[ 338.2084664] panic: kernel diagnostic assertion "tmp != NULL" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/fs/tmpfs/tmpfs.h", line 324 [ 338.2285490] cpu0: Begin traceback... [ 338.2684424] vpanic() at netbsd:vpanic+0x2f0 sys/kern/subr_prf.c:288 [ 338.3984315] kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074 [ 338.4884303] tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x3d7 VFS_TO_TMPFS sys/fs/tmpfs/tmpfs.h:324 [inline] [ 338.4884303] tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x3d7 VFS_TO_TMPFS sys/fs/tmpfs/tmpfs.h:320 [inline] [ 338.4884303] tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x3d7 sys/fs/tmpfs/tmpfs_vfsops.c:406 [ 338.5684321] VFS_STATVFS() at netbsd:VFS_STATVFS+0xa3 sys/kern/vfs_subr.c:1571 [ 338.6484297] layerfs_statvfs() at netbsd:layerfs_statvfs+0x9d sys/miscfs/genfs/layer_vfsops.c:169 [ 338.7284792] VFS_STATVFS() at netbsd:VFS_STATVFS+0xa3 sys/kern/vfs_subr.c:1571 [ 338.8084295] dostatvfs() at netbsd:dostatvfs+0x288 sys/kern/vfs_syscalls.c:1263 [ 338.8884297] do_sys_getvfsstat() at netbsd:do_sys_getvfsstat+0x11b sys/kern/vfs_syscalls.c:1413 [ 338.9684295] sys___getvfsstat90() at netbsd:sys___getvfsstat90+0x5c sys/kern/vfs_syscalls.c:1464 [ 339.0484333] sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline] [ 339.0484333] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90 [ 339.1384293] syscall() at netbsd:syscall+0x28b sy_call sys/sys/syscallvar.h:65 [inline] [ 339.1384293] syscall() at netbsd:syscall+0x28b sy_invoke sys/sys/syscallvar.h:94 [inline] [ 339.1384293] syscall() at netbsd:syscall+0x28b sys/arch/x86/x86/syscall.c:137 [ 339.1584440] --- syscall (number 483 via SYS_syscall) --- [ 339.1784338] netbsd:syscall+0x28b: [ 339.1784338] cpu0: End traceback... [ 339.1916915] fatal breakpoint trap in supervisor mode [ 339.1916915] trap type 1 code 0 rip 0xffffffff80235475 cs 0x8 rflags 0x246 cr2 0x20017000 ilevel 0 rsp 0xffff8e82664f2c00 [ 339.2073106] curlwp 0xfffff6edb2a948c0 pid 5268.5360 lowest kstack 0xffff8e82664ee2c0 Stopped in pid 5268.5360 (syz-executor.2) at netbsd:breakpoint+0x5: leave ? breakpoint() at netbsd:breakpoint+0x5 db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:71 vpanic() at netbsd:vpanic+0x2f0 sys/kern/subr_prf.c:288 kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074 tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x3d7 VFS_TO_TMPFS sys/fs/tmpfs/tmpfs.h:324 [inline] tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x3d7 VFS_TO_TMPFS sys/fs/tmpfs/tmpfs.h:320 [inline] tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x3d7 sys/fs/tmpfs/tmpfs_vfsops.c:406 VFS_STATVFS() at netbsd:VFS_STATVFS+0xa3 sys/kern/vfs_subr.c:1571 layerfs_statvfs() at netbsd:layerfs_statvfs+0x9d sys/miscfs/genfs/layer_vfsops.c:169 VFS_STATVFS() at