200 ffffb78012870a00 usbtask-hc usbtsk 0 124 3 0 200 ffffb78010d66b00 swwreboot swwreboot 0 123 2 1 240 ffffb780128705c0 npfgc0 0 122 3 1 200 ffffb780128669c0 rt_free rt_free 0 121 3 1 200 ffffb78012866580 unpgc unpgc 0 120 3 0 200 ffffb78012866140 key_timehandler key_timehandler 0 119 3 1 200 ffffb78012703980 icmp6_wqinput/1 icmp6_wqinput 0 118 3 0 200 ffffb78012703540 icmp6_wqinput/0 icmp6_wqinput 0 117 3 0 200 ffffb78012703100 nd6_timer nd6_timer 0 116 3 1 200 ffffb780126fc940 carp6_wqinput/1 carp6_wqinput 0 115 3 0 200 ffffb780126fc500 carp6_wqinput/0 carp6_wqinput 0 114 3 1 200 ffffb780126fc0c0 carp_wqinput/1 carp_wqinput 0 113 3 0 200 ffffb780126ed900 carp_wqinput/0 carp_wqinput 0 112 3 1 200 ffffb780126ed4c0 icmp_wqinput/1 icmp_wqinput 0 111 3 0 200 ffffb780126ed080 icmp_wqinput/0 icmp_wqinput 0 110 3 0 200 ffffb780126db8c0 rt_timer rt_timer 0 109 3 1 200 ffffb780126db040 vmem_rehash vmem_rehash 0 100 3 0 200 ffffb780126d7300 entbutler entropy 0 99 3 1 200 ffffb780120bdb40 viomb balloon 0 98 3 1 200 ffffb780120bd700 vioif0_txrx/1 vioif0_txrx 0 97 3 0 200 ffffb780120bd2c0 vioif0_txrx/0 vioif0_txrx 0 30 3 0 200 ffffb78010d666c0 scsibus0 sccomp 0 29 3 0 200 ffffb78010d66280 pms0 pmsreset 0 28 3 1 200 ffffb78010cacac0 xcall/1 xcall 0 27 1 1 200 ffffb78010cac680 softser/1 0 26 1 1 200 ffffb78010cac240 softclk/1 0 25 1 1 200 ffffb78010ca9a80 softbio/1 0 24 1 1 200 ffffb78010ca9640 softnet/1 0 23 1 1 201 ffffb78010ca9200 idle/1 0 22 3 0 200 ffffb7800fb55a40 lnxsyswq lnxsyswq 0 21 3 0 200 ffffb7800fb55600 lnxubdwq lnxubdwq 0 20 3 0 200 ffffb7800fb551c0 lnxpwrwq lnxpwrwq 0 19 3 0 200 ffffb7800fb54a00 lnxlngwq lnxlngwq 0 18 3 0 200 ffffb7800fb545c0 lnxhipwq lnxhipwq 0 17 3 0 200 ffffb7800fb54180 lnxrcugc lnxrcugc 0 16 3 0 200 ffffb7800fb4d9c0 sysmon smtaskq 0 15 3 0 200 ffffb7800fb4d580 pmfsuspend pmfsuspend 0 14 3 0 200 ffffb7800fb4d140 pmfevent pmfevent 0 13 3 0 200 ffffb7800fb4a980 sopendfree sopendfr 0 12 3 1 200 ffffb7800fb4a540 ifwdog ifwdog 0 11 3 0 200 ffffb7800fb4a100 iflnkst iflnkst 0 10 3 0 200 ffffb7800fb3b940 nfssilly nfssilly 0 9 3 0 200 ffffb7800fb3b500 pooldisp pooldisp 0 8 3 1 200 ffffb7800fb3b0c0 modunload mod_unld 0 7 3 0 200 ffffb7800fb32900 xcall/0 xcall 0 6 1 0 200 ffffb7800fb324c0 softser/0 0 5 1 0 200 ffffb7800fb32080 softclk/0 0 4 1 0 200 ffffb7800fb308c0 softbio/0 0 3 1 0 200 ffffb7800fb30480 softnet/0 0 2 1 0 201 ffffb7800fb30040 idle/0 0 0 2 1 240 ffffffff833501c0 swapper [Locks tracked through LWPs] ****** LWP 1484.1484 (sh) @ 0xffffb78013337540, l_stat=3 *** Locks held: * Lock 0 (initialized at netbsd:fork1+0x369 sys/kern/kern_fork.c:366) lock address : ffffb78012bf4890 type : sleep/adaptive initialized : netbsd:fork1+0x369 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 1 relevant lwp : 0xffffb78013337540 last held: 0xffffb78013337540 last locked* : netbsd:execve_loadvm+0x31a unlocked : 0 owner/count : 000000000000000000 flags : 000000000000000000 Turnstile: no active turnstile for this lock. *** Locks wanted: none ****** LWP 1313.1313 (syz-executor.1) @ 0xffffb78012d09280, l_stat=2 *** Locks held: * Lock 0 (initialized at netbsd:fork1+0x369 sys/kern/kern_fork.c:366) lock address : ffffb78012b93810 type : sleep/adaptive initialized : netbsd:fork1+0x369 shared holds : 0 exclusive: 1 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb78012d09280 last held: 0xffffb78012d09280 last locked* : netbsd:exit1+0x2e3 unlocked : netbsd:execve_loadvm+0x1d9 owner/count : 0xffffb78012d09280 flags : 0x0000000000000004 Turnstile: no active turnstile for this lock. *** Locks wanted: * Lock 0 (initialized at netbsd:pmap_ctor+0x93 sys/arch/x86/x86/pmap.c:2872) lock address : ffffb78012b2d580 type : sleep/adaptive initialized : netbsd:pmap_ctor+0x93 shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 1 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb78012d09280 last held: 000000000000000000 last locked : netbsd:pmap_remove_all+0x129 unlocked* : netbsd:pmap_remove_all+0xf30 owner field : 0xffffb78012d09280 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP 905.905 (syz-executor.0) @ 0xffffb78012ca04c0, l_stat=3 *** Locks held: none *** Locks wanted: * Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132) lock address : netbsd:module_hook type : sleep/adaptive initialized : netbsd:module_hook_init+0x1c shared holds : 0 exclusive: 0 shares wanted: 0 exclusive: 0 relevant cpu : 0 last held: 0 relevant lwp : 0xffffb78012ca04c0 last held: 000000000000000000 last locked : 0 unlocked* : 0 owner field : 000000000000000000 wait/spin: 0/0 Turnstile: no active turnstile for this lock. ****** LWP -1.-1065006906 (fatal protection fault in supervisor mode [ 108.2562106] trap type 4 code 0 rip 0xffffffff81bac5da cs 0x8 rflags 0x10282 cr2 0x20002000 ilevel 0x8 rsp 0xffffb782516cae50 [ 108.2562106] curlwp 0xffffb78012a51780 pid 1618.834 lowest kstack 0xffffb782516c42c0 kernel: protection fault trap, code=0 Faulted in DDB; continuing...