UBSan: Undefined Behavior in device_xname (2)

6 views

Skip to first unread message

syzbot

unread,

Jun 4, 2023, 9:12:03 AM6/4/23

to syzkaller-...@googlegroups.com

Hello,

syzbot found the following issue on:

HEAD commit: c736c23a38d2 indent: fix indentation of adjacent '{'
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14e8717d280000
kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=8b2bdcba6c0f8c030ea8
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e24ea18de92c/disk-c736c23a.raw.xz
netbsd.gdb: https://storage.googleapis.com/syzbot-assets/c4b291888390/netbsd-c736c23a.gdb.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8b2bdc...@syzkaller.appspotmail.com

[ 967.4660773] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/subr_device.c:200:9, member access within null pointer of type 'struct device'

[ 967.4760650] cpu1: Begin traceback...
[ 967.5160706] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:292
[ 967.6360836] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
[ 967.7260663] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
[ 967.8060675] device_xname() at netbsd:device_xname+0x3f sys/kern/subr_device.c:200
[ 967.8960677] dkwedge_add() at netbsd:dkwedge_add+0x5ea sys/dev/dkwedge/dk.c:639
[ 967.9760672] disk_ioctl() at netbsd:disk_ioctl+0x211 sys/kern/subr_disk.c:634
[ 968.0560695] dk_ioctl() at netbsd:dk_ioctl+0x190 sys/dev/dksubr.c:642
[ 968.1360732] sdioctl() at netbsd:sdioctl+0x6b4 sys/dev/scsipi/sd.c:1005
[ 968.2160725] cdev_ioctl() at netbsd:cdev_ioctl+0x162 sys/kern/subr_devsw.c:1525
[ 968.2960721] spec_ioctl() at netbsd:spec_ioctl+0xf2 sys/miscfs/specfs/spec_vnops.c:1331
[ 968.3660712] VOP_IOCTL() at netbsd:VOP_IOCTL+0x149 sys/kern/vnode_if.c:934
[ 968.4560708] vn_ioctl() at netbsd:vn_ioctl+0x1a4 sys/kern/vfs_vnops.c:892
[ 968.5460703] sys_ioctl() at netbsd:sys_ioctl+0xd88 sys/kern/sys_generic.c:675
[ 968.6260708] sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline]
[ 968.6260708] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90
[ 968.7060767] syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline]
[ 968.7060767] syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 968.7060767] syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138
[ 968.7260730] --- syscall (number 54 via SYS_syscall) ---
[ 968.7560696] netbsd:syscall+0x2da:
[ 968.7560696] cpu1: End traceback...
[ 968.7660873] fatal breakpoint trap in supervisor mode
[ 968.7660873] trap type 1 code 0 rip 0xffffffff80235485 cs 0x8 rflags 0x246 cr2 0x20000180 ilevel 0 rsp 0xffffa80248a69420
[ 968.7760698] curlwp 0xffffa5a7c50cf080 pid 1773.3914 lowest kstack 0xffffa80248a652c0
Stopped in pid 1773.3914 (syz-executor.2) at netbsd:breakpoint+0x5: leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:292
Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
device_xname() at netbsd:device_xname+0x3f sys/kern/subr_device.c:200
dkwedge_add() at netbsd:dkwedge_add+0x5ea sys/dev/dkwedge/dk.c:639
disk_ioctl() at netbsd:disk_ioctl+0x211 sys/kern/subr_disk.c:634
dk_ioctl() at netbsd:dk_ioctl+0x190 sys/dev/dksubr.c:642
sdioctl() at netbsd:sdioctl+0x6b4 sys/dev/scsipi/sd.c:1005
cdev_ioctl() at netbsd:cdev_ioctl+0x162 sys/kern/subr_devsw.c:1525
spec_ioctl() at netbsd:spec_ioctl+0xf2 sys/miscfs/specfs/spec_vnops.c:1331
VOP_IOCTL() at netbsd:VOP_IOCTL+0x149 sys/kern/vnode_if.c:934
vn_ioctl() at netbsd:vn_ioctl+0x1a4 sys/kern/vfs_vnops.c:892
sys_ioctl() at netbsd:sys_ioctl+0xd88 sys/kern/sys_generic.c:675
sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline]
sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90
syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138
--- syscall (number 54 via SYS_syscall) ---
netbsd:syscall+0x2da:
Panic string: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/subr_device.c:200:9, member access within null pointer of type 'struct device'

PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
1786 3767 2 0 0 ffffa5a7c5bb0740 syz-executor.1
1786 1786 2 0 10000000 ffffa5a7c4d85780 syz-executor.1
1773 >3914 7 1 100 ffffa5a7c50cf080 syz-executor.2
1773 1773 2 0 10000140 ffffa5a7d8d98240 syz-executor.2
3711 1775 3 0 0 ffffa5a7c4d85bc0 syz-executor.0 cfgmisc
3711 3711 2 0 10000140 ffffa5a7b7efc500 syz-executor.0
2784 1785 2 0 100 ffffa5a7c5551100 syz-executor.5
2784 2784 2 1 10000000 ffffa5a7c996ea00 syz-executor.5
2393 3269 3 1 1100000 ffffa5a7c4fec500 syz-executor.4 tstile
2393 2393 2 0 11000040 ffffa5a7cfeaf640 syz-executor.4
3644 3884 3 1 1100000 ffffa5a7c5551540 syz-executor.4 tstile
3644 3644 2 0 11000040 ffffa5a7c54386c0 syz-executor.4
1671 1668 3 0 1100000 ffffa5a7cb343a40 syz-executor.4 tstile
1671 1671 2 0 11000040 ffffa5a7c51d2700 syz-executor.4
3762 1533 3 1 1100000 ffffa5a7c50cf900 syz-executor.4 tstile
3762 3762 2 0 11000040 ffffa5a7c5438b00 syz-executor.4
3891 1528 3 0 1100000 ffffa5a7bab2f140 syz-executor.4 tstile
3891 3891 2 0 11000040 ffffa5a7c3e31680 syz-executor.4
3515 2387 3 1 1100000 ffffa5a7bc4b2640 syz-executor.4 tstile
3515 3515 2 0 11000040 ffffa5a7c3e31ac0 syz-executor.4
1418 2221 3 0 1100000 ffffa5a7cb3431c0 syz-executor.4 tstile
1418 1418 2 1 11000040 ffffa5a7cb343600 syz-executor.4
2629 1408 3 0 1100000 ffffa5a7c51d2b40 syz-executor.4 tstile
2629 2629 2 0 11000040 ffffa5a7c4fec0c0 syz-executor.4
2872 1265 3 0 1100000 ffffa5a7c4fec940 syz-executor.4 tstile
2872 2872 2 0 11000040 ffffa5a7b92a7a40 syz-executor.4
3530 2119 3 0 1100000 ffffa5a7c52b2480 syz-executor.4 tstile
3530 3530 2 1 11000040 ffffa5a7bab2f9c0 syz-executor.4
1062 3243 3 0 1100000 ffffa5a7c996e180 syz-executor.4 tstile
1062 1062 2 0 11000040 ffffa5a7c52b28c0 syz-executor.4
2520 3130 3 1 1100000 ffffa5a7bab2f580 syz-executor.4 tstile
2520 2520 2 1 11000040 ffffa5a7c52b2040 syz-executor.4
3149 3048 3 0 1100000 ffffa5a7b7f17900 syz-executor.4 tstile
3149 3149 2 0 11000040 ffffa5a7c5551980 syz-executor.4
2282 1885 3 0 1100000 ffffa5a7b7004280 syz-executor.4 tstile
2282 2282 2 1 11000040 ffffa5a7c51d22c0 syz-executor.4
2252 2252 3 1 1c0 ffffa5a7c5438280 syz-executor.3 pipe_rd
918 1856 3 1 1100000 ffffa5a7b7efc0c0 syz-executor.4 tstile
918 918 2 0 11000040 ffffa5a7c5bb0300 syz-executor.4
1086 1086 2 1 140 ffffa5a7c5bb0b80 syz-executor.1
1199 1199 2 0 140 ffffa5a7b7efc940 syz-executor.5
1245 1245 2 0 140 ffffa5a7b725e300 syz-executor.2
1243 1243 2 0 140 ffffa5a7b70e7700 syz-executor.0
1233 1204 3 0 180 ffffa5a7bc4b2a80 syz-fuzzer parked
1233 1247 3 0 180 ffffa5a7b7f174c0 syz-fuzzer wait
1233 1132 3 0 1c0 ffffa5a7b7f17080 syz-fuzzer wait
1233 1120 3 0 180 ffffa5a7bc4b2200 syz-fuzzer wait
1233 1239 3 0 1c0 ffffa5a7b92a7600 syz-fuzzer wait
1233 829 3 1 180 ffffa5a7b79f0980 syz-fuzzer parked
1233 990 3 0 180 ffffa5a7b6c44640 syz-fuzzer wait
1233 929 3 1 180 ffffa5a7b8846140 syz-fuzzer parked
1233 449 3 1 180 ffffa5a7b79f0100 syz-fuzzer parked
1233 942 2 1 140 ffffa5a7b778c480 syz-fuzzer
1233 1230 3 1 180 ffffa5a7b70046c0 syz-fuzzer parked
1233 860 2 0 140 ffffa5a7b7004b00 syz-fuzzer
1233 1233 3 0 180 ffffa5a7b79f0540 syz-fuzzer parked
1235 1235 3 1 180 ffffa5a7b88469c0 sshd select
980 980 3 0 180 ffffa5a7b8846580 getty nanoslp
1216 1216 3 0 180 ffffa5a7b8db15c0 getty nanoslp
1223 1223 3 0 180 ffffa5a7b92a71c0 getty nanoslp
1184 1184 3 1 1c0 ffffa5a7b6c7fac0 getty ttyraw
1096 1096 3 0 180 ffffa5a7b8db1a00 sshd select
1094 1094 3 1 180 ffffa5a7b8db1180 powerd kqueue
702 702 3 0 180 ffffa5a7b760a780 syslogd kqueue
747 747 3 0 180 ffffa5a7b70e72c0 dhcpcd poll
742 742 3 0 180 ffffa5a7b760a340 dhcpcd poll
466 466 3 0 180 ffffa5a7b725e740 dhcpcd poll
598 598 3 0 180 ffffa5a7b778c040 dhcpcd poll
292 292 3 0 180 ffffa5a7b760abc0 dhcpcd poll
485 485 3 0 180 ffffa5a7b725eb80 dhcpcd poll
291 291 3 0 180 ffffa5a7b70e7b40 dhcpcd poll
1 1 3 0 180 ffffa5a7aea80140 init wait
0 902 3 1 200 ffffa5a7c50cf4c0 ktrace ktrwait
0 985 3 0 200 ffffa5a7b6c44a80 physiod physiod
0 196 2 0 240 ffffa5a7b6c7f680 ioflush
0 195 3 0 200 ffffa5a7ae8f0740 pooldrain pooldrain
0 194 3 1 200 ffffa5a7b6c7f240 pgdaemon pgdaemon
0 170 3 0 200 ffffa5a7b6c44200 usb7 usbevt
0 169 3 0 200 ffffa5a7b3b8fa40 usb6 usbevt
0 168 2 1 240 ffffa5a7b3b8f600 usb5
0 167 3 0 240 ffffa5a7b3b8f1c0 usb4 tstile
0 166 3 0 200 ffffa5a7b0b32a00 usb3 usbevt
0 165 3 0 200 ffffa5a7b0b325c0 usb2 usbevt
0 31 3 0 200 ffffa5a7b0b32180 usb1 usbevt
0 63 3 0 200 ffffa5a7aea809c0 usb0 usbevt
0 126 3 1 200 ffffa5a7ae8f0b80 usbtask-dr usbtsk
0 125 3 1 200 ffffa5a7ae9e7340 usbtask-hc usbtsk
0 124 3 0 200 ffffa5a7acea1b00 swwreboot swwreboot
0 123 2 0 240 ffffa5a7aea80580 npfgc0
0 122 3 1 200 ffffa5a7aea73980 rt_free rt_free
0 121 3 1 200 ffffa5a7aea73540 unpgc unpgc
0 120 3 0 200 ffffa5a7aea73100 key_timehandler key_timehandler
0 119 3 1 200 ffffa5a7aea56940 icmp6_wqinput/1 icmp6_wqinput
0 118 3 0 200 ffffa5a7aea56500 icmp6_wqinput/0 icmp6_wqinput
0 117 3 0 200 ffffa5a7aea560c0 nd6_timer nd6_timer
0 116 3 1 200 ffffa5a7aea42900 carp6_wqinput/1 carp6_wqinput
0 115 3 0 200 ffffa5a7aea424c0 carp6_wqinput/0 carp6_wqinput
0 114 3 1 200 ffffa5a7aea42080 carp_wqinput/1 carp_wqinput
0 113 3 0 200 ffffa5a7aea2c8c0 carp_wqinput/0 carp_wqinput
0 112 3 1 200 ffffa5a7aea2c480 icmp_wqinput/1 icmp_wqinput
0 111 3 0 200 ffffa5a7aea2c040 icmp_wqinput/0 icmp_wqinput
0 110 3 0 200 ffffa5a7ae9e7bc0 rt_timer rt_timer
0 109 3 0 200 ffffa5a7ae9e7780 vmem_rehash vmem_rehash
0 100 3 0 200 ffffa5a7ae8f0300 entbutler entropy
0 99 3 0 200 ffffa5a7ae350b40 viomb balloon
0 98 3 1 200 ffffa5a7ae350700 vioif0_txrx/1 vioif0_txrx
0 97 3 0 200 ffffa5a7ae3502c0 vioif0_txrx/0 vioif0_txrx
0 30 3 1 200 ffffa5a7acea16c0 scsibus0 sccomp
0 29 3 0 200 ffffa5a7acea1280 pms0 pmsreset
0 28 3 1 200 ffffa5a7acdacac0 xcall/1 xcall
0 27 1 1 200 ffffa5a7acdac680 softser/1
0 26 1 1 200 ffffa5a7acdac240 softclk/1
0 25 1 1 200 ffffa5a7acd87a80 softbio/1
0 24 1 1 200 ffffa5a7acd87640 softnet/1
0 23 1 1 201 ffffa5a7acd87200 idle/1
0 22 3 0 200 ffffa5a8db12da40 lnxsyswq lnxsyswq
0 21 3 0 200 ffffa5a8db12d600 lnxubdwq lnxubdwq
0 20 3 0 200 ffffa5a8db12d1c0 lnxpwrwq lnxpwrwq
0 19 3 0 200 ffffa5a8db134a00 lnxlngwq lnxlngwq
0 18 3 0 200 ffffa5a8db1345c0 lnxhipwq lnxhipwq
0 17 3 0 200 ffffa5a8db134180 lnxrcugc lnxrcugc
0 16 3 0 200 ffffa5a8db1539c0 sysmon smtaskq
0 15 3 1 200 ffffa5a8db153580 pmfsuspend pmfsuspend
0 14 3 0 200 ffffa5a8db153140 pmfevent pmfevent
0 13 3 1 200 ffffa5a8db15e980 sopendfree sopendfr
0 12 3 0 200 ffffa5a8db15e540 ifwdog ifwdog
0 11 3 1 200 ffffa5a8db15e100 iflnkst iflnkst
0 10 3 1 200 ffffa5a8dc193940 nfssilly nfssilly
0 9 3 0 200 ffffa5a8dc193500 vdrain vdrain
0 8 3 1 200 ffffa5a8dc1930c0 modunload mod_unld
0 7 3 0 200 ffffa5a8dc1ba900 xcall/0 xcall
0 6 1 0 200 ffffa5a8dc1ba4c0 softser/0
0 5 1 0 200 ffffa5a8dc1ba080 softclk/0
0 4 1 0 200 ffffa5a8dc1e98c0 softbio/0
0 3 1 0 200 ffffa5a8dc1e9480 softnet/0
0 2 1 0 201 ffffa5a8dc1e9040 idle/0
0 > 0 7 0 240 ffffffff8674db40 swapper
[Locks tracked through LWPs]

