panic: kernel diagnostic assertion "ISSET(p->p_flag, P_SUSPSIG | P_SUSPSINGLE) == NUM" failed: file "/syzkaller/managers
0 views
Skip to first unread message
syzbot
Jun 12, 2026, 6:55:25 AM (12 days ago) Jun 12
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 10fabdd075df Fix race during socket unsplicing.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=132c98ae580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=c050e25bbc5225a63d83
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d30d5316cab5/disk-10fabdd0.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/84919b7801d2/bsd-10fabdd0.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a445b14c3fc1/kernel-10fabdd0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c050e2...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "ISSET(pA->RpNING: lag, P_SUS LSIWGE RED P_SSUSSCPASLILNGL E3 == 0" IfTailed: Stopped at savectx+0xae: movl $0,%gs:0x688
TID PID UID PRFLAGS PFLAGS CPU COMMAND
189749 92733 0 0x40009000 0x8080000 0 syz-executor
*316823 67085 0 0x2 0 1 syz-executor
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7b5ba2f3b5a0, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu0: kernel diagnostic assertion "ISSET(p->p_flag, P_SUSPSIG | P_SUSPSINGLE) == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_sig.c", line 1602
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7b5ba2f3b5a0, count: -1
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff80002a24efa0
rbx 0
rdx 0
rcx 0xffff8000ffffcd00
rax 0x31
r8 0xffff80002a24eed0
r9 0x1
r10 0x49659b561554fc09
r11 0x3064ba327507ab40
r12 0
r13 0
r14 0xffff8000ffffcd00
r15 0
rip 0xffffffff82eb73ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80002a24ef20
ss 0
savectx+0xae: movl $0,%gs:0x688
ddb{1}> show proc
PROC (syz-executor) tid=316823 pid=67085 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=71, usrpri=71, slppri=24, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000ffffcf98,0xffff80002a222020
process=0xffff8000ffff2b60 user=0xffff80002a249000, vmspace=0xffffef006e7ff7b0
estcpu=21, cpticks=9, pctcpu=0.5, user=0, sys=9, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
79836 437362 4911 0 2 0 syz-executor
33539 510332 37782 0 2 0 syz-executor
33539 492152 37782 0 3 0x4000080 fsleep syz-executor
67797 302062 59383 0 3 0x80 nanoslp syz-executor
67797 37683 59383 0 2 0x4000000 syz-executor
42346 497644 1 0 3 0x82 nanoslp getty
99016 305980 58577 0 3 0x1000080 nanoslp syz-executor
99016 229124 58577 0 3 0x5000080 sbwait syz-executor
99016 13744 58577 0 3 0x5000080 fsleep syz-executor
37782 38415 67085 0 3 0x82 nanoslp syz-executor
92733 189749 81490 0 7 0x48089000 syz-executor
92733 453344 81490 0 2 0x4c089000 syz-executor
92733 101092 81490 0 2 0x4c089000 syz-executor
92733 77532 81490 0 3 0x4400b000 suspend syz-executor
68342 481882 67085 0 3 0x82 piperd syz-executor
94965 193381 67085 0 3 0x2 biowait syz-executor
81490 31920 67085 0 3 0x82 wait syz-executor
4911 415788 67085 0 3 0x82 nanoslp syz-executor
82091 331331 67085 0 3 0x82 nanoslp syz-executor
59383 352234 67085 0 2 0x2 syz-executor
58577 123901 67085 0 3 0x82 nanoslp syz-executor
*67085 316823 1 0 7 0x2 syz-executor
26328 185702 1 74 3 0x1100092 bpf pflogd
45663 22289 1 73 3 0x1100090 kqread syslogd
