panic: kernel diagnostic assertion "!ISSET(p->p_flag, P_WSLEEP) || p->p_stat == SSTOP" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_sched.c", line 265 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 19193 9092 32767 0x10 0x4000000 1 syz-executor.3 * 39934 29182 32767 0x10 0 0K syz-executor.5 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82798bd9) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff82816cb5,ffffffff82768e68,109,ffffffff82844c25) at __assert+0x29 sys/kern/subr_prf.c:157 setrunqueue(ffff800020d58ff0,ffff800021235068,42) at setrunqueue+0x2e5 sys/kern/kern_sched.c:263 schedcpu(ffffffff82d053f0) at schedcpu+0x28b sys/kern/sched_bsd.c:236 timeout_run(ffffffff82d053f0) at timeout_run+0xd0 sys/kern/kern_timeout.c:640 softclock_process_tick_timeout(ffffffff82d053f0,0) at softclock_process_tick_timeout+0x1b0 sys/kern/kern_timeout.c:687 softclock(0) at softclock+0x130 sys/kern/kern_timeout.c:710 softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 end of kernel end trace frame: 0x76b9686d7770, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "!ISSET(p->p_flag, P_WSLEEP) || p->p_stat == SSTOP" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_sched.c", line 265 ddb{0}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82798bd9) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff82816cb5,ffffffff82768e68,109,ffffffff82844c25) at __assert+0x29 sys/kern/subr_prf.c:157 setrunqueue(ffff800020d58ff0,ffff800021235068,42) at setrunqueue+0x2e5 sys/kern/kern_sched.c:263 schedcpu(ffffffff82d053f0) at schedcpu+0x28b sys/kern/sched_bsd.c:236 timeout_run(ffffffff82d053f0) at timeout_run+0xd0 sys/kern/kern_timeout.c:640 softclock_process_tick_timeout(ffffffff82d053f0,0) at softclock_process_tick_timeout+0x1b0 sys/kern/kern_timeout.c:687 softclock(0) at softclock+0x130 sys/kern/kern_timeout.c:710 softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 end of kernel end trace frame: 0x76b9686d7770, count: -10 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002612b8a0 rbx 0xffffffff82b72b8f cpu_info_full_primary+0x2b8f rdx 0 rcx 0xffff8000212d5338 rax 0xffffffff82b71ff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x166e4544a41bce47 r11 0x9aaa79c4a5350cb6 r12 0xffffffff82b72990 cpu_info_full_primary+0x2990 r13 0 r14 0 r15 0x1 rip 0xffffffff81cfcb4c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002612b890 ss 0 db_enter+0x1c: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.5) pid=39934 stat=onproc flags process=10 proc=0 pri=74, usrpri=74, nice=20 forw=0xffffffffffffffff, list=0xffff8000212d4858,0xffff8000212d5600 process=0xffff800027751d68 user=0xffff800026126000, vmspace=0xfffffd807effa1d0 estcpu=24, cpticks=1, pctcpu=0.0 user=1, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 96008 159866 13652 32767 2 0x10 syz-executor.1 96008 208109 13652 32767 2 0x4000010 syz-executor.1 9092 337104 88103 32767 2 0x10 syz-executor.3 9092 516681 88103 32767 2 0x4000010 syz-executor.3 9092 19193 88103 32767 7 0x4000010 syz-executor.3 22182 158626 74421 32767 2 0x10 syz-executor.7 22182 462347 74421 32767 2 0x4000010 syz-executor.7 17656 2323 7893 32767 2 0x10 syz-executor.6 *29182 39934 13613 32767 7 0x10 syz-executor.5 29182 286145 13613 32767 2 0x4000010 syz-executor.5 28728 165778 37253 32767 3 0x3810 suspend syz-executor.4 28728 482373 37253 32767 2 0x40818b0 syz-executor.4 59577 523817 78915 32767 2 0x10 syz-executor.0 