panic: thread NUM p_stat is NUM
0 views
Skip to first unread message
syzbot
Apr 13, 2024, 9:03:35 AMApr 13
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 93536db294f5 Split single TCP inpcb table into IPv4 and IP..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=12f8762b180000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=57965f57368eaec4e06e
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d6cdf90faf4f/disk-93536db2.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/7133e7023708/bsd-93536db2.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/bdb5fbce132c/kernel-93536db2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+57965f...@syzkaller.appspotmail.com
��panic: thread 0 p_stat is 0
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828acd3f) at panic+0x165 sys/kern/subr_prf.c:198
wakeup_n(fffffd807c550b08,ffffffff) at wakeup_n+0x2bd sys/kern/kern_synch.c:547
sd_buf_done(fffffd807cb40e80) at sd_buf_done+0x1fd sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xb1 sys/dev/pv/vioscsi.c:350
intr_handler(ffff800035dbabd0,ffff80000006a080) at intr_handler+0x4f sys/arch/amd64/amd64/intr.c:544
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
softintr_dispatch(0) at softintr_dispatch+0xb4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x27
buf_get(0,0,4000002) at buf_get+0x446 sys/kern/vfs_bio.c:1182
geteblk(4000002) at geteblk+0x3c sys/kern/vfs_bio.c:1058
readdisklabel(e02,ffffffff820a9a00,ffff800000e64a00,0) at readdisklabel+0x14b sys/arch/amd64/amd64/disksubr.c:96
vndopen(e02,811f,6000,ffff80002a6afc58) at vndopen+0x189 sys/dev/vnd.c:204
end trace frame: 0xffff800035dbb0e0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: thread 0 p_stat is 0
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828acd3f) at panic+0x165 sys/kern/subr_prf.c:198
wakeup_n(fffffd807c550b08,ffffffff) at wakeup_n+0x2bd sys/kern/kern_synch.c:547
sd_buf_done(fffffd807cb40e80) at sd_buf_done+0x1fd sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xb1 sys/dev/pv/vioscsi.c:350
intr_handler(ffff800035dbabd0,ffff80000006a080) at intr_handler+0x4f sys/arch/amd64/amd64/intr.c:544
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
softintr_dispatch(0) at softintr_dispatch+0xb4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x27
buf_get(0,0,4000002) at buf_get+0x446 sys/kern/vfs_bio.c:1182
geteblk(4000002) at geteblk+0x3c sys/kern/vfs_bio.c:1058
readdisklabel(e02,ffffffff820a9a00,ffff800000e64a00,0) at readdisklabel+0x14b sys/arch/amd64/amd64/disksubr.c:96
vndopen(e02,811f,6000,ffff80002a6afc58) at vndopen+0x189 sys/dev/vnd.c:204
VOP_OPEN(fffffd805d0701f0,811f,fffffd807f7d74e0,ffff80002a6afc58) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138
vn_open(ffff800035dbb2c8,831f,0) at vn_open+0x4e4 sys/kern/vfs_vnops.c:177
doopenat(ffff80002a6afc58,ffffff9c,20000280,831e,0,ffff800035dbb470) at doopenat+0x269 sys/kern/vfs_syscalls.c:1126
syscall(ffff800035dbb520) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa0f629441a0, count: -19
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800035dba9d0
rbx 0xfd
rdx 0
rcx 0
rax 0xffff80002a6afc58
r8 0x101010101010101
r9 0x8080808080808080
r10 0x8465815ffdc39e01
r11 0xd17966ecf96b107a
r12 0
r13 0
r14 0
r15 0x1