****** LWP 1786.3767 (syz-executor.1) @ 0xffffa5a7c5bb0740, l_stat=2

*** Locks held:

* Lock 0 (initialized at netbsd:uvm_obj_init+0xee sys/uvm/uvm_object.c:70)
lock address : ffffa5a7c3445e00
type : sleep/adaptive
initialized : netbsd:uvm_obj_init+0xee
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7c5bb0740 last held: 0xffffa5a7c5bb0740
last locked* : netbsd:uvm_fault_internal+0x24a7
unlocked : netbsd:uvm_fault_lower_enter+0x843
owner/count : 0xffffa5a7c5bb0740 flags : 0x0000000000000004
Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at netbsd:pmap_ctor+0x6d sys/arch/x86/x86/pmap.c:2860)
lock address : ffffa5a7bfd9c380
type : sleep/adaptive
initialized : netbsd:pmap_ctor+0x6d
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7c5bb0740 last held: 0xffffa5a7c5bb0740
last locked* : netbsd:pmap_enter_ma+0x3c0
unlocked : netbsd:pmap_enter_ma+0xb24
owner field : 0xffffa5a7c5bb0740 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

* Lock 2 (initialized at netbsd:pmap_ctor+0x9b sys/arch/x86/x86/pmap.c:2861)
lock address : ffffa5a7bfd9c388
type : sleep/adaptive
initialized : netbsd:pmap_ctor+0x9b
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7c5bb0740 last held: 0xffffa5a7c5bb0740
last locked* : netbsd:pmap_get_ptp+0x25e
unlocked : netbsd:pmap_get_ptp+0x6dc
owner/count : 0xffffa5a7c5bb0740 flags : 0x0000000000000004
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1773.3914 (syz-executor.2) @ 0xffffa5a7c50cf080, l_stat=7

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:config_init+0x71 sys/kern/subr_autoconf.c:366)
lock address : netbsd:config_misc_lock
type : sleep/adaptive
initialized : netbsd:config_init+0x71
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffffa5a7c50cf080 last held: 000000000000000000
last locked : netbsd:device_lookup_acquire+0x2d
unlocked* : netbsd:device_lookup_acquire+0x24e
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 2393.3269 (syz-executor.4) @ 0xffffa5a7c4fec500, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 1 last held: 0
relevant lwp : 0xffffa5a7c4fec500 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 3644.3884 (syz-executor.4) @ 0xffffa5a7c5551540, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 1 last held: 0
relevant lwp : 0xffffa5a7c5551540 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 1671.1668 (syz-executor.4) @ 0xffffa5a7cb343a40, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7cb343a40 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 3762.1533 (syz-executor.4) @ 0xffffa5a7c50cf900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 1 last held: 0
relevant lwp : 0xffffa5a7c50cf900 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 3891.1528 (syz-executor.4) @ 0xffffa5a7bab2f140, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7bab2f140 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 3515.2387 (syz-executor.4) @ 0xffffa5a7bc4b2640, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 1 last held: 0
relevant lwp : 0xffffa5a7bc4b2640 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 1418.2221 (syz-executor.4) @ 0xffffa5a7cb3431c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7cb3431c0 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 2629.1408 (syz-executor.4) @ 0xffffa5a7c51d2b40, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7c51d2b40 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 2872.1265 (syz-executor.4) @ 0xffffa5a7c4fec940, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7c4fec940 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 3530.2119 (syz-executor.4) @ 0xffffa5a7c52b2480, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7c52b2480 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 1062.3243 (syz-executor.4) @ 0xffffa5a7c996e180, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7c996e180 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 2520.3130 (syz-executor.4) @ 0xffffa5a7bab2f580, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 1 last held: 0
relevant lwp : 0xffffa5a7bab2f580 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 3149.3048 (syz-executor.4) @ 0xffffa5a7b7f17900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7b7f17900 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 2282.1885 (syz-executor.4) @ 0xffffa5a7b7004280, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7b7004280 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 918.1856 (syz-executor.4) @ 0xffffa5a7b7efc0c0, l_stat=3

*** Locks held:

* Lock 0 (initialized at netbsd:vhci_attach+0x2b2 sys/dev/usb/vhci.c:1283)
lock address : ffffa8000f9866f0
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x2b2
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 1
relevant cpu : 1 last held: 1
relevant lwp : 0xffffa5a7b7efc0c0 last held: 0xffffa5a7b7efc0c0
last locked* : netbsd:vhci_usb_detach+0x172
unlocked : netbsd:vhci_fd_read+0x652
owner field : 0xffffa5a7b7efc0c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 1 waiting writers: 0xffffa5a7b3b8f1c0

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 1 last held: 0
relevant lwp : 0xffffa5a7b7efc0c0 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

****** LWP 742.742 (dhcpcd) @ 0xffffa5a7b760a340, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7b760a340 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 466.466 (dhcpcd) @ 0xffffa5a7b725e740, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7b725e740 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 485.485 (dhcpcd) @ 0xffffa5a7b725eb80, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7b725eb80 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 291.291 (dhcpcd) @ 0xffffa5a7b70e7b40, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7b70e7b40 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.167 (usb4) @ 0xffffa5a7b3b8f1c0, l_stat=3

*** Locks held:

* Lock 0 (initialized at netbsd:vhci_attach+0x1cb sys/dev/usb/vhci.c:1280)
lock address : ffffa8000f9864c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x1cb
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 15
relevant cpu : 0 last held: 0
relevant lwp : 0xffffa5a7b3b8f1c0 last held: 0xffffa5a7b3b8f1c0
last locked* : netbsd:usbd_transfer+0x350
unlocked : netbsd:usbd_setup_pipe_flags+0x13c
owner field : 0xffffa5a7b3b8f1c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 15 waiting writers: 0xffffa5a7b7efc0c0 0xffffa5a7b7004280 0xffffa5a7b7f17900 0xffffa5a7bab2f580 0xffffa5a7c996e180 0xffffa5a7c52b2480 0xffffa5a7c4fec940 0xffffa5a7c51d2b40 0xffffa5a7cb3431c0 0xffffa5a7bc4b2640 0xffffa5a7bab2f140 0xffffa5a7c50cf900 0xffffa5a7cb343a40 0xffffa5a7c5551540 0xffffa5a7c4fec500

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x2b2 sys/dev/usb/vhci.c:1283)
lock address : ffffa8000f9866f0
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x2b2
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 1
relevant cpu : 0 last held: 1
relevant lwp : 0xffffa5a7b3b8f1c0 last held: 0xffffa5a7b7efc0c0
last locked* : netbsd:vhci_usb_detach+0x172
unlocked : netbsd:vhci_fd_read+0x652
owner field : 0xffffa5a7b7efc0c0 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 1 waiting writers: 0xffffa5a7b3b8f1c0

