panic: wakeup: p_stat is NUM (2)
0 views
Skip to first unread message
syzbot
Feb 13, 2023, 8:07:43 PM2/13/23
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 1e5b016c5082 sync for __syscall removal
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1629b268c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=5c2acb07efae1e68a82a
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/452af0b271ef/disk-1e5b016c.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/5145fa4f4c7c/bsd-1e5b016c.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/992507fc6105/kernel-1e5b016c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5c2acb...@syzkaller.appspotmail.com
panic: wakeup: p_stat is 0
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827ed7c0) at panic+0x161 sys/kern/subr_prf.c:198
wakeup_n(fffffd8069cc23a0,ffffffff) at wakeup_n+0x131 sys/kern/kern_synch.c:549
sd_buf_done(fffffd8075e5b518) at sd_buf_done+0x1f9 sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xa1 sys/dev/pv/vioscsi.c:349
virtio_check_vqs(ffff800000024800) at virtio_check_vqs+0x160 sys/dev/pv/virtio.c:228
intr_handler(ffff80002ce0d5a0,ffff80000006a480) at intr_handler+0x4b sys/arch/amd64/amd64/intr.c:537
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
softintr_dispatch(0) at softintr_dispatch+0xc4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x1f
buf_get(0,0,800ecf0) at buf_get+0x750 sys/kern/vfs_bio.c:1186
geteblk(800ecf0) at geteblk+0x2c sys/kern/vfs_bio.c:1061
readdisklabel(2902,ffffffff81a39c40,ffff800000d3f600,0) at readdisklabel+0x145 sys/arch/amd64/amd64/disksubr.c:96
end trace frame: 0xffff80002ce0da50, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: wakeup: p_stat is 0
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827ed7c0) at panic+0x161 sys/kern/subr_prf.c:198
wakeup_n(fffffd8069cc23a0,ffffffff) at wakeup_n+0x131 sys/kern/kern_synch.c:549
sd_buf_done(fffffd8075e5b518) at sd_buf_done+0x1f9 sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xa1 sys/dev/pv/vioscsi.c:349
virtio_check_vqs(ffff800000024800) at virtio_check_vqs+0x160 sys/dev/pv/virtio.c:228
intr_handler(ffff80002ce0d5a0,ffff80000006a480) at intr_handler+0x4b sys/arch/amd64/amd64/intr.c:537
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
softintr_dispatch(0) at softintr_dispatch+0xc4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x1f
buf_get(0,0,800ecf0) at buf_get+0x750 sys/kern/vfs_bio.c:1186
geteblk(800ecf0) at geteblk+0x2c sys/kern/vfs_bio.c:1061
readdisklabel(2902,ffffffff81a39c40,ffff800000d3f600,0) at readdisklabel+0x145 sys/arch/amd64/amd64/disksubr.c:96
vndopen(2902,1,2000,ffff80002ce4c870) at vndopen+0x17a sys/dev/vnd.c:203
spec_open(ffff80002ce0dad8) at spec_open+0x3df sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806ed77dd8,1,fffffd807f7d7750,ffff80002ce4c870) at VOP_OPEN+0x6c sys/kern/vfs_vops.c:138
vn_open(ffff80002ce0dd28,1,0) at vn_open+0x467 sys/kern/vfs_vnops.c:177
doopenat(ffff80002ce4c870,ffffff9c,200022c0,0,0,ffff80002ce0df00) at doopenat+0x26a sys/kern/vfs_syscalls.c:1127
syscall(ffff80002ce0df80) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb28ebad3e20, count: -21
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002ce0d360
rbx 0
rdx 0xffff800000cd4b80
rcx 0
rax 0xffff80002ce4c870
r8 0x101010101010101
