syncing disks...panic: kernel diagnostic assertion "(sih->sih_state & SIS_RESTART) == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_softintr.c", line 181
Starting stack trace...
panic(ffffffff83435427) at panic+0x1ba sys/kern/subr_prf.c:229
__assert(ffffffff833dfe56,ffffffff83409c32,b5,ffffffff8333e281) at __assert+0x29 sys/kern/subr_prf.c:-1
softintr_schedule(ffff80000002a040) at softintr_schedule+0x1d9
timeout_hardclock_update() at timeout_hardclock_update+0x72b sys/kern/kern_timeout.c:678
clockintr_hardclock(ffffffff83887c18,ffff80002a8ed050,0) at clockintr_hardclock+0x148 sys/kern/kern_clockintr.c:-1
clockintr_dispatch(ffff80002a8ed050) at clockintr_dispatch+0x32a sys/kern/kern_clockintr.c:-1
lapic_clockintr(0,0) at lapic_clockintr+0x43 sys/arch/amd64/amd64/lapic.c:489
Xresume_lapic_ltimer() at Xresume_lapic_ltimer+0x2a
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x1a kd_curproc sys/dev/kcov.c:580 [inline]
__sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x1a sys/dev/kcov.c:153
tsleep_nsec(ffffffff8399ccb8,4,ffffffff8339cb27,ffffffffffffffff) at tsleep_nsec+0x168 sys/kern/kern_synch.c:140
uvn_io(fffffd806e68bd88,ffff80002a8ed370,1,31,1) at uvn_io+0x765 sys/uvm/uvm_vnode.c:1310
uvn_put(fffffd806e68bd88,ffff80002a8ed370,1,31) at uvn_put+0x125 sys/uvm/uvm_vnode.c:922
uvm_pager_put(fffffd806e68bd88,fffffd800718aa00,ffff80002a8ed400,ffff80002a8ed42c,31,0,2cbfaffa45da2d0e) at uvm_pager_put+0x163 sys/uvm/uvm_pager.c:524
uvn_flush(fffffd806e68bd88,0,0,31) at uvn_flush+0x6fe sys/uvm/uvm_vnode.c:723
uvm_vnp_sync(ffff800000b57800) at uvm_vnp_sync+0x1e7 sys/uvm/uvm_vnode.c:1532
sys_sync(ffff80002a7c2f78,0,0) at sys_sync+0xd4 sys/kern/vfs_syscalls.c:534
vfs_syncwait(ffff80002a7c2f78,1) at vfs_syncwait+0x44 sys/kern/vfs_subr.c:-1
vfs_shutdown(ffff80002a7c2f78) at vfs_shutdown+0x97 sys/kern/vfs_subr.c:1810
boot(100) at boot+0x153 sys/arch/amd64/amd64/machdep.c:912
reboot(100) at reboot+0xa8 sys/kern/kern_xxx.c:75
panic(ffffffff83309542) at panic+0x1e3 sys/kern/subr_prf.c:231
kerntrap(ffff80002a8ed710) at kerntrap+0x28b sys/arch/amd64/amd64/trap.c:327
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
sys_semop(ffff80002a7c2f78,ffff80002a8ed9c0,ffff80002a8ed910) at sys_semop+0x45b sys/kern/sysv_sem.c:615
syscall(ffff80002a8ed9c0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a8ed9c0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xdd16193baa0, count: 231
End of stack trace.
WARNING: SPL NOT LOWERED ON SYSCALL 72 9 EXIT 0 c
Stopped at savectx+0xae: movl $0,%gs:0x688
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*133287 6327 73 0x1100010 0 0 syslogd
savectx() at savectx+0xae
end of kernel
end trace frame: 0x721f64c72ba0, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: trap type 4, code=0, pc=ffffffff828810cb
ddb> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x721f64c72ba0, count: -1
ddb> show registers
rdi 0
rsi 0
rbp 0xffff80002a7fdeb0
rbx 0
rdx 0
rcx 0
rax 0x32
r8 0xffff80002a7fdde0
r9 0xffff80002a7fdab8
r10 0xeac4ade5869c392f
r11 0x8140f729d1bb773c
r12 0
r13 0
r14 0xffff80002a7d1200
r15 0
rip 0xffffffff812bf3ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80002a7fde30
ss 0x10
savectx+0xae: movl $0,%gs:0x688
ddb> show proc
PROC (syslogd) tid=133287 pid=6327 tcnt=1 stat=onproc
flags process=1100010<SUGID,PLEDGE,CHROOT> proc=0
runpri=50, usrpri=50, slppri=24, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a7d0f70,0xffff80002a7d02b0
process=0xffff8000ffff8010 user=0xffff80002a7f8000, vmspace=0xfffffd807105f170
estcpu=0, cpticks=0, pctcpu=0.0, user=1, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
56146 149104 68595 0 2 0x82000 syz-executor
56146 82651 68595 0 3 0x4002000 suspend syz-executor
56146 170512 68595 0 4 0x4082000 syz-executor
72044 387306 6753 60928 2 0x10 syz-executor
72044 459880 6753 60928 3 0x4000090 fsleep syz-executor
87200 144434 45277 0 2 0 syz-executor
87200 513390 45277 0 3 0x4000080 fsleep syz-executor
87200 135288 45277 0 2 0x4000000 syz-executor
87200 435774 45277 0 3 0x4000000 netlock syz-executor
69383 216341 189 0 2 0 syz-executor
69383 314253 189 0 2 0x4000000 syz-executor
93628 265194 67720 0 2 0 syz-executor
93628 66050 67720 0 2 0x4000000 syz-executor
89833 102460 28208 0 4 0x82000 syz-executor
89833 490784 28208 0 3 0x4002000 suspend syz-executor
89833 45388 28208 0 2 0x4082000 syz-executor
189 91557 38618 0 2 0xc82 syz-executor
67720 104167 38618 0 2 0xc82 syz-executor
76539 301601 38618 0 2 0x2 syz-executor
45277 421618 38618 0 2 0xc82 syz-executor
52549 136996 45582 0 3 0x82 sbwait sshd-session
76743 23985 1 0 3 0x100083 ttyin getty
28208 111630 38618 0 2 0xc82 syz-executor
92531 85378 0 0 3 0x14200 bored sosplice
6753 191440 38618 0 2 0xc82 syz-executor
44570 174395 38618 0 2 0x3 syz-executor
68595 86629 38618 0 2 0xc82 syz-executor
38618 73515 66940 0 2 0xc82 syz-executor
66940 71969 68784 0 3 0x10008a sigsusp ksh
68784 158245 36770 0 3 0x98 kqread sshd-session
36770 302894 45582 0 3 0x92 kqread sshd-session
45582 470544 1 0 3 0x88 kqread sshd
* 6327 133287 70670 73 7 0x1100010 syslogd
70670 9693 1 0 3 0x100082 sbwait syslogd
76617 67035 1 0 3 0x100080 kqread resolvd
25146 46656 80562 77 3 0x100092 kqread dhcpleased
77210 224449 80562 77 3 0x100092 kqread dhcpleased
80562 295078 1 0 3 0x80 kqread dhcpleased
54727 78532 0 0 3 0x14200 bored smr
34101 13157 0 0 2 0x14200 zerothread
6898 214074 0 0 3 0x14200 aiodoned aiodoned
31496 212570 0 0 2 0x14e00 update
4600 265732 0 0 3 0x14200 cleaner cleaner
30393 71332 0 0 3 0x14200 reaper reaper
92464 89021 0 0 3 0x14200 pgdaemon pagedaemon
29312 195101 0 0 3 0x14200 bored viomb
87027 295147 0 0 3 0x40014200 acpi0 acpi0
20555 44429 0 0 3 0x14200 bored softnet3
85364 132885 0 0 3 0x14200 bored softnet2
78463 381951 0 0 3 0x14200 bored softnet1
12284 72973 0 0 2 0x14200 softnet0
26577 217267 0 0 3 0x14200 bored systqmp
18905 242972 0 0 3 0x14200 bored systq
13887 157745 0 0 2 0x40014200 softclock
58063 237205 0 0 3 0x40014200 idle0
1 350070 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10210 11053K 11805K 166960K 16752 0
pcb 18 16K 21K 166960K 731 0
rtable 237 22K 22K 166960K 1136 0
pf 35 14K 18K 166960K 322 0
ifaddr 37 7K 8K 166960K 187 0
ifgroup 50 2K 2K 166960K 321 0
sysctl 4 1K 9K 166960K 18 0
counters 32 17K 18K 166960K 311 0
ioctlops 0 0K 4K 166960K 976 0
iov 0 0K 18K 166960K 205 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1487 93K 94K 166960K 4329 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 9K 166960K 49 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 128 0
dirhash 6 1K 2K 166960K 18 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 240K 166960K 2509 0
sigio 0 0K 0K 166960K 211 0
proc 60 59K 83K 166960K 1016 0
subproc 72 4K 4K 166960K 153 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 424 0
in_multi 79 5K 7K 166960K 266 0
ether_multi 1 0K 0K 166960K 24 0
mrt 1 0K 0K 166960K 20 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 259 1155K 1155K 166960K 259 0
exec 0 0K 1K 166960K 897 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 2 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 233 160K 187K 166960K 23045 0
UVM aobj 115 8K 8K 166960K 123 0
pinsyscall 40 80K 93K 166960K 3805 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 141 0
NDP 11 0K 2K 166960K 132 0
temp 81 8688K 8816K 166960K 114713 0
kqueue 14 22K 30K 166960K 437 0
SYN cache 2 8K 16K 166960K 3 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 369 0 366 3 2 1 3 0 8 0
rtentry 136 284 0 194 4 0 4 4 0 8 0
unpcb 144 2059 0 2042 6 5 1 6 0 8 0
syncache 336 12 0 12 1 1 0 1 0 8 0
tcpqe 32 10 0 10 1 1 0 1 0 8 0
tcpcb 736 791 0 782 7 5 2 7 0 8 0
arp 88 48 0 30 1 0 1 1 0 8 0
ipq 40 4 0 4 1 0 1 1 0 8 1
ipqe 40 15 0 15 1 0 1 1 0 8 1
inpcb 328 2668 0 2652 21 14 7 12 0 8 5
ip6q 72 9 0 2 1 0 1 1 0 8 0
ip6af 40 11 0 4 1 0 1 1 0 8 0
nd6 104 61 0 38 1 0 1 1 0 8 0
pkpcb 40 12 0 12 2 1 1 1 0 8 1
kcovpl 48 17 0 9 1 0 1 1 0 8 0
mppekey 1024 2 0 2 1 1 0 1 0 8 0
ppxss 1072 243 0 243 1 0 1 1 0 8 1
pppxif 1384 21 0 21 2 1 1 1 0 8 1
pfstscr 40 2 0 1 1 0 1 1 0 8 0
pfrktable 1344 6 0 4 1 0 1 1 0 8 0
pfanchor 1288 2 0 0 1 0 1 1 0 8 0
pftag 88 3 0 2 1 0 1 1 0 8 0
pfqueue 320 1 0 0 1 0 1 1 0 8 0
pfstitem 24 6 0 2 1 0 1 1 0 8 0
pfstkey 128 11 0 6 1 0 1 1 0 8 0
pfstate 384 6 0 4 1 0 1 1 0 8 0
pfrule 1344 70 0 68 1 0 1 1 0 8 0
rttmr 136 2 0 2 1 1 0 1 0 8 0
art_heap8 4096 4 0 0 4 0 4 4 0 8 0
art_heap4 256 1178 0 814 33 9 24 31 0 8 1
art_table 32 1182 0 814 4 0 4 4 0 8 0
art_node 16 273 0 194 1 0 1 1 0 8 0
sysvmsgpl 40 4 0 2 1 0 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 122 0 113 1 0 1 1 0 8 0
shmpl 112 120 0 8 4 0 4 4 0 8 0
dirhash 1024 21 0 17 3 1 2 3 0 8 0
dino2pl 256 6113 0 4605 95 0 95 95 0 8 0
ffsino 248 6113 0 4605 95 0 95 95 0 8 0
nchpl 144 9590 0 7883 64 0 64 64 0 8 0
rtmask 32 31 0 31 1 0 1 1 0 8 1
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 36553 0 36552 2 1 1 2 0 8 0
pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0
kstatmem 264 196 0 174 2 0 2 2 0 8 0
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
scsiplug 72 17 0 17 2 1 1 1 0 8 1
scxspl 216 29713 0 29713 9 7 2 8 1 8 2
plimitpl 152 569 0 553 1 0 1 1 0 8 0
sigapl 424 2794 0 2747 8 0 8 8 0 8 1
knotepl 120 371264 0 371216 30 20 10 17 0 8 6
kqueuepl 184 1029 0 1019 4 3 1 4 0 8 0
pipepl 296 398 0 371 5 2 3 5 0 8 0
fdescpl 440 2751 0 2721 5 1 4 5 0 8 0
filepl 120 20977 0 20760 13 3 10 13 0 8 1
lockfpl 104 1403 0 1400 2 1 1 2 0 8 0
lockfspl 48 655 0 652 1 0 1 1 0 8 0
sessionpl 144 39 0 30 1 0 1 1 0 8 0
pgrppl 48 233 0 216 1 0 1 1 0 8 0
ucredpl 104 3894 0 3882 1 0 1 1 0 8 0
zombiepl 144 2920 0 2920 1 0 1 1 0 8 1
processpl 1160 2794 0 2747 5 0 5 5 0 8 0
procpl 656 6144 0 6086 9 1 8 8 0 8 2
sosppl 168 13 0 13 2 1 1 1 0 8 1
sockpl 528 5181 0 5145 17 10 7 12 0 8 3
mcl64k 65536 60 0 60 2 1 1 1 0 8 1
mcl16k 16384 3 0 3 1 1 0 1 0 8 0
mcl12k 12288 2 0 2 1 1 0 1 0 8 0
mcl9k 9216 4 0 4 1 1 0 1 0 8 0
mcl8k 8192 17 0 17 1 1 0 1 0 8 0
mcl4k 4096 5545 0 5491 15 7 8 14 0 8 1
mcl2k2 2112 3 0 3 1 1 0 1 0 8 0
mcl2k 2048 2529 0 2520 4 2 2 4 0 8 0
mtagpl 96 248 0 158 3 0 3 3 0 8 0
mbufpl 256 33629 0 33404 283 266 17 282 0 8 0
bufpl 280 9287 0 3060 446 0 446 446 0 8 0
anonpl 24 337699 0 329276 89 13 76 89 0 187 0
amapchunkpl 152 78915 0 78374 44 12 32 40 0 158 6
amappl16 200 5106 0 4842 27 0 27 27 0 8 0
amappl15 192 7 0 7 1 1 0 1 0 8 0
amappl14 184 139 0 128 1 0 1 1 0 8 0
amappl13 176 8 0 8 1 1 0 1 0 8 0
amappl12 168 3509 0 3480 2 0 2 2 0 8 0
amappl11 160 71 0 61 1 0 1 1 0 8 0
amappl10 152 25 0 24 1 0 1 1 0 8 0
amappl9 144 269 0 269 1 1 0 1 0 8 0
amappl8 136 20 0 18 1 0 1 1 0 8 0
amappl7 128 122 0 110 1 0 1 1 0 8 0
amappl6 120 275 0 270 1 0 1 1 0 8 0
amappl5 112 155 0 147 1 0 1 1 0 8 0
amappl4 104 350 0 334 1 0 1 1 0 8 0
amappl3 96 16246 0 16144 4 0 4 4 0 8 0
amappl2 88 812 0 748 2 0 2 2 0 8 0
amappl1 80 19729 0 19110 15 1 14 15 0 8 0
amappl 88 21741 0 21579 5 0 5 5 0 92 0
dma65536 65536 1 0 1 1 1 0 1 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma2048 2048 1 0 1 1 1 0 1 0 8 0
dma1024 1024 2 0 1 1 0 1 1 0 8 0
dma256 256 8 0 8 2 1 1 1 0 8 1
dma128 128 266 0 266 1 1 0 1 0 8 0
dma64 64 9 0 9 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 20 0 19 1 0 1 1 0 8 0
aobjpl 72 122 0 8 3 0 3 3 0 8 0
uaddrrnd 24 2751 0 2721 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2751 0 2721 1 0 1 1 0 8 0
vmmpekpl 168 21151 0 21100 3 0 3 3 0 8 0
vmmpepl 168 174096 0 171905 115 5 110 112 0 357 1
vmsppl 360 2750 0 2721 4 1 3 4 0 8 0
rwobjpl 32 46424 0 39207 61 1 60 61 0 8 0
pdppl 4096 5509 0 5442 116 47 69 79 0 8 2
pvpl 32 1093800 0 1079647 184 40 144 184 0 265 0
pmappl 216 2750 0 2721 2 0 2 2 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 574 0 347 15 7 8 15 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x721f64c72ba0, count: -1
ddb> machine ddbcpu 1
No such command
ddb> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x721f64c72ba0, count: -1