assert "to->to_kclock == KCLOCK_UPTIME" failed in kern_timeout.c (2)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit: 758370f9b4b9 Mark code parameter of codepatch_replace() co..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13398f5ea80000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=0740a2ca38a15cc8f319

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/aedd9e0e8074/disk-758370f9.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/2c86f5ae368d/bsd-758370f9.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1739aa757bde/kernel-758370f9.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0740a2...@syzkaller.appspotmail.com

panic: kernel diagnostic assertion "to->to_kclock == KCLOCK_UPTIME" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_timeout.c", line 502
Stopped at db_enter+0x1c: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 59775 74047 0 0x2000 0x4080000 0K syz-executor.6
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8279ae1e) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff82818433,ffffffff8285eb92,1f6,ffffffff827ed6bb) at __assert+0x29 sys/kern/subr_prf.c:157
timeout_bucket(fffffd8069454e78) at timeout_bucket+0x1f4 sys/kern/kern_timeout.c:505
softclock_process_kclock_timeout(fffffd8069454e78,0) at softclock_process_kclock_timeout+0xe9 sys/kern/kern_timeout.c:655
softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:716
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
ttyinput(0,ffff800000ce0200) at ttyinput+0x896 sys/kern/tty.c:327
ptcwrite(601,ffff80002afb9c10,1) at ptcwrite+0x28a sys/kern/tty_pty.c:566
spec_write(ffff80002afb99f0) at spec_write+0xd9 sys/kern/spec_vnops.c:302
VOP_WRITE(fffffd806e0fb210,ffff80002afb9c10,1,fffffd807f7d7680) at VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
vn_write(fffffd80663d0b68,ffff80002afb9c10,0) at vn_write+0x15b sys/kern/vfs_vnops.c:408
dofilewritev(ffff800021296030,5,ffff80002afb9c10,0,ffff80002afb9d00) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
end trace frame: 0xffff80002afb9ca0, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "to->to_kclock == KCLOCK_UPTIME" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_timeout.c", line 502
ddb{0}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8279ae1e) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff82818433,ffffffff8285eb92,1f6,ffffffff827ed6bb) at __assert+0x29 sys/kern/subr_prf.c:157
timeout_bucket(fffffd8069454e78) at timeout_bucket+0x1f4 sys/kern/kern_timeout.c:505
softclock_process_kclock_timeout(fffffd8069454e78,0) at softclock_process_kclock_timeout+0xe9 sys/kern/kern_timeout.c:655
softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:716
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
ttyinput(0,ffff800000ce0200) at ttyinput+0x896 sys/kern/tty.c:327
ptcwrite(601,ffff80002afb9c10,1) at ptcwrite+0x28a sys/kern/tty_pty.c:566
spec_write(ffff80002afb99f0) at spec_write+0xd9 sys/kern/spec_vnops.c:302
VOP_WRITE(fffffd806e0fb210,ffff80002afb9c10,1,fffffd807f7d7680) at VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
vn_write(fffffd80663d0b68,ffff80002afb9c10,0) at vn_write+0x15b sys/kern/vfs_vnops.c:408
dofilewritev(ffff800021296030,5,ffff80002afb9c10,0,ffff80002afb9d00) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
sys_writev(ffff800021296030,ffff80002afb9cb0,ffff80002afb9d00) at sys_writev+0xab sys/kern/sys_generic.c:322
syscall(ffff80002afb9d80) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002afb9d80) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x31336e9f300, count: -17
ddb{0}> show registers
rdi 0
rsi 0x1
rbp 0xffff80002afb94a0
rbx 0xffffffff82c1ab8f cpu_info_full_primary+0x2b8f
rdx 0
rcx 0xffff800021296030
rax 0xffffffff82c19ff0 cpu_info_full_primary+0x1ff0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xa228b39f9207cdf2
r11 0xccec418323658889
r12 0xffffffff82c1a990 cpu_info_full_primary+0x2990
r13 0
r14 0
r15 0x1
rip 0xffffffff812779ec db_enter+0x1c
cs 0x8
rflags 0x246
rsp 0xffff80002afb9490
ss 0x10
db_enter+0x1c: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.6) pid=59775 stat=onproc
flags process=2000<SINGLEUNWIND> proc=4080000<SUSPSINGLE,THREAD>
pri=86, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff800021297080,0xffffffff82c553f0
process=0xffff8000212a6e28 user=0xffff80002afb4000, vmspace=0xfffffd8069a7f758
estcpu=36, cpticks=90, pctcpu=9.66
user=0, sys=19, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
74047 514999 13716 0 4 0x82000 syz-executor.6
74047 63692 13716 0 3 0x4002000 suspend syz-executor.6
*74047 59775 13716 0 7 0x4082000 syz-executor.6
18782 338436 0 0 3 0x14200 acct acct
96185 380629 91460 0 3 0x82 piperd syz-executor.1
93926 282203 91460 0 3 0x82 piperd syz-executor.2
44159 26010 91460 0 3 0x82 piperd syz-executor.5
10158 381831 1 0 3 0x100083 ttyin getty
59233 199867 91460 0 3 0x82 piperd syz-executor.0
92941 518440 91460 0 3 0x82 piperd syz-executor.3
13716 130415 91460 0 3 0x82 wait syz-executor.6
63983 219009 91460 0 3 0x82 piperd syz-executor.7
88753 153700 91460 0 3 0x82 piperd syz-executor.4
78901 196860 0 0 3 0x14200 bored sosplice
91460 124899 90920 0 3 0x82 wait syz-fuzzer
91460 243895 90920 0 3 0x4000082 thrsleep syz-fuzzer
91460 187294 90920 0 3 0x4000082 thrsleep syz-fuzzer
91460 491401 90920 0 3 0x4000082 wait syz-fuzzer
91460 232984 90920 0 3 0x4000082 wait syz-fuzzer
91460 517113 90920 0 3 0x4000082 wait syz-fuzzer
91460 161441 90920 0 3 0x4000082 wait syz-fuzzer
91460 188444 90920 0 3 0x4000082 thrsleep syz-fuzzer
91460 385006 90920 0 3 0x4000082 thrsleep syz-fuzzer
91460 498091 90920 0 3 0x4000082 wait syz-fuzzer
91460 87556 90920 0 3 0x4000082 thrsleep syz-fuzzer
91460 152806 90920 0 3 0x4000082 thrsleep syz-fuzzer
91460 245837 90920 0 3 0x4000082 thrsleep syz-fuzzer
91460 169793 90920 0 3 0x4000082 kqread syz-fuzzer
91460 462784 90920 0 3 0x4000082 wait syz-fuzzer
91460 482551 90920 0 3 0x4000082 wait syz-fuzzer
90920 13815 17926 0 3 0x10008a sigsusp ksh
17926 278007 69639 0 3 0x9a kqread sshd
69639 336635 1 0 3 0x88 kqread sshd
55535 362240 81990 74 3 0x1100092 bpf pflogd
81990 157336 1 0 3 0x80 netio pflogd
46005 213673 52181 73 3 0x1100090 kqread syslogd
52181 21146 1 0 3 0x100082 netio syslogd
62066 259015 1 0 3 0x100080 kqread resolvd
76899 286895 21544 77 3 0x100092 kqread dhcpleased
52096 27759 21544 77 3 0x100092 kqread dhcpleased
21544 500115 1 0 3 0x80 kqread dhcpleased
2778 268478 0 0 3 0x14200 bored smr
16304 486951 0 0 3 0x14200 pgzero zerothread
23055 398191 0 0 3 0x14200 aiodoned aiodoned
94037 9257 0 0 3 0x14200 syncer update
4793 179858 0 0 3 0x14200 cleaner cleaner
69085 193239 0 0 3 0x14200 reaper reaper
11857 460903 0 0 3 0x14200 pgdaemon pagedaemon
30851 168525 0 0 3 0x14200 bored viomb
31606 442779 0 0 3 0x40014200 acpi0 acpi0
3721 244024 0 0 7 0x40014200 idle1
94418 257466 0 0 3 0x14200 bored softnet3
32120 480015 0 0 3 0x14200 bored softnet2
12162 127431 0 0 3 0x14200 bored softnet1
51464 481923 0 0 3 0x14200 bored softnet0
59426 419152 0 0 3 0x14200 bored systqmp
45462 63497 0 0 3 0x14200 bored systq
98729 77707 0 0 2 0x40014200 softclock
30971 30857 0 0 3 0x40014200 idle0
1 420277 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
CPU 0:
exclusive mutex /syzkaller/managers/multicore/kernel/sys/kern/kern_timeout.c:57 r = 0 (0xffffffff82bfe4f0)
#0 witness_lock+0x447
#1 mtx_enter_try+0x104
#2 mtx_enter+0x4f sys/kern/kern_lock.c:266
#3 softclock+0x31 sys/kern/kern_timeout.c:707
#4 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
#5 Xsoftclock+0x27
#6 ttyinput+0x896 sys/kern/tty.c:327
#7 ptcwrite+0x28a sys/kern/tty_pty.c:566
#8 spec_write+0xd9 sys/kern/spec_vnops.c:302
#9 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#10 vn_write+0x15b sys/kern/vfs_vnops.c:408
#11 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#12 sys_writev+0xab sys/kern/sys_generic.c:322
#13 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#13 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#14 Xsyscall+0x128
Process 74047 (syz-executor.6) thread 0xffff800021296030 (59775)
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82c53a70)
#0 witness_lock+0x447
#1 __mp_acquire_count+0x48 sys/kern/kern_lock.c:227
#2 mi_switch+0x440 sys/kern/sched_bsd.c:420
#3 preempt+0x5b sys/kern/sched_bsd.c:300
#4 uiomove+0x1b4 sys/kern/kern_subr.c:140
#5 ptcwrite+0x154 sys/kern/tty_pty.c:550
#6 spec_write+0xd9 sys/kern/spec_vnops.c:302
#7 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#8 vn_write+0x15b sys/kern/vfs_vnops.c:408
#9 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#10 sys_writev+0xab sys/kern/sys_generic.c:322
#11 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#11 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#12 Xsyscall+0x128
exclusive mutex /syzkaller/managers/multicore/kernel/sys/kern/kern_timeout.c:57 r = 0 (0xffffffff82bfe4f0)
#0 witness_lock+0x447
#1 mtx_enter_try+0x104
#2 mtx_enter+0x4f sys/kern/kern_lock.c:266
#3 softclock+0x31 sys/kern/kern_timeout.c:707
#4 softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
#5 Xsoftclock+0x27
#6 ttyinput+0x896 sys/kern/tty.c:327
#7 ptcwrite+0x28a sys/kern/tty_pty.c:566
#8 spec_write+0xd9 sys/kern/spec_vnops.c:302
#9 VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
#10 vn_write+0x15b sys/kern/vfs_vnops.c:408
#11 dofilewritev+0x1a0 sys/kern/sys_generic.c:375
#12 sys_writev+0xab sys/kern/sys_generic.c:322
#13 syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
#13 syscall+0x606 sys/arch/amd64/amd64/trap.c:623
#14 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10234 6495K 9129K 78643K 15008 0
pcb 13 16K 18K 78643K 544 0
rtable 244 7K 8K 78643K 1269 0
pf 32 9K 10K 78643K 235 0
ifaddr 45 16K 17K 78643K 203 0
ifgroup 55 2K 2K 78643K 371 0
sysctl 2 0K 2K 78643K 9 0
counters 60 35K 36K 78643K 222 0
ioctlops 0 0K 4K 78643K 1674 0