31593 179637 0 0 3 0x14200 bored smr
8447 459733 0 0 2 0x14200 zerothread
37468 87314 0 0 3 0x14200 aiodoned aiodoned
54749 403216 0 0 3 0x14200 syncer update
40610 511197 0 0 3 0x14200 cleaner cleaner
49073 147491 0 0 2 0x14200 reaper
34270 387470 0 0 3 0x14200 pgdaemon pagedaemon
60541 126823 0 0 3 0x14200 bored viomb
52408 321227 0 0 3 0x40014200 acpi0 acpi0
48028 343077 0 0 3 0x40014200 idle1
29371 124313 0 0 3 0x14200 bored softnet1
14229 328729 0 0 3 0x14200 bored softnet0
5516 123593 0 0 3 0x14200 bored systqmp
51573 401765 0 0 3 0x14200 bored systq
30355 521516 0 0 3 0x14200 tmoslp softclockmp
60524 455175 0 0 3 0x40014200 tmoslp softclock
40271 429800 0 0 3 0x40014200 idle0
1 167494 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 0:
exclusive mutex &sched_lock r = 0 (0xffffffff83a4c3c0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 cursig+0x4ee sys/kern/kern_sig.c:1444
#3 userret+0x203 sys/kern/kern_sig.c:2207
#4 syscall+0x9ce mi_syscall_return sys/sys/syscall_mi.h:203 [inline]
#4 syscall+0x9ce sys/arch/amd64/amd64/trap.c:804
#5 Xsyscall+0x128
exclusive mutex &pr->ps_mtx r = 0 (0xffff80002a37e7b0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 cursig+0x4c2 sys/kern/kern_sig.c:1440
#3 userret+0x203 sys/kern/kern_sig.c:2207
#4 syscall+0x9ce mi_syscall_return sys/sys/syscall_mi.h:203 [inline]
#4 syscall+0x9ce sys/arch/amd64/amd64/trap.c:804
#5 Xsyscall+0x128
CPU 1:
exclusive mutex &pmap->pm_mtx r = 0 (0xffffef006c4a4110)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 pmap_do_remove+0xa9 rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline]
#2 pmap_do_remove+0xa9 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:441 [inline]
#2 pmap_do_remove+0xa9 sys/arch/amd64/amd64/pmap.c:1834
#3 uvm_unmap_kill_entry_withlock+0x269 sys/uvm/uvm_map.c:1869
#4 uvm_map_teardown+0x117 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:-1 [inline]
#4 uvm_map_teardown+0x117 sys/uvm/uvm_map.c:2497
#5 exit1+0x6fc sys/kern/kern_exit.c:260
#6 sys_exit+0x1a sys/kern/kern_exit.c:-1
#7 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#7 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#8 Xsyscall+0x128
Process 94965 (syz-executor) thread 0xffff8000fffee2b0 (193381)
exclusive rrwlock inode r = 0 (0xffffef00611f7440)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 ufs_ihashins+0x4f ufs_ihash sys/ufs/ufs/ufs_ihash.c:-1 [inline]
#4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:159
#5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1232
#6 ffs_inode_alloc+0x279 sys/ufs/ffs/ffs_alloc.c:393
#7 ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
#8 VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
#9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3062
#10 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#10 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xffffef006cc9fb20)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576
#5 vfs_lookup+0x12b sys/kern/vfs_lookup.c:431
#6 namei+0x7c5 sys/kern/vfs_lookup.c:250
#7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3047
#8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11057 12203K 12348K 166960K 12633 0
pcb 17 12K 12K 166960K 43 0
rtable 228 7K 7K 166960K 406 0
pf 33 17K 19K 166960K 56 0
ifaddr 39 6K 7K 166960K 50 0
ifgroup 51 2K 2K 166960K 61 0