r9 0x8080808080808080
r10 0x5f036e12922b0764
r11 0x8fbc2b31bc42e09e
r12 0
r13 0xffff8000285fb5f0
r14 0
r15 0x1
rip 0xffffffff81a69eb8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002ce0d350
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC () pid=169638 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=46, nice=0
forw=0xffffffffffffffff, list=0xffff80002ce4d098,0xffffffff82cf3498
process=0xffff8000216fc3f0 user=0xffff80002ce09000, vmspace=0xfffffd8069b8f570
estcpu=36, cpticks=8, pctcpu=0.0
user=0, sys=8, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10203 6404K 6865K 78643K 18013 0
pcb 13 12K 14K 78643K 595 0
rtable 182 6K 8K 78643K 788 0
ifaddr 68 19K 21K 78643K 217 0
sysctl 2 0K 1K 78643K 6 0
counters 26 17K 17K 78643K 131 0
ioctlops 0 0K 2K 78643K 1424 0
iov 0 0K 24K 78643K 318 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1400 88K 88K 78643K 6880 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 10 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 324 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 15 53K 69K 78643K 3013 0
sigio 0 0K 0K 78643K 9 0
proc 64 59K 75K 78643K 830 0
subproc 104 6K 6K 78643K 221 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 98 0
in_multi 74 5K 7K 78643K 246 0
ether_multi 1 0K 0K 78643K 10 0
mrt 0 0K 0K 78643K 19 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 103 466K 466K 78643K 103 0
exec 0 0K 1K 78643K 840 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 311 90K 102K 78643K 20735 0
UVM aobj 131 4K 4K 78643K 137 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 220 0
NDP 11 0K 1K 78643K 78 0
temp 124 5770K 5898K 78643K 38031 0
kqueue 12 18K 26K 78643K 246 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 220 0 217 3 2 1 2 0 8 0
rtentry 112 247 0 169 4 0 4 4 0 8 0
unpcb 144 2279 0 2266 26 25 1 6 0 8 0
syncache 296 40 0 40 9 8 1 1 0 8 1
tcpqe 32 82 0 82 5 5 0 1 0 8 0
tcpcb 776 873 0 869 38 37 1 8 0 8 0
arp 88 36 0 22 1 0 1 1 0 8 0
ipq 40 2 0 2 1 1 0 1 0 8 0
ipqe 40 7 0 7 1 1 0 1 0 8 0
inpcb 336 2686 0 2679 66 65 1 18 0 8 0
nd6 48 56 0 38 1 0 1 1 0 8 0
pkpcb 40 6 0 6 1 1 0 1 0 8 0
kcovpl 48 17 0 9 1 0 1 1 0 8 0
ppxss 1160 82 0 82 4 4 0 1 0 8 0
pppxif 1360 76 0 76 4 4 0 1 0 8 0
pfstscr 40 12 0 11 1 0 1 1 0 8 0
pfosfp 40 6 0 4 1 0 1 1 0 8 0
pfosfpen 112 6 0 2 1 0 1 1 0 8 0
pfanchor 1280 34 0 0 3 0 3 3 0 8 0
pfqueue 264 1 0 1 1 0 1 1 0 8 1
pfstitem 24 2 0 0 1 0 1 1 0 8 0
pfstkey 128 24 0 22 1 0 1 1 0 8 0
pfstate 352 12 0 11 1 0 1 1 0 8 0
rttmr 136 3 0 3 1 1 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1154 0 821 42 19 23 30 0 8 0
art_table 32 1155 0 821 4 0 4 4 0 8 0
art_node 16 246 0 179 1 0 1 1 0 8 0
sysvmsgpl 40 42 0 16 1 0 1 1 0 8 0
semapl 112 322 0 312 1 0 1 1 0 8 0
shmpl 112 134 0 6 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dirhash: pool(0xffffffff82bd74a8:dirhash): free list modified: page 0xffff8000216b1000; item ordinal 0; addr 0xffff8000216b1800 (p 0xfffffd806ef9e000); offset 0x0=0x0
pool(dirhash): free list modified: page 0xffff8000216b1000; item ordinal 0; addr 0xffff8000216b1800 (p 0xfffffd806ef9e000); offset 0x0=0x0
dirhash: pool(0xffffffff82bd74a8:dirhash): page inconsistency: page 0xffff8000216b1000; item ordinal 1; addr 0x2694700c0eb77811
dino2pl 256 7228 0 5787 91 0 91 91 0 8 0
