panic: kernel diagnostic assertion "!ISSET(p->p_flag, P_WSLEEP) || p->p_stat == SSTOP" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_sched.c", line 267 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *168540 18815 0 0 0 0K syz-executor.5 165577 53587 0 0 0x4000000 1 syz-executor.7 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff827964ff) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff82817276,ffffffff82825014,10b,ffffffff82844fee) at __assert+0x29 sys/kern/subr_prf.c:157 setrunqueue(ffff800020d58ff0,ffff8000212375e8,4d) at setrunqueue+0x2e5 sys/kern/kern_sched.c:265 schedcpu(ffffffff82d3fba8) at schedcpu+0x28b sys/kern/sched_bsd.c:236 timeout_run(ffffffff82d3fba8) at timeout_run+0xd0 sys/kern/kern_timeout.c:638 softclock_process_tick_timeout(ffffffff82d3fba8,0) at softclock_process_tick_timeout+0x1b0 sys/kern/kern_timeout.c:685 softclock(0) at softclock+0x130 sys/kern/kern_timeout.c:708 softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 end of kernel end trace frame: 0x71faf405ad00, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "!ISSET(p->p_flag, P_WSLEEP) || p->p_stat == SSTOP" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_sched.c", line 267 ddb{0}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff827964ff) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff82817276,ffffffff82825014,10b,ffffffff82844fee) at __assert+0x29 sys/kern/subr_prf.c:157 setrunqueue(ffff800020d58ff0,ffff8000212375e8,4d) at setrunqueue+0x2e5 sys/kern/kern_sched.c:265 schedcpu(ffffffff82d3fba8) at schedcpu+0x28b sys/kern/sched_bsd.c:236 timeout_run(ffffffff82d3fba8) at timeout_run+0xd0 sys/kern/kern_timeout.c:638 softclock_process_tick_timeout(ffffffff82d3fba8,0) at softclock_process_tick_timeout+0x1b0 sys/kern/kern_timeout.c:685 softclock(0) at softclock+0x130 sys/kern/kern_timeout.c:708 softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 end of kernel end trace frame: 0x71faf405ad00, count: -10 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff800024749810 rbx 0xffffffff82bf4b8f cpu_info_full_primary+0x2b8f rdx 0 rcx 0 rax 0xffff8000212a65a0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x3c9a8d240276a794 r11 0x552e35f9e0bdbe07 r12 0xffffffff82bf4990 cpu_info_full_primary+0x2990 r13 0 r14 0 r15 0x1 rip 0xffffffff8198e70c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff800024749800 ss 0 db_enter+0x1c: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.5) pid=168540 stat=onproc flags process=0 proc=0 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000212a7b60,0xffff8000212a6dd8 process=0xffff80002126ee28 user=0xffff800024744000, vmspace=0xfffffd806efcfae8 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 95444 171403 90387 0 2 0 syz-executor.0 95444 467075 90387 0 3 0x4000080 fsleep syz-executor.0 *18815 168540 64661 0 7 0 syz-executor.5 18815 495834 64661 0 2 0x4000000 syz-executor.5 52002 377346 73282 0 3 0x3800 suspend syz-executor.4 52002 117861 73282 0 2 0x40818a0 syz-executor.4 5505 304404 18442 0 3 0x80 nanoslp syz-executor.1 5505 291233 18442 0 3 0x4000080 fsleep syz-executor.1 5505 522248 18442 0 3 0x4000080 fsleep syz-executor.1 5505 39106 18442 0 3 0x4000080 fsleep syz-executor.1 57959 7228 28666 0 2 0 syz-executor.6 57959 262359 28666 0 2 0x4000000 syz-executor.6 57959 15065 28666 0 2 0x4000000 syz-executor.6 57959 406160 28666 0 2 0x4000000 syz-executor.6 57959 142350 28666 0 2 0x4000000 syz-executor.6 