****** LWP 0.26 (softclk/1) @ 0xffffa5a7acdac240, l_stat=1

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffffa5a7acdac240 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.11 (iflnkst) @ 0xffffa5a8db15e100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffffa5a8db15e100 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.0 (swapper) @ 0xffffffff8674db40, l_stat=7

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffffff8674db40 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

******* Locks held on cpu1:

* Lock 0 (initialized at netbsd:kprintf_init+0x72 sys/kern/subr_prf.c:156)
lock address : netbsd:kprintf_mtx
type : spin
initialized : netbsd:kprintf_init+0x72
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1
relevant lwp : 0xffffa5a7c50cf080 last held: 0xffffa5a7c50cf080
last locked* : netbsd:kprintf_lock+0x50
unlocked : netbsd:kprintf_unlock+0x70
owner field : 0x0000000000000800 wait/spin: 0/1

PAGE FLAG PQ UOBJECT UANON
0xffffa80000007180 0045 00000000 0x0 0x0
0xffffa80000007200 0045 00000000 0x0 0x0
0xffffa80000007280 0045 00000000 0x0 0x0
0xffffa80000007300 0045 00000000 0x0 0x0
0xffffa80000007380 0045 00000000 0x0 0x0
0xffffa80000007400 0045 00000000 0x0 0x0
0xffffa80000007480 0045 00000000 0x0 0x0
0xffffa80000007500 0045 00000000 0x0 0x0
0xffffa80000007580 0045 00000000 0x0 0x0
0xffffa80000007600 0045 00000000 0x0 0x0
0xffffa80000007680 0041 00000000 0x0 0x0
0xffffa80000007700 0041 00000000 0x0 0x0
0xffffa80000007780 0041 00000000 0x0 0x0
0xffffa80000007800 0041 00000000 0x0 0x0
0xffffa80000007880 0045 00000000 0x0 0x0
0xffffa80000007900 0045 00000000 0x0 0x0
0xffffa80000007980 0041 00000000 0x0 0x0
0xffffa80000007a00 0041 00000000 0x0 0x0
0xffffa80000007a80 0041 00000000 0x0 0x0
0xffffa80000007b00 0041 00000000 0x0 0x0
0xffffa80000007b80 0041 00000000 0x0 0x0
0xffffa80000007c00 0041 00000000 0x0 0x0
0xffffa80000007c80 0041 00000000 0x0 0x0
0xffffa80000007d00 0041 00000000 0x0 0x0
0xffffa80000007d80 0041 00000000 0x0 0x0
0xffffa80000007e00 0041 00000000 0x0 0x0
0xffffa80000007e80 0041 00000000 0x0 0x0
0xffffa80000007f00 0041 00000000 0x0 0x0
0xffffa80000007f80 0041 00000000 0x0 0x0
0xffffa80000008000 0041 00000000 0x0 0x0
0xffffa80000008080 0041 00000000 0x0 0x0
0xffffa80000008100 0041 00000000 0x0 0x0
0xffffa80000008180 0041 00000000 0x0 0x0
0xffffa80000008200 0041 00000000 0x0 0x0
0xffffa80000008280 0041 00000000 0x0 0x0
0xffffa80000008300 0041 00000000 0x0 0x0
0xffffa80000008380 0041 00000000 0x0 0x0
0xffffa80000008400 0041 00000000 0x0 0x0
0xffffa80000008480 0041 00000000 0x0 0x0
0xffffa80000008500 0041 00000000 0x0 0x0
0xffffa80000008580 0041 00000000 0x0 0x0
0xffffa80000008600 0045 00000000 0x0 0x0
0xffffa80000008680 0041 00000000 0x0 0x0
0xffffa80000008700 0041 00000000 0x0 0x0
0xffffa80000008780 0041 00000000 0x0 0x0
0xffffa80000008800 0045 00000000 0x0 0x0
0xffffa80000008880 0041 00000000 0x0 0x0
0xffffa80000008900 0041 00000000 0x0 0x0
0xffffa80000008980 0041 00000000 0x0 0x0
0xffffa80000008a00 0041 00000000 0x0 0x0
0xffffa80000008a80 0041 00000000 0x0 0x0
0xffffa80000008b00 0041 00000000 0x0 0x0
0xffffa80000008b80 0041 00000000 0x0 0x0
0xffffa80000008c00 0041 00000000 0x0 0x0
0xffffa80000008c80 0041 00000000 0x0 0x0
0xffffa80000008d00 0041 00000000 0x0 0x0
0xffffa80000008d80 0041 00000000 0x0 0x0
0xffffa80000008e00 0041 00000000 0x0 0x0
0xffffa80000008e80 0041 00000000 0x0 0x0
0xffffa80000008f00 0041 00000000 0x0 0x0
0xffffa80000008f80 0041 00000000 0x0 0x0
0xffffa80000009000 0041 00000000 0x0 0x0
0xffffa80000009080 0041 00000000 0x0 0x0
0xffffa80000009100 0041 00000000 0x0 0x0
0xffffa80000009180 0041 00000000 0x0 0x0
0xffffa80000009200 0041 00000000 0x0 0x0
0xffffa80000009280 0041 00000000 0x0 0x0
0xffffa80000009300 0041 00000000 0x0 0x0
0xffffa80000009380 0041 00000000 0x0 0x0
0xffffa80000009400 0041 00000000 0x0 0x0
0xffffa80000009480 0045 00000000 0x0 0x0
0xffffa80000009500 0041 00000000 0x0 0x0
0xffffa80000009580 0041 00000000 0x0 0x0
0xffffa80000009600 0041 00000000 0x0 0x0
0xffffa80000009680 0041 00000000 0x0 0x0
0xffffa80000009700 0041 00000000 0x0 0x0
0xffffa80000009780 0041 00000000 0x0 0x0
0xffffa80000009800 0041 00000000 0x0 0x0
0xffffa80000009880 0041 00000000 0x0 0x0
0xffffa80000009900 0041 00000000 0x0 0x0
0xffffa80000009980 0041 00000000 0x0 0x0
0xffffa80000009a00 0041 00000000 0x0 0x0
0xffffa80000009a80 0045 00000000 0x0 0x0
0xffffa80000009b00 0041 00000000 0x0 0x0
0xffffa80000009b80 0041 00000000 0x0 0x0
0xffffa80000009c00 0041 00000000 0x0 0x0
0xffffa80000009c80 0041 00000000 0x0 0x0
0xffffa80000009d00 0041 00000000 0x0 0x0
0xffffa80000009d80 0041 00000000 0x0 0x0
0xffffa80000009e00 0041 00000000 0x0 0x0
0xffffa80000009e80 0041 00000000 0x0 0x0
0xffffa80000009f00 0041 00000000 0x0 0x0
0xffffa80000009f80 0041 00000000 0x0 0x0
0xffffa8000000a000 0041 00000000 0x0 0x0
0xffffa8000000a080 0041 00000000 0x0 0x0
0xffffa8000000a100 0041 00000000 0x0 0x0
0xffffa8000000a180 0041 00000000 0x0 0x0
0xffffa8000000a200 0041 00000000 0x0 0x0
0xffffa8000000a280 0041 00000000 0x0 0x0
0xffffa8000000a300 0041 00000000 0x0 0x0
0xffffa8000000a380 0041 00000000 0x0 0x0
0xffffa8000000a400 0041 00000000 0x0 0x0
0xffffa8000000a480 0041 00000000 0x0 0x0
0xffffa8000000a500 0041 00000000 0x0 0x0
0xffffa8000000a580 0041 00000000 0x0 0x0
0xffffa8000000a600 0041 00000000 0x0 0x0
0xffffa8000000a680 0041 00000000 0x0 0x0
0xffffa8000000a700 0041 00000000 0x0 0x0
0xffffa8000000a780 0041 00000000 0x0 0x0
0xffffa8000000a800 0041 00000000 0x0 0x0
0xffffa8000000a880 0041 00000000 0x0 0x0
0xffffa8000000a900 0041 00000000 0x0 0x0
0xffffa8000000a980 0041 00000000 0x0 0x0
0xffffa8000000aa00 0041 00000000 0x0 0x0
0xffffa8000000aa80 0041 00000000 0x0 0x0
0xffffa8000000ab00 0041 00000000 0x0 0x0
0xffffa8000000ab80 0041 00000000 0x0 0x0
0xffffa8000000ac00 0041 00000000 0x0 0x0
0xffffa8000000ac80 0041 00000000 0x0 0x0
0xffffa8000000ad00 0041 00000000 0x0 0x0
0xffffa8000000ad80 0041 00000000 0x0 0x0
0xffffa8000000ae00 0041 00000000 0x0 0x0
0xffffa8000000ae80 0045 00000000 0x0 0x0
0xffffa8000000af00 0045 00000000 0x0 0x0
0xffffa8000000af80 0045 00000000 0x0 0x0
0xffffa8000000b000 0041 00000000 0x0 0x0
0xffffa8000000b080 0041 00000000 0x0 0x0
0xffffa8000000b100 0041 00000000 0x0 0x0
0xffffa8000000b180 0045 00000000 0x0 0x0
0xffffa8000000b200 0041 00000000 0x0 0x0
0xffffa8000000b280 0045 00000000 0x0 0x0
0xffffa8000000b300 0045 00000000 0x0 0x0
0xffffa8000000b380 0045 00000000 0x0 0x0
0xffffa8000000b400 0041 00000000 0x0 0x0
0xffffa8000000b480 0041 00000000 0x0 0x0
0xffffa8000000b500 0045 00000000 0x0 0x0
0xffffa8000000b580 0045 00000000 0x0 0x0
0xffffa8000000b600 0045 00000000 0x0 0x0
0xffffa8000000b680 0045 00000000 0x0 0x0
0xffffa8000000b700 0045 00000000 0x0 0x0
0xffffa8000000b780 0045 00000000 0x0 0x0
0xffffa8000000b800 0045 00000000 0x0 0x0
0xffffa8000000b880 0041 00000000 0x0 0x0
0xffffa8000000b900 0045 00000000 0x0 0x0
0xffffa8000000b980 0045 00000000 0x0 0x0
0xffffa8000000ba00 0045 00000000 0x0 0x0
0xffffa8000000ba80 0045 00000000 0x0 0x0
0xffffa8000000bb00 0045 00000000 0x0 0x0
0xffffa8000000bb80 0045 00000000 0x0 0x0
0xffffa8000000bc00 0045 00000000 0x0 0x0
0xffffa8000000bc80 0041 00000000 0x0 0x0
0xffffa8000000bd00 0045 00000000 0x0 0x0
0xffffa8000000bd80 0045 00000000 0x0 0x0
0xffffa8000000be00 0045 00000000 0x0 0x0
0xffffa8000000be80 0045 00000000 0x0 0x0
0xffffa8000000bf00 0045 00000000 0x0 0x0
0xffffa8000000bf80 0045 00000000 0x0 0x0
0xffffa8000000c000 0045 00000000 0x0 0x0
0xffffa8000000c080 0041 00000000 0x0 0x0
0xffffa8000000c100 0045 00000000 0x0 0x0
0xffffa8000000c180 0045 00000000 0x0 0x0
0xffffa8000000c200 0045 00000000 0x0 0x0
0xffffa8000000c280 0045 00000000 0x0 0x0
0xffffa8000000c300 0045 00000000 0x0 0x0
0xffffa8000000c380 0045 00000000 0x0 0x0
0xffffa8000000c400 0045 00000000 0x0 0x0
0xffffa8000000c480 0045 00000000 0x0 0x0
0xffffa8000000c500 0045 00000000 0x0 0x0
0xffffa8000000c580 0045 00000000 0x0 0x0
0xffffa8000000c600 0045 00000000 0x0 0x0
0xffffa8000000c680 0045 00000000 0x0 0x0
0xffffa8000000c700 0041 00000000 0x0 0x0
0xffffa8000000c780 0041 00000000 0x0 0x0
0xffffa8000000c800 0045 00000000 0x0 0x0
0xffffa8000000c880 0045 00000000 0x0 0x0
0xffffa8000000c900 0045 00000000 0x0 0x0
0xffffa8000000c980 0045 00000000 0x0 0x0
0xffffa8000000ca00 0045 00000000 0x0 0x0
0xffffa8000000ca80 0041 00000000 0x0 0x0
0xffffa8000000cb00 0041 00000000 0x0 0x0
0xffffa8000000cb80 0041 00000000 0x0 0x0
0xffffa8000000cc00 0045 00000000 0x0 0x0
0xffffa8000000cc80 0045 00000000 0x0 0x0
0xffffa8000000cd00 0045 00000000 0x0 0x0
0xffffa8000000cd80 0041 00000000 0x0 0x0
0xffffa8000000ce00 0045 00000000 0x0 0x0
0xffffa8000000ce80 0041 00000000 0x0 0x0
0xffffa8000000cf00 0041 00000000 0x0 0x0
0xffffa8000000cf80 0041 00000000 0x0 0x0
0xffffa8000000d000 0041 00000000 0x0 0x0
0xffffa8000000d080 0045 00000000 0x0 0x0
0xffffa8000000d100 0041 00000000 0x0 0x0
0xffffa8000000d180 0041 00000000 0x0 0x0
0xffffa8000000d200 0041 00000000 0x0 0x0
0xffffa8000000d280 0041 00000000 0x0 0x0
0xffffa8000000d300 0045 00000000 0x0 0x0
0xffffa8000000d380 0041 00000000 0x0 0x0
0xffffa8000000d400 0041 00000000 0x0 0x0
0xffffa8000000d480 0045 00000000 0x0 0x0
0xffffa8000000d500 0041 00000000 0x0 0x0
0xffffa8000000d580 0041 00000000 0x0 0x0
0xffffa8000000d600 0041 00000000 0x0 0x0
0xffffa8000000d680 0045 00000000 0x0 0x0
0xffffa8000000d700 0041 00000000 0x0 0x0
0xffffa8000000d780 0045 00000000 0x0 0x0
0xffffa8000000d800 0041 00000000 0x0 0x0
0xffffa8000000d880 0045 00000000 0x0 0x0
0xffffa8000000d900 0041 00000000 0x0 0x0
0xffffa8000000d980 0041 00000000 0x0 0x0
0xffffa8000000da00 0041 00000000 0x0 0x0
0xffffa8000000da80 0041 00000000 0x0 0x0
0xffffa8000000db00 0045 00000000 0x0 0x0
0xffffa8000000db80 0045 00000000 0x0 0x0
0xffffa8000000dc00 0041 00000000 0x0 0x0
0xffffa8000000dc80 0041 00000000 0x0 0x0
0xffffa8000000dd00 0041 00000000 0x0 0x0
0xffffa8000000dd80 0041 00000000 0x0 0x0
0xffffa8000000de00 0041 00000000 0x0 0x0
0xffffa8000000de80 0041 00000000 0x0 0x0
0xffffa8000000df00 0045 00000000 0x0 0x0
0xffffa8000000df80 0045 00000000 0x0 0x0
0xffffa8000000e000 0045 00000000 0x0 0x0
0xffffa8000000e080 0041 00000000 0x0 0x0
0xffffa8000000e100 0041 00000000 0x0 0x0
0xffffa8000000e180 0045 00000000 0x0 0x0
0xffffa8000000e200 0041 00000000 0x0 0x0
0xffffa8000000e280 0045 00000000 0x0 0x0
0xffffa8000000e300 0045 00000000 0x0 0x0
0xffffa8000000e380 0041 00000000 0x0 0x0
0xffffa8000000e400 0045 00000000 0x0 0x0
0xffffa8000000e480 0041 00000000 0x0 0x0
0xffffa8000000e500 0045 00000000 0x0 0x0
0xffffa8000000e580 0041 00000000 0x0 0x0
0xffffa8000000e600 0045 00000000 0x0 0x0
0xffffa8000000e680 0041 00000000 0x0 0x0
0xffffa8000000e700 0041 00000000 0x0 0x0
0xffffa8000000e780 0041 00000000 0x0 0x0
0xffffa8000000e800 0045 00000000 0x0 0x0
0xffffa8000000e880 0041 00000000 0x0 0x0
0xffffa8000000e900 0041 00000000 0x0 0x0
0xffffa8000000e980 0041 00000000 0x0 0x0
0xffffa8000000ea00 0041 00000000 0x0 0x0
0xffffa8000000ea80 0045 00000000 0x0 0x0
0xffffa8000000eb00 0041 00000000 0x0 0x0
0xffffa8000000eb80 0045 00000000 0x0 0x0
0xffffa8000000ec00 0041 00000000 0x0 0x0
0xffffa8000000ec80 0045 00000000 0x0 0x0
0xffffa8000000ed00 0041 00000000 0x0 0x0
0xffffa8000000ed80 0041 00000000 0x0 0x0
0xffffa8000000ee00 0041 00000000 0x0 0x0
0xffffa8000000ee80 0041 00000000 0x0 0x0
0xffffa8000000ef00 0041 00000000 0x0 0x0
0xffffa8000000ef80 0041 00000000 0x0 0x0
0xffffa8000000f000 0041 00000000 0x0 0x0
0xffffa8000000f080 0045 00000000 0x0 0x0
0xffffa8000000f100 0041 00000000 0x0 0x0
0xffffa8000000f180 0041 00000000 0x0 0x0
0xffffa8000000f200 0041 00000000 0x0 0x0
0xffffa8000000f280 0045 00000000 0x0 0x0
0xffffa8000000f300 0041 00000000 0x0 0x0
0xffffa8000000f380 0041 00000000 0x0 0x0
0xffffa8000000f400 0045 00000000 0x0 0x0
0xffffa8000000f480 0041 00000000 0x0 0x0
0xffffa8000000f500 0041 00000000 0x0 0x0
0xffffa8000000f580 0041 00000000 0x0 0x0
0xffffa8000000f600 0041 00000000 0x0 0x0
0xffffa8000000f680 0041 00000000 0x0 0x0
0xffffa8000000f700 0041 00000000 0x0 0x0
0xffffa8000000f780 0041 00000000 0x0 0x0
0xffffa8000000f800 0041 00000000 0x0 0x0
0xffffa8000000f880 0045 00000000 0x0 0x0
0xffffa8000000f900 0041 00000000 0x0 0x0
0xffffa8000000f980 0045 00000000 0x0 0x0
0xffffa8000000fa00 0041 00000000 0x0 0x0
0xffffa8000000fa80 0041 00000000 0x0 0x0
0xffffa8000000fb00 0041 00000000 0x0 0x0
0xffffa8000000fb80 0041 00000000 0x0 0x0
0xffffa8000000fc00 0045 00000000 0x0 0x0
0xffffa8000000fc80 0041 00000000 0x0 0x0
0xffffa8000000fd00 0045 00000000 0x0 0x0
0xffffa8000000fd80 0041 00000000 0x0 0x0
0xffffa8000000fe00 0041 00000000 0x0 0x0
0xffffa8000000fe80 0041 00000000 0x0 0x0
0xffffa8000000ff00 0041 00000000 0x0 0x0
0xffffa8000000ff80 0041 00000000 0x0 0x0
0xffffa80000010000 0041 00000000 0x0 0x0
0xffffa80000010080 0045 00000000 0x0 0x0
0xffffa80000010100 0041 00000000 0x0 0x0
0xffffa80000010180 0045 00000000 0x0 0x0
0xffffa80000010200 0045 00000000 0x0 0x0
0xffffa80000010280 0041 00000000 0x0 0x0
0xffffa80000010300 0041 00000000 0x0 0x0
0xffffa80000010380 0041 00000000 0x0 0x0
0xffffa80000010400 0041 00000000 0x0 0x0
0xffffa80000010480 0041 00000000 0x0 0x0
0xffffa80000010500 0045 00000000 0x0 0x0
0xffffa80000010580 0041 00000000 0x0 0x0
0xffffa80000010600 0041 00000000 0x0 0x0
0xffffa80000010680 0045 00000000 0x0 0x0
0xffffa80000010700 0041 00000000 0x0 0x0
0xffffa80000010780 0041 00000000 0x0 0x0
0xffffa80000010800 0041 00000000 0x0 0x0
0xffffa80000010880 0041 00000000 0x0 0x0
0xffffa80000010900 0041 00000000 0x0 0x0
0xffffa80000010980 0045 00000000 0x0 0x0
0xffffa80000010a00 0045 00000000 0x0 0x0
0xffffa80000010a80 0041 00000000 0x0 0x0
0xffffa80000010b00 0041 00000000 0x0 0x0
0xffffa80000010b80 0041 00000000 0x0 0x0
0xffffa80000010c00 0041 00000000 0x0 0x0
0xffffa80000010c80 0045 00000000 0x0 0x0
0xffffa80000010d00 0041 00000000 0x0 0x0
0xffffa80000010d80 0041 00000000 0x0 0x0
0xffffa80000010e00 0041 00000000 0x0 0x0
0xffffa80000010e80 0045 00000000 0x0 0x0
0xffffa80000010f00 0041 00000000 0x0 0x0
0xffffa80000010f80 0041 00000000 0x0 0x0
0xffffa80000011000 0041 00000000 0x0 0x0
0xffffa80000011080 0041 00000000 0x0 0x0
0xffffa80000011100 0041 00000000 0x0 0x0
0xffffa80000011180 0041 00000000 0x0 0x0
0xffffa80000011200 0045 00000000 0x0 0x0
0xffffa80000011280 0041 00000000 0x0 0x0
0xffffa80000011300 0041 00000000 0x0 0x0
0xffffa80000011380 0041 00000000 0x0 0x0
0xffffa80000011400 0041 00000000 0x0 0x0
0xffffa80000011480 0045 00000000 0x0 0x0
0xffffa80000011500 0045 00000000 0x0 0x0
0xffffa80000011580 0041 00000000 0x0 0x0
0xffffa80000011600 0041 00000000 0x0 0x0
0xffffa80000011680 0041 00000000 0x0 0x0
0xffffa80000011700 0045 00000000 0x0 0x0
0xffffa80000011780 0045 00000000 0x0 0x0
0xffffa80000011800 0041 00000000 0x0 0x0
0xffffa80000011880 0041 00000000 0x0 0x0
0xffffa80000011900 0041 00000000 0x0 0x0
0xffffa80000011980 0041 00000000 0x0 0x0
0xffffa80000011a00 0041 00000000 0x0 0x0
0xffffa80000011a80 0041 00000000 0x0 0x0
0xffffa80000011b00 0041 00000000 0x0 0x0
0xffffa80000011b80 0041 00000000 0x0 0x0
0xffffa80000011c00 0041 00000000 0x0 0x0

---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

syzbot

unread,

Jun 24, 2023, 9:59:57 AM6/24/23

to syzkaller-...@googlegroups.com

syzbot has found a reproducer for the following issue on:

HEAD commit: ff64ec040733 tsleep: Comment out kernel lock assertion for..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=12d510e0a80000

kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=8b2bdcba6c0f8c030ea8
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11a43f0f280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=157bb650a80000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/746e7bc3813b/disk-ff64ec04.raw.xz
netbsd.gdb: https://storage.googleapis.com/syzbot-assets/4e0bf91bd3d7/netbsd-ff64ec04.gdb.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8b2bdc...@syzkaller.appspotmail.com

[ 118.9086080] panic: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/subr_device.c:200:9, member access within null pointer of type 'struct device'

[ 118.9285970] cpu1: Begin traceback...
[ 118.9485987] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:292
[ 119.0285977] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
[ 119.0886042] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
[ 119.1385974] device_xname() at netbsd:device_xname+0x3f sys/kern/subr_device.c:200
[ 119.1885971] dkwedge_add() at netbsd:dkwedge_add+0x5ea sys/dev/dkwedge/dk.c:639
[ 119.2385981] disk_ioctl() at netbsd:disk_ioctl+0x211 sys/kern/subr_disk.c:634
[ 119.2885989] dk_ioctl() at netbsd:dk_ioctl+0x190 sys/dev/dksubr.c:642
[ 119.3385981] sdioctl() at netbsd:sdioctl+0x6b4 sys/dev/scsipi/sd.c:1005
[ 119.3986004] cdev_ioctl() at netbsd:cdev_ioctl+0x162 sys/kern/subr_devsw.c:1525
[ 119.4486000] spec_ioctl() at netbsd:spec_ioctl+0xf2 sys/miscfs/specfs/spec_vnops.c:1331
[ 119.4985994] VOP_IOCTL() at netbsd:VOP_IOCTL+0x149 sys/kern/vnode_if.c:933
[ 119.5586000] vn_ioctl() at netbsd:vn_ioctl+0x1a4 sys/kern/vfs_vnops.c:892
[ 119.6085997] sys_ioctl() at netbsd:sys_ioctl+0xd88 sys/kern/sys_generic.c:675
[ 119.6586000] sys_syscall() at netbsd:sys_syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline]
[ 119.6586000] sys_syscall() at netbsd:sys_syscall+0x1e4 sys/kern/sys_syscall.c:90
[ 119.7185989] syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline]
[ 119.7185989] syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 119.7185989] syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138
[ 119.7285998] --- syscall (number 54 via SYS_syscall) ---
[ 119.7486002] netbsd:syscall+0x2da:
[ 119.7486002] cpu1: End traceback...
[ 119.7486002] fatal breakpoint trap in supervisor mode
[ 119.7585993] trap type 1 code 0 rip 0xffffffff80235485 cs 0x8 rflags 0x246 cr2 0x400238 ilevel 0 rsp 0xffffce0248046420
[ 119.7685986] curlwp 0xfffff2b3e01d56c0 pid 1120.1120 lowest kstack 0xffffce02480422c0
Stopped in pid 1120.1120 (syz-executor3380) at netbsd:breakpoint+0x5: leave

?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:292
Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
device_xname() at netbsd:device_xname+0x3f sys/kern/subr_device.c:200
dkwedge_add() at netbsd:dkwedge_add+0x5ea sys/dev/dkwedge/dk.c:639
disk_ioctl() at netbsd:disk_ioctl+0x211 sys/kern/subr_disk.c:634
dk_ioctl() at netbsd:dk_ioctl+0x190 sys/dev/dksubr.c:642
sdioctl() at netbsd:sdioctl+0x6b4 sys/dev/scsipi/sd.c:1005
cdev_ioctl() at netbsd:cdev_ioctl+0x162 sys/kern/subr_devsw.c:1525
spec_ioctl() at netbsd:spec_ioctl+0xf2 sys/miscfs/specfs/spec_vnops.c:1331

VOP_IOCTL() at netbsd:VOP_IOCTL+0x149 sys/kern/vnode_if.c:933

vn_ioctl() at netbsd:vn_ioctl+0x1a4 sys/kern/vfs_vnops.c:892
sys_ioctl() at netbsd:sys_ioctl+0xd88 sys/kern/sys_generic.c:675

sys_syscall() at netbsd:sys_syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline]
sys_syscall() at netbsd:sys_syscall+0x1e4 sys/kern/sys_syscall.c:90

syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138
--- syscall (number 54 via SYS_syscall) ---
netbsd:syscall+0x2da:
Panic string: UBSan: Undefined Behavior in /syzkaller/managers/ci2-netbsd-kubsan/kernel/sys/kern/subr_device.c:200:9, member access within null pointer of type 'struct device'

