syzbot |
sign-in | mailing list | source | docs |
panic: kernel diagnostic assertion "pr->ps_threadcnt == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_exit.c", line 886
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*106312 31761 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8337dcc8) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff833bc878,ffffffff833e2974,376,ffffffff833e29a9) at __assert+0x29 sys/kern/subr_prf.c:-1
process_zap(ffff8000318f6d18) at process_zap+0x31d sys/kern/kern_exit.c:887
reaper(ffff80002a72cf90) at reaper+0x290 sys/kern/kern_exit.c:521
end trace frame: 0x0, count: 10
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "pr->ps_threadcnt == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_exit.c", line 886
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8337dcc8) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff833bc878,ffffffff833e2974,376,ffffffff833e29a9) at __assert+0x29 sys/kern/subr_prf.c:-1
process_zap(ffff8000318f6d18) at process_zap+0x31d sys/kern/kern_exit.c:887
reaper(ffff80002a72cf90) at reaper+0x290 sys/kern/kern_exit.c:521
end trace frame: 0x0, count: -5
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002a763a00
rbx 0x40000 acpi_pdirpa+0x2be71
rdx 0
rcx 0
rax 0xffff80002a72cf90
r8 0x101010101010101
r9 0x8080808080808080
r10 0xdbd68aef0e0fae70
r11 0xdb2da703359bbed2
r12 0
r13 0
r14 0
r15 0x1
rip 0xffffffff82ffb8c5 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002a7639f0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (reaper) tid=106312 pid=31761 tcnt=1 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a72c000,0xffff80002a72d768
process=0xffff8000ffffe880 user=0xffff80002a75e000, vmspace=0xffffffff83995af0
estcpu=0, cpticks=5, pctcpu=0.0, user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
4514 487226 54943 0 2 0 syz-executor
4514 355994 54943 0 3 0x4000080 fsleep syz-executor
27909 352119 39127 60929 2 0x10 syz-executor
27909 428696 39127 60929 3 0x4000090 fsleep syz-executor
37128 164855 29914 0 2 0 syz-executor
37128 343630 29914 0 3 0x4000080 fsleep syz-executor
37128 112257 29914 0 3 0x4000080 fsleep syz-executor
37128 342212 29914 0 3 0x4000080 fsleep syz-executor
22478 492625 0 0 3 0x14280 nfsidl nfsio
69031 369111 91335 0 2 0 syz-executor
69031 338067 91335 0 3 0x4000080 fsleep syz-executor
18048 417852 0 0 3 0x14280 nfsidl nfsio
99588 309325 66051 60929 3 0x90 nanoslp syz-executor
99588 455869 66051 60929 3 0x4000090 fifow syz-executor
99588 277705 66051 60929 2 0x4000010 syz-executor
37639 344886 73379 60928 2 0x10 syz-executor
37639 59558 73379 60928 3 0x4000090 ttyout syz-executor
37639 251437 73379 60928 3 0x4000090 fsleep syz-executor
55361 356044 92167 0 2 0 syz-executor
55361 33096 92167 0 2 0x4000000 syz-executor
55361 283053 92167 0 3 0x4000080 sysctllk syz-executor
66051 170982 34142 0 3 0x82 nanoslp syz-executor
63128 495562 0 0 3 0x14200 acct acct
29914 66150 34142 0 2 0x2 syz-executor
23619 5470 34142 0 2 0xc82 syz-executor
92167 310144 34142 0 3 0x82 nanoslp syz-executor
73379 132845 34142 0 3 0x82 nanoslp syz-executor
39127 52422 34142 0 3 0x2 kqpsl syz-executor
91335 258324 34142 0 2 0xc82 syz-executor
54943 157626 34142 0 3 0x2 kqpsl syz-executor
34142 78098 86777 0 3 0x82 kqread syz-executor
86777 154784 7190 0 3 0x10008a sigsusp ksh
7190 332897 40478 0 3 0x98 kqread sshd-session
40478 239979 50585 0 3 0x92 kqread sshd-session
5223 403668 1 0 3 0x100083 ttyin getty
50585 136392 1 0 3 0x88 kqread sshd
90709 121631 92090 73 3 0x1100090 kqread syslogd
92090 30344 1 0 3 0x100082 sbwait syslogd
53433 182112 1 0 3 0x100080 kqread resolvd
11046 283745 32624 77 3 0x100092 kqread dhcpleased
81698 28018 32624 77 3 0x100092 kqread dhcpleased
32624 43755 1 0 3 0x80 kqread dhcpleased
46078 179654 0 0 3 0x14200 bored smr
18926 379392 0 0 2 0x14200 zerothread
96076 455753 0 0 3 0x14200 aiodoned aiodoned
46931 419145 0 0 3 0x14200 syncer update
14862 359289 0 0 3 0x14200 cleaner cleaner
*31761 106312 0 0 7 0x14200 reaper
56537 66092 0 0 3 0x14200 pgdaemon pagedaemon
72281 27875 0 0 3 0x14200 bored viomb
17456 160930 0 0 3 0x40014200 acpi0 acpi0
92585 426220 0 0 3 0x14200 bored softnet0
27638 441058 0 0 3 0x14200 bored systqmp
90525 487360 0 0 3 0x14200 bored systq
18163 401579 0 0 3 0x40014200 tmoslp softclock
32636 283739 0 0 3 0x40014200 idle0
1 380305 0 0 3 0x80082 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11040 12104K 12549K 166960K 13030 0
pcb 17 16K 18K 166960K 236 0
rtable 215 7K 8K 166960K 586 0
pf 32 13K 14K 166960K 83 0
ifaddr 40 7K 8K 166960K 76 0
ifgroup 53 2K 2K 166960K 114 0
sysctl 3 1K 9K 166960K 7 0
counters 33 17K 18K 166960K 69 0
ioctlops 0 0K 4K 166960K 255 0
iov 0 0K 16K 166960K 30 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1337 84K 85K 166960K 2002 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 6 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 27 0
dirhash 12 2K 2K 166960K 21 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 17 61K 240K 166960K 730 0
sigio 0 0K 0K 166960K 9 0
proc 60 59K 100K 166960K 533 0
subproc 72 4K 4K 166960K 85 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 52 0
in_multi 92 7K 7K 166960K 130 0
ether_multi 1 0K 0K 166960K 5 0
mrt 1 0K 0K 166960K 6 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 91 413K 413K 166960K 91 0
exec 0 0K 1K 166960K 450 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 231 172K 173K 166960K 8599 0
UVM aobj 13 4K 4K 166960K 13 0
pinsyscall 38 76K 91K 166960K 1831 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 16 0
NDP 11 0K 1K 166960K 48 0
temp 53 8666K 8794K 166960K 29027 0
kqueue 16 22K 30K 166960K 134 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 83 0 79 1 0 1 1 0 8 0
rtentry 136 139 0 47 4 0 4 4 0 8 0
unpcb 144 449 0 430 4 0 4 4 0 8 3
syncache 336 6 0 6 2 1 1 1 0 8 1
tcpqe 32 2 0 2 1 0 1 1 0 8 1
tcpcb 736 318 0 312 7 0 7 7 0 8 6
arp 96 21 0 3 1 0 1 1 0 8 0
ipq 40 2 0 0 1 0 1 1 0 8 0
ipqe 40 2 0 0 1 0 1 1 0 8 0
inpcb 328 1081 0 1071 16 7 9 12 0 8 7
ip6q 72 6 0 4 1 0 1 1 0 8 0
ip6af 40 10 0 8 1 0 1 1 0 8 0
nd6 112 31 0 7 1 0 1 1 0 8 0
pkpcb 40 2 0 2 1 0 1 1 0 8 1
kcovpl 48 9 0 1 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 0 1 1 0 8 1
ppxss 1072 27 0 27 1 0 1 1 0 8 1
pppxif 1384 6 0 6 1 0 1 1 0 8 1
pfrktable 1344 65 0 65 1 0 1 1 0 8 1
pfrule 1344 1 0 0 1 0 1 1 0 8 0
rttmr 136 2 0 2 1 0 1 1 0 8 1
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 624 0 247 29 1 28 28 0 8 4
art_table 40 625 0 247 5 0 5 5 0 8 0
art_node 32 138 0 55 1 0 1 1 0 8 0
sysvmsgpl 40 8 0 5 1 0 1 1 0 8 0
semapl 112 24 0 14 1 0 1 1 0 8 0
shmpl 112 10 0 0 1 0 1 1 0 8 0
dirhash 1024 23 0 6 3 0 3 3 0 8 0
dino2pl 256 2798 0 1303 95 0 95 95 0 8 0
ffsino 256 2798 0 1303 95 0 95 95 0 8 0
nchpl 144 3799 0 2102 64 0 64 64 0 8 0
rtmask 32 6 0 6 1 0 1 1 0 8 1
vnodes 216 3150 0 0 175 0 175 175 0 8 0
namei 1024 12677 0 12677 5 2 3 3 0 8 3
kstatmem 264 60 0 38 2 0 2 2 0 8 0
scsiplug 72 2 0 2 1 0 1 1 0 8 1
scxspl 216 11261 0 11261 10 2 8 8 1 8 8
plimitpl 152 114 0 97 1 0 1 1 0 8 0
sigapl 424 1009 0 963 6 0 6 6 0 8 0
knotepl 120 29737 0 29686 17 7 10 15 0 8 8
kqueuepl 184 201 0 191 1 0 1 1 0 8 0
pipepl 304 167 0 139 3 0 3 3 0 8 0
fdescpl 448 992 0 963 5 1 4 5 0 8 0
filepl 120 6400 0 6182 16 2 14 14 0 8 6
lockfpl 104 276 0 274 1 0 1 1 0 8 0
lockfspl 48 89 0 87 1 0 1 1 0 8 0
sessionpl 144 25 0 17 1 0 1 1 0 8 0
pgrppl 48 46 0 30 1 0 1 1 0 8 0
ucredpl 104 1238 0 1224 1 0 1 1 0 8 0
zombiepl 144 1343 0 1342 1 0 1 1 0 8 0
processpl 1152 1009 0 963 4 0 4 4 0 8 0
procpl 664 2016 0 1958 6 0 6 6 0 8 1
sosppl 176 8 0 8 1 0 1 1 0 8 1
sockpl 552 1626 0 1593 24 13 11 13 0 8 7
mcl64k 65536 39 0 38 2 1 1 1 0 8 0
mcl16k 16384 9 0 9 1 0 1 1 0 8 1
mcl9k 9216 1 0 1 1 0 1 1 0 8 1
mcl8k 8192 39 0 39 2 1 1 1 0 8 1
mcl4k 4096 3265 0 3214 15 7 8 15 0 8 1
mcl2k2 2112 1 0 1 1 0 1 1 0 8 1
mcl2k 2048 1164 0 1155 3 1 2 2 0 8 0
mtagpl 96 27 0 9 2 1 1 1 0 8 0
mbufpl 256 10931 0 10718 17 0 17 17 0 8 2
bufpl 280 3576 0 120 247 0 247 247 0 8 0
anonpl 24 164057 0 160376 47 2 45 45 0 187 22
amapchunkpl 152 28099 0 27242 41 6 35 35 0 158 0
amappl16 200 2577 0 2519 18 6 12 15 0 8 8
amappl15 192 5 0 5 1 1 0 1 0 8 0
amappl14 184 7 0 7 2 1 1 1 0 8 1
amappl13 176 416 0 415 1 0 1 1 0 8 0
amappl12 168 1345 0 1307 2 0 2 2 0 8 0
amappl11 160 46 0 46 1 1 0 1 0 8 0
amappl10 152 42 0 32 1 0 1 1 0 8 0
amappl9 144 249 0 249 1 1 0 1 0 8 0
amappl8 136 21 0 19 1 0 1 1 0 8 0
amappl7 128 84 0 83 1 0 1 1 0 8 0
amappl6 120 275 0 264 1 0 1 1 0 8 0
amappl5 112 92 0 85 1 0 1 1 0 8 0
amappl4 104 400 0 376 1 0 1 1 0 8 0
amappl3 96 4710 0 4625 3 0 3 3 0 8 0
amappl2 88 1137 0 1064 2 0 2 2 0 8 0
amappl1 80 12093 0 11555 16 1 15 15 0 8 2
amappl 88 7768 0 7605 5 0 5 5 0 92 0
uvmvnodes 80 117 0 0 3 0 3 3 0 8 0
dma4096 4096 2 0 2 2 1 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 7 0 7 2 1 1 1 0 8 1
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 7 0 7 2 1 1 1 0 8 1
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 12 0 0 1 0 1 1 0 8 0
uaddrrnd 24 992 0 963 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 992 0 963 1 0 1 1 0 8 0
vmmpekpl 168 9605 0 9574 2 0 2 2 0 8 0
vmmpepl 168 69722 0 67915 93 3 90 90 0 357 8
vmsppl 368 991 0 962 4 1 3 4 0 8 0
rwobjpl 40 21136 0 20143 14 1 13 13 0 8 1
pdppl 4096 1990 0 1924 96 30 66 78 0 8 0
pvpl 32 435112 0 424838 117 3 114 114 0 265 25
pmappl 216 991 0 962 2 0 2 2 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 388 0 48 10 0 10 10 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8337dcc8) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff833bc878,ffffffff833e2974,376,ffffffff833e29a9) at __assert+0x29 sys/kern/subr_prf.c:-1
process_zap(ffff8000318f6d18) at process_zap+0x31d sys/kern/kern_exit.c:887
reaper(ffff80002a72cf90) at reaper+0x290 sys/kern/kern_exit.c:521
end trace frame: 0x0, count: -5
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff8337dcc8) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff833bc878,ffffffff833e2974,376,ffffffff833e29a9) at __assert+0x29 sys/kern/subr_prf.c:-1
process_zap(ffff8000318f6d18) at process_zap+0x31d sys/kern/kern_exit.c:887
reaper(ffff80002a72cf90) at reaper+0x290 sys/kern/kern_exit.c:521
end trace frame: 0x0, count: -5
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/01/07 10:02 | openbsd | c7117ed52e15 | 15f6fd08 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2026/01/04 15:59 | openbsd | 079c76c73fb6 | e3fbc05e | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/12/31 15:24 | openbsd | f516ab5f0d05 | 49aa01cc | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/12/24 14:48 | openbsd | 1dc30a6de584 | 5dc09de1 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/12/16 21:12 | openbsd | 11531c4859ff | a066d2bc | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/12/15 14:37 | openbsd | 2c50c5af38ad | a066d2bc | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/12/10 10:57 | openbsd | f5c5b16722b5 | 48b27acc | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/12/09 18:13 | openbsd | 9bea02201100 | fc20f974 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/12/09 05:28 | openbsd | bf8f637750de | fc20f974 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/12/05 11:57 | openbsd | 9dbbe670f20c | cee4cb10 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/11/26 20:34 | openbsd | 856b2687a9ff | c116feb4 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/11/24 16:56 | openbsd | 879ea5f6fdb7 | bf6fe8fe | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/11/14 06:41 | openbsd | 83ff66b05700 | 07e030de | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/11/12 23:22 | openbsd | 4bd49954ab16 | 07e030de | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/11/09 04:05 | openbsd | e187005a6767 | 4e1406b4 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/11/08 19:03 | openbsd | f09b465a1938 | 4e1406b4 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/11/06 12:37 | openbsd | 05dcfb71c047 | a6c9c731 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c | |||
| 2025/11/01 01:28 | openbsd | c58a321e760c | 2c50b6a9 | .config | console log | report | [disk image] [bsd.gdb] [kernel image] | ci-openbsd-main | assert "pr->ps_threadcnt == NUM" failed in kern_exit.c |