panic: kernel diagnostic assertion "p->p_stat == SONPROC || p->p_stat == SSLEEP || p->p_stat == SSTOP" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_synch.c", line 408 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 46220 23854 32767 0x1810 0x2000 1K syz-executor.1 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8279cfd2) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff8281f915,ffffffff828523f7,198,ffffffff827afa5a) at __assert+0x29 sys/kern/subr_prf.c:157 tsleep_nsec(0,1,45382fd1d4c8de11,120) at tsleep_nsec rwsleep(ffff8000212e57f0,ffffffff82bc11a0,120,ffffffff82796ff1,0) at rwsleep+0xab sys/kern/kern_synch.c:300 futex_wait(86a371e6950,2,0,2) at futex_wait+0x13d sys/kern/sys_futex.c:250 sys_futex(ffff8000212e57f0,ffff80002142b4c0,ffff80002142b510) at sys_futex+0xfc sys/kern/sys_futex.c:101 syscall(ffff80002142b590) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002142b590) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x86a81707860, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "p->p_stat == SONPROC || p->p_stat == SSLEEP || p->p_stat == SSTOP" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_synch.c", line 408 ddb{0}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8279cfd2) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff8281f915,ffffffff828523f7,198,ffffffff827afa5a) at __assert+0x29 sys/kern/subr_prf.c:157 tsleep_nsec(0,1,45382fd1d4c8de11,120) at tsleep_nsec rwsleep(ffff8000212e57f0,ffffffff82bc11a0,120,ffffffff82796ff1,0) at rwsleep+0xab sys/kern/kern_synch.c:300 futex_wait(86a371e6950,2,0,2) at futex_wait+0x13d sys/kern/sys_futex.c:250 sys_futex(ffff8000212e57f0,ffff80002142b4c0,ffff80002142b510) at sys_futex+0xfc sys/kern/sys_futex.c:101 syscall(ffff80002142b590) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002142b590) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x86a81707860, count: -9 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002142b1d0 rbx 0xffffffff82bfdb9f cpu_info_full_primary+0x2b9f rdx 0x3fd rcx 0 rax 0xb8 r8 0x101010101010101 r9 0x8080808080808080 r10 0x8c33f145f7309435 r11 0x3e5f898473f5917e r12 0xffffffff82bfd9a0 cpu_info_full_primary+0x29a0 r13 0 r14 0 r15 0x1 rip 0xffffffff8138849c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002142b1c0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.1) pid=125362 stat=run flags process=1810 proc=4080080 pri=50, usrpri=50, nice=20 forw=0x0, list=0xffff8000212e4d50,0xffffffff82c57d90 process=0xffff8000ffff7688 user=0xffff800021426000, vmspace=0xfffffd80696283c8 estcpu=8, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 23854 46220 89706 32767 7 0x3810 syz-executor.1 23854 31019 89706 32767 2 0x4081890 syz-executor.1 *23854 125362 89706 32767 2 0x4081890 syz-executor.1 86230 86191 72696 32767 2 0x10 syz-executor.0 86230 43486 72696 32767 3 0x4000090 fsleep syz-executor.0 86230 449958 72696 32767 2 0x4000010 syz-executor.0 5855 506502 83389 32767 2 0x10 syz-executor.5 5855 263144 83389 32767 3 0x4000090 fsleep syz-executor.5 5855 130853 83389 32767 3 0x4000090 fsleep syz-executor.5 25535 382498 38171 32767 2 0x10 syz-executor.2 25535 494424 38171 32767 3 0x4000090 fsleep syz-executor.2 25535 28453 38171 32767 3 0x4000090 fsleep syz-executor.2 83389 511632 18320 32767 3 0x90 nanoslp syz-executor.5 92584 99581 81212 32767 2 0x10 syz-executor.3 31962 104580 11187 32767 3 0x90 nanoslp syz-executor.7 11187 272505 11869 0 3 0x82 wait syz-executor.7 81212 389577 11869 0 3 0x82 wait syz-executor.3 59632 450338 99478 32767 2 0x10 syz-executor.6 99478 138704 11869 0 3 0x82 wait syz-executor.6 18320 426390 11869 0 3 0x82 wait syz-executor.5 72696 13533 78601 32767 3 0x90 nanoslp syz-executor.0 78601 362852 11869 0 3 0x82 wait syz-executor.0 55697 132756 53030 32767 2 0x10 syz-executor.4 53030 440125 11869 0 3 0x82 wait syz-executor.4 38171 508470 56597 32767 3 0x90 nanoslp syz-executor.2 89706 236685 7435 32767 3 0x90 nanoslp syz-executor.1 56597 452667 11869 0 3 0x82 wait syz-executor.2 7435 246342 11869 0 3 0x82 wait syz-executor.1 11869 15582 97916 0 3 0x2000082 thrsleep syz-execprog 11869 78927 97916 0 3 0x6000082 nanoslp syz-execprog 11869 54785 97916 0 3 0x6000082 wait syz-execprog 11869 459747 97916 0 3 0x6000082 thrsleep syz-execprog 11869 380912 97916 0 3 0x6000082 thrsleep syz-execprog 11869 394186 97916 0 3 0x6000082 wait syz-execprog 11869 444149 97916 0 3 0x6000082 wait syz-execprog 11869 123860 97916 0 3 0x6000082 wait syz-execprog 11869 48016 97916 0 3 0x6000082 thrsleep syz-execprog 11869 36459 97916 0 3 0x6000082 wait syz-execprog 11869 430875 97916 0 3 0x6000082 thrsleep syz-execprog 11869 288999 97916 0 3 0x6000082 wait syz-execprog 11869 416581 97916 0 3 0x6000082 wait syz-execprog 11869 256396 97916 0 3 0x6000082 wait syz-execprog 11869 62407 97916 0 3 0x6000082 kqread syz-execprog 97916 212662 14014 0 3 0x10008a sigsusp ksh 14014 226970 16758 0 3 0x9a kqread sshd 17834 386991 1 0 3 0x100083 ttyin getty 16758 118527 1 0 3 0x88 kqread sshd 22133 342139 81699 73 3 0x1100090 kqread syslogd 81699 454617 1 0 3 0x100082 netio syslogd 57027 141587 1 0 3 0x100080 kqread resolvd 77452 77356 16599 77 3 0x100092 kqread dhcpleased 1562 76679 16599 77 3 0x100092 kqread dhcpleased 16599 27601 1 0 3 0x80 kqread dhcpleased 2119 56902 0 0 3 0x14200 bored smr 41953 207100 0 0 2 0x14200 zerothread 51621 6913 0 0 3 0x14200 aiodoned aiodoned 89940 281876 0 0 3 0x14200 syncer update 29484 409906 0 0 3 0x14200 cleaner cleaner 35274 305491 0 0 3 0x14200 reaper reaper 13732 40343 0 0 3 0x14200 pgdaemon pagedaemon 96197 504360 0 0 3 0x14200 bored viomb 55560 334756 0 0 3 0x40014200 acpi0 acpi0 60699 421996 0 0 3 0x40014200 idle1 20464 521194 0 0 3 0x14200 bored softnet3 29930 511074 0 0 3 0x14200 bored softnet2 6496 197299 0 0 3 0x14200 bored softnet1 69899 428076 0 0 3 0x14200 bored softnet0 51304 254403 0 0 3 0x14200 bored systqmp 66520 413227 0 0 3 0x14200 bored systq 88343 361972 0 0 3 0x40014200 bored softclock 78321 276264 0 0 3 0x40014200 idle0 1 142766 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive sched_lock &sched_lock r = 0 (0xffffffff82d4ae50) #0 witness_lock+0x447 #1 sleep_finish+0x142 sys/kern/kern_synch.c:398 #2 rwsleep+0xab sys/kern/kern_synch.c:300 #3 futex_wait+0x13d sys/kern/sys_futex.c:250 #4 sys_futex+0xfc sys/kern/sys_futex.c:101 #5 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] #5 syscall+0x606 sys/arch/amd64/amd64/trap.c:623 #6 Xsyscall+0x128 CPU 1: exclusive mutex &pr->ps_mtx r = 0 (0xffff8000ffff7798) #0 witness_lock+0x447 #1 mtx_enter_try+0x104 #2 mtx_enter+0x7f sys/kern/kern_lock.c:266 #3 single_thread_set+0x33a single_thread_wait sys/kern/kern_sig.c:2174 [inline] #3 single_thread_set+0x33a sys/kern/kern_sig.c:2157 #4 exit1+0xaa #5 sigexit+0xd3 sys/kern/kern_sig.c:1567 #6 trapsignal+0x721 sys/kern/kern_sig.c:881 #7 upageflttrap+0x1bd sys/arch/amd64/amd64/trap.c:214 #8 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436 #9 recall_trap+0x8 Process 23854 (syz-executor.1) thread 0xffff80002120daa8 (46220) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82d48e70) #0 witness_lock+0x447 #1 trapsignal+0x714 sys/kern/kern_sig.c:824 #2 upageflttrap+0x1bd sys/arch/amd64/amd64/trap.c:214 #3 usertrap+0x226 sys/arch/amd64/amd64/trap.c:436 #4 recall_trap+0x8 ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10186 6408K 6420K 78643K 11264 0 pcb 13 8K 8K 78643K 13 0 rtable 234 6K 6K 78643K 352 0 pf 29 8K 8K 78643K 29 0 ifaddr 44 15K 15K 78643K 46 0 ifgroup 50 2K 2K 78643K 50 0 counters 60 35K 35K 78643K 60 0 ioctlops 0 0K 2K 78643K 29 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1174 73K 74K 78643K 1187 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 1K 78643K 2 0 VM map 2 1K 1K 78643K 2 0 sem 2 0K 0K 78643K 2 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 22 81K 117K 78643K 431 0 proc 56 78K 103K 78643K 471 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 in_multi 99 7K 7K 78643K 99 0 ether_multi 1 0K 0K 78643K 1 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 61 281K 281K 78643K 61 0 exec 0 0K 1K 78643K 367 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 276 75K 77K 78643K 6340 0 UVM aobj 3 2K 2K 78643K 3 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 NDP 11 0K 2K 78643K 27 0 temp 1 5904K 5968K 78643K 4567 0 kqueue 12 18K 18K 78643K 25 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 37 0 34 1 0 1 1 0 8 0 rtentry 112 111 0 1 4 0 4 4 0 8 0 unpcb 144 33 0 20 1 0 1 1 0 8 0 syncache 304 5 0 5 2 1 1 1 0 8 1 tcpqe 32 97 0 97 1 1 0 1 0 8 0 tcpcb 808 8 0 5 1 0 1 1 0 8 0 arp 120 18 0 0 1 0 1 1 0 8 0 inpcb 368 58 0 52 1 0 1 1 0 8 0 nd6 136 24 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 453 0 0 29 0 29 29 0 8 0 art_table 32 454 0 0 4 0 4 4 0 8 0 art_node 16 110 0 10 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1774 0 335 90 0 90 90 0 8 0 ffsino 272 1774 0 335 96 0 96 96 0 8 0 nchpl 144 2315 0 637 63 0 63 63 0 8 0 uvmvnodes 80 1783 0 0 37 0 37 37 0 8 0 vnodes 216 1783 0 0 100 0 100 100 0 8 0 namei 1024 8339 0 8339 3 1 2 2 0 8 2 percpumem 16 43 0 0 1 0 1 1 0 8 0 kstatmem 264 22 0 0 2 0 2 2 0 8 0 scxspl 216 8262 0 8262 10 9 1 8 1 8 1 plimitpl 152 331 0 304 2 0 2 2 0 8 0 sigapl 424 732 0 680 7 0 7 7 0 8 0 futexpl 64 1237 0 1230 1 0 1 1 0 8 0 knotepl 120 110 0 0 4 0 4 4 0 8 0 kqueuepl 216 21 0 13 1 0 1 1 0 8 0 pipepl 320 140 0 112 4 1 3 3 0 8 0 fdescpl 496 715 0 682 7 1 6 6 0 8 0 filepl 152 2730 0 2596 6 0 6 6 0 8 0 lockfpl 104 6 0 4 1 0 1 1 0 8 0 lockfspl 48 4 0 2 1 0 1 1 0 8 0 sessionpl 144 25 0 9 1 0 1 1 0 8 0 pgrppl 48 25 0 9 1 0 1 1 0 8 0 ucredpl 104 951 0 933 1 0 1 1 0 8 0 zombiepl 144 682 0 680 2 1 1 1 0 8 0 processpl 1072 732 0 680 4 0 4 4 0 8 0 procpl 680 1325 0 1251 8 0 8 8 0 8 1 sockpl 488 128 0 106 4 0 4 4 0 8 1 mcl8k 8192 6 0 0 1 0 1 1 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 239 0 0 30 4 26 30 0 8 0 mtagpl 96 4 0 0 1 0 1 1 0 8 0 mbufpl 256 332 0 0 16 1 15 16 0 8 0 bufpl 288 4366 0 139 302 0 302 302 0 8 0 anonpl 24 225390 0 220816 70 14 56 56 0 186 26 amapchunkpl 152 20791 0 20101 34 1 33 33 0 158 4 amappl16 200 6223 0 6150 11 5 6 6 0 8 0 amappl15 192 13 0 13 2 2 0 1 0 8 0 amappl14 184 152 0 142 2 0 2 2 0 8 1 amappl13 176 18 0 17 2 1 1 1 0 8 0 amappl12 168 1362 0 1327 2 0 2 2 0 8 0 amappl11 160 55 0 45 1 0 1 1 0 8 0 amappl10 152 29 0 19 1 0 1 1 0 8 0 amappl9 144 185 0 183 2 1 1 1 0 8 0 amappl8 136 140 0 113 2 0 2 2 0 8 0 amappl7 128 56 0 47 2 0 2 2 0 8 0 amappl6 120 225 0 210 2 0 2 2 0 8 1 amappl5 112 