netbsd:VFS_STATVFS+0xa3 sys/kern/vfs_subr.c:1571 dostatvfs() at netbsd:dostatvfs+0x288 sys/kern/vfs_syscalls.c:1263 do_sys_getvfsstat() at netbsd:do_sys_getvfsstat+0x11b sys/kern/vfs_syscalls.c:1413 sys___getvfsstat90() at netbsd:sys___getvfsstat90+0x5c sys/kern/vfs_syscalls.c:1464 sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90 syscall() at netbsd:syscall+0x28b sy_call sys/sys/syscallvar.h:65 [inline] syscall() at netbsd:syscall+0x28b sy_invoke sys/sys/syscallvar.h:94 [inline] syscall() at netbsd:syscall+0x28b sys/arch/x86/x86/syscall.c:137 --- syscall (number 483 via SYS_syscall) --- netbsd:syscall+0x28b: Panic string: kernel diagnostic assertion "tmp != NULL" failed: file "/syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/fs/tmpfs/tmpfs.h", line 324 PID LID S CPU FLAGS STRUCT LWP * NAME WAIT 6998 6998 2 1 40000 fffff6ed91300300 syz-executor.0 6239 6239 2 0 0 fffff6edb8074540 syz-executor.1 5268 > 5360 7 0 40000 fffff6edb2a948c0 syz-executor.2 5268 5268 2 0 10040000 fffff6edb8074100 syz-executor.2 4995 4995 3 1 180 fffff6edb8074980 syz-executor.5 parked 6985 6985 2 0 40000 fffff6edb2a94040 syz-executor.4 4350 4350 3 1 0 fffff6edad00e340 syz-executor.1 mutex 5162 5162 3 1 0 fffff6edb6c3d940 syz-executor.2 mutex 4248 4248 3 1 180 fffff6ed9b7f5540 syz-executor.5 parked 6494 6494 3 0 180 fffff6edbaaf6580 syz-executor.0 parked 5938 5938 3 1 180 fffff6ed9a3a8500 syz-executor.0 parked 5932 4757 2 1 1000040 fffff6edbaabe180 syz-executor.0 5932 4339 3 0 15100000 fffff6edbaaf69c0 syz-executor.0 vfork 3140 3140 3 0 180 fffff6edb5f064c0 syz-executor.2 parked 4444 4312 3 0 11100000 fffff6eda5e54700 syz-executor.2 vfork 4444 4444 2 1 11000040 fffff6eda6df6240 syz-executor.2 3200 3200 3 0 180 fffff6edb5f06080 syz-executor.2 parked 5076 5076 3 0 180 fffff6edad00ebc0 syz-executor.1 parked 3007 3007 3 1 180 fffff6eda00ec9c0 syz-executor.5 parked 2971 2972 3 1 1100000 fffff6ed9f996180 syz-executor.5 vfork 2971 2971 2 1 11000040 fffff6eda1fe1740 syz-executor.5 5065 5065 3 0 180 fffff6eda1fe1b80 syz-executor.2 parked 3564 2718 3 0 1100000 fffff6eda00ec140 syz-executor.2 vfork 3564 3564 2 1 11000040 fffff6ed9f9965c0 syz-executor.2 3745 3745 3 1 180 fffff6eda1514600 syz-executor.0 parked 2711 2978 3 1 1100000 fffff6eda5e542c0 syz-executor.0 vfork 2711 2711 2 0 11000040 fffff6ed8b4716c0 syz-executor.0 1937 1937 3 0 180 fffff6ed8bfce080 syz-executor.4 parked 3756 3756 3 0 180 fffff6eda1514a40 syz-executor.5 parked 1935 1935 3 0 180 fffff6ed8c14d100 syz-executor.1 parked 2479 2212 3 0 5100000 fffff6eda3d99a80 syz-executor.1 vfork 2479 2479 2 0 11000040 fffff6eda3d99640 syz-executor.1 3761 3761 3 1 180 fffff6ed9f996a00 syz-executor.4 parked 1946 1946 3 1 180 fffff6eda3d99200 syz-executor.5 parked 1934 1934 3 0 180 fffff6ed8b8f2340 syz-executor.4 parked 2373 2918 2 1 1140000 fffff6eda2513280 syz-executor.0 2373 2373 2 1 11000040 fffff6ed8bfce4c0 syz-executor.0 1978 1978 3 0 180 fffff6ed8cb480c0 syz-executor.4 parked 2870 2870 3 1 180 fffff6ed9a3a8940 syz-executor.3 parked 763 737 3 1 11100000 fffff6ed9b7f5980 syz-executor.3 vfork 763 763 2 1 11000040 fffff6ed8cb48940 syz-executor.3 2794 2794 3 1 180 fffff6ed9b7f5100 syz-executor.5 parked 1589 1589 3 0 180 fffff6ed8ba92480 syz-executor.1 parked 1612 2254 3 0 11100000 fffff6ed903a34c0 syz-executor.1 vfork 1612 1612 2 0 11000040 fffff6ed997c1bc0 syz-executor.1 1083 1083 3 0 180 fffff6ed9065a480 syz-executor.2 parked 1453 1326 3 0 11100000 fffff6ed8c204700 syz-executor.2 vfork 1453 1453 2 1 11000040 fffff6ed91300740 syz-executor.2 2132 2132 3 1 180 fffff6ed8c14d980 syz-executor.0 parked 1484 641 3 1 5100000 fffff6ed903a3900 syz-executor.0 vfork 1484 1484 2 1 11000040 fffff6ed8b0acac0 syz-executor.0 406 406 3 0 180 fffff6ed903a3080 syz-executor.2 parked 1841 2153 2 1 1140000 fffff6ed8c412180 syz-executor.5 1841 1841 2 0 11000040 fffff6ed8cb48500 syz-executor.5 2009 2009 3 1 180 fffff6ed9065a040 syz-executor.0 parked 1458 1458 3 1 180 fffff6ed8ba928c0 syz-executor.2 parked 1512 1512 3 1 180 fffff6ed8c14d540 syz-executor.3 parked 1745 1745 3 1 180 fffff6ed997c1780 syz-executor.3 parked 1464 1735 3 1 1100000 fffff6ed8c3d71c0 syz-executor.3 vfork 1464 1464 2 1 11000040 fffff6ed997c1340 syz-executor.3 1237 1844 3 1 180 fffff6ed8b6f6740 syz-fuzzer parked 1237 1209 3 0 180 fffff6ed8c2042c0 syz-fuzzer wait 1237 1214 3 0 180 fffff6ed8d06f6c0 syz-fuzzer wait 1237 1205 3 1 180 fffff6ed8cf55240 syz-fuzzer wait 1237 1200 3 1 180 fffff6ed8d06f280 syz-fuzzer wait 1237 1247 3 1 180 fffff6ed8d06fb00 syz-fuzzer wait 1237 829 3 1 180 fffff6ed8cf55ac0 syz-fuzzer parked 1237 1244 3 1 180 fffff6ed8cfcfa80 syz-fuzzer parked 1237 1132 3 0 180 fffff6ed8cf55680 syz-fuzzer parked 1237 449 2 1 1000000 fffff6ed8b88d580 syz-fuzzer 1237 942 3 0 180 fffff6ed8c3d7a40 syz-fuzzer parked 1237 813 3 1 180 fffff6ed8b5972c0 syz-fuzzer parked 1237 947 2 1 0 fffff6ed8b471b00 syz-fuzzer 1237 1237 3 0 180 fffff6ed8b8f2780 syz-fuzzer parked 1235 1235 3 0 180 fffff6ed8ba92040 sshd select 1226 1226 3 0 180 fffff6ed8cfcf640 getty nanoslp 1112 1112 3 0 180 fffff6ed8cfcf200 getty nanoslp 1082 1082 3 0 180 fffff6ed8c3d7600 getty nanoslp 0Skipping crash dump on recursive panic [ 339.2149032] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/ddb/db_proc.c:202:10, member access within misaligned address 0xffff8e8251482470 for type 'struct cpu_info' which requires 64 byte alignment [ 339.2149032] cpu0: Begin traceback... [ 339.2149032] vpanic() at netbsd:vpanic+0x2f0 sys/kern/subr_prf.c:288 [ 339.2149032] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352 [ 339.2149032] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0xfc sys/../common/lib/libc/misc/ubsan.c:432 [ 339.2149032] db_show_all_procs() at netbsd:db_show_all_procs+0xe82 sys/ddb/db_proc.c:202 [ 339.2149032] db_command() at netbsd:db_command+0x240 sys/ddb/db_command.c:972 [ 339.2149032] db_command_loop() at netbsd:db_command_loop+0x221 db_execute_commandlist sys/ddb/db_command.c:468 [inline] [ 339.2149032] db_command_loop() at netbsd:db_command_loop+0x221 sys/ddb/db_command.c:618 [ 339.2149032] db_trap() at netbsd:db_trap+0x261 sys/ddb/db_trap.c:94 [ 339.2149032] kdb_trap() at netbsd:kdb_trap+0x1aa sys/arch/amd64/amd64/db_interface.c:252 [ 339.2149032] trap() at netbsd:trap+0x569 sys/arch/amd64/amd64/trap.c:314 [ 339.2149032] --- trap (number 1) --- [ 339.2149032] breakpoint() at netbsd:breakpoint+0x5 [ 339.2149032] db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:71 [ 339.2149032] vpanic() at netbsd:vpanic+0x2f0 sys/kern/subr_prf.c:288 [ 339.2149032] kern_assert() at netbsd:kern_assert+0x65 sys/arch/amd64/amd64/db_disasm.c:1074 [ 339.2149032] tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x3d7 VFS_TO_TMPFS sys/fs/tmpfs/tmpfs.h:324 [inline] [ 339.2149032] tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x3d7 VFS_TO_TMPFS sys/fs/tmpfs/tmpfs.h:320 [inline] [ 339.2149032] tmpfs_statvfs() at netbsd:tmpfs_statvfs+0x3d7 sys/fs/tmpfs/tmpfs_vfsops.c:406 [ 339.2149032] VFS_STATVFS() at netbsd:VFS_STATVFS+0xa3 sys/kern/vfs_subr.c:1571 [ 339.2149032] layerfs_statvfs() at netbsd:layerfs_statvfs+0x9d sys/miscfs/genfs/layer_vfsops.c:169 [ 339.2149032] VFS_STATVFS() at netbsd:VFS_STATVFS+0xa3 sys/kern/vfs_subr.c:1571 [ 339.2149032] dostatvfs() at netbsd:dostatvfs+0x288 sys/kern/vfs_syscalls.c:1263 [ 339.2149032] do_sys_getvfsstat() at netbsd:do_sys_getvfsstat+0x11b sys/kern/vfs_syscalls.c:1413 [ 339.2149032] sys___getvfsstat90() at netbsd:sys___getvfsstat90+0x5c sys/kern/vfs_syscalls.c:1464 [ 339.2149032] sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline] [ 339.2149032] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90 [ 339.2149032] syscall() at netbsd:syscall+0x28b sy_call sys/sys/syscallvar.h:65 [inline] [ 339.2149032] syscall() at netbsd:syscall+0x28b sy_invoke sys/sys/syscallvar.h:94 [inline] [ 339.2149032] syscall() at netbsd:syscall+0x28b sys/arch/x86/x86/syscall.c:137 [ 339.2149032] --- syscall (number 483 via SYS_syscall) --- [ 339.2149032] netbsd:syscall+0x28b: [ 339.2149032] cpu0: End traceback... [ 339.2149032] fatal breakpoint trap in supervisor mode [ 339.2149032] trap type 1 code 0 rip 0xffffffff80235475 cs 0x8 rflags 0x246 cr2 0x20017000 ilevel 0x8 rsp 0xffff8e82664f20e0 [ 339.2149032] curlwp 0xfffff6edb2a948c0 pid 5268.5360 lowest kstack 0xffff8e82664ee2c0 Stopped in pid 5268.5360 (syz-executor.2) at netbsd:breakpoint+0x5: leave