rip 0xffffffff8159168c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff800035dba9c0
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb> show proc
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10162 6406K 6928K 166960K 11928 0
pcb 17 12K 12K 166960K 81 0
rtable 150 4K 7K 166960K 450 0
pf 23 8K 9K 166960K 45 0
ifaddr 28 8K 11K 166960K 56 0
ifgroup 38 1K 2K 166960K 76 0
sysctl 1 0K 1K 166960K 2 0
counters 27 17K 17K 166960K 36 0
ioctlops 0 0K 2K 166960K 55 0
iov 0 0K 20K 166960K 47 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1403 88K 89K 166960K 1702 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 11 0
VM map 2 1K 1K 166960K 2 0
sem 11 1K 1K 166960K 14 0
dirhash 12 2K 2K 166960K 30 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 17 61K 73K 166960K 617 0
sigio 0 0K 0K 166960K 8 0
proc 58 59K 75K 166960K 561 0
subproc 104 6K 7K 166960K 117 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 76 0
in_multi 52 3K 7K 166960K 130 0
ether_multi 1 0K 0K 166960K 4 0
mrt 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 73 334K 334K 166960K 73 0
exec 0 0K 1K 166960K 428 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 316 116K 138K 166960K 7518 0
UVM aobj 17 2K 2K 166960K 18 0
pinsyscall 37 74K 100K 166960K 1762 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 57 0
NDP 8 0K 2K 166960K 35 0
temp 58 6807K 6872K 166960K 11415 0
kqueue 12 18K 26K 166960K 85 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 71 0 67 1 0 1 1 0 8 0
rtentry 112 142 0 76 4 0 4 4 0 8 0
unpcb 144 423 0 409 1 0 1 1 0 8 0
syncache 336 13 0 13 1 0 1 1 0 8 1
tcpqe 32 7 0 7 1 0 1 1 0 8 1
tcpcb 808 195 0 183 2 0 2 2 0 8 0
arp 88 25 0 13 1 0 1 1 0 8 0
ipq 40 2 0 1 1 0 1 1 0 8 0
ipqe 40 46 0 45 1 0 1 1 0 8 0
inpcb 360 573 0 554 3 0 3 3 0 8 1
nd6 104 33 0 22 1 0 1 1 0 8 0
pkpcb 40 8 0 8 1 0 1 1 0 8 1
kcovpl 48 9 0 1 1 0 1 1 0 8 0
ppxss 1072 1 0 1 1 0 1 1 0 8 1
ppxss: pool(0xffffffff82dc06b8:ppxss): page inconsistency: page 0x0; at page head addr 0xffff80002a69ff90 (p 0xffff80002a69c000)
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 528 0 257 29 1 28 29 0 8 8
art_table 32 529 0 257 4 0 4 4 0 8 0
art_node 16 140 0 79 1 0 1 1 0 8 0
sysvmsgpl 40 15 0 8 1 0 1 1 0 8 0
semupl 112 4 0 4 1 0 1 1 0 8 1
semapl 112 9 0 0 1 0 1 1 0 8 0
shmpl 112 15 0 1 1 0 1 1 0 8 0
dirhash 1024 29 0 12 3 0 3 3 0 8 0
dirhash: pool(0xffffffff82dbf4f0:dirhash): free list modified: page 0xffff80002a614000; item ordinal 0; addr 0xffff80002a615000 (p 0xfffffd806e358000); offset 0x0=0x0
pool(dirhash): free list modified: page 0xffff80002a614000; item ordinal 0; addr 0xffff80002a615000 (p 0xfffffd806e358000); offset 0x0=0x0
dirhash: pool(0xffffffff82dbf4f0:dirhash): page inconsistency: page 0xffff80002a614000; item ordinal 1; addr 0x4753c57e51d0b6fe
dino2pl 256 2399 0 887 95 0 95 95 0 8 0
ffsino 240 2399 0 887 90 0 90 90 0 8 0
nchpl 144 3404 0 1668 66 0 66 66 0 8 0
uvmvnodes 80 2726 0 0 56 0 56 56 0 8 0
vnodes 216 2726 0 0 152 0 152 152 0 8 0
namei 1024 10947 0 10945 3 0 3 3 0 8 2
namei: pool(0xffffffff82e26e20:namei): free list modified: page 0xffff80002a672000; item ordinal 0; addr 0xffff80002a673800 (p 0xfffffd806ed68000); offset 0x0=0x0
pool(namei): free list modified: page 0xffff80002a672000; item ordinal 0; addr 0xffff80002a673800 (p 0xfffffd806ed68000); offset 0x0=0x0
namei: pool(0xffffffff82e26e20:namei): page inconsistency: page 0xffff80002a672000; item ordinal 1; addr 0x793b64a5286fd786
namei: pool(0xffffffff82e26e20:namei): free list modified: page 0xffff80002a674000; item ordinal 0; addr 0xffff80002a675000 (p 0xfffffd806ed68000); offset 0x0=0x0
pool(namei): free list modified: page 0xffff80002a674000; item ordinal 0; addr 0xffff80002a675000 (p 0xfffffd806ed68000); offset 0x0=0x0
namei: pool(0xffffffff82e26e20:namei): page inconsistency: page 0xffff80002a674000; item ordinal 1; addr 0xc17885e03cd6e777
namei: pool(0xffffffff82e26e20:namei): free list modified: page 0xffff80002a5f6000; item ordinal 0; addr 0xffff80002a5f7800 (p 0xfffffd807f7e4000); offset 0x0=0x0
pool(namei): free list modified: page 0xffff80002a5f6000; item ordinal 0; addr 0xffff80002a5f7800 (p 0xfffffd807f7e4000); offset 0x0=0x0
namei: pool(0xffffffff82e26e20:namei): page inconsistency: page 0xffff80002a5f6000; item ordinal 1; addr 0x599bf2b9b48bf501
vcpupl 2048 3 0 0 1 0 1 1 0 8 0
vmpool 664 5 0 2 1 0 1 1 0 8 0
kstatmem 264 34 0 18 2 0 2 2 0 8 0
scsiplug 72 2 0 2 1 0 1 1 0 8 1
scxspl 216 13978 0 13976 8 0 8 8 1 8 7
plimitpl 152 88 0 73 1 0 1 1 0 8 0
sigapl 424 914 0 869 6 0 6 6 0 8 0
futexpl 64 8802 0 8797 1 0 1 1 0 8 0
knotepl 120 8480 0 8398 11 0 11 11 0 8 8
kqueuepl 184 137 0 126 1 0 1 1 0 8 0
pipepl 288 198 0 169 3 0 3 3 0 8 0
fdescpl 432 897 0 869 4 0 4 4 0 8 0
filepl 120 4644 0 4316 10 0 10 10 0 8 0
lockfpl 104 226 0 219 1 0 1 1 0 8 0
lockfspl 48 71 0 65 1 0 1 1 0 8 0
sessionpl 144 24 0 8 1 0 1 1 0 8 0
pgrppl 48 33 0 17 1 0 1 1 0 8 0
ucredpl 104 552 0 538 1 0 1 1 0 8 0
zombiepl 144 869 0 869 1 0 1 1 0 8 1
processpl 1072 914 0 869 4 0 4 4 0 8 0
procpl 656 1522 0 1449 7 0 7 7 0 8 0
procpl: pool(0xffffffff82db69e0:procpl): page inconsistency: page 0x0; at page head addr 0xffff80002a58df90 (p 0xffff80002a58c000)
procpl: pool(0xffffffff82db69e0:procpl): page inconsistency: page 0x0; at page head addr 0xffff80002a6d1f90 (p 0xffff80002a6d0000)
sosppl 168 6 0 6 1 0 1 1 0 8 1
sockpl 504 1080 0 1042 8 0 8 8 0 8 2
mcl64k 65536 9 0 9 1 0 1 1 0 8 1
mcl16k 16384 15 0 15 1 0 1 1 0 8 1
mcl12k 12288 26 0 26 1 0 1 1 0 8 1
mcl9k 9216 9 0 9 1 0 1 1 0 8 1
mcl8k 8192 33 0 33 1 0 1 1 0 8 1
mcl4k 4096 101 0 101 1 0 1 1 0 8 1
mcl2k2 2112 9 0 9 1 0 1 1 0 8 1
mcl2k 2048 18531 0 18437 35 15 20 35 0 8 6
mtagpl 96 36 0 15 1 0 1 1 0 8 0
mbufpl 256 36974 0 36756 68 43 25 64 0 8 8
bufpl 280 5795 0 192 401 0 401 401 0 8 0
anonpl 24 271831 0 265881 65 0 65 65 0 188 21
amapchunkpl 152 25376 0 24669 40 0 40 40 0 158 7
amappl16 200 7737 0 7616 36 20 16 22 0 8 8
amappl15 192 14 0 14 1 0 1 1 0 8 1
amappl14 184 165 0 152 2 0 2 2 0 8 1
amappl13 176 39 0 39 1 0 1 1 0 8 1
amappl12 168 1532 0 1501 2 0 2 2 0 8 0
amappl11 160 53 0 43 1 0 1 1 0 8 0
amappl10 152 50 0 38 1 0 1 1 0 8 0
amappl9 144 144 0 144 1 0 1 1 0 8 1
amappl8 136 165 0 116 2 0 2 2 0 8 0
amappl7 128 45 0 37 1 0 1 1 0 8 0
amappl6 120 339 0 325 2 0 2 2 0 8 1
amappl5 112 191 0 179 1 0 1 1 0 8 0
amappl4 104 515 0 484 2 0 2 2 0 8 1
amappl3 96 5578 0 5489 3 0 3 3 0 8 0
amappl2 88 1358 0 1284 3 0 3 3 0 8 1
amappl1 80 11341 0 10846 22 3 19 22 0 8 8
amappl 88 6950 0 6737 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 0 1 1 0 8 1
dma128 128 253 0 253 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 17 0 1 1 0 1 1 0 8 0
uaddrrnd 24 902 0 871 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 902 0 871 1 0 1 1 0 8 0
vmmpekpl 168 11193 0 11145 3 0 3 3 0 8 0
vmmpepl 168 76830 0 74898 111 0 111 111 0 357 24
vmsppl 344 901 0 871 3 0 3 3 0 8 0
rwobjpl 24 29912 0 26072 24 0 24 24 0 8 0
pdppl 4096 1810 0 1745 107 40 67 69 0 8 2
pvpl 32 586955 0 575116 348 9 339 348 0 265 224
pmappl 216 901 0 871 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 453 0 99 12 0 12 12 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828acd3f) at panic+0x165 sys/kern/subr_prf.c:198
wakeup_n(fffffd807c550b08,ffffffff) at wakeup_n+0x2bd sys/kern/kern_synch.c:547
sd_buf_done(fffffd807cb40e80) at sd_buf_done+0x1fd sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xb1 sys/dev/pv/vioscsi.c:350
intr_handler(ffff800035dbabd0,ffff80000006a080) at intr_handler+0x4f sys/arch/amd64/amd64/intr.c:544
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
softintr_dispatch(0) at softintr_dispatch+0xb4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x27
buf_get(0,0,4000002) at buf_get+0x446 sys/kern/vfs_bio.c:1182
geteblk(4000002) at geteblk+0x3c sys/kern/vfs_bio.c:1058
readdisklabel(e02,ffffffff820a9a00,ffff800000e64a00,0) at readdisklabel+0x14b sys/arch/amd64/amd64/disksubr.c:96
vndopen(e02,811f,6000,ffff80002a6afc58) at vndopen+0x189 sys/dev/vnd.c:204
VOP_OPEN(fffffd805d0701f0,811f,fffffd807f7d74e0,ffff80002a6afc58) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138
vn_open(ffff800035dbb2c8,831f,0) at vn_open+0x4e4 sys/kern/vfs_vnops.c:177
doopenat(ffff80002a6afc58,ffffff9c,20000280,831e,0,ffff800035dbb470) at doopenat+0x269 sys/kern/vfs_syscalls.c:1126
syscall(ffff800035dbb520) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa0f629441a0, count: -19
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828acd3f) at panic+0x165 sys/kern/subr_prf.c:198
wakeup_n(fffffd807c550b08,ffffffff) at wakeup_n+0x2bd sys/kern/kern_synch.c:547
sd_buf_done(fffffd807cb40e80) at sd_buf_done+0x1fd sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xb1 sys/dev/pv/vioscsi.c:350
intr_handler(ffff800035dbabd0,ffff80000006a080) at intr_handler+0x4f sys/arch/amd64/amd64/intr.c:544
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
softintr_dispatch(0) at softintr_dispatch+0xb4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x27
buf_get(0,0,4000002) at buf_get+0x446 sys/kern/vfs_bio.c:1182
geteblk(4000002) at geteblk+0x3c sys/kern/vfs_bio.c:1058
readdisklabel(e02,ffffffff820a9a00,ffff800000e64a00,0) at readdisklabel+0x14b sys/arch/amd64/amd64/disksubr.c:96
vndopen(e02,811f,6000,ffff80002a6afc58) at vndopen+0x189 sys/dev/vnd.c:204
VOP_OPEN(fffffd805d0701f0,811f,fffffd807f7d74e0,ffff80002a6afc58) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138
vn_open(ffff800035dbb2c8,831f,0) at vn_open+0x4e4 sys/kern/vfs_vnops.c:177
doopenat(ffff80002a6afc58,ffffff9c,20000280,831e,0,ffff800035dbb470) at doopenat+0x269 sys/kern/vfs_syscalls.c:1126
syscall(ffff800035dbb520) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa0f629441a0, count: -19