164 0 156 1 0 1 1 0 8 0 amappl4 104 582 0 545 2 0 2 2 0 8 0 amappl3 96 4518 0 4428 4 0 4 4 0 8 1 amappl2 88 956 0 887 4 1 3 3 0 8 1 amappl1 80 11793 0 11277 26 6 20 22 0 8 8 amappl 88 5858 0 5654 6 0 6 6 0 92 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 2 0 0 1 0 1 1 0 8 0 uaddrrnd 24 715 0 682 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 715 0 682 1 0 1 1 0 8 0 vmmpekpl 168 11768 0 11736 2 0 2 2 0 8 0 vmmpepl 168 61111 0 59329 121 8 113 113 0 357 32 vmsppl 464 714 0 682 7 1 6 6 0 8 1 rwobjpl 56 26171 0 23418 46 2 44 45 0 8 4 pdppl 4096 1438 0 1364 114 32 82 92 0 8 8 pvpl 32 472236 0 462220 381 41 340 360 0 265 254 pmappl 248 714 0 682 4 1 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 699 0 40 19 0 19 19 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8279cfd2) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff8281f915,ffffffff828523f7,198,ffffffff827afa5a) at __assert+0x29 sys/kern/subr_prf.c:157 tsleep_nsec(0,1,45382fd1d4c8de11,120) at tsleep_nsec rwsleep(ffff8000212e57f0,ffffffff82bc11a0,120,ffffffff82796ff1,0) at rwsleep+0xab sys/kern/kern_synch.c:300 futex_wait(86a371e6950,2,0,2) at futex_wait+0x13d sys/kern/sys_futex.c:250 sys_futex(ffff8000212e57f0,ffff80002142b4c0,ffff80002142b510) at sys_futex+0xfc sys/kern/sys_futex.c:101 syscall(ffff80002142b590) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002142b590) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x86a81707860, count: -9 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82d4ac48) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82d4ac48) at __mp_lock+0x129 sys/kern/kern_lock.c:147 sleep_setup(ffff8000ffff77e0,20,ffffffff82823610) at sleep_setup+0x92 sys/kern/kern_synch.c:348 msleep(ffff8000ffff77e0,ffff8000ffff7788,20,ffffffff82823610,0) at msleep+0xd6 sys/kern/kern_synch.c:247 single_thread_set(ffff80002120daa8,2,1) at single_thread_set+0x37e single_thread_wait sys/kern/kern_sig.c:2180 [inline] single_thread_set(ffff80002120daa8,2,1) at single_thread_set+0x37e sys/kern/kern_sig.c:2157 exit1(ffff80002120daa8,0,4,1) at exit1+0xaa sigexit(ffff80002120daa8,4) at sigexit+0xd3 sys/kern/kern_sig.c:1567 trapsignal(ffff80002120daa8,b,6,2,7ad32ef4286c) at trapsignal+0x721 sys/kern/kern_sig.c:881 upageflttrap(ffff800021407ad0,7ad32ef4286c) at upageflttrap+0x1bd sys/arch/amd64/amd64/trap.c:214 usertrap(ffff800021407ad0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7ad32ef42850, count: 2 ddb{1}> trace x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 __mp_lock(ffffffff82d4ac48) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82d4ac48) at __mp_lock+0x129 sys/kern/kern_lock.c:147 sleep_setup(ffff8000ffff77e0,20,ffffffff82823610) at sleep_setup+0x92 sys/kern/kern_synch.c:348 msleep(ffff8000ffff77e0,ffff8000ffff7788,20,ffffffff82823610,0) at msleep+0xd6 sys/kern/kern_synch.c:247 single_thread_set(ffff80002120daa8,2,1) at single_thread_set+0x37e single_thread_wait sys/kern/kern_sig.c:2180 [inline] single_thread_set(ffff80002120daa8,2,1) at single_thread_set+0x37e sys/kern/kern_sig.c:2157 exit1(ffff80002120daa8,0,4,1) at exit1+0xaa sigexit(ffff80002120daa8,4) at sigexit+0xd3 sys/kern/kern_sig.c:1567 trapsignal(ffff80002120daa8,b,6,2,7ad32ef4286c) at trapsignal+0x721 sys/kern/kern_sig.c:881 upageflttrap(ffff800021407ad0,7ad32ef4286c) at upageflttrap+0x1bd sys/arch/amd64/amd64/trap.c:214 usertrap(ffff800021407ad0) at usertrap+0x226 sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7ad32ef42850, count: -13