ffsino 240 7228 0 5787 85 0 85 85 0 8 0
nchpl 144 11239 0 9613 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 47920 0 47920 4 3 1 3 0 8 1
namei: pool(0xffffffff82c74a18:namei): free list modified: page 0xffff80002165f000; item ordinal 0; addr 0xffff80002165f400 (p 0xfffffd80610c4000); offset 0x0=0x0
pool(namei): free list modified: page 0xffff80002165f000; item ordinal 0; addr 0xffff80002165f400 (p 0xfffffd80610c4000); offset 0x0=0x0
namei: pool(0xffffffff82c74a18:namei): page inconsistency: page 0xffff80002165f000; item ordinal 1; addr 0xb91aa6fad2b38875
vmpool 664 9 0 9 2 2 0 1 0 8 0
kstatmem 264 80 0 58 2 0 2 2 0 8 0
scxspl 216 26778 0 26777 15 14 1 8 0 8 0
plimitpl 152 403 0 388 1 0 1 1 0 8 0
sigapl 424 3309 0 3245 8 0 8 8 0 8 0
futexpl 64 32975 0 32970 2 1 1 1 0 8 0
knotepl 120 31297 0 31217 28 25 3 10 0 8 0
kqueuepl 184 495 0 487 9 8 1 4 0 8 0
pipepl 288 838 0 810 17 14 3 7 0 8 0
fdescpl 432 3271 0 3245 4 0 4 4 0 8 0
filepl 120 31313 0 31077 57 49 8 16 0 8 0
lockfpl 104 1111 0 1109 3 2 1 2 0 8 0
lockfspl 48 250 0 248 1 0 1 1 0 8 0
sessionpl 144 33 0 17 1 0 1 1 0 8 0
pgrppl 48 71 0 55 1 0 1 1 0 8 0
ucredpl 104 10360 0 10349 1 0 1 1 0 8 0
zombiepl 144 3245 0 3245 1 0 1 1 0 8 1
processpl 1008 3309 0 3245 10 1 9 9 0 8 0
processpl: pool(0xffffffff82cf3698:processpl): page inconsistency: page 0x0; at page head addr 0xffff8000216eff90 (p 0xffff8000216ee000)
processpl: pool(0xffffffff82cf3698:processpl): page inconsistency: page 0x0; at page head addr 0xffff8000216fdf90 (p 0xffff8000216fc000)
procpl 696 7712 0 7628 12 3 9 10 0 8 0
procpl: pool(0xffffffff82cf34f0:procpl): page inconsistency: page 0x0; at page head addr 0xffff80002170df90 (p 0xffff80002170c000)
procpl: pool(0xffffffff82cf34f0:procpl): page inconsistency: page 0x0; at page head addr 0xffff8000216ddf90 (p 0xffff8000216dc000)
sosppl 168 46 0 46 8 8 0 1 0 8 0
sockpl 456 5196 0 5173 173 169 4 29 0 8 1
mcl64k 65536 333 0 333 2 1 1 1 0 8 1
mcl16k 16384 95 0 95 8 8 0 1 0 8 0
mcl12k 12288 203 0 203 7 6 1 1 0 8 1
mcl9k 9216 119 0 119 9 8 1 1 0 8 1
mcl8k 8192 187 0 187 7 7 0 1 0 8 0
mcl4k 4096 287 0 287 4 3 1 1 0 8 1
mcl2k2 2112 21 0 21 12 12 0 1 0 8 0
mcl2k 2048 81872 0 81800 26 15 11 22 0 8 0
mtagpl 96 168 0 78 4 1 3 3 0 8 0
mbufpl 256 158909 0 158608 99 77 22 69 0 8 0
bufpl 288 8338 0 1944 457 0 457 457 0 8 0
anonpl 24 683396 0 667149 162 52 110 153 0 188 0
amapchunkpl 152 58678 0 57994 48 18 30 37 0 158 0
amappl16 200 9038 0 8491 84 54 30 53 0 8 0
amappl15 192 39 0 37 1 0 1 1 0 8 0
amappl14 184 202 0 186 2 0 2 2 0 8 0
amappl13 176 11 0 10 1 0 1 1 0 8 0
amappl12 168 509 0 507 1 0 1 1 0 8 0
amappl11 160 50 0 39 1 0 1 1 0 8 0
amappl10 152 66 0 54 1 0 1 1 0 8 0
amappl9 144 965 0 963 1 0 1 1 0 8 0
amappl8 136 229 0 163 3 0 3 3 0 8 0
amappl7 128 338 0 316 2 0 2 2 0 8 0
amappl6 120 209 0 197 2 1 1 2 0 8 0
amappl5 112 201 0 193 1 0 1 1 0 8 0
amappl4 104 587 0 563 2 1 1 2 0 8 0
amappl3 96 8802 0 8755 2 0 2 2 0 8 0
amappl2 88 3723 0 3654 3 1 2 3 0 8 0
amappl1 80 75262 0 74562 27 11 16 26 0 8 0
amappl 88 20097 0 19917 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 136 0 6 3 0 3 3 0 8 0
uaddrrnd 24 3280 0 3254 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3280 0 3254 1 0 1 1 0 8 0
vmmpekpl 168 29442 0 29390 3 0 3 3 0 8 0
vmmpepl 168 305488 0 302868 236 110 126 159 0 357 1