iov 0 0K 34K 78643K 1035 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1730 108K 109K 78643K 13283 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 102 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 868 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 11 37K 93K 78643K 11222 0
sigio 0 0K 0K 78643K 337 0
proc 78 92K 128K 78643K 1809 0
subproc 104 6K 6K 78643K 406 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 439 0
in_multi 99 7K 7K 78643K 453 0
ether_multi 1 0K 0K 78643K 2 0
mrt 1 0K 0K 78643K 2 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 325 1447K 1447K 78643K 325 0
exec 0 0K 1K 78643K 1916 0
pfkey data 0 0K 0K 78643K 2 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 8 62K 64K 78643K 10 0
UVM amap 396 91K 107K 78643K 112072 0
UVM aobj 131 7K 7K 78643K 137 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 168 0
NDP 12 0K 1K 78643K 155 0
temp 74 5872K 6000K 78643K 83552 0
kqueue 12 18K 26K 78643K 592 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 382 0 379 6 5 1 3 0 8 0
rtentry 112 416 0 304 4 0 4 4 0 8 0
unpcb 144 8544 0 8529 114 113 1 6 0 8 0
syncache 296 40 0 40 13 13 0 1 0 8 0
tcpqe 32 153 0 153 6 6 0 1 0 8 0
tcpcb 808 1920 0 1916 69 68 1 11 0 8 0
arp 120 64 0 46 1 0 1 1 0 8 0
inpcb 368 4983 0 4976 123 122 1 13 0 8 0
nd6 136 105 0 79 2 0 2 2 0 8 0
pkpcb 40 76 0 76 4 4 0 1 0 8 0
kcovpl 48 31 0 23 1 0 1 1 0 8 0
ppxss 1256 19 0 19 8 8 0 1 0 8 0
pffrag 232 105 0 104 2 1 1 1 0 482 0
pffrnode 88 105 0 104 2 1 1 1 0 8 0
pffrent 40 391 0 390 2 1 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 303 0 298 1 0 1 1 0 8 0
pfstkey 128 303 0 298 2 0 2 2 0 8 0
pfstate 376 303 0 298 9 8 1 4 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
rttmr 136 1 0 1 1 1 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 1544 0 1075 32 2 30 31 0 8 0
art_table 32 1545 0 1075 4 0 4 4 0 8 0
art_node 16 376 0 274 1 0 1 1 0 8 0
sysvmsgpl 40 79 0 43 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 857 0 847 1 0 1 1 0 8 0
shmpl 112 134 0 6 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 15611 0 14087 96 0 96 96 0 8 0
ffsino 272 15611 0 14087 102 0 102 102 0 8 0
nchpl 144 31647 0 31066 64 40 24 64 0 8 0
uvmvnodes 80 6738 0 0 138 0 138 138 0 8 0
vnodes 216 6738 0 0 375 0 375 375 0 8 0
namei 1024 109861 0 109861 30 29 1 2 0 8 1
percpumem 16 124 0 81 1 0 1 1 0 8 0
kstatmem 264 186 0 162 2 0 2 2 0 8 0
scxspl 216 98273 0 98273 65 64 1 8 0 8 1
plimitpl 152 1732 0 1715 1 0 1 1 0 8 0
sigapl 424 11686 0 11643 10 2 8 9 0 8 0
futexpl 64 79489 0 79489 7 6 1 1 0 8 1
knotepl 120 296 0 0 7 0 7 7 0 8 0
kqueuepl 216 1602 0 1594 30 29 1 6 0 8 0
pipepl 320 2234 0 2206 71 68 3 8 0 8 0
fdescpl 496 11475 0 11451 5 0 5 5 0 8 0
filepl 152 69769 0 69528 173 163 10 20 0 8 0
lockfpl 104 1609 0 1607 3 2 1 2 0 8 0
lockfspl 48 689 0 687 1 0 1 1 0 8 0
sessionpl 144 52 0 35 1 0 1 1 0 8 0
pgrppl 48 290 0 273 1 0 1 1 0 8 0
ucredpl 104 9154 0 9138 1 0 1 1 0 8 0
zombiepl 144 11643 0 11643 4 3 1 1 0 8 1
processpl 1072 11686 0 11643 6 1 5 6 0 8 0
procpl 696 31423 0 31363 23 15 8 11 0 8 0
sosppl 168 80 0 80 14 14 0 1 0 8 0
sockpl 488 14001 0 13974 413 409 4 29 0 8 0
mcl64k 65536 27 0 0 3 0 3 3 0 8 0
mcl16k 16384 33 0 0 5 2 3 3 0 8 0
mcl12k 12288 26 0 0 2 0 2 2 0 8 0
mcl9k 9216 27 0 0 2 1 1 2 0 8 0
mcl8k 8192 27 0 0 4 1 3 3 0 8 0
mcl4k 4096 97 0 0 10 7 3 9 0 8 0
mcl2k2 2112 11 0 0 1 0 1 1 0 8 0
mcl2k 2048 366 0 0 33 7 26 33 0 8 0
mtagpl 96 210 0 0 6 2 4 6 0 8 0
mbufpl 256 1828 0 0 82 0 82 82 0 8 0
bufpl 288 25307 0 18568 482 0 482 482 0 8 0
anonpl 24 1175613 0 1161397 225 127 98 124 0 186 0
amapchunkpl 152 353352 0 352587 89 51 38 48 0 158 0
amappl16 200 23138 0 22667 155 130 25 39 0 8 0
amappl15 192 16 0 15 1 0 1 1 0 8 0
amappl14 184 242 0 226 2 1 1 2 0 8 0
amappl13 176 15 0 15 4 4 0 1 0 8 0
amappl12 168 12500 0 12470 4 2 2 3 0 8 0
amappl11 160 53 0 39 1 0 1 1 0 8 0
amappl10 152 57 0 44 1 0 1 1 0 8 0
amappl9 144 268 0 266 2 1 1 2 0 8 0
amappl8 136 708 0 554 6 0 6 6 0 8 0
amappl7 128 151 0 130 1 0 1 1 0 8 0
amappl6 120 499 0 477 2 1 1 2 0 8 0
amappl5 112 464 0 454 1 0 1 1 0 8 0
amappl4 104 1124 0 1074 3 1 2 3 0 8 0
amappl3 96 69453 0 69386 4 1 3 3 0 8 0
amappl2 88 12018 0 11952 3 1 2 3 0 8 0
amappl1 80 50135 0 49590 23 9 14 23 0 8 0
amappl 88 111033 0 110825 9 2 7 7 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 136 0 6 3 0 3 3 0 8 0
uaddrrnd 24 11475 0 11451 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 11475 0 11451 1 0 1 1 0 8 0
vmmpekpl 168 91602 0 91541 3 0 3 3 0 8 0
vmmpepl 168 692362 0 690084 345 227 118 134 0 357 0
vmsppl 464 11474 0 11451 5 0 5 5 0 8 0
rwobjpl 56 173663 0 165158 142 22 120 122 0 8 0
pdppl 4096 22958 0 22902 797 738 59 84 0 8 3
pvpl 32 3279867 0 3260016 573 400 173 370 0 265 0
pmappl 248 11474 0 11451 3 0 3 3 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 1883 0 986 27 0 27 27 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8279ae1e) at panic+0x17b sys/kern/subr_prf.c:198
__assert(ffffffff82818433,ffffffff8285eb92,1f6,ffffffff827ed6bb) at __assert+0x29 sys/kern/subr_prf.c:157
timeout_bucket(fffffd8069454e78) at timeout_bucket+0x1f4 sys/kern/kern_timeout.c:505
softclock_process_kclock_timeout(fffffd8069454e78,0) at softclock_process_kclock_timeout+0xe9 sys/kern/kern_timeout.c:655
softclock(0) at softclock+0x11a sys/kern/kern_timeout.c:716
softintr_dispatch(0) at softintr_dispatch+0xfb sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
ttyinput(0,ffff800000ce0200) at ttyinput+0x896 sys/kern/tty.c:327
ptcwrite(601,ffff80002afb9c10,1) at ptcwrite+0x28a sys/kern/tty_pty.c:566
spec_write(ffff80002afb99f0) at spec_write+0xd9 sys/kern/spec_vnops.c:302
VOP_WRITE(fffffd806e0fb210,ffff80002afb9c10,1,fffffd807f7d7680) at VOP_WRITE+0xc3 sys/kern/vfs_vops.c:245
vn_write(fffffd80663d0b68,ffff80002afb9c10,0) at vn_write+0x15b sys/kern/vfs_vnops.c:408
dofilewritev(ffff800021296030,5,ffff80002afb9c10,0,ffff80002afb9d00) at dofilewritev+0x1a0 sys/kern/sys_generic.c:375
sys_writev(ffff800021296030,ffff80002afb9cb0,ffff80002afb9d00) at sys_writev+0xab sys/kern/sys_generic.c:322
syscall(ffff80002afb9d80) at syscall+0x606 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002afb9d80) at syscall+0x606 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x31336e9f300, count: -17
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp
x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffff800020d58ff0) at sched_idle+0x41e sys/kern/kern_sched.c:184
end trace frame: 0x0, count: 10
ddb{1}> trace
x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffff800020d58ff0) at sched_idle+0x41e sys/kern/kern_sched.c:184
end trace frame: 0x0, count: -5


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

[syzbot]

Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.