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 93536db294f5 Split single TCP inpcb table into IPv4 and IP..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=12f8762b180000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=57965f57368eaec4e06e
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d6cdf90faf4f/disk-93536db2.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/7133e7023708/bsd-93536db2.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/bdb5fbce132c/kernel-93536db2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+57965f...@syzkaller.appspotmail.com
��panic: thread 0 p_stat is 0
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828acd3f) at panic+0x165 sys/kern/subr_prf.c:198
wakeup_n(fffffd807c550b08,ffffffff) at wakeup_n+0x2bd sys/kern/kern_synch.c:547
sd_buf_done(fffffd807cb40e80) at sd_buf_done+0x1fd sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xb1 sys/dev/pv/vioscsi.c:350
intr_handler(ffff800035dbabd0,ffff80000006a080) at intr_handler+0x4f sys/arch/amd64/amd64/intr.c:544
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
softintr_dispatch(0) at softintr_dispatch+0xb4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x27
buf_get(0,0,4000002) at buf_get+0x446 sys/kern/vfs_bio.c:1182
geteblk(4000002) at geteblk+0x3c sys/kern/vfs_bio.c:1058
readdisklabel(e02,ffffffff820a9a00,ffff800000e64a00,0) at readdisklabel+0x14b sys/arch/amd64/amd64/disksubr.c:96
vndopen(e02,811f,6000,ffff80002a6afc58) at vndopen+0x189 sys/dev/vnd.c:204
end trace frame: 0xffff800035dbb0e0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: thread 0 p_stat is 0
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828acd3f) at panic+0x165 sys/kern/subr_prf.c:198
wakeup_n(fffffd807c550b08,ffffffff) at wakeup_n+0x2bd sys/kern/kern_synch.c:547
sd_buf_done(fffffd807cb40e80) at sd_buf_done+0x1fd sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xb1 sys/dev/pv/vioscsi.c:350
intr_handler(ffff800035dbabd0,ffff80000006a080) at intr_handler+0x4f sys/arch/amd64/amd64/intr.c:544
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
softintr_dispatch(0) at softintr_dispatch+0xb4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x27
buf_get(0,0,4000002) at buf_get+0x446 sys/kern/vfs_bio.c:1182
geteblk(4000002) at geteblk+0x3c sys/kern/vfs_bio.c:1058
readdisklabel(e02,ffffffff820a9a00,ffff800000e64a00,0) at readdisklabel+0x14b sys/arch/amd64/amd64/disksubr.c:96
vndopen(e02,811f,6000,ffff80002a6afc58) at vndopen+0x189 sys/dev/vnd.c:204
VOP_OPEN(fffffd805d0701f0,811f,fffffd807f7d74e0,ffff80002a6afc58) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138
vn_open(ffff800035dbb2c8,831f,0) at vn_open+0x4e4 sys/kern/vfs_vnops.c:177
doopenat(ffff80002a6afc58,ffffff9c,20000280,831e,0,ffff800035dbb470) at doopenat+0x269 sys/kern/vfs_syscalls.c:1126
syscall(ffff800035dbb520) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa0f629441a0, count: -19
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff800035dba9d0
rbx 0xfd
rdx 0
rcx 0
rax 0xffff80002a6afc58
r8 0x101010101010101
r9 0x8080808080808080
r10 0x8465815ffdc39e01
r11 0xd17966ecf96b107a
r12 0
r13 0
r14 0
r15 0x1
rip 0xffffffff8159168c db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff800035dba9c0
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb> show proc
kernel: page fault trap, code=0
Faulted in DDB; continuing...
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10162 6406K 6928K 166960K 11928 0
pcb 17 12K 12K 166960K 81 0
rtable 150 4K 7K 166960K 450 0
pf 23 8K 9K 166960K 45 0
ifaddr 28 8K 11K 166960K 56 0
ifgroup 38 1K 2K 166960K 76 0
sysctl 1 0K 1K 166960K 2 0
counters 27 17K 17K 166960K 36 0
ioctlops 0 0K 2K 166960K 55 0
iov 0 0K 20K 166960K 47 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1403 88K 89K 166960K 1702 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 11 0
VM map 2 1K 1K 166960K 2 0
sem 11 1K 1K 166960K 14 0
dirhash 12 2K 2K 166960K 30 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 17 61K 73K 166960K 617 0
sigio 0 0K 0K 166960K 8 0
proc 58 59K 75K 166960K 561 0
subproc 104 6K 7K 166960K 117 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 76 0
in_multi 52 3K 7K 166960K 130 0
ether_multi 1 0K 0K 166960K 4 0
mrt 1 0K 0K 166960K 1 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 73 334K 334K 166960K 73 0
exec 0 0K 1K 166960K 428 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 316 116K 138K 166960K 7518 0
UVM aobj 17 2K 2K 166960K 18 0
pinsyscall 37 74K 100K 166960K 1762 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 57 0
NDP 8 0K 2K 166960K 35 0
temp 58 6807K 6872K 166960K 11415 0
kqueue 12 18K 26K 166960K 85 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 71 0 67 1 0 1 1 0 8 0
rtentry 112 142 0 76 4 0 4 4 0 8 0
unpcb 144 423 0 409 1 0 1 1 0 8 0
syncache 336 13 0 13 1 0 1 1 0 8 1
tcpqe 32 7 0 7 1 0 1 1 0 8 1
tcpcb 808 195 0 183 2 0 2 2 0 8 0
arp 88 25 0 13 1 0 1 1 0 8 0
ipq 40 2 0 1 1 0 1 1 0 8 0
ipqe 40 46 0 45 1 0 1 1 0 8 0
inpcb 360 573 0 554 3 0 3 3 0 8 1
nd6 104 33 0 22 1 0 1 1 0 8 0
pkpcb 40 8 0 8 1 0 1 1 0 8 1
kcovpl 48 9 0 1 1 0 1 1 0 8 0
ppxss 1072 1 0 1 1 0 1 1 0 8 1
ppxss: pool(0xffffffff82dc06b8:ppxss): page inconsistency: page 0x0; at page head addr 0xffff80002a69ff90 (p 0xffff80002a69c000)
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 528 0 257 29 1 28 29 0 8 8
art_table 32 529 0 257 4 0 4 4 0 8 0
art_node 16 140 0 79 1 0 1 1 0 8 0
sysvmsgpl 40 15 0 8 1 0 1 1 0 8 0
semupl 112 4 0 4 1 0 1 1 0 8 1
semapl 112 9 0 0 1 0 1 1 0 8 0
shmpl 112 15 0 1 1 0 1 1 0 8 0
dirhash 1024 29 0 12 3 0 3 3 0 8 0
dirhash: pool(0xffffffff82dbf4f0:dirhash): free list modified: page 0xffff80002a614000; item ordinal 0; addr 0xffff80002a615000 (p 0xfffffd806e358000); offset 0x0=0x0
pool(dirhash): free list modified: page 0xffff80002a614000; item ordinal 0; addr 0xffff80002a615000 (p 0xfffffd806e358000); offset 0x0=0x0
dirhash: pool(0xffffffff82dbf4f0:dirhash): page inconsistency: page 0xffff80002a614000; item ordinal 1; addr 0x4753c57e51d0b6fe
dino2pl 256 2399 0 887 95 0 95 95 0 8 0
ffsino 240 2399 0 887 90 0 90 90 0 8 0
nchpl 144 3404 0 1668 66 0 66 66 0 8 0
uvmvnodes 80 2726 0 0 56 0 56 56 0 8 0
vnodes 216 2726 0 0 152 0 152 152 0 8 0
namei 1024 10947 0 10945 3 0 3 3 0 8 2
namei: pool(0xffffffff82e26e20:namei): free list modified: page 0xffff80002a672000; item ordinal 0; addr 0xffff80002a673800 (p 0xfffffd806ed68000); offset 0x0=0x0
pool(namei): free list modified: page 0xffff80002a672000; item ordinal 0; addr 0xffff80002a673800 (p 0xfffffd806ed68000); offset 0x0=0x0
namei: pool(0xffffffff82e26e20:namei): page inconsistency: page 0xffff80002a672000; item ordinal 1; addr 0x793b64a5286fd786
namei: pool(0xffffffff82e26e20:namei): free list modified: page 0xffff80002a674000; item ordinal 0; addr 0xffff80002a675000 (p 0xfffffd806ed68000); offset 0x0=0x0
pool(namei): free list modified: page 0xffff80002a674000; item ordinal 0; addr 0xffff80002a675000 (p 0xfffffd806ed68000); offset 0x0=0x0
namei: pool(0xffffffff82e26e20:namei): page inconsistency: page 0xffff80002a674000; item ordinal 1; addr 0xc17885e03cd6e777
namei: pool(0xffffffff82e26e20:namei): free list modified: page 0xffff80002a5f6000; item ordinal 0; addr 0xffff80002a5f7800 (p 0xfffffd807f7e4000); offset 0x0=0x0
pool(namei): free list modified: page 0xffff80002a5f6000; item ordinal 0; addr 0xffff80002a5f7800 (p 0xfffffd807f7e4000); offset 0x0=0x0
namei: pool(0xffffffff82e26e20:namei): page inconsistency: page 0xffff80002a5f6000; item ordinal 1; addr 0x599bf2b9b48bf501
vcpupl 2048 3 0 0 1 0 1 1 0 8 0
vmpool 664 5 0 2 1 0 1 1 0 8 0
kstatmem 264 34 0 18 2 0 2 2 0 8 0
scsiplug 72 2 0 2 1 0 1 1 0 8 1
scxspl 216 13978 0 13976 8 0 8 8 1 8 7
plimitpl 152 88 0 73 1 0 1 1 0 8 0
sigapl 424 914 0 869 6 0 6 6 0 8 0
futexpl 64 8802 0 8797 1 0 1 1 0 8 0
knotepl 120 8480 0 8398 11 0 11 11 0 8 8
kqueuepl 184 137 0 126 1 0 1 1 0 8 0
pipepl 288 198 0 169 3 0 3 3 0 8 0
fdescpl 432 897 0 869 4 0 4 4 0 8 0
filepl 120 4644 0 4316 10 0 10 10 0 8 0
lockfpl 104 226 0 219 1 0 1 1 0 8 0
lockfspl 48 71 0 65 1 0 1 1 0 8 0
sessionpl 144 24 0 8 1 0 1 1 0 8 0
pgrppl 48 33 0 17 1 0 1 1 0 8 0
ucredpl 104 552 0 538 1 0 1 1 0 8 0
zombiepl 144 869 0 869 1 0 1 1 0 8 1
processpl 1072 914 0 869 4 0 4 4 0 8 0
procpl 656 1522 0 1449 7 0 7 7 0 8 0
procpl: pool(0xffffffff82db69e0:procpl): page inconsistency: page 0x0; at page head addr 0xffff80002a58df90 (p 0xffff80002a58c000)
procpl: pool(0xffffffff82db69e0:procpl): page inconsistency: page 0x0; at page head addr 0xffff80002a6d1f90 (p 0xffff80002a6d0000)
sosppl 168 6 0 6 1 0 1 1 0 8 1
sockpl 504 1080 0 1042 8 0 8 8 0 8 2
mcl64k 65536 9 0 9 1 0 1 1 0 8 1
mcl16k 16384 15 0 15 1 0 1 1 0 8 1
mcl12k 12288 26 0 26 1 0 1 1 0 8 1
mcl9k 9216 9 0 9 1 0 1 1 0 8 1
mcl8k 8192 33 0 33 1 0 1 1 0 8 1
mcl4k 4096 101 0 101 1 0 1 1 0 8 1
mcl2k2 2112 9 0 9 1 0 1 1 0 8 1
mcl2k 2048 18531 0 18437 35 15 20 35 0 8 6
mtagpl 96 36 0 15 1 0 1 1 0 8 0
mbufpl 256 36974 0 36756 68 43 25 64 0 8 8
bufpl 280 5795 0 192 401 0 401 401 0 8 0
anonpl 24 271831 0 265881 65 0 65 65 0 188 21
amapchunkpl 152 25376 0 24669 40 0 40 40 0 158 7
amappl16 200 7737 0 7616 36 20 16 22 0 8 8
amappl15 192 14 0 14 1 0 1 1 0 8 1
amappl14 184 165 0 152 2 0 2 2 0 8 1
amappl13 176 39 0 39 1 0 1 1 0 8 1
amappl12 168 1532 0 1501 2 0 2 2 0 8 0
amappl11 160 53 0 43 1 0 1 1 0 8 0
amappl10 152 50 0 38 1 0 1 1 0 8 0
amappl9 144 144 0 144 1 0 1 1 0 8 1
amappl8 136 165 0 116 2 0 2 2 0 8 0
amappl7 128 45 0 37 1 0 1 1 0 8 0
amappl6 120 339 0 325 2 0 2 2 0 8 1
amappl5 112 191 0 179 1 0 1 1 0 8 0
amappl4 104 515 0 484 2 0 2 2 0 8 1
amappl3 96 5578 0 5489 3 0 3 3 0 8 0
amappl2 88 1358 0 1284 3 0 3 3 0 8 1
amappl1 80 11341 0 10846 22 3 19 22 0 8 8
amappl 88 6950 0 6737 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 0 1 1 0 8 1