vmsppl 344 3279 0 3254 3 0 3 3 0 8 0
rwobjpl 24 87381 0 79689 48 1 47 48 0 8 0
pdppl 4096 6566 0 6508 255 191 64 66 0 8 6
pvpl 32 1351937 0 1330384 364 175 189 359 0 265 0
pmappl 216 3279 0 3254 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1174 0 409 23 0 23 23 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827ed7c0) at panic+0x161 sys/kern/subr_prf.c:198
wakeup_n(fffffd8069cc23a0,ffffffff) at wakeup_n+0x131 sys/kern/kern_synch.c:549
sd_buf_done(fffffd8075e5b518) at sd_buf_done+0x1f9 sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xa1 sys/dev/pv/vioscsi.c:349
virtio_check_vqs(ffff800000024800) at virtio_check_vqs+0x160 sys/dev/pv/virtio.c:228
intr_handler(ffff80002ce0d5a0,ffff80000006a480) at intr_handler+0x4b sys/arch/amd64/amd64/intr.c:537
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
softintr_dispatch(0) at softintr_dispatch+0xc4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x1f
buf_get(0,0,800ecf0) at buf_get+0x750 sys/kern/vfs_bio.c:1186
geteblk(800ecf0) at geteblk+0x2c sys/kern/vfs_bio.c:1061
readdisklabel(2902,ffffffff81a39c40,ffff800000d3f600,0) at readdisklabel+0x145 sys/arch/amd64/amd64/disksubr.c:96
vndopen(2902,1,2000,ffff80002ce4c870) at vndopen+0x17a sys/dev/vnd.c:203
spec_open(ffff80002ce0dad8) at spec_open+0x3df sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806ed77dd8,1,fffffd807f7d7750,ffff80002ce4c870) at VOP_OPEN+0x6c sys/kern/vfs_vops.c:138
vn_open(ffff80002ce0dd28,1,0) at vn_open+0x467 sys/kern/vfs_vnops.c:177
doopenat(ffff80002ce4c870,ffffff9c,200022c0,0,0,ffff80002ce0df00) at doopenat+0x26a sys/kern/vfs_syscalls.c:1127
syscall(ffff80002ce0df80) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb28ebad3e20, count: -21
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827ed7c0) at panic+0x161 sys/kern/subr_prf.c:198
wakeup_n(fffffd8069cc23a0,ffffffff) at wakeup_n+0x131 sys/kern/kern_synch.c:549
sd_buf_done(fffffd8075e5b518) at sd_buf_done+0x1f9 sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xa1 sys/dev/pv/vioscsi.c:349
virtio_check_vqs(ffff800000024800) at virtio_check_vqs+0x160 sys/dev/pv/virtio.c:228
intr_handler(ffff80002ce0d5a0,ffff80000006a480) at intr_handler+0x4b sys/arch/amd64/amd64/intr.c:537
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
softintr_dispatch(0) at softintr_dispatch+0xc4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x1f
buf_get(0,0,800ecf0) at buf_get+0x750 sys/kern/vfs_bio.c:1186
geteblk(800ecf0) at geteblk+0x2c sys/kern/vfs_bio.c:1061
readdisklabel(2902,ffffffff81a39c40,ffff800000d3f600,0) at readdisklabel+0x145 sys/arch/amd64/amd64/disksubr.c:96
vndopen(2902,1,2000,ffff80002ce4c870) at vndopen+0x17a sys/dev/vnd.c:203
spec_open(ffff80002ce0dad8) at spec_open+0x3df sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806ed77dd8,1,fffffd807f7d7750,ffff80002ce4c870) at VOP_OPEN+0x6c sys/kern/vfs_vops.c:138
vn_open(ffff80002ce0dd28,1,0) at vn_open+0x467 sys/kern/vfs_vnops.c:177
doopenat(ffff80002ce4c870,ffffff9c,200022c0,0,0,ffff80002ce0df00) at doopenat+0x26a sys/kern/vfs_syscalls.c:1127
syscall(ffff80002ce0df80) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb28ebad3e20, count: -21
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 1e5b016c5082 sync for __syscall removal
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1629b268c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=5c2acb07efae1e68a82a
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/452af0b271ef/disk-1e5b016c.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/5145fa4f4c7c/bsd-1e5b016c.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/992507fc6105/kernel-1e5b016c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5c2acb...@syzkaller.appspotmail.com
panic: wakeup: p_stat is 0
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827ed7c0) at panic+0x161 sys/kern/subr_prf.c:198
wakeup_n(fffffd8069cc23a0,ffffffff) at wakeup_n+0x131 sys/kern/kern_synch.c:549
sd_buf_done(fffffd8075e5b518) at sd_buf_done+0x1f9 sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xa1 sys/dev/pv/vioscsi.c:349
virtio_check_vqs(ffff800000024800) at virtio_check_vqs+0x160 sys/dev/pv/virtio.c:228
intr_handler(ffff80002ce0d5a0,ffff80000006a480) at intr_handler+0x4b sys/arch/amd64/amd64/intr.c:537
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
softintr_dispatch(0) at softintr_dispatch+0xc4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x1f
buf_get(0,0,800ecf0) at buf_get+0x750 sys/kern/vfs_bio.c:1186
geteblk(800ecf0) at geteblk+0x2c sys/kern/vfs_bio.c:1061
readdisklabel(2902,ffffffff81a39c40,ffff800000d3f600,0) at readdisklabel+0x145 sys/arch/amd64/amd64/disksubr.c:96
end trace frame: 0xffff80002ce0da50, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: wakeup: p_stat is 0
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827ed7c0) at panic+0x161 sys/kern/subr_prf.c:198
wakeup_n(fffffd8069cc23a0,ffffffff) at wakeup_n+0x131 sys/kern/kern_synch.c:549
sd_buf_done(fffffd8075e5b518) at sd_buf_done+0x1f9 sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xa1 sys/dev/pv/vioscsi.c:349
virtio_check_vqs(ffff800000024800) at virtio_check_vqs+0x160 sys/dev/pv/virtio.c:228
intr_handler(ffff80002ce0d5a0,ffff80000006a480) at intr_handler+0x4b sys/arch/amd64/amd64/intr.c:537
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
softintr_dispatch(0) at softintr_dispatch+0xc4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x1f
buf_get(0,0,800ecf0) at buf_get+0x750 sys/kern/vfs_bio.c:1186
geteblk(800ecf0) at geteblk+0x2c sys/kern/vfs_bio.c:1061
readdisklabel(2902,ffffffff81a39c40,ffff800000d3f600,0) at readdisklabel+0x145 sys/arch/amd64/amd64/disksubr.c:96
vndopen(2902,1,2000,ffff80002ce4c870) at vndopen+0x17a sys/dev/vnd.c:203
spec_open(ffff80002ce0dad8) at spec_open+0x3df sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806ed77dd8,1,fffffd807f7d7750,ffff80002ce4c870) at VOP_OPEN+0x6c sys/kern/vfs_vops.c:138
vn_open(ffff80002ce0dd28,1,0) at vn_open+0x467 sys/kern/vfs_vnops.c:177
doopenat(ffff80002ce4c870,ffffff9c,200022c0,0,0,ffff80002ce0df00) at doopenat+0x26a sys/kern/vfs_syscalls.c:1127
syscall(ffff80002ce0df80) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb28ebad3e20, count: -21
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002ce0d360
rbx 0
rdx 0xffff800000cd4b80
rcx 0
rax 0xffff80002ce4c870
r8 0x101010101010101
r9 0x8080808080808080
r10 0x5f036e12922b0764
r11 0x8fbc2b31bc42e09e
r12 0
r13 0xffff8000285fb5f0
r14 0
r15 0x1
rip 0xffffffff81a69eb8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002ce0d350
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC () pid=169638 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=32, usrpri=46, nice=0
forw=0xffffffffffffffff, list=0xffff80002ce4d098,0xffffffff82cf3498
process=0xffff8000216fc3f0 user=0xffff80002ce09000, vmspace=0xfffffd8069b8f570
estcpu=36, cpticks=8, pctcpu=0.0
user=0, sys=8, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10203 6404K 6865K 78643K 18013 0
pcb 13 12K 14K 78643K 595 0
rtable 182 6K 8K 78643K 788 0
ifaddr 68 19K 21K 78643K 217 0
sysctl 2 0K 1K 78643K 6 0
counters 26 17K 17K 78643K 131 0
ioctlops 0 0K 2K 78643K 1424 0
iov 0 0K 24K 78643K 318 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1400 88K 88K 78643K 6880 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 10 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 324 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 15 53K 69K 78643K 3013 0
sigio 0 0K 0K 78643K 9 0
proc 64 59K 75K 78643K 830 0
subproc 104 6K 6K 78643K 221 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 98 0
in_multi 74 5K 7K 78643K 246 0
ether_multi 1 0K 0K 78643K 10 0
mrt 0 0K 0K 78643K 19 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 103 466K 466K 78643K 103 0
exec 0 0K 1K 78643K 840 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 311 90K 102K 78643K 20735 0
UVM aobj 131 4K 4K 78643K 137 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 220 0
NDP 11 0K 1K 78643K 78 0
temp 124 5770K 5898K 78643K 38031 0
kqueue 12 18K 26K 78643K 246 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 220 0 217 3 2 1 2 0 8 0
rtentry 112 247 0 169 4 0 4 4 0 8 0
unpcb 144 2279 0 2266 26 25 1 6 0 8 0
syncache 296 40 0 40 9 8 1 1 0 8 1
tcpqe 32 82 0 82 5 5 0 1 0 8 0
tcpcb 776 873 0 869 38 37 1 8 0 8 0
arp 88 36 0 22 1 0 1 1 0 8 0
ipq 40 2 0 2 1 1 0 1 0 8 0
ipqe 40 7 0 7 1 1 0 1 0 8 0
inpcb 336 2686 0 2679 66 65 1 18 0 8 0
nd6 48 56 0 38 1 0 1 1 0 8 0
pkpcb 40 6 0 6 1 1 0 1 0 8 0
kcovpl 48 17 0 9 1 0 1 1 0 8 0
ppxss 1160 82 0 82 4 4 0 1 0 8 0
pppxif 1360 76 0 76 4 4 0 1 0 8 0
pfstscr 40 12 0 11 1 0 1 1 0 8 0
pfosfp 40 6 0 4 1 0 1 1 0 8 0
pfosfpen 112 6 0 2 1 0 1 1 0 8 0
pfanchor 1280 34 0 0 3 0 3 3 0 8 0
pfqueue 264 1 0 1 1 0 1 1 0 8 1
pfstitem 24 2 0 0 1 0 1 1 0 8 0
pfstkey 128 24 0 22 1 0 1 1 0 8 0
pfstate 352 12 0 11 1 0 1 1 0 8 0
rttmr 136 3 0 3 1 1 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1154 0 821 42 19 23 30 0 8 0
art_table 32 1155 0 821 4 0 4 4 0 8 0
art_node 16 246 0 179 1 0 1 1 0 8 0
sysvmsgpl 40 42 0 16 1 0 1 1 0 8 0
semapl 112 322 0 312 1 0 1 1 0 8 0
shmpl 112 134 0 6 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dirhash: pool(0xffffffff82bd74a8:dirhash): free list modified: page 0xffff8000216b1000; item ordinal 0; addr 0xffff8000216b1800 (p 0xfffffd806ef9e000); offset 0x0=0x0
pool(dirhash): free list modified: page 0xffff8000216b1000; item ordinal 0; addr 0xffff8000216b1800 (p 0xfffffd806ef9e000); offset 0x0=0x0
dirhash: pool(0xffffffff82bd74a8:dirhash): page inconsistency: page 0xffff8000216b1000; item ordinal 1; addr 0x2694700c0eb77811
dino2pl 256 7228 0 5787 91 0 91 91 0 8 0
ffsino 240 7228 0 5787 85 0 85 85 0 8 0
nchpl 144 11239 0 9613 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 216 5926 0 0 330 0 330 330 0 8 0
namei 1024 47920 0 47920 4 3 1 3 0 8 1
namei: pool(0xffffffff82c74a18:namei): free list modified: page 0xffff80002165f000; item ordinal 0; addr 0xffff80002165f400 (p 0xfffffd80610c4000); offset 0x0=0x0
pool(namei): free list modified: page 0xffff80002165f000; item ordinal 0; addr 0xffff80002165f400 (p 0xfffffd80610c4000); offset 0x0=0x0
namei: pool(0xffffffff82c74a18:namei): page inconsistency: page 0xffff80002165f000; item ordinal 1; addr 0xb91aa6fad2b38875
vmpool 664 9 0 9 2 2 0 1 0 8 0
kstatmem 264 80 0 58 2 0 2 2 0 8 0
scxspl 216 26778 0 26777 15 14 1 8 0 8 0
plimitpl 152 403 0 388 1 0 1 1 0 8 0
sigapl 424 3309 0 3245 8 0 8 8 0 8 0
futexpl 64 32975 0 32970 2 1 1 1 0 8 0
knotepl 120 31297 0 31217 28 25 3 10 0 8 0
kqueuepl 184 495 0 487 9 8 1 4 0 8 0
pipepl 288 838 0 810 17 14 3 7 0 8 0
fdescpl 432 3271 0 3245 4 0 4 4 0 8 0
filepl 120 31313 0 31077 57 49 8 16 0 8 0
lockfpl 104 1111 0 1109 3 2 1 2 0 8 0
lockfspl 48 250 0 248 1 0 1 1 0 8 0
sessionpl 144 33 0 17 1 0 1 1 0 8 0
pgrppl 48 71 0 55 1 0 1 1 0 8 0
ucredpl 104 10360 0 10349 1 0 1 1 0 8 0
zombiepl 144 3245 0 3245 1 0 1 1 0 8 1
processpl 1008 3309 0 3245 10 1 9 9 0 8 0
processpl: pool(0xffffffff82cf3698:processpl): page inconsistency: page 0x0; at page head addr 0xffff8000216eff90 (p 0xffff8000216ee000)
processpl: pool(0xffffffff82cf3698:processpl): page inconsistency: page 0x0; at page head addr 0xffff8000216fdf90 (p 0xffff8000216fc000)
procpl 696 7712 0 7628 12 3 9 10 0 8 0
procpl: pool(0xffffffff82cf34f0:procpl): page inconsistency: page 0x0; at page head addr 0xffff80002170df90 (p 0xffff80002170c000)
procpl: pool(0xffffffff82cf34f0:procpl): page inconsistency: page 0x0; at page head addr 0xffff8000216ddf90 (p 0xffff8000216dc000)
sosppl 168 46 0 46 8 8 0 1 0 8 0
sockpl 456 5196 0 5173 173 169 4 29 0 8 1
mcl64k 65536 333 0 333 2 1 1 1 0 8 1
mcl16k 16384 95 0 95 8 8 0 1 0 8 0
mcl12k 12288 203 0 203 7 6 1 1 0 8 1
mcl9k 9216 119 0 119 9 8 1 1 0 8 1
mcl8k 8192 187 0 187 7 7 0 1 0 8 0
mcl4k 4096 287 0 287 4 3 1 1 0 8 1
mcl2k2 2112 21 0 21 12 12 0 1 0 8 0
mcl2k 2048 81872 0 81800 26 15 11 22 0 8 0
mtagpl 96 168 0 78 4 1 3 3 0 8 0
mbufpl 256 158909 0 158608 99 77 22 69 0 8 0
bufpl 288 8338 0 1944 457 0 457 457 0 8 0
anonpl 24 683396 0 667149 162 52 110 153 0 188 0
amapchunkpl 152 58678 0 57994 48 18 30 37 0 158 0
amappl16 200 9038 0 8491 84 54 30 53 0 8 0
amappl15 192 39 0 37 1 0 1 1 0 8 0
amappl14 184 202 0 186 2 0 2 2 0 8 0
amappl13 176 11 0 10 1 0 1 1 0 8 0
amappl12 168 509 0 507 1 0 1 1 0 8 0
amappl11 160 50 0 39 1 0 1 1 0 8 0
amappl10 152 66 0 54 1 0 1 1 0 8 0
amappl9 144 965 0 963 1 0 1 1 0 8 0
amappl8 136 229 0 163 3 0 3 3 0 8 0
amappl7 128 338 0 316 2 0 2 2 0 8 0
amappl6 120 209 0 197 2 1 1 2 0 8 0
amappl5 112 201 0 193 1 0 1 1 0 8 0
amappl4 104 587 0 563 2 1 1 2 0 8 0
amappl3 96 8802 0 8755 2 0 2 2 0 8 0
amappl2 88 3723 0 3654 3 1 2 3 0 8 0
amappl1 80 75262 0 74562 27 11 16 26 0 8 0
amappl 88 20097 0 19917 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 136 0 6 3 0 3 3 0 8 0
uaddrrnd 24 3280 0 3254 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3280 0 3254 1 0 1 1 0 8 0
vmmpekpl 168 29442 0 29390 3 0 3 3 0 8 0
vmmpepl 168 305488 0 302868 236 110 126 159 0 357 1
vmsppl 344 3279 0 3254 3 0 3 3 0 8 0
rwobjpl 24 87381 0 79689 48 1 47 48 0 8 0
pdppl 4096 6566 0 6508 255 191 64 66 0 8 6
pvpl 32 1351937 0 1330384 364 175 189 359 0 265 0
