syncing disks...panic: kernel diagnostic assertion "(sih->sih_state & SIS_RESTART) == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_softintr.c", line 181 Starting stack trace... panic(ffffffff83435427) at panic+0x1ba sys/kern/subr_prf.c:229 __assert(ffffffff833dfe56,ffffffff83409c32,b5,ffffffff8333e281) at __assert+0x29 sys/kern/subr_prf.c:-1 softintr_schedule(ffff80000002a040) at softintr_schedule+0x1d9 timeout_hardclock_update() at timeout_hardclock_update+0x72b sys/kern/kern_timeout.c:678 clockintr_hardclock(ffffffff83887c18,ffff80002a8ed050,0) at clockintr_hardclock+0x148 sys/kern/kern_clockintr.c:-1 clockintr_dispatch(ffff80002a8ed050) at clockintr_dispatch+0x32a sys/kern/kern_clockintr.c:-1 lapic_clockintr(0,0) at lapic_clockintr+0x43 sys/arch/amd64/amd64/lapic.c:489 Xresume_lapic_ltimer() at Xresume_lapic_ltimer+0x2a __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x1a kd_curproc sys/dev/kcov.c:580 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x1a sys/dev/kcov.c:153 tsleep_nsec(ffffffff8399ccb8,4,ffffffff8339cb27,ffffffffffffffff) at tsleep_nsec+0x168 sys/kern/kern_synch.c:140 uvn_io(fffffd806e68bd88,ffff80002a8ed370,1,31,1) at uvn_io+0x765 sys/uvm/uvm_vnode.c:1310 uvn_put(fffffd806e68bd88,ffff80002a8ed370,1,31) at uvn_put+0x125 sys/uvm/uvm_vnode.c:922 uvm_pager_put(fffffd806e68bd88,fffffd800718aa00,ffff80002a8ed400,ffff80002a8ed42c,31,0,2cbfaffa45da2d0e) at uvm_pager_put+0x163 sys/uvm/uvm_pager.c:524 uvn_flush(fffffd806e68bd88,0,0,31) at uvn_flush+0x6fe sys/uvm/uvm_vnode.c:723 uvm_vnp_sync(ffff800000b57800) at uvm_vnp_sync+0x1e7 sys/uvm/uvm_vnode.c:1532 sys_sync(ffff80002a7c2f78,0,0) at sys_sync+0xd4 sys/kern/vfs_syscalls.c:534 vfs_syncwait(ffff80002a7c2f78,1) at vfs_syncwait+0x44 sys/kern/vfs_subr.c:-1 vfs_shutdown(ffff80002a7c2f78) at vfs_shutdown+0x97 sys/kern/vfs_subr.c:1810 boot(100) at boot+0x153 sys/arch/amd64/amd64/machdep.c:912 reboot(100) at reboot+0xa8 sys/kern/kern_xxx.c:75 panic(ffffffff83309542) at panic+0x1e3 sys/kern/subr_prf.c:231 kerntrap(ffff80002a8ed710) at kerntrap+0x28b sys/arch/amd64/amd64/trap.c:327 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b sys_semop(ffff80002a7c2f78,ffff80002a8ed9c0,ffff80002a8ed910) at sys_semop+0x45b sys/kern/sysv_sem.c:615 syscall(ffff80002a8ed9c0) at syscall+0x97e mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a8ed9c0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:579 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xdd16193baa0, count: 231 End of stack trace. WARNING: SPL NOT LOWERED ON SYSCALL 72 9 EXIT 0 c Stopped at savectx+0xae: movl $0,%gs:0x688 TID PID UID PRFLAGS PFLAGS CPU COMMAND *133287 6327 73 0x1100010 0 0 syslogd savectx() at savectx+0xae end of kernel end trace frame: 0x721f64c72ba0, count: 14 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: trap type 4, code=0, pc=ffffffff828810cb ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x721f64c72ba0, count: -1 ddb> show registers rdi 0 rsi 0 rbp 0xffff80002a7fdeb0 rbx 0 rdx 0 rcx 0 rax 0x32 r8 0xffff80002a7fdde0 r9 0xffff80002a7fdab8 r10 0xeac4ade5869c392f r11 0x8140f729d1bb773c r12 0 r13 0 r14 0xffff80002a7d1200 r15 0 rip 0xffffffff812bf3ee savectx+0xae cs 0x8 rflags 0x46 rsp 0xffff80002a7fde30 ss 0x10 savectx+0xae: movl $0,%gs:0x688 ddb> show proc PROC (syslogd) tid=133287 pid=6327 tcnt=1 stat=onproc flags process=1100010 proc=0 runpri=50, usrpri=50, slppri=24, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a7d0f70,0xffff80002a7d02b0 process=0xffff8000ffff8010 user=0xffff80002a7f8000, vmspace=0xfffffd807105f170 estcpu=0, cpticks=0, pctcpu=0.0, user=1, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 56146 149104 68595 0 2 0x82000 syz-executor 56146 82651 68595 0 3 0x4002000 suspend syz-executor 56146 170512 68595 0 4 0x4082000 syz-executor 72044 387306 6753 60928 2 0x10 syz-executor 72044 459880 6753 60928 3 0x4000090 fsleep syz-executor 87200 144434 45277 0 2 0 syz-executor 87200 513390 45277 0 3 0x4000080 fsleep syz-executor 87200 135288 45277 0 2 0x4000000 syz-executor 87200 435774 45277 0 3 0x4000000 netlock syz-executor 69383 216341 189 0 2 0 syz-executor 69383 314253 189 0 2 0x4000000 syz-executor 93628 265194 67720 0 2 0 syz-executor 93628 66050 67720 0 2 0x4000000 syz-executor 89833 102460 28208 0 4 0x82000 syz-executor 89833 490784 28208 0 3 0x4002000 suspend syz-executor 89833 45388 28208 0 2 0x4082000 syz-executor 189 91557 38618 0 2 0xc82 syz-executor 67720 104167 38618 0 2 0xc82 syz-executor 76539 301601 38618 0 2 0x2 syz-executor 45277 421618 38618 0 2 0xc82 syz-executor 52549 136996 45582 0 3 0x82 sbwait sshd-session 76743 23985 1 0 3 0x100083 ttyin getty 28208 111630 38618 0 2 0xc82 syz-executor 92531 85378 0 0 3 0x14200 bored sosplice 6753 191440 38618 0 2 0xc82 syz-executor 44570 174395 38618 0 2 0x3 syz-executor 68595 86629 38618 0 2 0xc82 syz-executor 38618 73515 66940 0 2 0xc82 syz-executor 66940 71969 68784 0 3 0x10008a sigsusp ksh 68784 158245 36770 0 3 0x98 kqread sshd-session 36770 302894 45582 0 3 0x92 kqread sshd-session 45582 470544 1 0 3 0x88 kqread sshd * 6327 133287 70670 73 7 0x1100010 syslogd 70670 9693 1 0 3 0x100082 sbwait syslogd 76617 67035 1 0 3 0x100080 kqread resolvd 25146 46656 80562 77 3 0x100092 kqread dhcpleased 77210 224449 80562 77 3 0x100092 kqread dhcpleased 80562 295078 1 0 3 0x80 kqread dhcpleased 54727 78532 0 0 3 0x14200 bored smr 34101 13157 0 0 2 0x14200 zerothread 6898 214074 0 0 3 0x14200 aiodoned aiodoned 31496 212570 0 0 2 0x14e00 update 4600 265732 0 0 3 0x14200 cleaner cleaner 30393 71332 0 0 3 0x14200 reaper reaper 92464 89021 0 0 3 0x14200 pgdaemon pagedaemon 29312 195101 0 0 3 0x14200 bored viomb 87027 295147 0 0 3 0x40014200 acpi0 acpi0 20555 44429 0 0 3 0x14200 bored softnet3 85364 132885 0 0 3 0x14200 bored softnet2 78463 381951 0 0 3 0x14200 bored softnet1 12284 72973 0 0 2 0x14200 softnet0 