panic: kernel diagnostic assertion "p->p_stat == SONPROC || p->p_stat == SSLEEP || p->p_stat == SSTOP" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_synch.c", line 408
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
46220 23854 32767 0x1810 0x2000 1K syz-executor.1
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8279cfd2) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff8281f915,ffffffff828523f7,198,ffffffff827afa5a) at __assert+0x29 sys/kern/subr_prf.c:157
tsleep_nsec(0,1,45382fd1d4c8de11,120) at tsleep_nsec
rwsleep(ffff8000212e57f0,ffffffff82bc11a0,120,ffffffff82796ff1,0) at rwsleep+0xab sys/kern/kern_synch.c:300
futex_wait(86a371e6950,2,0,2) at futex_wait+0x13d sys/kern/sys_futex.c:250
sys_futex(ffff8000212e57f0,ffff80002142b4c0,ffff80002142b510) at sys_futex+0xfc sys/kern/sys_futex.c:101
syscall(ffff80002142b590) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002142b590) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x86a81707860, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "p->p_stat == SONPROC || p->p_stat == SSLEEP || p->p_stat == SSTOP" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_synch.c", line 408
ddb{0}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8279cfd2) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff8281f915,ffffffff828523f7,198,ffffffff827afa5a) at __assert+0x29 sys/kern/subr_prf.c:157
tsleep_nsec(0,1,45382fd1d4c8de11,120) at tsleep_nsec
rwsleep(ffff8000212e57f0,ffffffff82bc11a0,120,ffffffff82796ff1,0) at rwsleep+0xab sys/kern/kern_synch.c:300
futex_wait(86a371e6950,2,0,2) at futex_wait+0x13d sys/kern/sys_futex.c:250
sys_futex(ffff8000212e57f0,ffff80002142b4c0,ffff80002142b510) at sys_futex+0xfc sys/kern/sys_futex.c:101
syscall(ffff80002142b590) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002142b590) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x86a81707860, count: -9
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002142b1d0
rbx 0xffffffff82bfdb9f cpu_info_full_primary+0x2b9f
rdx 0x3fd
rcx 0
rax 0xb8
r8 0x101010101010101
r9 0x8080808080808080
r10 0x8c33f145f7309435
r11 0x3e5f898473f5917e
r12 0xffffffff82bfd9a0 cpu_info_full_primary+0x29a0
r13 0
r14 0
r15 0x1
rip 0xffffffff8138849c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff80002142b1c0
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.1) pid=125362 stat=run
flags process=1810<SUGID,COREDUMP,SINGLEEXIT> proc=4080080<SINTR,SUSPSINGLE,THREAD>
pri=50, usrpri=50, nice=20
forw=0x0, list=0xffff8000212e4d50,0xffffffff82c57d90
process=0xffff8000ffff7688 user=0xffff800021426000, vmspace=0xfffffd80696283c8
estcpu=8, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
23854 46220 89706 32767 7 0x3810 syz-executor.1
23854 31019 89706 32767 2 0x4081890 syz-executor.1
*23854 125362 89706 32767 2 0x4081890 syz-executor.1
86230 86191 72696 32767 2 0x10 syz-executor.0
86230 43486 72696 32767 3 0x4000090 fsleep syz-executor.0
86230 449958 72696 32767 2 0x4000010 syz-executor.0
5855 506502 83389 32767 2 0x10 syz-executor.5
5855 263144 83389 32767 3 0x4000090 fsleep syz-executor.5
5855 130853 83389 32767 3 0x4000090 fsleep syz-executor.5
25535 382498 38171 32767 2 0x10 syz-executor.2
25535 494424 38171 32767 3 0x4000090 fsleep syz-executor.2
25535 28453 38171 32767 3 0x4000090 fsleep syz-executor.2
83389 511632 18320 32767 3 0x90 nanoslp syz-executor.5
92584 99581 81212 32767 2 0x10 syz-executor.3
31962 104580 11187 32767 3 0x90 nanoslp syz-executor.7
11187 272505 11869 0 3 0x82 wait syz-executor.7
81212 389577 11869 0 3 0x82 wait syz-executor.3
59632 450338 99478 32767 2 0x10 syz-executor.6
99478 138704 11869 0 3 0x82 wait syz-executor.6
18320 426390 11869 0 3 0x82 wait syz-executor.5
72696 13533 78601 32767 3 0x90 nanoslp syz-executor.0
78601 362852 11869 0 3 0x82 wait syz-executor.0
55697 132756 53030 32767 2 0x10 syz-executor.4
53030 440125 11869 0 3 0x82 wait syz-executor.4
38171 508470 56597 32767 3 0x90 nanoslp syz-executor.2
89706 236685 7435 32767 3 0x90 nanoslp syz-executor.1
56597 452667 11869 0 3 0x82 wait syz-executor.2
7435 246342 11869 0 3 0x82 wait syz-executor.1
11869 15582 97916 0 3 0x2000082 thrsleep syz-execprog
11869 78927 97916 0 3 0x6000082 nanoslp syz-execprog
11869 54785 97916 0 3 0x6000082 wait syz-execprog
11869 459747 97916 0 3 0x6000082 thrsleep syz-execprog
11869 380912 97916 0 3 0x6000082 thrsleep syz-execprog
11869 394186 97916 0 3 0x6000082 wait syz-execprog
11869 444149 97916 0 3 0x6000082 wait syz-execprog
11869 123860 97916 0 3 0x6000082 wait syz-execprog
11869 48016 97916 0 3 0x6000082 thrsleep syz-execprog
11869 36459 97916 0 3 0x6000082 wait syz-execprog
11869 430875 97916 0 3 0x6000082 thrsleep syz-execprog
11869 288999 97916 0 3 0x6000082 wait syz-execprog
11869 416581 97916 0 3 0x6000082 wait syz-execprog
11869 256396 97916 0 3 0x6000082 wait syz-execprog
11869 62407 97916 0 3 0x6000082 kqread syz-execprog
97916 212662 14014 0 3 0x10008a sigsusp ksh
14014 226970 16758 0 3 0x9a kqread sshd
17834 386991 1 0 3 0x100083 ttyin getty
16758 118527 1 0 3 0x88 kqread sshd
22133 342139 81699 73 3 0x1100090 kqread syslogd
81699 454617 1 0 3 0x100082 netio syslogd
57027 141587 1 0 3 0x100080 kqread resolvd
77452 77356 16599 77 3 0x100092 kqread dhcpleased
1562 76679 16599 77 3 0x100092 kqread dhcpleased
16599 27601 1 0 3 0x80 kqread dhcpleased
2119 56902 0 0 3 0x14200 bored smr
41953 207100 0 0 2 0x14200 zerothread
51621 6913 0 0 3 0x14200 aiodoned aiodoned
89940 281876 0 0 3 0x14200 syncer update
29484 409906 0 0 3 0x14200 cleaner cleaner
35274 305491 0 0 3 0x14200 reaper reaper
13732 40343 0 0 3 0x14200 pgdaemon pagedaemon
96197 504360 0 0 3 0x14200 bored viomb
55560 334756 0 0 3 0x40014200 acpi0 acpi0
60699 421996 0 0 3 0x40014200 idle1
20464 521194 0 0 3 0x14200 bored softnet3
29930 511074 0 0 3 0x14200 bored softnet2
6496 197299 0 0 3 0x14200 bored softnet1
69899 428076 0 0 3 0x14200 bored softnet0
51304 254403 0 0 3 0x14200 bored systqmp
66520 413227 0 0 3 0x14200 bored systq
88343 361972 0 0 3 0x40014200 bored softclock
78321 276264 0 0 3 0x40014200 idle0
1 142766 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive sched_lock &sched_lock r = 0 (0xffffffff82d4ae50)
#0 witness_lock+0x447
#1 sleep_finish+0x142 sys/kern/kern_synch.c:398
#2 rwsleep+0xab sys/kern/kern_synch.c:300
#3 futex_wait+0x13d sys/kern/sys_futex.c:250
#4 sys_futex+0xfc sys/kern/sys_futex.c:101
#5 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#5 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#6 Xsyscall+0x128
CPU 1:
exclusive mutex &pr->ps_mtx r = 0 (0xffff8000ffff7798)
#0 witness_lock+0x447
#1 mtx_enter_try+0x104
#2 mtx_enter+0x7f sys/kern/kern_lock.c:266
#3 single_thread_set+0x33a single_thread_wait sys/kern/kern_sig.c:2174 [inline]
#3 single_thread_set+0x33a sys/kern/kern_sig.c:2157
#4 exit1+0xaa
#5 sigexit+0xd3 sys/kern/kern_sig.c:1567
#6 trapsignal+0x721 sys/kern/kern_sig.c:881