sysctl 4 1K 9K 166960K 9 0
counters 68 36K 37K 166960K 78 0
ioctlops 0 0K 4K 166960K 1509 0
iov 0 0K 12K 166960K 7 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1545 97K 97K 166960K 1726 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 6 0
VM map 2 1K 1K 166960K 2 0
sem 7 0K 0K 166960K 7 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 15 53K 93K 166960K 275 0
proc 21 33K 180K 166960K 596 0
subproc 72 4K 4K 166960K 81 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 7 0
in_multi 88 6K 7K 166960K 110 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 9 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 67 307K 307K 166960K 67 0
exec 0 0K 1K 166960K 405 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 140 99K 175K 166960K 4353 0
UVM aobj 10 2K 2K 166960K 10 0
pinsyscall 21 42K 105K 166960K 1461 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 1 0
NDP 13 0K 2K 166960K 32 0
temp 38 9110K 9118K 166960K 6772 0
kqueue 4 6K 24K 166960K 38 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 41 0 41 1 0 1 1 0 8 1
rtentry 176 125 0 24 6 0 6 6 0 8 0
unpcb 144 107 0 100 2 0 2 2 0 8 1
syncache 336 5 0 5 1 0 1 1 0 8 1
tcpcb 736 34 0 32 1 0 1 1 0 8 0
arp 136 20 0 4 1 0 1 1 0 8 0
inpcb 328 231 0 228 6 0 6 6 0 8 4
nd6 152 28 0 6 1 0 1 1 0 8 0
pkpcb 40 3 0 2 1 0 1 1 0 8 0
kcovpl 48 9 0 1 1 0 1 1 0 8 0
ppxss 1192 3 0 3 1 0 1 1 0 8 1
pfstscr 40 2 0 0 1 0 1 1 0 8 0
pffrag 232 2 0 1 1 0 1 1 0 482 0
pffrnode 88 2 0 1 1 0 1 1 0 8 0
pffrent 40 4 0 3 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 29 0 0 1 0 1 1 0 8 0
pfstkey 128 29 0 0 1 0 1 1 0 8 0
pfstate 448 28 0 0 4 0 4 4 0 8 0
pfrule 1360 23 0 18 2 1 1 2 0 8 0
rttmr 136 1 0 1 1 0 1 1 0 8 1
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 548 0 118 31 0 31 31 0 8 4
art_table 40 550 0 118 5 0 5 5 0 8 0
art_node 32 125 0 33 1 0 1 1 0 8 0
sysvmsgpl 40 1 0 0 1 0 1 1 0 8 0
semapl 72 5 0 0 1 0 1 1 0 8 0
shmpl 112 7 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1799 0 331 93 0 93 93 0 8 0
ffsino 296 1799 0 331 114 0 114 114 0 8 0
nchpl 144 2169 0 463 64 0 64 64 0 8 0
vnodes 216 2213 0 0 123 0 123 123 0 8 0
namei 1024 7196 0 7195 2 0 2 2 0 8 1
percpumem 16 54 0 5 1 0 1 1 0 8 0
kstatmem 264 31 0 6 2 0 2 2 0 8 0
scxspl 216 7595 0 7594 9 1 8 8 1 8 7
plimitpl 152 49 0 35 1 0 1 1 0 8 0
sigapl 424 591 0 555 7 0 7 7 0 8 1
knotepl 120 312 0 0 10 0 10 10 0 8 0
kqueuepl 224 40 0 37 1 0 1 1 0 8 0
pipepl 344 138 0 109 3 0 3 3 0 8 0
fdescpl 528 575 0 556 3 0 3 3 0 8 0
filepl 160 2647 0 2399 15 0 15 15 0 8 4
lockfpl 104 60 0 59 1 0 1 1 0 8 0
lockfspl 48 29 0 28 1 0 1 1 0 8 0
sessionpl 144 30 0 26 1 0 1 1 0 8 0
pgrppl 48 98 0 85 1 0 1 1 0 8 0
ucredpl 104 312 0 305 1 0 1 1 0 8 0
zombiepl 144 556 0 555 1 0 1 1 0 8 0
processpl 1232 591 0 555 5 0 5 5 0 8 1
procpl 664 795 0 752 6 0 6 6 0 8 0
sosppl 176 2 0 2 1 0 1 1 0 8 1
sockpl 752 386 0 375 8 0 8 8 0 8 4
mcl64k 65536 5 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 118 0 0 15 0 15 15 0 8 0
mcl2k 2048 22 0 0 3 0 3 3 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 153 0 0 10 0 10 10 0 8 0
bufpl 272 2607 0 107 167 0 167 167 0 8 0
anonpl 32 5535 0 0 45 0 45 45 0 246 0
amapchunkpl 152 12912 0 12586 34 0 34 34 0 158 13
amappl16 200 1764 0 1750 5 2 3 5 0 8 0
amappl15 192 10 0 10 1 1 0 1 0 8 0