53587 1720 68860 0 2 0 syz-executor.7 53587 397998 68860 0 3 0x4000080 kqread syz-executor.7 53587 88897 68860 0 2 0x4000000 syz-executor.7 53587 165577 68860 0 7 0x4000000 syz-executor.7 95124 162183 13715 0 3 0x80 nanoslp syz-executor.3 95124 290027 13715 0 3 0x4000080 fsleep syz-executor.3 95124 97890 13715 0 3 0x4000080 kqread syz-executor.3 68860 177568 32503 0 3 0x82 nanoslp syz-executor.7 28666 156349 32503 0 3 0x82 nanoslp syz-executor.6 64661 150400 32503 0 3 0x82 nanoslp syz-executor.5 73282 449681 32503 0 2 0x2 syz-executor.4 13715 123230 32503 0 3 0x82 nanoslp syz-executor.3 71163 103336 32503 0 3 0x82 nanoslp syz-executor.2 18442 42330 32503 0 3 0x82 nanoslp syz-executor.1 90387 9830 32503 0 3 0x82 nanoslp syz-executor.0 32503 143153 88156 0 3 0x82 thrsleep syz-fuzzer 32503 119125 88156 0 3 0x4000082 thrsleep syz-fuzzer 32503 79864 88156 0 3 0x4000082 wait syz-fuzzer 32503 35731 88156 0 3 0x4000082 wait syz-fuzzer 32503 448749 88156 0 3 0x4000082 wait syz-fuzzer 32503 482299 88156 0 3 0x4000082 wait syz-fuzzer 32503 337739 88156 0 3 0x4000082 wait syz-fuzzer 32503 418362 88156 0 3 0x4000082 wait syz-fuzzer 32503 374603 88156 0 3 0x4000082 thrsleep syz-fuzzer 32503 116950 88156 0 3 0x4000082 wait syz-fuzzer 32503 442062 88156 0 3 0x4000082 thrsleep syz-fuzzer 32503 83821 88156 0 3 0x4000082 thrsleep syz-fuzzer 32503 122349 88156 0 3 0x4000082 wait syz-fuzzer 32503 422193 88156 0 3 0x4000082 kqread syz-fuzzer 32503 401644 88156 0 3 0x4000082 thrsleep syz-fuzzer 32503 508497 88156 0 3 0x4000082 thrsleep syz-fuzzer 88156 119874 97376 0 3 0x10008a sigsusp ksh 97376 367801 94983 0 3 0x9a kqread sshd 42168 234880 1 0 3 0x100083 ttyin getty 94983 378651 1 0 3 0x88 kqread sshd 4615 175621 80613 74 3 0x1100092 bpf pflogd 80613 255653 1 0 3 0x80 netio pflogd 80376 323096 38689 73 3 0x1100090 kqread syslogd 38689 158936 1 0 3 0x100082 netio syslogd 79789 247262 1 0 3 0x100080 kqread resolvd 11590 271298 12921 77 3 0x100092 kqread dhcpleased 57381 491320 12921 77 3 0x100092 kqread dhcpleased 12921 41894 1 0 3 0x80 kqread dhcpleased 12741 343116 0 0 3 0x14200 bored smr 26938 229766 0 0 2 0x14200 zerothread 19860 492574 0 0 3 0x14200 aiodoned aiodoned 15135 591 0 0 3 0x14200 syncer update 30656 183352 0 0 3 0x14200 cleaner cleaner 3324 217006 0 0 3 0x14200 reaper reaper 67199 489409 0 0 3 0x14200 pgdaemon pagedaemon 83128 268205 0 0 3 0x14200 bored viomb 46280 202683 0 0 3 0x40014200 acpi0 acpi0 87293 125899 0 0 3 0x40014200 idle1 86634 344414 0 0 3 0x14200 bored softnet3 19602 293036 0 0 3 0x14200 bored softnet2 93983 248696 0 0 3 0x14200 bored softnet1 70425 158346 0 0 3 0x14200 bored softnet0 87140 116121 0 0 3 0x14200 bored systqmp 90363 113678 0 0 3 0x14200 bored systq 15206 61953 0 0 3 0x40014200 bored softclock 24296 3537 0 0 3 0x40014200 idle0 1 510546 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive sched_lock &sched_lock r = 0 (0xffffffff82d3fb60) #0 witness_lock+0x447 #1 schedcpu+0x119 sys/kern/sched_bsd.c:219 #2 timeout_run+0xd0 sys/kern/kern_timeout.c:638 #3 softclock_process_tick_timeout+0x1b0 sys/kern/kern_timeout.c:685 #4 softclock+0x130 sys/kern/kern_timeout.c:708 #5 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 #6 Xsoftclock+0x27 shared mutex timeout r = 0 (0xffffffff82b9d148) #0 witness_lock+0x447 #1 timeout_run+0xbb sys/kern/kern_timeout.c:634 #2 softclock_process_tick_timeout+0x1b0 sys/kern/kern_timeout.c:685 #3 softclock+0x130 