assert "(sih->sih_state & SIS_PENDING) == NUM" failed: file "/syzkaller/managers/mpanic: kernel diagnostic assertion "(s
0 views
Skip to first unread message
syzbot
Feb 1, 2026, 6:18:33 PM (yesterday) Feb 1
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 455fdbe5e703 Fix typo. Spotted by jmc@
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15627bfa580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=0986b69eeef29745ff0e
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/bd3967a66272/disk-455fdbe5.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/ceed33e88aba/bsd-455fdbe5.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b22f01bf737d/kernel-455fdbe5.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0986b6...@syzkaller.appspotmail.com
login: panic: ufs_rename: lost dir entry
Starting stack trace...
panic(ffffffff83413d1a) at panic+0x1ba sys/kern/subr_prf.c:229
ufs_rename(ffff80003c9956a8) at ufs_rename+0x175f sys/ufs/ufs/ufs_vnops.c:883
VOP_RENAME(fffffd806620c048,fffffd806620c630,ffff80003c995878,fffffd806620c048,0,ffff80003c9957c8) at VOP_RENAME+0x137 sys/kern/vfs_vops.c:376
dorenameat(ffff80002a7b0a78,ffffff9c,2000000000c0,ffffff9c,200000000040) at dorenameat+0x3f7 sys/kern/vfs_syscalls.c:3034
syscall(ffff80003c995a00) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c995a00) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd619303eb30, count: 251
End of stack trace.
syncing disks...panic: kernel diagnostic assertion "(sih->sih_state & SIS_PENDING) == 0" failed: file "/syzkaller/managers/mpanic: kernel diagnostic assertion "(sih->sih_state & SIS_PENDING) == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_softintr.c", line 189
Starting stack trace...
panic(ffffffff8337a74f) at panic+0x1ba sys/kern/subr_prf.c:229
__assert(ffffffff833b9b16,ffffffff8334f7af,bd,ffffffff83400983) at __assert+0x29 sys/kern/subr_prf.c:-1
softintr_schedule(ffff80000002a040) at softintr_schedule+0x1a4 sys/kern/kern_softintr.c:181
timeout_hardclock_update() at timeout_hardclock_update+0x6f5 sys/kern/kern_timeout.c:669
clockintr_hardclock(ffffffff837c3c20,ffff80003c994a30,0) at clockintr_hardclock+0x148 sys/kern/kern_clockintr.c:-1
clockintr_dispatch(ffff80003c994a30) at clockintr_dispatch+0x396 sys/kern/kern_clockintr.c:-1
lapic_clockintr(0,0) at lapic_clockintr+0x43 sys/arch/amd64/amd64/lapic.c:482
Xresume_lapic_ltimer() at Xresume_lapic_ltimer+0x2a
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:670
comcnputc(800,61) at comcnputc+0xd0 comcn_read_reg sys/dev/ic/com.c:1655 [inline]
comcnputc(800,61) at comcnputc+0xd0 sys/dev/ic/com.c:1259
cnputc(61) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(61) at db_putchar+0x36d sys/ddb/db_output.c:155
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
panic(ffffffff8337a74f) at panic+0x17a sys/kern/subr_prf.c:222
__assert(ffffffff833b9b16,ffffffff8334f7af,58,ffffffff83400983) at __assert+0x29 sys/kern/subr_prf.c:-1
softintr_dispatch(0) at softintr_dispatch+0x232 sys/kern/kern_softintr.c:72
dosoftint(0) at dosoftint+0x48 sys/arch/amd64/amd64/intr.c:862
Xsoftclock() at Xsoftclock+0x27
spllower(ffffffff839a2bfc) at spllower+0xb1 sys/arch/amd64/amd64/intr.c:833