56364 511353 54050 0 3 0x82 wait syz-executor.2 78915 43348 33440 32767 3 0x90 nanoslp syz-executor.0 33440 264778 54050 0 3 0x82 wait syz-executor.0 7893 10396 10076 32767 3 0x90 nanoslp syz-executor.6 10076 377757 54050 0 3 0x82 wait syz-executor.6 13613 18095 17200 32767 3 0x90 nanoslp syz-executor.5 17200 436181 54050 0 3 0x82 wait syz-executor.5 13652 355648 55182 32767 3 0x90 nanoslp syz-executor.1 55182 397555 54050 0 3 0x82 wait syz-executor.1 74421 82076 59166 32767 3 0x90 nanoslp syz-executor.7 59166 279501 54050 0 3 0x82 wait syz-executor.7 37253 261373 82304 32767 3 0x90 nanoslp syz-executor.4 82304 370325 54050 0 3 0x82 wait syz-executor.4 88103 21516 884 32767 3 0x90 nanoslp syz-executor.3 884 344367 54050 0 3 0x82 wait syz-executor.3 95442 479125 0 0 3 0x14200 bored sosplice 54050 162576 78031 0 3 0x82 thrsleep syz-fuzzer 54050 189403 78031 0 3 0x4000082 nanoslp syz-fuzzer 54050 494626 78031 0 3 0x4000082 wait syz-fuzzer 54050 268151 78031 0 3 0x4000082 wait syz-fuzzer 54050 151868 78031 0 2 0x4000002 syz-fuzzer 54050 501731 78031 0 3 0x4000082 wait syz-fuzzer 54050 481749 78031 0 3 0x4000082 wait syz-fuzzer 54050 473970 78031 0 3 0x4000082 thrsleep syz-fuzzer 54050 82199 78031 0 3 0x4000082 thrsleep syz-fuzzer 54050 508035 78031 0 3 0x4000082 wait syz-fuzzer 54050 105310 78031 0 3 0x4000082 thrsleep syz-fuzzer 54050 491258 78031 0 2 0x4000002 syz-fuzzer 54050 62537 78031 0 3 0x4000082 wait syz-fuzzer 54050 405448 78031 0 3 0x4000082 thrsleep syz-fuzzer 54050 64516 78031 0 3 0x4000082 wait syz-fuzzer 54050 338190 78031 0 3 0x4000082 wait syz-fuzzer 78031 488778 53584 0 3 0x10008a sigsusp ksh 53584 228486 44273 0 3 0x9a kqread sshd 7078 280432 1 0 3 0x100083 ttyin getty 44273 347237 1 0 3 0x88 kqread sshd 95292 384842 7305 73 3 0x1100090 kqread syslogd 7305 183085 1 0 3 0x100082 netio syslogd 21256 121182 1 0 3 0x100080 kqread resolvd 24827 289303 79943 77 3 0x100092 kqread dhcpleased 37878 26724 79943 77 3 0x100092 kqread dhcpleased 79943 155430 1 0 3 0x80 kqread dhcpleased 70131 463609 0 0 3 0x14200 bored smr 18145 327113 0 0 2 0x14200 zerothread 33792 98303 0 0 3 0x14200 aiodoned aiodoned 7393 265500 0 0 3 0x14200 syncer update 91716 341575 0 0 3 0x14200 cleaner cleaner 17810 295523 0 0 3 0x14200 reaper reaper 13479 136925 0 0 3 0x14200 pgdaemon pagedaemon 53009 406050 0 0 3 0x14200 bored viomb 3899 511473 0 0 3 0x40014200 acpi0 acpi0 6511 257885 0 0 3 0x40014200 idle1 56977 328876 0 0 3 0x14200 bored softnet3 81496 483091 0 0 3 0x14200 bored softnet2 40262 521697 0 0 3 0x14200 bored softnet1 90798 179461 0 0 3 0x14200 bored softnet0 56535 45265 0 0 3 0x14200 bored systqmp 27357 50560 0 0 3 0x14200 bored systq 35625 128381 0 0 3 0x40014200 bored softclock 82347 354651 0 0 3 0x40014200 idle0 1 33063 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive sched_lock &sched_lock r = 0 (0xffffffff82d053a8) #0 witness_lock+0x447 #1 schedcpu+0x119 sys/kern/sched_bsd.c:219 #2 timeout_run+0xd0 sys/kern/kern_timeout.c:640 #3 softclock_process_tick_timeout+0x1b0 sys/kern/kern_timeout.c:687 #4 softclock+0x130 sys/kern/kern_timeout.c:710 #5 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 #6 Xsoftclock+0x27 shared mutex timeout r = 0 (0xffffffff82c16410) #0 witness_lock+0x447 #1 timeout_run+0xbb sys/kern/kern_timeout.c:636 #2 softclock_process_tick_timeout+0x1b0 sys/kern/kern_timeout.c:687 #3 softclock+0x130 sys/kern/kern_timeout.c:710 #4 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 #5 Xsoftclock+0x27 Process 29182 (syz-executor.5) thread 0xffff8000212d5338 (39934) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82d7cbc0) #0 witness_lock+0x447 #1 softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88 #2 Xsoftclock+0x27 exclusive sched_lock &sched_lock r = 0 (0xffffffff82d053a8) #0 witness_lock+0x447 #1 schedcpu+0x119 sys/kern/sched_bsd.c:219 #2 timeout_run+0xd0 sys/kern/kern_timeout.c:640 #3 softclock_process_tick_timeout+0x1b0 sys/kern/kern_timeout.c:687 #4 softclock+0x130 sys/kern/kern_timeout.c:710 #5 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 #6 Xsoftclock+0x27 shared mutex timeout r = 0 (0xffffffff82c16410) #0 witness_lock+0x447 #1 timeout_run+0xbb sys/kern/kern_timeout.c:636 #2 softclock_process_tick_timeout+0x1b0 sys/kern/kern_timeout.c:687 #3 softclock+0x130 sys/kern/kern_timeout.c:710 #4 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 #5 Xsoftclock+0x27 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10182 6408K 6419K 78643K 11389 0 pcb 13 12K 14K 78643K 17 0 rtable 240 6K 7K 78643K 1727 0 pf 29 8K 8K 78643K 115 0 ifaddr 44 15K 16K 78643K 222 0 ifgroup 50 2K 2K 78643K 222 0 sysctl 3 1K 1K 78643K 4 0 counters 60 35K 35K 78643K 146 0 ioctlops 0 0K 2K 78643K 345 0 iov 0 0K 20K 78643K 1403 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1279 80K 80K 78643K 3786 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 13K 78643K 693 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 1K 78643K 533 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 25 93K 113K 78643K 15168 0 sigio 0 0K 0K 78643K 321 0 proc 56 78K 115K 78643K 2455 0 subproc 104 6K 6K 78643K 663 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 396 0 in_multi 99 7K 7K 78643K 721 0 ether_multi 1 0K 0K 78643K 17 0 mrt 1 0K 0K 78643K 2 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 73 334K 334K 78643K 73 0 exec 0 0K 1K 78643K 3380 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 443 93K 105K 78643K 150191 0 UVM aobj 131 4K 4K 78643K 136 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 294 0 NDP 13 0K 2K 78643K 156 0 temp 74 5872K 6000K 78643K 42156 0 kqueue 12 18K 26K 78643K 1622 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 281 0 278 2 1 1 2 0 8 0 rtentry 112 613 0 500 4 0 4 4 0 8 0 unpcb 144 17756 0 17743 114 108 6 6 0 8 5 syncache 296 149 0 149 26 26 0 1 0 8 0 tcpqe 32 205 0 205 23 23 0 1 0 8 0 tcpcb 808 5052 0 5048 130 129 1 14 0 8 0 arp 120 104 0 86 1 0 1 1 0 8 0 ipq 40 64 0 64 6 6 0 1 0 8 0 ipqe 40 248 0 248 6 6 0 1 0 8 0 inpcb 368 8786 0 8779 151 149 2 15 0 8 1 nd6 136 182 0 155 1 0 1 1 0 8 0 kcovpl 48 51 0 43 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 2504 0 2041 34 4 30 30 0 8 0 art_table 32 2505 0 2041 4 0 4 4 0 8 0 art_node 16 612 0 509 1 0 1 1 0 8 0 sysvmsgpl 40 77 0 67 1 0 1 1 0 8 0 semupl 112 9 0 9 1 1 0 1 0 8 0 semapl 112 490 0 480 1 0 1 1 0 8 0 shmpl 112 133 0 5 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 20097 0 18649 91 0 91 91 0 8 0 ffsino 272 20097 0 18649 97 0 97 97 0 8 0 nchpl 144 42911 0 41270 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 142588 0 142588 4 3 1 2 0 8 1 percpumem 16 86 0 43 1 0 1 1 0 8 0 kstatmem 264 108 0 86 2 0 2 2 0 8 0 scxspl 216 109967 0 109967 40 39 1 8 0 8 1 plimitpl 152 2585 0 2561 21 19 2 2 0 8 1 sigapl 424 15367 0 15313 8 1 7 7 0 8 1 futexpl 64 126014 0 126013 1 0 1 1 0 8 0 knotepl 120 969 0 0 15 1 14 14 0 8 0 kqueuepl 216 2871 0 2863 44 43 1 5 0 8 0 pipepl 320 3567 0 3539 69 62 7 9 0 8 4 fdescpl 496 15349 0 15313 6 1 5 6 0 8 0 filepl 152 97313 0 97080 157 142 15 20 0 8 5 lockfpl 104 27821 0 27816 3 2 1 2 0 8 0 lockfspl 48 4356 0 4351 1 0 1 1 0 8 0 sessionpl 144 66 0 50 1 0 1 1 0 8 0 pgrppl 48 442 0 426 1 0 1 1 0 8 0 ucredpl 104 12975 0 12957 1 0 1 1 0 8 0 zombiepl 144 15314 0 15313 1 0 1 1 0 8 0 processpl 1072 15367 0 15313 4 0 4 4 0 8 0 procpl 696 42262 0 42187 27 18 9 9 0 8 1 sosppl 168 258 0 258 25 25 0 1 0 8 0 sockpl 488 27406 0 27378 354 340 14 29 0 8 8 mcl64k 65536 37 0 0 4 1 3 3 0 8 0 mcl16k 16384 25 0 0 4 1 3 3 0 8 0 mcl12k 12288 35 0 0 2 0 2 2 0 8 0 mcl9k 9216 28 0 0 2 0 2 2 0 8 0 mcl8k 8192 17 0 0 3 0 3 3 0 8 0 mcl4k 4096 67 0 0 6 0 6 6 0 8 0 mcl2k2 2112 15 0 0 1 0 1 1 0 8 0 mcl2k 2048 403 0 0 33 10 23 33 0 8 0 mtagpl 96 17 0 0 1 0 1 1 0 8 0 mbufpl 256 2357 0 0 111 0 111 111 0 8 0 bufpl 288 24928 0 18613 452 0 452 452 0 8 0 anonpl 24 1602451 0 1593035 216 131 85 102 0 186 0 amapchunkpl 152 476773 0 475935 129 88 41 46 0 158 2 amappl16 200 32462 0 32199 149 133 16 36 0 8 0 amappl15 192 14 0 14 2 2 0 1 0 8 0 amappl14 184 294 0 275 5 3 2 2 0 8 1 amappl13 176 18 0 18 3 3 0 1 0 8 0 amappl12 168 16623 0 16580 3 1 2 2 0 8 0 amappl11 160 43 0 33 1 0 1 1 0 8 0 amappl10 152 81 0 68 1 0 1 1 0 8 0 amappl9 144 272 0 271 3 2 1 2 0 8 0 amappl8 136 870 0 697 7 0 7 7 0 8 0 amappl7 128 228 0 207 1 0 1 1 0 8 0 amappl6 120 648 0 626 2 1 1 2 0 8 0 amappl5 112 602 0 596 1 0 1 1 0 8 0 amappl4 104 1445 0 1403 2 0 2 2 0 8 0 amappl3 96 92615 0 92522 20 16 4 4 0 8 1 amappl2 88 16040 0 15970 4 2 2 3 0 8 0 amappl1 80 64132 0 63598 22 9 13 22 0 8 0 amappl 88 148850 0 148593 8 1 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 135 0 5 3 0 3 3 0 8 0 uaddrrnd 24 15350 0 15314 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 15350 0 15314 1 0 1 1 0 8 0 vmmpekpl 168 124211 0 124150 5 1 4 4 0 8 0 vmmpepl 168 903768 0 901281 286 163 123 125 0 357 4 vmsppl 464 15349 0 15314 6 1 5 6 0 8 0 rwobjpl 56 228177 0 220732 121 12 109 109 0 8 0 pdppl 4096 30708 0 30628 598 518 80 90 0 8 0 pvpl 32 4349859 0 4334228 480 315 165 343 0 265 0 pmappl 248 15349 0 15314 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1725 0 817 27 0 27 27 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82798bd9) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff82816cb5,ffffffff82768e68,109,ffffffff82844c25) at __assert+0x29 sys/kern/subr_prf.c:157 setrunqueue(ffff800020d58ff0,ffff800021235068,42) at setrunqueue+0x2e5 sys/kern/kern_sched.c:263 schedcpu(ffffffff82d053f0) at schedcpu+0x28b sys/kern/sched_bsd.c:236 timeout_run(ffffffff82d053f0) at timeout_run+0xd0 sys/kern/kern_timeout.c:640 softclock_process_tick_timeout(ffffffff82d053f0,0) at softclock_process_tick_timeout+0x1b0 sys/kern/kern_timeout.c:687 softclock(0) at softclock+0x130 sys/kern/kern_timeout.c:710 softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 end of kernel end trace frame: 0x76b9686d7770, count: -10 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82d7c9b8) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82d7c9b8) at __mp_lock+0x129 sys/kern/kern_lock.c:147 end trace frame: 0x0, count: 11 ddb{1}> trace x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82d7c9b8) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82d7c9b8) at __mp_lock+0x129 sys/kern/kern_lock.c:147 end trace frame: 0x0, count: -4