dma128 128 253 0 253 1 0 1 1 0 8 1
dma64 64 6 0 6 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 17 0 1 1 0 1 1 0 8 0
uaddrrnd 24 902 0 871 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 902 0 871 1 0 1 1 0 8 0
vmmpekpl 168 11193 0 11145 3 0 3 3 0 8 0
vmmpepl 168 76830 0 74898 111 0 111 111 0 357 24
vmsppl 344 901 0 871 3 0 3 3 0 8 0
rwobjpl 24 29912 0 26072 24 0 24 24 0 8 0
pdppl 4096 1810 0 1745 107 40 67 69 0 8 2
pvpl 32 586955 0 575116 348 9 339 348 0 265 224
pmappl 216 901 0 871 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 453 0 99 12 0 12 12 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828acd3f) at panic+0x165 sys/kern/subr_prf.c:198
wakeup_n(fffffd807c550b08,ffffffff) at wakeup_n+0x2bd sys/kern/kern_synch.c:547
sd_buf_done(fffffd807cb40e80) at sd_buf_done+0x1fd sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xb1 sys/dev/pv/vioscsi.c:350
intr_handler(ffff800035dbabd0,ffff80000006a080) at intr_handler+0x4f sys/arch/amd64/amd64/intr.c:544
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
softintr_dispatch(0) at softintr_dispatch+0xb4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x27
buf_get(0,0,4000002) at buf_get+0x446 sys/kern/vfs_bio.c:1182
geteblk(4000002) at geteblk+0x3c sys/kern/vfs_bio.c:1058
readdisklabel(e02,ffffffff820a9a00,ffff800000e64a00,0) at readdisklabel+0x14b sys/arch/amd64/amd64/disksubr.c:96
vndopen(e02,811f,6000,ffff80002a6afc58) at vndopen+0x189 sys/dev/vnd.c:204
VOP_OPEN(fffffd805d0701f0,811f,fffffd807f7d74e0,ffff80002a6afc58) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138
vn_open(ffff800035dbb2c8,831f,0) at vn_open+0x4e4 sys/kern/vfs_vnops.c:177
doopenat(ffff80002a6afc58,ffffff9c,20000280,831e,0,ffff800035dbb470) at doopenat+0x269 sys/kern/vfs_syscalls.c:1126
syscall(ffff800035dbb520) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa0f629441a0, count: -19
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff828acd3f) at panic+0x165 sys/kern/subr_prf.c:198
wakeup_n(fffffd807c550b08,ffffffff) at wakeup_n+0x2bd sys/kern/kern_synch.c:547
sd_buf_done(fffffd807cb40e80) at sd_buf_done+0x1fd sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xb1 sys/dev/pv/vioscsi.c:350
intr_handler(ffff800035dbabd0,ffff80000006a080) at intr_handler+0x4f sys/arch/amd64/amd64/intr.c:544
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
softintr_dispatch(0) at softintr_dispatch+0xb4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x27
buf_get(0,0,4000002) at buf_get+0x446 sys/kern/vfs_bio.c:1182
geteblk(4000002) at geteblk+0x3c sys/kern/vfs_bio.c:1058
readdisklabel(e02,ffffffff820a9a00,ffff800000e64a00,0) at readdisklabel+0x14b sys/arch/amd64/amd64/disksubr.c:96
vndopen(e02,811f,6000,ffff80002a6afc58) at vndopen+0x189 sys/dev/vnd.c:204
VOP_OPEN(fffffd805d0701f0,811f,fffffd807f7d74e0,ffff80002a6afc58) at VOP_OPEN+0x70 sys/kern/vfs_vops.c:138
vn_open(ffff800035dbb2c8,831f,0) at vn_open+0x4e4 sys/kern/vfs_vnops.c:177
doopenat(ffff80002a6afc58,ffffff9c,20000280,831e,0,ffff800035dbb470) at doopenat+0x269 sys/kern/vfs_syscalls.c:1126
syscall(ffff800035dbb520) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa0f629441a0, count: -19
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages