panic: kernel diagnostic assertion "ISSET(p->p_flag, P_SUSPSIG | P_SUSPSINGLE) == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_sig.c", line 1602
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*446828 8 32767 0xa011 0x4080000 0 syz-executor
114067 67528 32767 0x10 0 1 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83454ec5) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff8348f2e8,ffffffff834883dd,642,ffffffff833d7ba0) at __assert+0x29 sys/kern/subr_prf.c:-1
process_stop(ffff80003c3e4020,8000000,1) at process_stop+0x3fe
cursig(ffff80003c3dfcb8,ffff80003c41d6f8,0) at cursig+0x509 x86_atomic_setbits_u32 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:-1 [inline]
cursig(ffff80003c3dfcb8,ffff80003c41d6f8,0) at cursig+0x509 sys/kern/kern_sig.c:1445
userret(ffff80003c3dfcb8) at userret+0x203 sys/kern/kern_sig.c:2207
syscall(ffff80003c41d830) at syscall+0x9ce mi_syscall_return sys/sys/syscall_mi.h:203 [inline]
syscall(ffff80003c41d830) at syscall+0x9ce sys/arch/amd64/amd64/trap.c:804
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x1eedb82c050, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "ISSET(p->p_flag, P_SUSPSIG | P_SUSPSINGLE) == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_sig.c", line 1602
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83454ec5) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff8348f2e8,ffffffff834883dd,642,ffffffff833d7ba0) at __assert+0x29 sys/kern/subr_prf.c:-1
process_stop(ffff80003c3e4020,8000000,1) at process_stop+0x3fe
cursig(ffff80003c3dfcb8,ffff80003c41d6f8,0) at cursig+0x509 x86_atomic_setbits_u32 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:-1 [inline]
cursig(ffff80003c3dfcb8,ffff80003c41d6f8,0) at cursig+0x509 sys/kern/kern_sig.c:1445
userret(ffff80003c3dfcb8) at userret+0x203 sys/kern/kern_sig.c:2207
syscall(ffff80003c41d830) at syscall+0x9ce mi_syscall_return sys/sys/syscall_mi.h:203 [inline]
syscall(ffff80003c41d830) at syscall+0x9ce sys/arch/amd64/amd64/trap.c:804
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x1eedb82c050, count: -8
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c41d510
rbx 0xffffffff83945e07 cpu_info_full_primary+0x2e07
rdx 0
rcx 0xffff80003c3dfcb8
rax 0xffffffff83944ff0 cpu_info_full_primary+0x1ff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xe5190105adb4e660
r11 0x4352d13181e7096d
r12 0xffffffff83945c08 cpu_info_full_primary+0x2c08
r13 0
r14 0
r15 0x1
rip 0xffffffff828baef5 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c41d500
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=446828 pid=8 tcnt=4 stat=onproc
flags process=a011<CONTROLT,SUGID,SINGLEUNWIND,STOPPING> proc=4080000<SUSPSINGLE,THREAD>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0xffff80003c3e3250 scnt=2 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c3e22c0,0xffffffff83987898
process=0xffff80003c3e4020 user=0xffff80003c418000, vmspace=0xfffffd800f447b98
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
8 164744 16595 32767 2 0x8a011 syz-executor
8 80753 16595 32767 4 0x408a011 syz-executor
8 451715 16595 32767 3 0x400a011 suspend syz-executor
* 8 446828 16595 32767 7 0x408a011 syz-executor
67528 114067 87986 32767 7 0x10 syz-executor
67528 87716 87986 32767 3 0x4000090 lockf syz-executor
67528 108311 87986 32767 3 0x4000090 lockf syz-executor
87358 235125 68495 32767 3 0x90 nanoslp syz-executor
87358 449957 68495 32767 3 0x4000090 sbwait syz-executor
87358 308395 68495 32767 3 0x4000090 fsleep syz-executor
38127 263616 34146 32767 3 0x90 nanoslp syz-executor
38127 390284 34146 32767 3 0x4000090 kqsel syz-executor
38127 93403 34146 32767 3 0x4000090 fsleep syz-executor
78327 34519 17018 32767 3 0x90 nanoslp syz-executor
78327 287353 17018 32767 3 0x4000090 semwait syz-executor
78327 428546 17018 32767 3 0x4000090 fsleep syz-executor
7758 302417 55989 32767 3 0x90 nanoslp syz-executor
7758 423011 55989 32767 3 0x4000090 lockf syz-executor
7758 261635 55989 32767 3 0x4000090 fsleep syz-executor
68495 13420 65570 32767 3 0x90 nanoslp syz-executor
87986 2589 90091 32767 3 0x90 nanoslp syz-executor
95318 278420 35686 32767 3 0x90 wait syz-executor
16595 122291 35542 32767 3 0x90 nanoslp syz-executor
85361 162175 66857 32767 3 0x90 nanoslp syz-executor
34146 386768 38550 32767 3 0x90 nanoslp syz-executor
55989 46974 2411 32767 3 0x90 nanoslp syz-executor
17018 312728 11324 32767 3 0x90 nanoslp syz-executor
35542 184309 52737 0 3 0x82 wait syz-executor
65570 20408 52737 0 3 0x82 wait syz-executor
66857 115621 52737 0 3 0x82 wait syz-executor
11324 59153 52737 0 3 0x82 wait syz-executor
90091 27811 52737 0 3 0x82 wait syz-executor
35686 217034 52737 0 3 0x82 wait syz-executor
38550 511849 52737 0 3 0x82 wait syz-executor
2411 137596 52737 0 3 0x82 wait syz-executor
52737 384420 93080 0 3 0x82 kqread syz-executor
93080 486741 21574 0 3 0x10008a sigsusp ksh
21574 285955 14143 0 3 0x98 kqread sshd-session
14143 509593 75564 0 3 0x92 kqread sshd-session
95678 353636 1 0 3 0x100083 ttyin getty
75564 8207 1 0 3 0x88 kqread sshd
8740 354451 20606 73 3 0x1100090 kqread syslogd
20606 216407 1 0 3 0x100082 sbwait syslogd
65512 496717 1 0 3 0x100080 kqread resolvd
51109 205614 7718 77 3 0x100092 kqread dhcpleased
76962 411536 7718 77 3 0x100092 kqread dhcpleased
7718 225076 1 0 3 0x80 kqread dhcpleased
47051 125042 0 0 3 0x14200 bored smr
60883 100245 0 0 3 0x14200 pgzero zerothread
93412 362524 0 0 3 0x14200 aiodoned aiodoned
13062 196620 0 0 3 0x14200 syncer update
90958 322448 0 0 3 0x14200 cleaner cleaner
27072 336265 0 0 3 0x14200 reaper reaper
51297 356575 0 0 3 0x14200 pgdaemon pagedaemon
87251 300176 0 0 3 0x14200 bored viomb
5625 180285 0 0 3 0x40014200 acpi0 acpi0
80033 401971 0 0 3 0x40014200 idle1
93553 466394 0 0 3 0x14200 bored softnet1
38312 63584 0 0 3 0x14200 bored softnet0
9999 455675 0 0 3 0x14200 bored systqmp
53474 190212 0 0 3 0x14200 bored systq
96676 512833 0 0 3 0x14200 tmoslp softclockmp
29417 156780 0 0 3 0x40014200 tmoslp softclock
93637 82381 0 0 3 0x40014200 idle0
1 483455 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex &sched_lock r = 0 (0xffffffff83a192b0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 cursig+0x4ee sys/kern/kern_sig.c:1444
#3 userret+0x203 sys/kern/kern_sig.c:2207
#4 syscall+0x9ce mi_syscall_return sys/sys/syscall_mi.h:203 [inline]
#4 syscall+0x9ce sys/arch/amd64/amd64/trap.c:804
#5 Xsyscall+0x128
exclusive mutex &pr->ps_mtx r = 0 (0xffff80003c3e4138)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 cursig+0x4c2 sys/kern/kern_sig.c:1440
#3 userret+0x203 sys/kern/kern_sig.c:2207
#4 syscall+0x9ce mi_syscall_return sys/sys/syscall_mi.h:203 [inline]
#4 syscall+0x9ce sys/arch/amd64/amd64/trap.c:804
#5 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11067 12020K 12034K 166960K 12159 0
pcb 17 12K 12K 166960K 17 0
rtable 243 6K 7K 166960K 389 0
pf 31 16K 16K 166960K 31 0
ifaddr 42 7K 7K 166960K 44 0
ifgroup 50 2K 2K 166960K 50 0
sysctl 4 1K 9K 166960K 9 0
counters 70 37K 37K 166960K 70 0
ioctlops 0 0K 4K 166960K 45 0
iov 0 0K 24K 166960K 118 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1288 81K 81K 166960K 1470 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 15 0
VM map 2 1K 1K 166960K 2 0
sem 13 1K 1K 166960K 31 0
dirhash 12 2K 2K 166960K 21 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 26 97K 129K 166960K 749 0
sigio 1 0K 0K 166960K 20 0
proc 58 99K 163K 166960K 579 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 134 0
in_multi 99 7K 7K 166960K 112 0
ether_multi 1 0K 0K 166960K 3 0
mrt 0 0K 0K 166960K 17 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 145 652K 652K 166960K 145 0
exec 0 0K 1K 166960K 528 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 276 168K 191K 166960K 8928 0
UVM aobj 94 3K 3K 166960K 96 0
pinsyscall 47 94K 114K 166960K 1893 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 39 0
NDP 11 0K 2K 166960K 27 0
temp 75 9088K 9152K 166960K 6728 0
kqueue 13 20K 31K 166960K 140 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 78 0 74 1 0 1 1 0 8 0
rtentry 176 120 0 7 6 0 6 6 0 8 0
unpcb 144 580 0 562 4 2 2 4 0 8 1
syncache 336 14 0 14 1 0 1 1 0 8 1
tcpqe 32 1 0 1 1 0 1 1 0 8 1
tcpcb 736 482 0 476 8 1 7 7 0 8 6
arp 136 19 0 0 1 0 1 1 0 8 0
ipq 40 2 0 0 1 0 1 1 0 8 0
ipqe 40 7 0 5 1 0 1 1 0 8 0
inpcb 328 894 0 815 8 1 7 7 0 8 0
ip6q 72 3 0 2 1 0 1 1 0 8 0
ip6af 40 5 0 4 1 0 1 1 0 8 0
nd6 152 32 0 6 2 0 2 2 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 514 0 44 31 0 31 31 0 8 1
art_table 40 515 0 44 5 0 5 5 0 8 0
art_node 32 120 0 17 1 0 1 1 0 8 0
sysvmsgpl 40 2 0 1 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 26 0 16 1 0 1 1 0 8 0
shmpl 112 93 0 2 3 0 3 3 0 8 0
dirhash 1024 23 0 6 3 0 3 3 0 8 0
dino2pl 256 2519 0 1051 93 0 93 93 0 8 0
ffsino 296 2519 0 1051 114 0 114 114 0 8 0
nchpl 144 3587 0 1894 63 0 63 63 0 8 0
vnodes 216 2600 0 0 145 0 145 145 0 8 0
namei 1024 11781 0 11781 2 0 2 2 0 8 2
percpumem 16 50 0 0 1 0 1 1 0 8 0
kstatmem 264 25 0 0 2 0 2 2 0 8 0
scxspl 216 11979 0 11979 7 5 2 6 1 8 2
plimitpl 152 177 0 151 2 0 2 2 0 8 0
sigapl 424 1052 0 998 7 0 7 7 0 8 0
knotepl 120 330 0 0 10 0 10 10 0 8 0
kqueuepl 224 286 0 210 5 0 5 5 0 8 0
pipepl 344 173 0 146 3 0 3 3 0 8 0
fdescpl 528 1036 0 998 4 0 4 4 0 8 0
filepl 160 6065 0 5705 18 2 16 16 0 8 0
lockfpl 104 224 0 215 1 0 1 1 0 8 0
lockfspl 48 73 0 68 1 0 1 1 0 8 0
sessionpl 144 71 0 54 1 0 1 1 0 8 0
pgrppl 48 87 0 62 1 0 1 1 0 8 0
ucredpl 104 1281 0 1262 1 0 1 1 0 8 0
zombiepl 144 1000 0 998 1 0 1 1 0 8 0
processpl 1232 1052 0 998 5 0 5 5 0 8 0
procpl 664 2141 0 2074 7 0 7 7 0 8 0
sosppl 176 4 0 4 2 1 1 1 0 8 1
sockpl 752 1560 0 1459 13 2 11 11 0 8 0
mcl64k 65536 10 0 0 2 0 2 2 0 8 0
mcl8k 8192 3 0 0 1 0 1 1 0 8 0
mcl4k 4096 127 0 0 16 0 16 16 0 8 0
mcl2k 2048 31 0 0 4 0 4 4 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 335 0 0 21 0 21 21 0 8 0
bufpl 280 3445 0 102 239 0 239 239 0 8 0
anonpl 32 9621 0 0 78 0 78 78 0 246 0
amapchunkpl 152 28876 0 28245 35 1 34 34 0 158 8
amappl16 200 3760 0 3727 22 8 14 15 0 8 8
amappl15 192 5 0 4 1 0 1 1 0 8 0
amappl14 184 404 0 403 1 0 1 1 0 8 0
amappl13 176 136 0 126 1 0 1 1 0 8 0
amappl12 168 1290 0 1253 2 0 2 2 0 8 0
amappl11 160 19 0 19 1 1 0 1 0 8 0
amappl10 152 62 0 51 1 0 1 1 0 8 0
amappl9 144 260 0 260 1 1 0 1 0 8 0
amappl8 136 99 0 98 1 0 1 1 0 8 0
amappl7 128 156 0 144 1 0 1 1 0 8 0
amappl6 120 177 0 175 1 0 1 1 0 8 0
amappl5 112 127 0 119 1 0 1 1 0 8 0
amappl4 104 300 0 284 1 0 1 1 0 8 0
amappl3 96 5630 0 5483 5 1 4 4 0 8 0
amappl2 88 623 0 568 2 0 2 2 0 8 0
amappl1 80 15667 0 15086 16 0 16 16 0 8 0
amappl 88 8033 0 7823 5 0 5 5 0 92 0
uvmvnodes 80 119 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 95 0 2 2 0 2 2 0 8 0
uaddrrnd 24 1036 0 998 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1036 0 998 1 0 1 1 0 8 0
vmmpekpl 168 11375 0 11347 2 0 2 2 0 8 0
vmmpepl 168 79074 0 76921 107 1 106 106 0 357 7
vmsppl 488 1035 0 998 7 2 5 6 0 8 0
rwobjpl 80 25843 0 24742 27 1 26 26 0 8 0
pdppl 4096 2079 0 1996 121 34 87 99 0 8 4
pvpl 32 16246 0 0 132 0 132 132 0 265 0
pmappl 256 1035 0 998 4 1 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 311 0 38 8 0 8 8 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83454ec5) at panic+0x1e5 sys/kern/subr_prf.c:198
__assert(ffffffff8348f2e8,ffffffff834883dd,642,ffffffff833d7ba0) at __assert+0x29 sys/kern/subr_prf.c:-1
process_stop(ffff80003c3e4020,8000000,1) at process_stop+0x3fe
cursig(ffff80003c3dfcb8,ffff80003c41d6f8,0) at cursig+0x509 x86_atomic_setbits_u32 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:-1 [inline]
cursig(ffff80003c3dfcb8,ffff80003c41d6f8,0) at cursig+0x509 sys/kern/kern_sig.c:1445
userret(ffff80003c3dfcb8) at userret+0x203 sys/kern/kern_sig.c:2207
syscall(ffff80003c41d830) at syscall+0x9ce mi_syscall_return sys/sys/syscall_mi.h:203 [inline]
syscall(ffff80003c41d830) at syscall+0x9ce sys/arch/amd64/amd64/trap.c:804
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x1eedb82c050, count: -8
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffff8000299adff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
end of kernel
end trace frame: 0x77b651145b70, count: 12
ddb{1}> trace
x86_ipi_db(ffff8000299adff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
end of kernel
end trace frame: 0x77b651145b70, count: -3