uvn_io(fffffd806eafc558,ffff80003c995180,1,31,1) at uvn_io+0x765 sys/uvm/uvm_vnode.c:1281
uvn_put(fffffd806eafc558,ffff80003c995180,1,31) at uvn_put+0x125 sys/uvm/uvm_vnode.c:891
uvm_pager_put(fffffd806eafc558,fffffd80070d5480,ffff80003c995220,ffff80003c995244,31,0,4cc6aed85ee7fe14) at uvm_pager_put+0x10a sys/uvm/uvm_pager.c:505
uvn_flush(fffffd806eafc558,0,0,31) at uvn_flush+0x68d sys/uvm/uvm_vnode.c:705
uvm_vnp_sync(ffff800000c68400) at uvm_vnp_sync+0x1e7 sys/uvm/uvm_vnode.c:1501
sys_sync(ffff80002a7b0a78,0,0) at sys_sync+0xd4 sys/kern/vfs_syscalls.c:534
vfs_syncwait(ffff80002a7b0a78,1) at vfs_syncwait+0x44 sys/kern/vfs_subr.c:-1
vfs_shutdown(ffff80002a7b0a78) at vfs_shutdown+0x97 sys/kern/vfs_subr.c:1803
boot(100) at boot+0x166 sys/arch/amd64/amd64/machdep.c:927
reboot(100) at reboot+0xa8
panic(ffffffff83413d1a) at panic+0x1e3
ufs_rename(ffff80003c9956a8) at ufs_rename+0x175f sys/ufs/ufs/ufs_vnops.c:883
VOP_RENAME(fffffd806620c048,fffffd806620c630,ffff80003c995878,fffffd806620c048,0,ffff80003c9957c8) at VOP_RENAME+0x137 sys/kern/vfs_vops.c:376
dorenameat(ffff80002a7b0a78,ffffff9c,2000000000c0,ffffff9c,200000000040) at dorenameat+0x3f7 sys/kern/vfs_syscalls.c:3034
syscall(ffff80003c995a00) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c995a00) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd619303eb30, count: 222
End of stack trace.
dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2 Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 6a63e308-43db-2955-5bd8-f45d251cdfc1
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f26e0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.67
boot> show registers
boot: illegal argument registers
boot> show proc
boot> ps
boot> show all locks
boot> show malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 455fdbe5e703 Fix typo. Spotted by jmc@
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=15627bfa580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=0986b69eeef29745ff0e
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/bd3967a66272/disk-455fdbe5.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/ceed33e88aba/bsd-455fdbe5.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b22f01bf737d/kernel-455fdbe5.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0986b6...@syzkaller.appspotmail.com
login: panic: ufs_rename: lost dir entry
Starting stack trace...
panic(ffffffff83413d1a) at panic+0x1ba sys/kern/subr_prf.c:229
ufs_rename(ffff80003c9956a8) at ufs_rename+0x175f sys/ufs/ufs/ufs_vnops.c:883
VOP_RENAME(fffffd806620c048,fffffd806620c630,ffff80003c995878,fffffd806620c048,0,ffff80003c9957c8) at VOP_RENAME+0x137 sys/kern/vfs_vops.c:376
dorenameat(ffff80002a7b0a78,ffffff9c,2000000000c0,ffffff9c,200000000040) at dorenameat+0x3f7 sys/kern/vfs_syscalls.c:3034
syscall(ffff80003c995a00) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c995a00) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd619303eb30, count: 251
End of stack trace.
syncing disks...panic: kernel diagnostic assertion "(sih->sih_state & SIS_PENDING) == 0" failed: file "/syzkaller/managers/mpanic: kernel diagnostic assertion "(sih->sih_state & SIS_PENDING) == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_softintr.c", line 189
Starting stack trace...
panic(ffffffff8337a74f) at panic+0x1ba sys/kern/subr_prf.c:229
__assert(ffffffff833b9b16,ffffffff8334f7af,bd,ffffffff83400983) at __assert+0x29 sys/kern/subr_prf.c:-1
softintr_schedule(ffff80000002a040) at softintr_schedule+0x1a4 sys/kern/kern_softintr.c:181
timeout_hardclock_update() at timeout_hardclock_update+0x6f5 sys/kern/kern_timeout.c:669
clockintr_hardclock(ffffffff837c3c20,ffff80003c994a30,0) at clockintr_hardclock+0x148 sys/kern/kern_clockintr.c:-1
clockintr_dispatch(ffff80003c994a30) at clockintr_dispatch+0x396 sys/kern/kern_clockintr.c:-1
lapic_clockintr(0,0) at lapic_clockintr+0x43 sys/arch/amd64/amd64/lapic.c:482
Xresume_lapic_ltimer() at Xresume_lapic_ltimer+0x2a
x86_bus_space_io_read_1(3f8,5) at x86_bus_space_io_read_1+0x37 sys/arch/amd64/amd64/bus_space.c:670
comcnputc(800,61) at comcnputc+0xd0 comcn_read_reg sys/dev/ic/com.c:1655 [inline]
comcnputc(800,61) at comcnputc+0xd0 sys/dev/ic/com.c:1259
cnputc(61) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(61) at db_putchar+0x36d sys/ddb/db_output.c:155
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
panic(ffffffff8337a74f) at panic+0x17a sys/kern/subr_prf.c:222
__assert(ffffffff833b9b16,ffffffff8334f7af,58,ffffffff83400983) at __assert+0x29 sys/kern/subr_prf.c:-1
softintr_dispatch(0) at softintr_dispatch+0x232 sys/kern/kern_softintr.c:72
dosoftint(0) at dosoftint+0x48 sys/arch/amd64/amd64/intr.c:862
Xsoftclock() at Xsoftclock+0x27
spllower(ffffffff839a2bfc) at spllower+0xb1 sys/arch/amd64/amd64/intr.c:833
uvn_io(fffffd806eafc558,ffff80003c995180,1,31,1) at uvn_io+0x765 sys/uvm/uvm_vnode.c:1281
uvn_put(fffffd806eafc558,ffff80003c995180,1,31) at uvn_put+0x125 sys/uvm/uvm_vnode.c:891
uvm_pager_put(fffffd806eafc558,fffffd80070d5480,ffff80003c995220,ffff80003c995244,31,0,4cc6aed85ee7fe14) at uvm_pager_put+0x10a sys/uvm/uvm_pager.c:505
uvn_flush(fffffd806eafc558,0,0,31) at uvn_flush+0x68d sys/uvm/uvm_vnode.c:705
uvm_vnp_sync(ffff800000c68400) at uvm_vnp_sync+0x1e7 sys/uvm/uvm_vnode.c:1501
sys_sync(ffff80002a7b0a78,0,0) at sys_sync+0xd4 sys/kern/vfs_syscalls.c:534
vfs_syncwait(ffff80002a7b0a78,1) at vfs_syncwait+0x44 sys/kern/vfs_subr.c:-1
vfs_shutdown(ffff80002a7b0a78) at vfs_shutdown+0x97 sys/kern/vfs_subr.c:1803
boot(100) at boot+0x166 sys/arch/amd64/amd64/machdep.c:927
reboot(100) at reboot+0xa8
panic(ffffffff83413d1a) at panic+0x1e3
ufs_rename(ffff80003c9956a8) at ufs_rename+0x175f sys/ufs/ufs/ufs_vnops.c:883
VOP_RENAME(fffffd806620c048,fffffd806620c630,ffff80003c995878,fffffd806620c048,0,ffff80003c9957c8) at VOP_RENAME+0x137 sys/kern/vfs_vops.c:376
dorenameat(ffff80002a7b0a78,ffffff9c,2000000000c0,ffffff9c,200000000040) at dorenameat+0x3f7 sys/kern/vfs_syscalls.c:3034
syscall(ffff80003c995a00) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c995a00) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xd619303eb30, count: 222
End of stack trace.
dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2 Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 6a63e308-43db-2955-5bd8-f45d251cdfc1
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f26e0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.67
boot> show registers
boot: illegal argument registers
boot> show proc
boot> ps
boot> show all locks
boot> show malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages