assert failed: to

syzbot

unread,

Feb 24, 2019, 2:52:05 PM2/24/19

to syzkaller-...@googlegroups.com

Hello,

syzbot found the following crash on:

HEAD commit: 11eef5b2ee47 Clear per-lwp entries whose mount is gone bef..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=174324f4c00000
dashboard link: https://syzkaller.appspot.com/bug?extid=662dbeb526303f458255

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+662dbe...@syzkaller.appspotmail.com

[ 117.8040622] panic: kernel diagnostic assertion "to_ticks >= 0" failed:
file "/syzkaller/managers/netbsd/kernel/sys/kern/kern_timeout.c", line 335
[ 117.8040622] cpu0: Begin traceback...
[ 117.8040622] vpanic() at netbsd:vpanic+0x214
[ 117.8040622] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 117.8040622] callout_schedule_locked() at
netbsd:callout_schedule_locked+0x25b
[ 117.8040622] sleepq_block() at netbsd:sleepq_block+0x2e9
[ 117.8040622] cv_timedwait_sig() at netbsd:cv_timedwait_sig+0x16f
[ 117.8040622] sbwait() at netbsd:sbwait+0xa2
[ 117.8040622] soreceive() at netbsd:soreceive+0x15b4
[ 117.8040622] do_sys_recvmsg_so() at netbsd:do_sys_recvmsg_so+0x31f
[ 117.8040622] do_sys_recvmsg() at netbsd:do_sys_recvmsg+0xaf
[ 117.8040622] sys_recvfrom() at netbsd:sys_recvfrom+0x105
[ 117.8040622] sys___syscall() at netbsd:sys___syscall+0xe2
[ 117.8040622] syscall() at netbsd:syscall+0x30e
[ 117.8040622] --- syscall (number 198) ---
[ 117.8040622] 78faf903f4aa:
[ 117.8040622] cpu0: End traceback...

[ 117.8040622] dumping to dev 4,1 (offset=0, size=0): not possible
[ 117.8040622] rebooting...
SeaBIOS (version 1.8.2-20181029_212248-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2 Max CPUs supported: 2
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0
removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2a00: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Booting from Hard Disk 0...

>> NetBSD/x86 BIOS Boot, Revision 5.10 (Tue Jul 17 14:59:51 UTC 2018) (from
>> NetBSD 8.0)
>> Memory: 639/3144640 k

1. Boot normally
2. Boot single user
3. Disable ACPI
4. Disable ACPI and SMP
5. Drop to boot prompt
| / - \ | / - 36967632\ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
+2878256/ - \ | [1062137/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ +1363032| / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ +1044802| / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ |
/ - \ | / - \ | / - \ | / - \ | / - \ | ]=0x294fc90
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | WARNING: couldn't
open /var/db/entropy-file
WARNING: 1 module failed to load

---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.

syzbot

unread,

Feb 24, 2019, 3:47:05 PM2/24/19

to syzkaller-...@googlegroups.com

syzbot has found a reproducer for the following crash on:

HEAD commit: 11eef5b2ee47 Clear per-lwp entries whose mount is gone bef..
git tree: netbsd

console output: https://syzkaller.appspot.com/x/log.txt?x=16a18e68c00000
dashboard link: https://syzkaller.appspot.com/bug?extid=662dbeb526303f458255
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1249d7d4c00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+662dbe...@syzkaller.appspotmail.com

[ 63.1565350] panic: kernel diagnostic assertion "to_ticks >= 0" failed:

file "/syzkaller/managers/netbsd/kernel/sys/kern/kern_timeout.c", line 335

[ 63.1565350] cpu0: Begin traceback...
[ 63.1565350] vpanic() at netbsd:vpanic+0x214
[ 63.1565350] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 63.1565350] callout_schedule_locked() at
netbsd:callout_schedule_locked+0x25b
[ 63.1565350] sleepq_block() at netbsd:sleepq_block+0x2e9
[ 63.1565350] cv_timedwait_sig() at netbsd:cv_timedwait_sig+0x16f
[ 63.1565350] sbwait() at netbsd:sbwait+0xa2
[ 63.1565350] soreceive() at netbsd:soreceive+0x15b4
[ 63.1565350] do_sys_recvmsg_so() at netbsd:do_sys_recvmsg_so+0x31f
[ 63.1565350] do_sys_recvmsg() at netbsd:do_sys_recvmsg+0xaf
[ 63.1565350] sys_recvfrom() at netbsd:sys_recvfrom+0x105
[ 63.1565350] sys___syscall() at netbsd:sys___syscall+0xe2
[ 63.1565350] syscall() at netbsd:syscall+0x30e
[ 63.1565350] --- syscall (number 198) ---
[ 63.1565350] 708f77c3f4aa:
[ 63.1565350] cpu0: End traceback...

[ 63.1565350] dumping to dev 4,1 (offset=0, size=0): not possible
[ 63.1565350] rebooting...

syzbot

unread,

Feb 25, 2019, 4:07:05 AM2/25/19

to syzkaller-...@googlegroups.com

syzbot has found a reproducer for the following crash on:

HEAD commit: 11eef5b2ee47 Clear per-lwp entries whose mount is gone bef..
git tree: netbsd

console output: https://syzkaller.appspot.com/x/log.txt?x=15c8f704c00000
dashboard link: https://syzkaller.appspot.com/bug?extid=662dbeb526303f458255
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12dc370ac00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15f6a4b2c00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+662dbe...@syzkaller.appspotmail.com

[ 28.7232439] panic: kernel diagnostic assertion "to_ticks >= 0" failed:

file "/syzkaller/managers/netbsd/kernel/sys/kern/kern_timeout.c", line 335

[ 28.7232439] cpu0: Begin traceback...
[ 28.7232439] vpanic() at netbsd:vpanic+0x214
[ 28.7232439] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 28.7232439] callout_schedule_locked() at
netbsd:callout_schedule_locked+0x25b
[ 28.7232439] sleepq_block() at netbsd:sleepq_block+0x2e9
[ 28.7232439] cv_timedwait_sig() at netbsd:cv_timedwait_sig+0x16f
[ 28.7232439] sbwait() at netbsd:sbwait+0xa2
[ 28.7232439] soreceive() at netbsd:soreceive+0x15b4
[ 28.7232439] dofileread() at netbsd:dofileread+0x154
[ 28.7232439] sys_read() at netbsd:sys_read+0x78
[ 28.7232439] sys_syscall() at netbsd:sys_syscall+0xe2
[ 28.7232439] syscall() at netbsd:syscall+0x30e
[ 28.7232439] --- syscall (number 0) ---
[ 28.7232439] 6fa07363f4ca:
[ 28.7232439] cpu0: End traceback...

[ 28.7232439] dumping to dev 4,1 (offset=0, size=0): not possible
[ 28.7232439] rebooting...

Reply all

Reply to author

Forward

assert failed: to_ticks >= 0

syzbot

syzbot

syzbot