PID LID S CPU FLAGS STRUCT LWP * NAME WAIT

1108 1108 2 0 0 fffff2b3e1114540 syz-executor3380
1386 1386 2 0 0 fffff2b3e1baea00 syz-executor3380
1120 >1120 7 1 0 fffff2b3e01d56c0 syz-executor3380
990 990 2 0 0 fffff2b3e1e3a140 syz-executor3380
813 813 2 0 40 fffff2b3e1e3a580 syz-executor3380
1243 1243 2 0 0 fffff2b3e1bae180 syz-executor3380
1242 1242 3 1 0 fffff2b3e03672c0 syz-executor3380 cfgmisc
929 929 2 0 140 fffff2b3e1d4f600 syz-executor3380
1241 1241 2 0 140 fffff2b3e1e3a9c0 syz-executor3380
1224 1224 2 0 140 fffff2b3e10d4940 syz-executor3380
449 449 2 1 140 fffff2b3dfea5ac0 syz-executor3380
1226 1226 3 0 180 fffff2b3e01d5280 syz-executor3380 nanoslp
1229 1229 3 0 180 fffff2b3e1bae5c0 sshd select
1222 1222 3 0 180 fffff2b3e20bca80 getty nanoslp
1223 1223 3 1 180 fffff2b3e20bc640 getty nanoslp
1184 1184 3 1 180 fffff2b3e1d4f1c0 getty nanoslp
1195 1195 3 0 1c0 fffff2b3dfe67200 getty ttyraw
952 952 3 0 180 fffff2b3e20bc200 sshd select
1088 1088 3 0 180 fffff2b3e1d4fa40 powerd kqueue
700 700 3 1 180 fffff2b3e04bcbc0 syslogd kqueue
747 747 3 0 180 fffff2b3e1680040 dhcpcd poll
742 742 3 1 180 fffff2b3e0416300 dhcpcd poll
466 466 3 0 180 fffff2b3e10d40c0 dhcpcd poll
598 598 3 0 180 fffff2b3e01d5b00 dhcpcd poll
292 292 3 0 180 fffff2b3e04bc780 dhcpcd poll
485 485 3 0 180 fffff2b3e0367b40 dhcpcd poll
291 291 3 1 180 fffff2b3e0416b80 dhcpcd poll
1 1 3 1 180 fffff2b3d7c88140 init wait
0 686 3 0 200 fffff2b3dfe67640 physiod physiod
0 196 3 1 200 fffff2b3dfea5680 pooldrain pooldrain
0 195 2 0 240 fffff2b3dfea5240 ioflush
0 194 3 0 200 fffff2b3dfe67a80 pgdaemon pgdaemon
0 170 3 1 200 fffff2b3ddda7a40 usb7 usbevt
0 169 3 1 200 fffff2b3ddda7600 usb6 usbevt
0 168 3 1 200 fffff2b3ddda71c0 usb5 usbevt
0 167 3 1 200 fffff2b3dad42a00 usb4 usbevt
0 166 3 1 200 fffff2b3dad425c0 usb3 usbevt
0 165 3 1 200 fffff2b3dad42180 usb2 usbevt
0 31 3 0 200 fffff2b3d7c889c0 usb1 usbevt
0 63 3 0 200 fffff2b3d7af0740 usb0 usbevt
0 126 3 1 200 fffff2b3d7af0b80 usbtask-dr usbtsk
0 125 3 1 200 fffff2b3d7be7340 usbtask-hc usbtsk
0 124 3 0 200 fffff2b3d60a1b00 swwreboot swwreboot
0 123 3 0 200 fffff2b3d7c88580 npfgc0 npfgcw
0 122 3 1 200 fffff2b3d7c7b980 rt_free rt_free
0 121 3 1 200 fffff2b3d7c7b540 unpgc unpgc
0 120 3 0 200 fffff2b3d7c7b100 key_timehandler key_timehandler
0 119 3 1 200 fffff2b3d7c56940 icmp6_wqinput/1 icmp6_wqinput
0 118 3 0 200 fffff2b3d7c56500 icmp6_wqinput/0 icmp6_wqinput
0 117 3 0 200 fffff2b3d7c560c0 nd6_timer nd6_timer
0 116 3 1 200 fffff2b3d7c3a900 carp6_wqinput/1 carp6_wqinput
0 115 3 0 200 fffff2b3d7c3a4c0 carp6_wqinput/0 carp6_wqinput
0 114 3 1 200 fffff2b3d7c3a080 carp_wqinput/1 carp_wqinput
0 113 3 0 200 fffff2b3d7c248c0 carp_wqinput/0 carp_wqinput
0 112 3 1 200 fffff2b3d7c24480 icmp_wqinput/1 icmp_wqinput
0 111 3 0 200 fffff2b3d7c24040 icmp_wqinput/0 icmp_wqinput
0 110 3 0 200 fffff2b3d7be7bc0 rt_timer rt_timer
0 109 3 0 200 fffff2b3d7be7780 vmem_rehash vmem_rehash
0 100 3 1 200 fffff2b3d7af0300 entbutler entropy
0 99 3 1 200 fffff2b3d7550b40 viomb balloon
0 98 3 1 200 fffff2b3d7550700 vioif0_txrx/1 vioif0_txrx
0 97 3 0 200 fffff2b3d75502c0 vioif0_txrx/0 vioif0_txrx
0 30 3 1 200 fffff2b3d60a16c0 scsibus0 sccomp
0 29 3 0 200 fffff2b3d60a1280 pms0 pmsreset
0 28 3 1 200 fffff2b3d5facac0 xcall/1 xcall
0 27 1 1 200 fffff2b3d5fac680 softser/1
0 26 1 1 200 fffff2b3d5fac240 softclk/1
0 25 1 1 200 fffff2b3d5f87a80 softbio/1
0 24 1 1 200 fffff2b3d5f87640 softnet/1
0 23 1 1 201 fffff2b3d5f87200 idle/1
0 22 3 0 200 fffff2b50432da40 lnxsyswq lnxsyswq
0 21 3 1 200 fffff2b50432d600 lnxubdwq lnxubdwq
0 20 3 1 200 fffff2b50432d1c0 lnxpwrwq lnxpwrwq
0 19 3 1 200 fffff2b504334a00 lnxlngwq lnxlngwq
0 18 3 1 200 fffff2b5043345c0 lnxhipwq lnxhipwq
0 17 3 1 200 fffff2b504334180 lnxrcugc lnxrcugc
0 16 3 0 200 fffff2b5043539c0 sysmon smtaskq
0 15 3 1 200 fffff2b504353580 pmfsuspend pmfsuspend
0 14 3 0 200 fffff2b504353140 pmfevent pmfevent
0 13 3 1 200 fffff2b50435e980 sopendfree sopendfr
0 12 3 0 200 fffff2b50435e540 ifwdog ifwdog
0 11 3 0 200 fffff2b50435e100 iflnkst iflnkst
0 10 3 1 200 fffff2b505393940 nfssilly nfssilly
0 9 3 0 200 fffff2b505393500 vdrain vdrain
0 8 3 1 200 fffff2b5053930c0 modunload mod_unld
0 7 3 0 200 fffff2b5053ba900 xcall/0 xcall
0 6 1 0 200 fffff2b5053ba4c0 softser/0
0 5 1 0 200 fffff2b5053ba080 softclk/0
0 4 1 0 200 fffff2b5053e98c0 softbio/0
0 3 1 0 200 fffff2b5053e9480 softnet/0
0 2 1 0 201 fffff2b5053e9040 idle/0
0 > 0 7 0 240 ffffffff8674e000 swapper
[Locks tracked through LWPs]

****** LWP 1120.1120 (syz-executor3380) @ 0xfffff2b3e01d56c0, l_stat=7

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:config_init+0x71 sys/kern/subr_autoconf.c:366)
lock address : netbsd:config_misc_lock
type : sleep/adaptive
initialized : netbsd:config_init+0x71
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0

relevant cpu : 1 last held: 1
relevant lwp : 0xfffff2b3e01d56c0 last held: 000000000000000000

last locked : netbsd:device_lookup_acquire+0x2d
unlocked* : netbsd:device_lookup_acquire+0x24e
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 990.990 (syz-executor3380) @ 0xfffff2b3e1e3a140, l_stat=2

*** Locks held:

* Lock 0 (initialized at netbsd:lwp_ctl_alloc+0xd9b sys/kern/kern_lwp.c:1860)
lock address : fffff2b3e2a085c0
type : sleep/adaptive
initialized : netbsd:lwp_ctl_alloc+0xd9b

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xfffff2b3e1e3a140 last held: 0xfffff2b3e1e3a140
last locked* : netbsd:lwp_ctl_alloc+0x1da
unlocked : 0
owner field : 0xfffff2b3e1e3a140 wait/spin: 0/0

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1243.1243 (syz-executor3380) @ 0xfffff2b3e1bae180, l_stat=2

*** Locks held:

* Lock 0 (initialized at netbsd:amap_alloc1+0x30a sys/uvm/uvm_amap.c:167)
lock address : fffff2b3e2021e80
type : sleep/adaptive
initialized : netbsd:amap_alloc1+0x30a

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xfffff2b3e1bae180 last held: 0xfffff2b3e1bae180
last locked* : netbsd:uvm_fault_internal+0x75d
unlocked : netbsd:amap_wipeout+0x321
owner/count : 000000000000000000 flags : 000000000000000000

Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at netbsd:pmap_ctor+0x6d sys/arch/x86/x86/pmap.c:2860)

lock address : fffff2b3e07a9d80

type : sleep/adaptive
initialized : netbsd:pmap_ctor+0x6d
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xfffff2b3e1bae180 last held: 0xfffff2b3e1bae180

last locked* : netbsd:pmap_enter_ma+0x3c0
unlocked : netbsd:pmap_enter_ma+0xb24

owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

* Lock 2 (initialized at netbsd:pmap_ctor+0x9b sys/arch/x86/x86/pmap.c:2861)

lock address : fffff2b3e07a9d88

type : sleep/adaptive
initialized : netbsd:pmap_ctor+0x9b
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xfffff2b3e1bae180 last held: 0xfffff2b3e1bae180

last locked* : netbsd:pmap_get_ptp+0x25e
unlocked : netbsd:pmap_get_ptp+0x6dc

owner/count : 000000000000000000 flags : 000000000000000000

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 742.742 (dhcpcd) @ 0xfffff2b3e0416300, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0

relevant lwp : 0xfffff2b3e0416300 last held: 000000000000000000