#7 upageflttrap+0x1bd sys/arch/amd64/amd64/trap.c:214
#8 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
#9 recall_trap+0x8
Process 23854 (syz-executor.1) thread 0xffff80002120daa8 (46220)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82d48e70)
#0 witness_lock+0x447
#1 trapsignal+0x714 sys/kern/kern_sig.c:824
#2 upageflttrap+0x1bd sys/arch/amd64/amd64/trap.c:214
#3 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
#4 recall_trap+0x8
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10186 6408K 6420K 78643K 11264 0
pcb 13 8K 8K 78643K 13 0
rtable 234 6K 6K 78643K 352 0
pf 29 8K 8K 78643K 29 0
ifaddr 44 15K 15K 78643K 46 0
ifgroup 50 2K 2K 78643K 50 0
counters 60 35K 35K 78643K 60 0
ioctlops 0 0K 2K 78643K 29 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1174 73K 74K 78643K 1187 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 22 81K 117K 78643K 431 0
proc 56 78K 103K 78643K 471 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 99 7K 7K 78643K 99 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 61 281K 281K 78643K 61 0
exec 0 0K 1K 78643K 367 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 276 75K 77K 78643K 6340 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 11 0K 2K 78643K 27 0
temp 1 5904K 5968K 78643K 4567 0
kqueue 12 18K 18K 78643K 25 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 37 0 34 1 0 1 1 0 8 0
rtentry 112 111 0 1 4 0 4 4 0 8 0
unpcb 144 33 0 20 1 0 1 1 0 8 0
syncache 304 5 0 5 2 1 1 1 0 8 1
tcpqe 32 97 0 97 1 1 0 1 0 8 0
tcpcb 808 8 0 5 1 0 1 1 0 8 0
arp 120 18 0 0 1 0 1 1 0 8 0
inpcb 368 58 0 52 1 0 1 1 0 8 0
nd6 136 24 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 453 0 0 29 0 29 29 0 8 0
art_table 32 454 0 0 4 0 4 4 0 8 0
art_node 16 110 0 10 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1774 0 335 90 0 90 90 0 8 0
ffsino 272 1774 0 335 96 0 96 96 0 8 0
nchpl 144 2315 0 637 63 0 63 63 0 8 0
uvmvnodes 80 1783 0 0 37 0 37 37 0 8 0
vnodes 216 1783 0 0 100 0 100 100 0 8 0
namei 1024 8339 0 8339 3 1 2 2 0 8 2
percpumem 16 43 0 0 1 0 1 1 0 8 0
kstatmem 264 22 0 0 2 0 2 2 0 8 0
scxspl 216 8262 0 8262 10 9 1 8 1 8 1
plimitpl 152 331 0 304 2 0 2 2 0 8 0
sigapl 424 732 0 680 7 0 7 7 0 8 0
futexpl 64 1237 0 1230 1 0 1 1 0 8 0
knotepl 120 110 0 0 4 0 4 4 0 8 0
kqueuepl 216 21 0 13 1 0 1 1 0 8 0
pipepl 320 140 0 112 4 1 3 3 0 8 0
fdescpl 496 715 0 682 7 1 6 6 0 8 0
filepl 152 2730 0 2596 6 0 6 6 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 25 0 9 1 0 1 1 0 8 0
pgrppl 48 25 0 9 1 0 1 1 0 8 0
ucredpl 104 951 0 933 1 0 1 1 0 8 0
zombiepl 144 682 0 680 2 1 1 1 0 8 0
processpl 1072 732 0 680 4 0 4 4 0 8 0
procpl 680 1325 0 1251 8 0 8 8 0 8 1
sockpl 488 128 0 106 4 0 4 4 0 8 1
mcl8k 8192 6 0 0 1 0 1 1 0 8 0
mcl4k 4096 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 239 0 0 30 4 26 30 0 8 0
mtagpl 96 4 0 0 1 0 1 1 0 8 0
mbufpl 256 332 0 0 16 1 15 16 0 8 0
bufpl 288 4366 0 139 302 0 302 302 0 8 0
anonpl 24 225390 0 220816 70 14 56 56 0 186 26
amapchunkpl 152 20791 0 20101 34 1 33 33 0 158 4
amappl16 200 6223 0 6150 11 5 6 6 0 8 0
amappl15 192 13 0 13 2 2 0 1 0 8 0
amappl14 184 152 0 142 2 0 2 2 0 8 1
amappl13 176 18 0 17 2 1 1 1 0 8 0
amappl12 168 1362 0 1327 2 0 2 2 0 8 0
amappl11 160 55 0 45 1 0 1 1 0 8 0
amappl10 152 29 0 19 1 0 1 1 0 8 0
amappl9 144 185 0 183 2 1 1 1 0 8 0
amappl8 136 140 0 113 2 0 2 2 0 8 0
amappl7 128 56 0 47 2 0 2 2 0 8 0
amappl6 120 225 0 210 2 0 2 2 0 8 1
amappl5 112 164 0 156 1 0 1 1 0 8 0
amappl4 104 582 0 545 2 0 2 2 0 8 0
amappl3 96 4518 0 4428 4 0 4 4 0 8 1
amappl2 88 956 0 887 4 1 3 3 0 8 1
amappl1 80 11793 0 11277 26 6 20 22 0 8 8
amappl 88 5858 0 5654 6 0 6 6 0 92 1
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 715 0 682 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 715 0 682 1 0 1 1 0 8 0
vmmpekpl 168 11768 0 11736 2 0 2 2 0 8 0
vmmpepl 168 61111 0 59329 121 8 113 113 0 357 32
vmsppl 464 714 0 682 7 1 6 6 0 8 1
rwobjpl 56 26171 0 23418 46 2 44 45 0 8 4
pdppl 4096 1438 0 1364 114 32 82 92 0 8 8
pvpl 32 472236 0 462220 381 41 340 360 0 265 254
pmappl 248 714 0 682 4 1 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 699 0 40 19 0 19 19 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8279cfd2) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff8281f915,ffffffff828523f7,198,ffffffff827afa5a) at __assert+0x29 sys/kern/subr_prf.c:157
tsleep_nsec(0,1,45382fd1d4c8de11,120) at tsleep_nsec
rwsleep(ffff8000212e57f0,ffffffff82bc11a0,120,ffffffff82796ff1,0) at rwsleep+0xab sys/kern/kern_synch.c:300
futex_wait(86a371e6950,2,0,2) at futex_wait+0x13d sys/kern/sys_futex.c:250
sys_futex(ffff8000212e57f0,ffff80002142b4c0,ffff80002142b510) at sys_futex+0xfc sys/kern/sys_futex.c:101
syscall(ffff80002142b590) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002142b590) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x86a81707860, count: -9
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82d4ac48) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82d4ac48) at __mp_lock+0x129 sys/kern/kern_lock.c:147
sleep_setup(ffff8000ffff77e0,20,ffffffff82823610) at sleep_setup+0x92 sys/kern/kern_synch.c:348
msleep(ffff8000ffff77e0,ffff8000ffff7788,20,ffffffff82823610,0) at msleep+0xd6 sys/kern/kern_synch.c:247
single_thread_set(ffff80002120daa8,2,1) at single_thread_set+0x37e single_thread_wait sys/kern/kern_sig.c:2180 [inline]
single_thread_set(ffff80002120daa8,2,1) at single_thread_set+0x37e sys/kern/kern_sig.c:2157
exit1(ffff80002120daa8,0,4,1) at exit1+0xaa
sigexit(ffff80002120daa8,4) at sigexit+0xd3 sys/kern/kern_sig.c:1567
trapsignal(ffff80002120daa8,b,6,2,7ad32ef4286c) at trapsignal+0x721 sys/kern/kern_sig.c:881
upageflttrap(ffff800021407ad0,7ad32ef4286c) at upageflttrap+0x1bd sys/arch/amd64/amd64/trap.c:214
usertrap(ffff800021407ad0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7ad32ef42850, count: 2
ddb{1}> trace
x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff82d4ac48) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline]
__mp_lock(ffffffff82d4ac48) at __mp_lock+0x129 sys/kern/kern_lock.c:147
sleep_setup(ffff8000ffff77e0,20,ffffffff82823610) at sleep_setup+0x92 sys/kern/kern_synch.c:348
msleep(ffff8000ffff77e0,ffff8000ffff7788,20,ffffffff82823610,0) at msleep+0xd6 sys/kern/kern_synch.c:247
single_thread_set(ffff80002120daa8,2,1) at single_thread_set+0x37e single_thread_wait sys/kern/kern_sig.c:2180 [inline]
single_thread_set(ffff80002120daa8,2,1) at single_thread_set+0x37e sys/kern/kern_sig.c:2157
exit1(ffff80002120daa8,0,4,1) at exit1+0xaa
sigexit(ffff80002120daa8,4) at sigexit+0xd3 sys/kern/kern_sig.c:1567
trapsignal(ffff80002120daa8,b,6,2,7ad32ef4286c) at trapsignal+0x721 sys/kern/kern_sig.c:881
upageflttrap(ffff800021407ad0,7ad32ef4286c) at upageflttrap+0x1bd sys/arch/amd64/amd64/trap.c:214
usertrap(ffff800021407ad0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7ad32ef42850, count: -13