assert failed: (c->c_flags & CALLOUT_PENDING) == 0
4 views
Skip to first unread message
syzbot
Feb 24, 2019, 2:01:05 AM2/24/19
to syzkaller-...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: dc893675b200 Hook spi.
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1360d8f4c00000
dashboard link: https://syzkaller.appspot.com/bug?extid=95b252c7c7f5cd2c8f2e
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+95b252...@syzkaller.appspotmail.com
[ 37.7531813] panic: kernel diagnostic assertion "(c->c_flags &
CALLOUT_PENDING) == 0" failed:
file "/syzkaller/managers/netbsd/kernel/sys/kern/kern_timeout.c", line 317
callout 0xffffba0012f0faa0: c_func (0xffffffff80ed6050) c_flags (0x102)
destroyed from 0xffffffff80ed5f1d
[ 37.7531813] cpu0: Begin traceback...
[ 37.7642883] vpanic() at netbsd:vpanic+0x214
[ 37.7642883] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 37.7769923] callout_destroy() at netbsd:callout_destroy+0x118
[ 37.7885097] itimerfree() at netbsd:itimerfree+0x102
[ 37.7980795] timers_free() at netbsd:timers_free+0x172
[ 37.8098285] exit1() at netbsd:exit1+0x276
[ 37.8206787] sys_exit() at netbsd:sys_exit+0x6c
[ 37.8311251] syscall() at netbsd:syscall+0x30e
[ 37.8430796] --- syscall (number 1) ---
[ 37.8531361] 78b8b74fe47a:
[ 37.8531361] cpu0: End traceback...
[ 37.8531361] dumping to dev 4,1 (offset=0, size=0): not possible
[ 37.8531361] rebooting...
SeaBIOS (version 1.8.2-20181029_212248-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2a00: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...
>> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from
>> NetBSD 8.0)
>> Memory: 639/3144640 k
1. Boot normally
2. Boot single user
3. Disable ACPI
4. Disable ACPI and SMP
5. Drop to boot prompt
| / - \ | / - 36967632\ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
+2878256/ - \ | [1062116/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ +1363008| / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ +1044773| / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | ]=0x294fc40
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | WARNING: couldn't
open /var/db/entropy-file
WARNING: 1 module failed to load
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: dc893675b200 Hook spi.
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1360d8f4c00000
dashboard link: https://syzkaller.appspot.com/bug?extid=95b252c7c7f5cd2c8f2e
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+95b252...@syzkaller.appspotmail.com
[ 37.7531813] panic: kernel diagnostic assertion "(c->c_flags &
CALLOUT_PENDING) == 0" failed:
file "/syzkaller/managers/netbsd/kernel/sys/kern/kern_timeout.c", line 317
callout 0xffffba0012f0faa0: c_func (0xffffffff80ed6050) c_flags (0x102)
destroyed from 0xffffffff80ed5f1d
[ 37.7531813] cpu0: Begin traceback...
[ 37.7642883] vpanic() at netbsd:vpanic+0x214
[ 37.7642883] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 37.7769923] callout_destroy() at netbsd:callout_destroy+0x118
[ 37.7885097] itimerfree() at netbsd:itimerfree+0x102
[ 37.7980795] timers_free() at netbsd:timers_free+0x172
[ 37.8098285] exit1() at netbsd:exit1+0x276
[ 37.8206787] sys_exit() at netbsd:sys_exit+0x6c
[ 37.8311251] syscall() at netbsd:syscall+0x30e
[ 37.8430796] --- syscall (number 1) ---
[ 37.8531361] 78b8b74fe47a:
[ 37.8531361] cpu0: End traceback...
[ 37.8531361] dumping to dev 4,1 (offset=0, size=0): not possible
[ 37.8531361] rebooting...
SeaBIOS (version 1.8.2-20181029_212248-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2a00: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...
>> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from
>> NetBSD 8.0)
>> Memory: 639/3144640 k
1. Boot normally
2. Boot single user
3. Disable ACPI
4. Disable ACPI and SMP
5. Drop to boot prompt
| / - \ | / - 36967632\ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
+2878256/ - \ | [1062116/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ +1363008| / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ +1044773| / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | ]=0x294fc40
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | WARNING: couldn't
open /var/db/entropy-file
WARNING: 1 module failed to load
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot
Feb 24, 2019, 8:19:04 PM2/24/19
to syzkaller-...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 11eef5b2ee47 Clear per-lwp entries whose mount is gone bef..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13653668c00000
dashboard link: https://syzkaller.appspot.com/bug?extid=95b252c7c7f5cd2c8f2e
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151324f4c00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10983948c00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+95b252...@syzkaller.appspotmail.com
login: [ 95.5366659] panic: kernel diagnostic assertion "(c->c_flags &
destroyed from 0xffffffff80ed689f
[ 95.5461478] cpu0: Begin traceback...
[ 95.5485268] vpanic() at netbsd:vpanic+0x214
[ 95.5564367] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 95.5682942] callout_destroy() at netbsd:callout_destroy+0x118
[ 95.5821346] itimerfree() at netbsd:itimerfree+0x102
[ 95.5939926] timers_free() at netbsd:timers_free+0x2ef
[ 95.6058536] exit1() at netbsd:exit1+0x276
[ 95.6157376] sys_exit() at netbsd:sys_exit+0x6c
[ 95.6276001] syscall() at netbsd:syscall+0x30e
[ 95.6344663] --- syscall (number 1) ---
[ 95.6414359] 769905efe47a:
[ 95.6441696] cpu0: End traceback...
[ 95.6482196] dumping to dev 4,1 (offset=0, size=0): not possible
[ 95.6482196] rebooting...
+2878256/ - \ | [1062137/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
[ 1.0000000] pool redzone disabled for 'kmem-4096'
[ 1.0000000] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002,
2003, 2004, 2005,
[ 1.0000000] 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
2015, 2016, 2017,
[ 1.0000000] 2018, 2019 The NetBSD Foundation, Inc. All rights
reserved.
[ 1.0000000] Copyright (c) 1982, 1986, 1989, 1991, 1993
[ 1.0000000] The Regents of the University of California. All rights
reserved.
[ 1.0000000] NetBSD 8.99.34 (GENERIC_SYZKALLER) #7: Sun Feb 24 19:32:03
UTC 2019
[ 1.0000000]
root@ci2:/syzkaller/managers/netbsd/kernel/sys/arch/amd64/compile/obj/GENERIC_SYZKALLER
[ 1.0000000] total memory = 7679 MB
[ 1.0000000] avail memory = 6664 MB
[ 1.0000000] pool redzone disabled for 'buf64k'
[ 1.0000000] cpu_rng: RDRAND
[ 1.0000000] running cgd selftest aes-xts-256 aes-xts-512 done
[ 1.0000030] mainbus0 (root)
[ 1.0000030] ACPI: RSDP 0x00000000000F2A40 000014 (v00 Google)
[ 1.0000030] ACPI: RSDT 0x00000000BFFFDBA0 000038 (v01 Google GOOGRSDT
00000001 GOOG 00000001)
[ 1.0000030] ACPI: FACP 0x00000000BFFFFF00 0000F4 (v02 Google GOOGFACP
00000001 GOOG 00000001)
[ 1.0000030] ACPI: DSDT 0x00000000BFFFDBE0 0017B2 (v01 Google GOOGDSDT
00000001 GOOG 00000001)
[ 1.0000030] ACPI: FACS 0x00000000BFFFFEC0 000040
[ 1.0000030] ACPI: SSDT 0x00000000BFFFF590 000930 (v01 Google GOOGSSDT
00000001 GOOG 00000001)
[ 1.0000030] ACPI: APIC 0x00000000BFFFF4A0 000076 (v01 Google GOOGAPIC
00000001 GOOG 00000001)
[ 1.0000030] ACPI: WAET 0x00000000BFFFF470 000028 (v01 Google GOOGWAET
00000001 GOOG 00000001)
[ 1.0000030] ACPI: SRAT 0x00000000BFFFF3A0 0000C8 (v01 Google GOOGSRAT
00000001 GOOG 00000001)
[ 1.0000030] ACPI: 2 ACPI AML tables successfully acquired and loaded
[ 1.0000030] ioapic0 at mainbus0 apid 0
[ 1.0000030] cpu0 at mainbus0 apid 0
[ 1.0000030] cpu0: Intel(R) Xeon(R) CPU @ 2.30GHz, id 0x306f0
[ 1.0000030] cpu0: package 0, core 0, smt 0
[ 1.0000030] cpu1 at mainbus0 apid 1
[ 1.0000030] cpu1: Intel(R) Xeon(R) CPU @ 2.30GHz, id 0x306f0
[ 1.0000030] cpu1: package 0, core 0, smt 1
[ 1.0000030] acpi0 at mainbus0: Intel ACPICA 20181213
[ 1.0000030] acpi0: fixed power button present
[ 1.0000030] acpi0: fixed sleep button present
[ 1.0409632] pckbc1 at acpi0 (KBD, PNP0303) (kbd port): io 0x60,0x64 irq 1
[ 1.0409632] pckbc2 at acpi0 (MOU, PNP0F13) (aux port): irq 12
[ 1.0409632] COM1 (PNP0501) at acpi0 not configured
[ 1.0409632] COM2 (PNP0501) at acpi0 not configured
[ 1.0409632] COM3 (PNP0501) at acpi0 not configured
[ 1.0409632] COM4 (PNP0501) at acpi0 not configured
[ 1.0409632] PEVT (QEMU0001) at acpi0 not configured
[ 1.0409632] ACPI: Enabled 16 GPEs in block 00 to 0F
[ 1.0409632] pckbd0 at pckbc1 (kbd slot)
[ 1.0409632] pckbc1: using irq 1 for kbd slot
[ 1.0409632] wskbd0 at pckbd0 mux 1
[ 1.0409632] pms0 at pckbc1 (aux slot)
HEAD commit: 11eef5b2ee47 Clear per-lwp entries whose mount is gone bef..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13653668c00000
dashboard link: https://syzkaller.appspot.com/bug?extid=95b252c7c7f5cd2c8f2e
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151324f4c00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10983948c00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+95b252...@syzkaller.appspotmail.com
CALLOUT_PENDING) == 0" failed:
file "/syzkaller/managers/netbsd/kernel/sys/kern/kern_timeout.c", line 317
callout 0xffff970012ef8aa0: c_func (0xffffffff80ed69d2) c_flags (0x102)
file "/syzkaller/managers/netbsd/kernel/sys/kern/kern_timeout.c", line 317
destroyed from 0xffffffff80ed689f
[ 95.5461478] cpu0: Begin traceback...
[ 95.5485268] vpanic() at netbsd:vpanic+0x214
[ 95.5564367] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 95.5682942] callout_destroy() at netbsd:callout_destroy+0x118
[ 95.5821346] itimerfree() at netbsd:itimerfree+0x102
[ 95.5939926] timers_free() at netbsd:timers_free+0x2ef
[ 95.6058536] exit1() at netbsd:exit1+0x276
[ 95.6157376] sys_exit() at netbsd:sys_exit+0x6c
[ 95.6276001] syscall() at netbsd:syscall+0x30e
[ 95.6344663] --- syscall (number 1) ---
[ 95.6414359] 769905efe47a:
[ 95.6441696] cpu0: End traceback...
[ 95.6482196] dumping to dev 4,1 (offset=0, size=0): not possible
[ 95.6482196] rebooting...
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ +1363032| / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ +1044802| / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | ]=0x294fc90
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | WARNING: couldn't
open /var/db/entropy-file
WARNING: 1 module failed to load
[ 1.0000000] pool redzone disabled for 'pdppl'
open /var/db/entropy-file
WARNING: 1 module failed to load
[ 1.0000000] pool redzone disabled for 'kmem-4096'
[ 1.0000000] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002,
2003, 2004, 2005,
[ 1.0000000] 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
2015, 2016, 2017,
[ 1.0000000] 2018, 2019 The NetBSD Foundation, Inc. All rights
reserved.
[ 1.0000000] Copyright (c) 1982, 1986, 1989, 1991, 1993
[ 1.0000000] The Regents of the University of California. All rights
reserved.
[ 1.0000000] NetBSD 8.99.34 (GENERIC_SYZKALLER) #7: Sun Feb 24 19:32:03
UTC 2019
[ 1.0000000]
root@ci2:/syzkaller/managers/netbsd/kernel/sys/arch/amd64/compile/obj/GENERIC_SYZKALLER
[ 1.0000000] total memory = 7679 MB
[ 1.0000000] avail memory = 6664 MB
[ 1.0000000] pool redzone disabled for 'buf64k'
[ 1.0000000] cpu_rng: RDRAND
[ 1.0000000] running cgd selftest aes-xts-256 aes-xts-512 done
[ 1.0000030] mainbus0 (root)
[ 1.0000030] ACPI: RSDP 0x00000000000F2A40 000014 (v00 Google)
[ 1.0000030] ACPI: RSDT 0x00000000BFFFDBA0 000038 (v01 Google GOOGRSDT
00000001 GOOG 00000001)
[ 1.0000030] ACPI: FACP 0x00000000BFFFFF00 0000F4 (v02 Google GOOGFACP
00000001 GOOG 00000001)
[ 1.0000030] ACPI: DSDT 0x00000000BFFFDBE0 0017B2 (v01 Google GOOGDSDT
00000001 GOOG 00000001)
[ 1.0000030] ACPI: FACS 0x00000000BFFFFEC0 000040
[ 1.0000030] ACPI: SSDT 0x00000000BFFFF590 000930 (v01 Google GOOGSSDT
00000001 GOOG 00000001)
[ 1.0000030] ACPI: APIC 0x00000000BFFFF4A0 000076 (v01 Google GOOGAPIC
00000001 GOOG 00000001)
[ 1.0000030] ACPI: WAET 0x00000000BFFFF470 000028 (v01 Google GOOGWAET
00000001 GOOG 00000001)
[ 1.0000030] ACPI: SRAT 0x00000000BFFFF3A0 0000C8 (v01 Google GOOGSRAT
00000001 GOOG 00000001)
[ 1.0000030] ACPI: 2 ACPI AML tables successfully acquired and loaded
[ 1.0000030] ioapic0 at mainbus0 apid 0
[ 1.0000030] cpu0 at mainbus0 apid 0
[ 1.0000030] cpu0: Intel(R) Xeon(R) CPU @ 2.30GHz, id 0x306f0
[ 1.0000030] cpu0: package 0, core 0, smt 0
[ 1.0000030] cpu1 at mainbus0 apid 1
[ 1.0000030] cpu1: Intel(R) Xeon(R) CPU @ 2.30GHz, id 0x306f0
[ 1.0000030] cpu1: package 0, core 0, smt 1
[ 1.0000030] acpi0 at mainbus0: Intel ACPICA 20181213
[ 1.0000030] acpi0: fixed power button present
[ 1.0000030] acpi0: fixed sleep button present
[ 1.0409632] pckbc1 at acpi0 (KBD, PNP0303) (kbd port): io 0x60,0x64 irq 1
[ 1.0409632] pckbc2 at acpi0 (MOU, PNP0F13) (aux port): irq 12
[ 1.0409632] COM1 (PNP0501) at acpi0 not configured
[ 1.0409632] COM2 (PNP0501) at acpi0 not configured
[ 1.0409632] COM3 (PNP0501) at acpi0 not configured
[ 1.0409632] COM4 (PNP0501) at acpi0 not configured
[ 1.0409632] PEVT (QEMU0001) at acpi0 not configured
[ 1.0409632] ACPI: Enabled 16 GPEs in block 00 to 0F
[ 1.0409632] pckbd0 at pckbc1 (kbd slot)
[ 1.0409632] pckbc1: using irq 1 for kbd slot
[ 1.0409632] wskbd0 at pckbd0 mux 1
[ 1.0409632] pms0 at pckbc1 (aux slot)
Maxime Villard
Sep 12, 2019, 2:51:16 AM9/12/19
to syzbot, syzkaller-...@googlegroups.com
Fixed along with the other itimer bugs.
#syz fix: Fix race in timer destruction.
#syz fix: Fix race in timer destruction.
Reply all
Reply to author
Forward
0 new messages