pmappl 216 3279 0 3254 2 0 2 2 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1174 0 409 23 0 23 23 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827ed7c0) at panic+0x161 sys/kern/subr_prf.c:198
wakeup_n(fffffd8069cc23a0,ffffffff) at wakeup_n+0x131 sys/kern/kern_synch.c:549
sd_buf_done(fffffd8075e5b518) at sd_buf_done+0x1f9 sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xa1 sys/dev/pv/vioscsi.c:349
virtio_check_vqs(ffff800000024800) at virtio_check_vqs+0x160 sys/dev/pv/virtio.c:228
intr_handler(ffff80002ce0d5a0,ffff80000006a480) at intr_handler+0x4b sys/arch/amd64/amd64/intr.c:537
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
softintr_dispatch(0) at softintr_dispatch+0xc4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x1f
buf_get(0,0,800ecf0) at buf_get+0x750 sys/kern/vfs_bio.c:1186
geteblk(800ecf0) at geteblk+0x2c sys/kern/vfs_bio.c:1061
readdisklabel(2902,ffffffff81a39c40,ffff800000d3f600,0) at readdisklabel+0x145 sys/arch/amd64/amd64/disksubr.c:96
vndopen(2902,1,2000,ffff80002ce4c870) at vndopen+0x17a sys/dev/vnd.c:203
spec_open(ffff80002ce0dad8) at spec_open+0x3df sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806ed77dd8,1,fffffd807f7d7750,ffff80002ce4c870) at VOP_OPEN+0x6c sys/kern/vfs_vops.c:138
vn_open(ffff80002ce0dd28,1,0) at vn_open+0x467 sys/kern/vfs_vnops.c:177
doopenat(ffff80002ce4c870,ffffff9c,200022c0,0,0,ffff80002ce0df00) at doopenat+0x26a sys/kern/vfs_syscalls.c:1127
syscall(ffff80002ce0df80) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb28ebad3e20, count: -21
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff827ed7c0) at panic+0x161 sys/kern/subr_prf.c:198
wakeup_n(fffffd8069cc23a0,ffffffff) at wakeup_n+0x131 sys/kern/kern_synch.c:549
sd_buf_done(fffffd8075e5b518) at sd_buf_done+0x1f9 sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2228) at vioscsi_vq_done+0xa1 sys/dev/pv/vioscsi.c:349
virtio_check_vqs(ffff800000024800) at virtio_check_vqs+0x160 sys/dev/pv/virtio.c:228
intr_handler(ffff80002ce0d5a0,ffff80000006a480) at intr_handler+0x4b sys/arch/amd64/amd64/intr.c:537
Xintr_ioapic_edge21_untramp() at Xintr_ioapic_edge21_untramp+0x18f
Xspllower() at Xspllower+0x19
softintr_dispatch(0) at softintr_dispatch+0xc4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x1f
buf_get(0,0,800ecf0) at buf_get+0x750 sys/kern/vfs_bio.c:1186
geteblk(800ecf0) at geteblk+0x2c sys/kern/vfs_bio.c:1061
readdisklabel(2902,ffffffff81a39c40,ffff800000d3f600,0) at readdisklabel+0x145 sys/arch/amd64/amd64/disksubr.c:96
vndopen(2902,1,2000,ffff80002ce4c870) at vndopen+0x17a sys/dev/vnd.c:203
spec_open(ffff80002ce0dad8) at spec_open+0x3df sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806ed77dd8,1,fffffd807f7d7750,ffff80002ce4c870) at VOP_OPEN+0x6c sys/kern/vfs_vops.c:138
vn_open(ffff80002ce0dd28,1,0) at vn_open+0x467 sys/kern/vfs_vnops.c:177
doopenat(ffff80002ce4c870,ffffff9c,200022c0,0,0,ffff80002ce0df00) at doopenat+0x26a sys/kern/vfs_syscalls.c:1127
syscall(ffff80002ce0df80) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:625
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xb28ebad3e20, count: -21
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jul 9, 2023, 11:42:53 PM7/9/23
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages