syzbot

 sign-in | mailing list | source | docs
🐞 Open [144]
🐞 Fixed [274]
🐞 Invalid [739]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: thread -ADDR p_stat is -NUM

Status: upstream: reported on 2024/11/04 11:32
Reported-by: syzbot+964b416fdc3c5d9c8cb4@syzkaller.appspotmail.com
First crash: 17d, last: 14d

Sample crash report:
panic: thread -538976289 p_stat is -33
Starting stack trace...
panic(ffffffff83036e99) at panic+0x1ba sys/kern/subr_prf.c:229
wakeup_n(fffffd8060c14d50,ffffffff) at wakeup_n+0x395 sys/kern/kern_synch.c:563
sd_buf_done(fffffd8076b3c130) at sd_buf_done+0x2da sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2218) at vioscsi_vq_done+0xe1
intr_handler(ffff800037666960,ffff800000077c80) at intr_handler+0xcf
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
softintr_dispatch(0) at softintr_dispatch+0xd4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x27
buf_get(0,0,1000004) at buf_get+0x5d5 sys/kern/vfs_bio.c:1174
geteblk(1000004) at geteblk+0x3c
readdisklabel(2902,ffffffff82e8a670,ffff8000012e5a00,0) at readdisklabel+0x1c4 sys/arch/amd64/amd64/disksubr.c:96
vndopen(2902,1,2000,ffff8000376602b0) at vndopen+0x207 sys/dev/vnd.c:204
spec_open(ffff800037666e78) at spec_open+0x2e9 sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd8070a0cd08,1,fffffd807f7d7888,ffff8000376602b0) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff8000376670c8,1,0) at vn_open+0x708 sys/kern/vfs_vnops.c:177
doopenat(ffff8000376602b0,ffffff9c,20000180,0,0,ffff800037667270) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123
syscall(ffff800037667320) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa0f4ad76ed0, count: 238
End of stack trace.
syncing disks...up
anic: thread 0 p_stat is 0
Starting stack trace...
panic(ffffffff83036e99) at panic+0x1ba sys/kern/subr_prf.c:229
wakeup_n(ffff80000002c000,1) at wakeup_n+0x395 sys/kern/kern_synch.c:563
task_add(ffff80000002c000,ffff8000000394a8) at task_add+0x15e sys/kern/kern_task.c:374
ifiq_input(ffff800000039468,ffff8000376659d0) at ifiq_input+0x38d sys/net/ifq.c:780
vio_rxeof(ffff800000078b00) at vio_rxeof+0x371 sys/dev/pv/if_vio.c:1317
vio_rx_intr(ffff80000019e000) at vio_rx_intr+0x78 sys/dev/pv/if_vio.c:1333
intr_handler(ffff800037665b20,ffff800000078780) at intr_handler+0xcf
Xintr_ioapic_edge25_untramp() at Xintr_ioapic_edge25_untramp+0x18f
Xspllower() at Xspllower+0x1d
cnputc(75) at cnputc+0x61 sys/dev/cons.c:218
db_putchar(75) at db_putchar+0x65c sys/ddb/db_output.c:155
kprintf() at kprintf+0x2aaa sys/kern/subr_prf.c:1065
db_printf(ffffffff8306af19) at db_printf+0x9b
fault(ffffffff8301524c) at fault+0xa3 sys/arch/amd64/amd64/trap.c:157
kpageflttrap(ffff800037665fc0,8) at kpageflttrap+0x34d sys/arch/amd64/amd64/trap.c:290
kerntrap(ffff800037665fc0) at kerntrap+0x138 sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7bs
et $lines = 0
softclock(0) at softclock+0xf7 sys/kern/kern_timeout.c:748
softintr_dispatch(0) at softintr_dispatch+0xea sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
Xspllower() at Xspllower+0x1d
tsleep(ffffffff835555c8,4,ffffffff83039b3c,0) at tsleep+0x174 sys/kern/kern_synch.c:151
uvn_io(fffffd80703fa7e8,ffff8000376664a0,1,31,1) at uvn_io+0x765 sys/uvm/uvm_vnode.c:1319
uvn_put(fffffd80703fa7e8,ffff8000376664a0,1,31) at uvn_put+0x125 sys/uvm/uvm_vnode.c:927
uvm_pager_put(fffffd80703fa7e8,fffffd8006ce6880,ffff800037666538,ffff800037666570,31,0,2a2c00b1c70c46b4) at uvm_pager_put+0x18e sys/uvm/uvm_pager.c:525
uvn_flush(fffffd80703fa7e8,0,0,31) at uvn_flush+0x726 sys/uvm/uvm_vnode.c:726
uvm_vnp_sync(ffff800000b5d400) at uvm_vnp_sync+0x1e7 sys/uvm/uvm_vnode.c:1541
sys_sync(ffff8000376602b0,0,0) at sys_sync+0xd4 sys/kern/vfs_syscalls.c:536
vfs_syncwait(ffff8000376602b0,1) at vfs_syncwait+0x44
vfs_shutdown(ffff8000376602b0) at vfs_shutdown+0x97 sys/kern/vfs_subr.c:1793
boot(100) at boot+0x153 sys/arch/amd64/amd64/machdep.c:907
reboot(100) at reboot+0xa8
panic(ffffffff83036e99) at panic+0x1e3 sys/kern/subr_prf.c:231
wakeup_n(fffffd8060c14d50,ffffffff) at wakeup_n+0x395 sys/kern/kern_synch.c:563
sd_buf_done(fffffd8076b3c130) at sd_buf_done+0x2da sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2218) at vioscsi_vq_done+0xe1
intr_handler(ffff800037666960,ffff800000077c80) at intr_handler+0xcf
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
softintr_dispatch(0) at softintr_dispatch+0xd4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x27
buf_get(0,0,1000004) at buf_get+0x5d5 sys/kern/vfs_bio.c:1174
geteblk(1000004) at geteblk+0x3c
readdisklabel(2902,ffffffff82e8a670,ffff8000012e5a00,0) at readdisklabel+0x1c4 sys/arch/amd64/amd64/disksubr.c:96
vndopen(2902,1,2000,ffff8000376602b0) at vndopen+0x207 sys/dev/vnd.c:204
spec_open(ffff800037666e78) at spec_open+0x2e9 sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd8070a0cd08,1,fffffd807f7d7888,ffff8000376602b0) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff8000376670c8,1,0) at vn_open+0x708 sys/kern/vfs_vnops.c:177
doopenat(ffff8000376602b0,ffffff9c,2s0et $maxwidth = 00
00180,0,0,ffff800037667270) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123
syscall(ffff800037667320) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa0f4ad76ed0, count: 206
End of stack trace.

dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2     Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 8a8635c2-f252-d190-235a-0f50a6ed73cd
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f27c0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.67
boot> show panic
boot: illegal argument panic
boot> trace
boot> show registers
boot> show proc
boot> ps
boot> show all locks
boot> show malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/07 11:07 openbsd 91f7c8466953 df3dc63b .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main panic: thread -ADDR p_stat is -NUM
2024/11/04 11:31 openbsd 8eda69bd84da f00eed24 .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main panic: thread -ADDR p_stat is -NUM
* Struck through repros no longer work on HEAD.