sys/kern/kern_timeout.c:708 #4 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 #5 Xsoftclock+0x27 Process 18815 (syz-executor.5) thread 0xffff8000212a65a0 (168540) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82c49c88) #0 witness_lock+0x447 #1 softintr_dispatch+0x52 sys/arch/amd64/amd64/softintr.c:88 #2 Xsoftclock+0x27 exclusive sched_lock &sched_lock r = 0 (0xffffffff82d3fb60) #0 witness_lock+0x447 #1 schedcpu+0x119 sys/kern/sched_bsd.c:219 #2 timeout_run+0xd0 sys/kern/kern_timeout.c:638 #3 softclock_process_tick_timeout+0x1b0 sys/kern/kern_timeout.c:685 #4 softclock+0x130 sys/kern/kern_timeout.c:708 #5 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 #6 Xsoftclock+0x27 shared mutex timeout r = 0 (0xffffffff82b9d148) #0 witness_lock+0x447 #1 timeout_run+0xbb sys/kern/kern_timeout.c:634 #2 softclock_process_tick_timeout+0x1b0 sys/kern/kern_timeout.c:685 #3 softclock+0x130 sys/kern/kern_timeout.c:708 #4 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 #5 Xsoftclock+0x27 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10230 6508K 6575K 78643K 18246 0 pcb 13 12K 17K 78643K 4812 0 rtable 234 6K 6K 78643K 348 0 pf 32 9K 10K 78643K 43 0 ifaddr 45 15K 15K 78643K 47 0 ifgroup 55 2K 2K 78643K 55 0 counters 60 35K 35K 78643K 60 0 ioctlops 0 0K 4K 78643K 3388 0 iov 0 0K 12K 78643K 858 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1409 88K 88K 78643K 21762 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 13K 78643K 923 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 749 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 17 61K 89K 78643K 50673 0 sigio 0 0K 0K 78643K 587 0 proc 68 91K 115K 78643K 1052 0 subproc 104 6K 6K 78643K 104 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 99 7K 7K 78643K 99 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 307 1367K 1367K 78643K 307 0 exec 0 0K 1K 78643K 511 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 356 86K 86K 78643K 446213 0 UVM aobj 131 8K 8K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 12 0K 1K 78643K 28 0 temp 73 5868K 5996K 78643K 113304 0 kqueue 13 18K 31K 78643K 9755 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 33 0 30 1 0 1 1 0 8 0 rtentry 112 111 0 1 4 0 4 4 0 8 0 unpcb 144 33127 0 33112 142 140 2 10 0 8 1 syncache 296 4 0 4 1 1 0 1 0 8 0 tcpqe 32 82 0 82 1 1 0 1 0 8 0 tcpcb 808 2006 0 2002 31 30 1 7 0 8 0 arp 120 18 0 0 1 0 1 1 0 8 0 inpcb 368 8520 0 8513 104 103 1 10 0 8 0 nd6 136 24 0 0 1 0 1 1 0 8 0 kcovpl 48 8 0 0 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 27 0 25 1 0 1 1 0 8 0 pfstkey 128 27 0 25 1 0 1 1 0 8 0 pfstate 376 27 0 25 2 1 1 2 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 453 0 0 29 0 29 29 0 8 0 art_table 32 454 0 0 4 0 4 4 0 8 0 art_node 16 110 0 10 1 0 1 1 0 8 0 sysvmsgpl 40 98 0 98 4 4 0 1 0 8 0 semapl 112 747 0 737 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 69584 0 68138 91 0 91 91 0 8 0 ffsino 272 69584 0 68138 97 0 97 97 0 8 0 nchpl 144 135361 0 133673 64 0 64 64 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 403425 0 403425 3 2 1 2 0 8 1 percpumem 16 43 0 0 1 0 1 1 0 8 0 kstatmem 264 24 0 0 2 0 2 2 0 8 0 scxspl 216 329405 0 329405 22 21 1 8 0 8 1 plimitpl 152 139 0 122 1 0 1 1 0 8 0 sigapl 424 50985 0 50937 8 2 6 7 0 8 0 futexpl 64 317148 0 317142 1 0 1 1 0 8 0 knotepl 120 126 0 0 4 0 4 4 0 8 0 kqueuepl 216 15823 0 15812 74 69 5 8 0 8 4 pipepl 320 26316 0 26287 233 225 8 14 0 8 5 fdescpl 496 50968 0 50938 5 0 5 5 0 8 0 filepl 152 309820 0 309577 329 311 18 27 0 8 8 lockfpl 104 3260 0 3258 5 4 1 3 0 8 0 lockfspl 48 1350 0 1348 1 0 1 1 0 8 0 sessionpl 144 24 0 7 1 0 1 1 0 8 0 pgrppl 48 277 0 260 1 0 1 1 0 8 0 ucredpl 104 88884 0 88872 1 0 1 1 0 8 0 zombiepl 144 50938 0 50937 1 0 1 1 0 8 0 processpl 1072 50985 0 50937 4 0 4 4 0 8 0 procpl 696 115445 0 115367 33 25 8 8 0 8 0 sockpl 488 41686 0 41661 528 520 8 35 0 8 4 mcl64k 65536 65 0 0 7 4 3 3 0 8 0 mcl16k 16384 54 0 0 5 2 3 3 0 8 0 mcl12k 12288 41 0 0 2 0 2 2 0 8 0 mcl9k 9216 29 0 0 2 0 2 2 0 8 0 mcl8k 8192 57 0 0 4 1 3 3 0 8 0 mcl4k 4096 49 0 0 6 3 3 3 0 8 0 mcl2k2 2112 7 0 0 1 0 1 1 0 8 0 mcl2k 2048 416 0 0 30 17 13 30 0 8 0 mtagpl 96 1 0 0 1 0 1 1 0 8 0 mbufpl 256 1573 0 0 18 2 16 18 0 8 0 bufpl 288 55332 0 49012 452 0 452 452 0 8 0 anonpl 24 3579938 0 3571298 94 39 55 76 0 186 0 amapchunkpl 152 1401587 0 1400768 168 134 34 36 0 158 1 amappl16 200 52522 0 52343 54 44 10 22 0 8 0 amappl15 192 27 0 26 1 0 1 1 0 8 0 amappl14 184 226 0 208 2 0 2 2 0 8 0 amappl13 176 15 0 15 2 2 0 1 0 8 0 amappl12 168 51620 0 51586 3 1 2 2 0 8 0 amappl11 160 55 0 41 1 0 1 1 0 8 0 amappl10 152 66 0 56 1 0 1 1 0 8 0 amappl9 144 469 0 468 2 1 1 2 0 8 0 amappl8 136 668 0 577 4 0 4 4 0 8 0 amappl7 128 181 0 160 1 0 1 1 0 8 0 amappl6 120 639 0 622 2 1 1 2 0 8 0 amappl5 112 1428 0 1418 1 0 1 1 0 8 0 amappl4 104 1025 0 983 3 1 2 3 0 8 0 amappl3 96 284054 0 283955 4 1 3 3 0 8 0 amappl2 88 52658 0 52591 3 1 2 3 0 8 0 amappl1 80 174548 0 173993 23 10 13 23 0 8 0 amappl 88 445647 0 445425 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 50968 0 50938 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 50968 0 50938 1 0 1 1 0 8 0 vmmpekpl 168 310409 0 310359 3 0 3 3 0 8 0 vmmpepl 168 2728392 0 2726196 214 116 98 116 0 357 0 vmsppl 464 50967 0 50938 5 1 4 5 0 8 0 rwobjpl 56 561248 0 553881 116 11 105 107 0 8 0 pdppl 4096 101944 0 101876 1840 1770 70 82 0 8 2 pvpl 32 12728937 0 12714217 433 309 124 345 0 265 0 pmappl 248 50967 0 50938 3 1 2 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 2724 0 1936 24 0 24 24 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff827964ff) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff82817276,ffffffff82825014,10b,ffffffff82844fee) at __assert+0x29 sys/kern/subr_prf.c:157 setrunqueue(ffff800020d58ff0,ffff8000212375e8,4d) at setrunqueue+0x2e5 sys/kern/kern_sched.c:265 schedcpu(ffffffff82d3fba8) at schedcpu+0x28b sys/kern/sched_bsd.c:236 timeout_run(ffffffff82d3fba8) at timeout_run+0xd0 sys/kern/kern_timeout.c:638 softclock_process_tick_timeout(ffffffff82d3fba8,0) at softclock_process_tick_timeout+0x1b0 sys/kern/kern_timeout.c:685 softclock(0) at softclock+0x130 sys/kern/kern_timeout.c:708 softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x27 end of kernel end trace frame: 0x71faf405ad00, count: -10 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:577 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:148 __mp_lock(ffffffff82c49a80) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82c49a80) at __mp_lock+0x133 sys/kern/kern_lock.c:147 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 kd_curproc sys/dev/kcov.c:577 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x29 sys/dev/kcov.c:148 __mp_lock(ffffffff82c49a80) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82c49a80) at __mp_lock+0x133 sys/kern/kern_lock.c:147 end trace frame: 0x0, count: -5