26577 217267 0 0 3 0x14200 bored systqmp 18905 242972 0 0 3 0x14200 bored systq 13887 157745 0 0 2 0x40014200 softclock 58063 237205 0 0 3 0x40014200 idle0 1 350070 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10210 11053K 11805K 166960K 16752 0 pcb 18 16K 21K 166960K 731 0 rtable 237 22K 22K 166960K 1136 0 pf 35 14K 18K 166960K 322 0 ifaddr 37 7K 8K 166960K 187 0 ifgroup 50 2K 2K 166960K 321 0 sysctl 4 1K 9K 166960K 18 0 counters 32 17K 18K 166960K 311 0 ioctlops 0 0K 4K 166960K 976 0 iov 0 0K 18K 166960K 205 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1487 93K 94K 166960K 4329 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 49 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 128 0 dirhash 6 1K 2K 166960K 18 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 240K 166960K 2509 0 sigio 0 0K 0K 166960K 211 0 proc 60 59K 83K 166960K 1016 0 subproc 72 4K 4K 166960K 153 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 424 0 in_multi 79 5K 7K 166960K 266 0 ether_multi 1 0K 0K 166960K 24 0 mrt 1 0K 0K 166960K 20 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 259 1155K 1155K 166960K 259 0 exec 0 0K 1K 166960K 897 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 233 160K 187K 166960K 23045 0 UVM aobj 115 8K 8K 166960K 123 0 pinsyscall 40 80K 93K 166960K 3805 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 141 0 NDP 11 0K 2K 166960K 132 0 temp 81 8688K 8816K 166960K 114713 0 kqueue 14 22K 30K 166960K 437 0 SYN cache 2 8K 16K 166960K 3 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 369 0 366 3 2 1 3 0 8 0 rtentry 136 284 0 194 4 0 4 4 0 8 0 unpcb 144 2059 0 2042 6 5 1 6 0 8 0 syncache 336 12 0 12 1 1 0 1 0 8 0 tcpqe 32 10 0 10 1 1 0 1 0 8 0 tcpcb 736 791 0 782 7 5 2 7 0 8 0 arp 88 48 0 30 1 0 1 1 0 8 0 ipq 40 4 0 4 1 0 1 1 0 8 1 ipqe 40 15 0 15 1 0 1 1 0 8 1 inpcb 328 2668 0 2652 21 14 7 12 0 8 5 ip6q 72 9 0 2 1 0 1 1 0 8 0 ip6af 40 11 0 4 1 0 1 1 0 8 0 nd6 104 61 0 38 1 0 1 1 0 8 0 pkpcb 40 12 0 12 2 1 1 1 0 8 1 kcovpl 48 17 0 9 1 0 1 1 0 8 0 mppekey 1024 2 0 2 1 1 0 1 0 8 0 ppxss 1072 243 0 243 1 0 1 1 0 8 1 pppxif 1384 21 0 21 2 1 1 1 0 8 1 pfstscr 40 2 0 1 1 0 1 1 0 8 0 pfrktable 1344 6 0 4 1 0 1 1 0 8 0 pfanchor 1288 2 0 0 1 0 1 1 0 8 0 pftag 88 3 0 2 1 0 1 1 0 8 0 pfqueue 320 1 0 0 1 0 1 1 0 8 0 pfstitem 24 6 0 2 1 0 1 1 0 8 0 pfstkey 128 11 0 6 1 0 1 1 0 8 0 pfstate 384 6 0 4 1 0 1 1 0 8 0 pfrule 1344 70 0 68 1 0 1 1 0 8 0 rttmr 136 2 0 2 1 1 0 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 1178 0 814 33 9 24 31 0 8 1 art_table 32 1182 0 814 4 0 4 4 0 8 0 art_node 16 273 0 194 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 2 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 122 0 113 1 0 1 1 0 8 0 shmpl 112 120 0 8 4 0 4 4 0 8 0 dirhash 1024 21 0 17 3 1 2 3 0 8 0 dino2pl 256 6113 0 4605 95 0 95 95 0 8 0 ffsino 248 6113 0 4605 95 0 95 95 0 8 0 nchpl 144 9590 0 7883 64 0 64 64 0 8 0 rtmask 32 31 0 31 1 0 1 1 0 8 1 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 36553 0 36552 2 1 1 2 0 8 0 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 196 0 174 2 0 2 2 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 17 0 17 2 1 1 1 0 8 1 scxspl 216 29713 0 29713 9 7 2 8 1 8 2 plimitpl 152 569 0 553 1 0 1 1 0 8 0 sigapl 424 2794 0 2747 8 0 8 8 0 8 1 knotepl 120 371264 0 371216 30 20 10 17 0 8 6 kqueuepl 184 1029 0 1019 4 3 1 4 0 8 0 pipepl 296 398 0 371 5 2 3 5 0 8 0 fdescpl 440 2751 0 2721 5 1 4 5 0 8 0 filepl 120 20977 0 20760 13 3 10 13 0 8 1 lockfpl 104 1403 0 1400 2 1 1 2 0 8 0 lockfspl 48 655 0 652 1 0 1 1 0 8 0 sessionpl 144 39 0 30 1 0 1 1 0 8 0 pgrppl 48 233 0 216 1 0 1 1 0 8 0 ucredpl 104 3894 0 3882 1 0 1 1 0 8 0 zombiepl 144 2920 0 2920 1 0 1 1 0 8 1 processpl 1160 2794 0 2747 5 0 5 5 0 8 0 procpl 656 6144 0 6086 9 1 8 8 0 8 2 sosppl 168 13 0 13 2 1 1 1 0 8 1 sockpl 528 5181 0 5145 17 10 7 12 0 8 3 mcl64k 65536 60 0 60 2 1 1 1 0 8 1 mcl16k 16384 3 0 3 1 1 0 1 0 8 0 mcl12k 12288 2 0 2 1 1 0 1 0 8 0 mcl9k 9216 4 0 4 1 1 0 1 0 8 0 mcl8k 8192 17 0 17 1 1 0 1 0 8 0 mcl4k 4096 5545 0 5491 15 7 8 14 0 8 1 mcl2k2 2112 3 0 3 1 1 0 1 0 8 0 mcl2k 2048 2529 0 2520 4 2 2 4 0 8 0 mtagpl 96 248 0 158 3 0 3 3 0 8 0 mbufpl 256 33629 0 33404 283 266 17 282 0 8 0 bufpl 280 9287 0 3060 446 0 446 446 0 8 0 anonpl 24 337699 0 329276 89 13 76 89 0 187 0 amapchunkpl 152 78915 0 78374 44 12 32 40 0 158 6 amappl16 200 5106 0 4842 27 0 27 27 0 8 0 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 139 0 128 1 0 1 1 0 8 0 amappl13 176 8 0 8 1 1 0 1 0 8 0 amappl12 168 3509 0 3480 2 0 2 2 0 8 0 amappl11 160 71 0 61 1 0 1 1 0 8 0 amappl10 152 25 0 24 1 0 1 1 0 8 0 amappl9 144 269 0 269 1 1 0 1 0 8 0 amappl8 136 20 0 18 1 0 1 1 0 8 0 amappl7 128 122 0 110 1 0 1 1 0 8 0 amappl6 120 275 0 270 1 0 1 1 0 8 0 amappl5 112 155 0 147 1 0 1 1 0 8 0 amappl4 104 350 0 334 1 0 1 1 0 8 0 amappl3 96 16246 0 16144 4 0 4 4 0 8 0 amappl2 88 812 0 748 2 0 2 2 0 8 0 amappl1 80 19729 0 19110 15 1 14 15 0 8 0 amappl 88 21741 0 21579 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma256 256 8 0 8 2 1 1 1 0 8 1 dma128 128 266 0 266 1 1 0 1 0 8 0 dma64 64 9 0 9 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 122 0 8 3 0 3 3 0 8 0 uaddrrnd 24 2751 0 2721 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2751 0 2721 1 0 1 1 0 8 0 vmmpekpl 168 21151 0 21100 3 0 3 3 0 8 0 vmmpepl 168 174096 0 171905 115 5 110 112 0 357 1 vmsppl 360 2750 0 2721 4 1 3 4 0 8 0 rwobjpl 32 46424 0 39207 61 1 60 61 0 8 0 pdppl 4096 5509 0 5442 116 47 69 79 0 8 2 pvpl 32 1093800 0 1079647 184 40 144 184 0 265 0 pmappl 216 2750 0 2721 2 0 2 2 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 574 0 347 15 7 8 15 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x721f64c72ba0, count: -1 ddb> machine ddbcpu 1 No such command ddb> trace savectx() at savectx+0xae end of kernel end trace frame: 0x721f64c72ba0, count: -1