amappl14 184 458 0 458 1 0 1 1 0 8 1
amappl13 176 137 0 134 1 0 1 1 0 8 0
amappl12 168 837 0 819 2 0 2 2 0 8 0
amappl11 160 7 0 7 1 1 0 1 0 8 0
amappl10 152 63 0 59 1 0 1 1 0 8 0
amappl9 144 303 0 303 1 1 0 1 0 8 0
amappl8 136 105 0 104 1 0 1 1 0 8 0
amappl7 128 155 0 150 1 0 1 1 0 8 0
amappl6 120 166 0 166 1 0 1 1 0 8 1
amappl5 112 100 0 98 1 0 1 1 0 8 0
amappl4 104 296 0 288 1 0 1 1 0 8 0
amappl3 96 2302 0 2232 5 1 4 4 0 8 1
amappl2 88 550 0 531 2 0 2 2 0 8 0
amappl1 80 10995 0 10822 15 0 15 15 0 8 2
amappl 88 3589 0 3475 5 0 5 5 0 92 0
uvmvnodes 80 104 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 9 0 0 1 0 1 1 0 8 0
uaddrrnd 24 575 0 556 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 575 0 556 1 0 1 1 0 8 0
vmmpekpl 168 6613 0 6571 2 0 2 2 0 8 0
vmmpepl 168 45539 0 44658 88 0 88 88 0 357 29
vmsppl 488 574 0 555 5 0 5 5 0 8 0
rwobjpl 80 15899 0 15397 24 0 24 24 0 8 2
pdppl 4096 1157 0 1110 99 26 73 85 0 8 26
pvpl 32 11714 0 0 95 0 95 95 0 265 0
pmappl 256 574 0 555 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 441 0 29 12 0 12 12 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff8397cff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:682
acpitimer_delay(1) at acpitimer_delay+0xb7 acpitimer_read sys/dev/acpi/acpitimer.c:146 [inline]
acpitimer_delay(1) at acpitimer_delay+0xb7 sys/dev/acpi/acpitimer.c:120
comcnputc(800,20) at comcnputc+0x29b sys/dev/ic/com.c:1274
cnputc(20) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(66) at db_putchar+0x126 db_force_whitespace sys/ddb/db_output.c:102 [inline]
db_putchar(66) at db_putchar+0x126 sys/ddb/db_output.c:153
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff83494ae8) at db_printf+0x9b sys/kern/subr_prf.c:-1
panic(ffffffff834bbea8) at panic+0x103 sys/kern/subr_prf.c:217
__assert(ffffffff834f7cf7,ffffffff8345b8c8,642,ffffffff8343d7cd) at __assert+0x29 sys/kern/subr_prf.c:-1
process_stop(ffff80002a37e698,8000000,1) at process_stop+0x3fe
cursig(ffff80003c3de2c0,ffff80003138afd8,0) at cursig+0x509 x86_atomic_setbits_u32 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:-1 [inline]
cursig(ffff80003c3de2c0,ffff80003138afd8,0) at cursig+0x509 sys/kern/kern_sig.c:1445
end trace frame: 0xffff80003138b030, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff8397cff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:682
acpitimer_delay(1) at acpitimer_delay+0xb7 acpitimer_read sys/dev/acpi/acpitimer.c:146 [inline]
acpitimer_delay(1) at acpitimer_delay+0xb7 sys/dev/acpi/acpitimer.c:120
comcnputc(800,20) at comcnputc+0x29b sys/dev/ic/com.c:1274
cnputc(20) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(66) at db_putchar+0x126 db_force_whitespace sys/ddb/db_output.c:102 [inline]
db_putchar(66) at db_putchar+0x126 sys/ddb/db_output.c:153
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff83494ae8) at db_printf+0x9b sys/kern/subr_prf.c:-1
panic(ffffffff834bbea8) at panic+0x103 sys/kern/subr_prf.c:217
__assert(ffffffff834f7cf7,ffffffff8345b8c8,642,ffffffff8343d7cd) at __assert+0x29 sys/kern/subr_prf.c:-1
process_stop(ffff80002a37e698,8000000,1) at process_stop+0x3fe
cursig(ffff80003c3de2c0,ffff80003138afd8,0) at cursig+0x509 x86_atomic_setbits_u32 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:-1 [inline]
cursig(ffff80003c3de2c0,ffff80003138afd8,0) at cursig+0x509 sys/kern/kern_sig.c:1445
userret(ffff80003c3de2c0) at userret+0x203 sys/kern/kern_sig.c:2207
syscall(ffff80003138b110) at syscall+0x9ce mi_syscall_return sys/sys/syscall_mi.h:203 [inline]
syscall(ffff80003138b110) at syscall+0x9ce sys/arch/amd64/amd64/trap.c:804
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7c4443a335b0, count: -17
ddb{0}> machine ddbcpu 1
Stopped at savectx+0xae: movl $0,%gs:0x688
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7b5ba2f3b5a0, count: 14
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7b5ba2f3b5a0, count: -1
ddb{1}>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 10fabdd075df Fix race during socket unsplicing.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=132c98ae580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=c050e25bbc5225a63d83
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d30d5316cab5/disk-10fabdd0.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/84919b7801d2/bsd-10fabdd0.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a445b14c3fc1/kernel-10fabdd0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c050e2...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "ISSET(pA->RpNING: lag, P_SUS LSIWGE RED P_SSUSSCPASLILNGL E3 == 0" IfTailed: Stopped at savectx+0xae: movl $0,%gs:0x688
TID PID UID PRFLAGS PFLAGS CPU COMMAND
189749 92733 0 0x40009000 0x8080000 0 syz-executor
*316823 67085 0 0x2 0 1 syz-executor
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7b5ba2f3b5a0, count: 14
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu0: kernel diagnostic assertion "ISSET(p->p_flag, P_SUSPSIG | P_SUSPSINGLE) == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_sig.c", line 1602
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7b5ba2f3b5a0, count: -1
ddb{1}> show registers
rdi 0
rsi 0
rbp 0xffff80002a24efa0
rbx 0
rdx 0
rcx 0xffff8000ffffcd00
rax 0x31
r8 0xffff80002a24eed0
r9 0x1
r10 0x49659b561554fc09
r11 0x3064ba327507ab40
r12 0
r13 0
r14 0xffff8000ffffcd00
r15 0
rip 0xffffffff82eb73ee savectx+0xae
cs 0x8
rflags 0x46
rsp 0xffff80002a24ef20
ss 0
savectx+0xae: movl $0,%gs:0x688
ddb{1}> show proc
PROC (syz-executor) tid=316823 pid=67085 tcnt=1 stat=onproc
flags process=2<EXEC> proc=0
runpri=71, usrpri=71, slppri=24, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000ffffcf98,0xffff80002a222020
process=0xffff8000ffff2b60 user=0xffff80002a249000, vmspace=0xffffef006e7ff7b0
estcpu=21, cpticks=9, pctcpu=0.5, user=0, sys=9, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
79836 437362 4911 0 2 0 syz-executor
33539 510332 37782 0 2 0 syz-executor
33539 492152 37782 0 3 0x4000080 fsleep syz-executor
67797 302062 59383 0 3 0x80 nanoslp syz-executor
67797 37683 59383 0 2 0x4000000 syz-executor
42346 497644 1 0 3 0x82 nanoslp getty
99016 305980 58577 0 3 0x1000080 nanoslp syz-executor
99016 229124 58577 0 3 0x5000080 sbwait syz-executor
99016 13744 58577 0 3 0x5000080 fsleep syz-executor
37782 38415 67085 0 3 0x82 nanoslp syz-executor
92733 189749 81490 0 7 0x48089000 syz-executor
92733 453344 81490 0 2 0x4c089000 syz-executor
92733 101092 81490 0 2 0x4c089000 syz-executor
92733 77532 81490 0 3 0x4400b000 suspend syz-executor
68342 481882 67085 0 3 0x82 piperd syz-executor
94965 193381 67085 0 3 0x2 biowait syz-executor
81490 31920 67085 0 3 0x82 wait syz-executor
4911 415788 67085 0 3 0x82 nanoslp syz-executor
82091 331331 67085 0 3 0x82 nanoslp syz-executor
59383 352234 67085 0 2 0x2 syz-executor
58577 123901 67085 0 3 0x82 nanoslp syz-executor
*67085 316823 1 0 7 0x2 syz-executor
26328 185702 1 74 3 0x1100092 bpf pflogd
45663 22289 1 73 3 0x1100090 kqread syslogd
31593 179637 0 0 3 0x14200 bored smr
8447 459733 0 0 2 0x14200 zerothread
37468 87314 0 0 3 0x14200 aiodoned aiodoned
54749 403216 0 0 3 0x14200 syncer update
40610 511197 0 0 3 0x14200 cleaner cleaner
49073 147491 0 0 2 0x14200 reaper
34270 387470 0 0 3 0x14200 pgdaemon pagedaemon
60541 126823 0 0 3 0x14200 bored viomb
52408 321227 0 0 3 0x40014200 acpi0 acpi0
48028 343077 0 0 3 0x40014200 idle1
29371 124313 0 0 3 0x14200 bored softnet1
14229 328729 0 0 3 0x14200 bored softnet0
5516 123593 0 0 3 0x14200 bored systqmp
51573 401765 0 0 3 0x14200 bored systq
30355 521516 0 0 3 0x14200 tmoslp softclockmp
60524 455175 0 0 3 0x40014200 tmoslp softclock
40271 429800 0 0 3 0x40014200 idle0
1 167494 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 0:
exclusive mutex &sched_lock r = 0 (0xffffffff83a4c3c0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 cursig+0x4ee sys/kern/kern_sig.c:1444
#3 userret+0x203 sys/kern/kern_sig.c:2207
#4 syscall+0x9ce mi_syscall_return sys/sys/syscall_mi.h:203 [inline]
#4 syscall+0x9ce sys/arch/amd64/amd64/trap.c:804
#5 Xsyscall+0x128
exclusive mutex &pr->ps_mtx r = 0 (0xffff80002a37e7b0)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 cursig+0x4c2 sys/kern/kern_sig.c:1440
#3 userret+0x203 sys/kern/kern_sig.c:2207
#4 syscall+0x9ce mi_syscall_return sys/sys/syscall_mi.h:203 [inline]
#4 syscall+0x9ce sys/arch/amd64/amd64/trap.c:804
#5 Xsyscall+0x128
CPU 1:
exclusive mutex &pmap->pm_mtx r = 0 (0xffffef006c4a4110)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487
#2 pmap_do_remove+0xa9 rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline]
#2 pmap_do_remove+0xa9 pmap_map_ptes sys/arch/amd64/amd64/pmap.c:441 [inline]
#2 pmap_do_remove+0xa9 sys/arch/amd64/amd64/pmap.c:1834
#3 uvm_unmap_kill_entry_withlock+0x269 sys/uvm/uvm_map.c:1869
#4 uvm_map_teardown+0x117 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:-1 [inline]
#4 uvm_map_teardown+0x117 sys/uvm/uvm_map.c:2497
#5 exit1+0x6fc sys/kern/kern_exit.c:260
#6 sys_exit+0x1a sys/kern/kern_exit.c:-1
#7 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#7 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#8 Xsyscall+0x128
Process 94965 (syz-executor) thread 0xffff8000fffee2b0 (193381)
exclusive rrwlock inode r = 0 (0xffffef00611f7440)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 ufs_ihashins+0x4f ufs_ihash sys/ufs/ufs/ufs_ihash.c:-1 [inline]
#4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:159
#5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1232
#6 ffs_inode_alloc+0x279 sys/ufs/ffs/ffs_alloc.c:393
#7 ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112
#8 VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394
#9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3062
#10 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#10 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#11 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xffffef006cc9fb20)
#0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160
#1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
#3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576
#5 vfs_lookup+0x12b sys/kern/vfs_lookup.c:431
#6 namei+0x7c5 sys/kern/vfs_lookup.c:250
#7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3047
#8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783
#9 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11057 12203K 12348K 166960K 12633 0
pcb 17 12K 12K 166960K 43 0
rtable 228 7K 7K 166960K 406 0
pf 33 17K 19K 166960K 56 0
ifaddr 39 6K 7K 166960K 50 0
ifgroup 51 2K 2K 166960K 61 0
sysctl 4 1K 9K 166960K 9 0
counters 68 36K 37K 166960K 78 0
ioctlops 0 0K 4K 166960K 1509 0
iov 0 0K 12K 166960K 7 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1545 97K 97K 166960K 1726 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 6 0
VM map 2 1K 1K 166960K 2 0
sem 7 0K 0K 166960K 7 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 15 53K 93K 166960K 275 0
proc 21 33K 180K 166960K 596 0
subproc 72 4K 4K 166960K 81 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 7 0
in_multi 88 6K 7K 166960K 110 0
ether_multi 1 0K 0K 166960K 1 0
mrt 0 0K 0K 166960K 9 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 67 307K 307K 166960K 67 0
exec 0 0K 1K 166960K 405 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 140 99K 175K 166960K 4353 0
UVM aobj 10 2K 2K 166960K 10 0
pinsyscall 21 42K 105K 166960K 1461 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 1 0
NDP 13 0K 2K 166960K 32 0
temp 38 9110K 9118K 166960K 6772 0
kqueue 4 6K 24K 166960K 38 0
SYN cache 2 16K 16K 166960K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 26 0 0 1 0 1 1 0 8 0
rtpcb 120 41 0 41 1 0 1 1 0 8 1
rtentry 176 125 0 24 6 0 6 6 0 8 0
unpcb 144 107 0 100 2 0 2 2 0 8 1
syncache 336 5 0 5 1 0 1 1 0 8 1
tcpcb 736 34 0 32 1 0 1 1 0 8 0
arp 136 20 0 4 1 0 1 1 0 8 0
inpcb 328 231 0 228 6 0 6 6 0 8 4
nd6 152 28 0 6 1 0 1 1 0 8 0
pkpcb 40 3 0 2 1 0 1 1 0 8 0
kcovpl 48 9 0 1 1 0 1 1 0 8 0
ppxss 1192 3 0 3 1 0 1 1 0 8 1
pfstscr 40 2 0 0 1 0 1 1 0 8 0
pffrag 232 2 0 1 1 0 1 1 0 482 0
pffrnode 88 2 0 1 1 0 1 1 0 8 0
pffrent 40 4 0 3 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 29 0 0 1 0 1 1 0 8 0
pfstkey 128 29 0 0 1 0 1 1 0 8 0
pfstate 448 28 0 0 4 0 4 4 0 8 0
pfrule 1360 23 0 18 2 1 1 2 0 8 0
rttmr 136 1 0 1 1 0 1 1 0 8 1
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 548 0 118 31 0 31 31 0 8 4
art_table 40 550 0 118 5 0 5 5 0 8 0
art_node 32 125 0 33 1 0 1 1 0 8 0
sysvmsgpl 40 1 0 0 1 0 1 1 0 8 0
semapl 72 5 0 0 1 0 1 1 0 8 0
shmpl 112 7 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1799 0 331 93 0 93 93 0 8 0
ffsino 296 1799 0 331 114 0 114 114 0 8 0
nchpl 144 2169 0 463 64 0 64 64 0 8 0
vnodes 216 2213 0 0 123 0 123 123 0 8 0
namei 1024 7196 0 7195 2 0 2 2 0 8 1
percpumem 16 54 0 5 1 0 1 1 0 8 0
kstatmem 264 31 0 6 2 0 2 2 0 8 0
scxspl 216 7595 0 7594 9 1 8 8 1 8 7
plimitpl 152 49 0 35 1 0 1 1 0 8 0
sigapl 424 591 0 555 7 0 7 7 0 8 1
knotepl 120 312 0 0 10 0 10 10 0 8 0
kqueuepl 224 40 0 37 1 0 1 1 0 8 0
pipepl 344 138 0 109 3 0 3 3 0 8 0
fdescpl 528 575 0 556 3 0 3 3 0 8 0
filepl 160 2647 0 2399 15 0 15 15 0 8 4
lockfpl 104 60 0 59 1 0 1 1 0 8 0
lockfspl 48 29 0 28 1 0 1 1 0 8 0
sessionpl 144 30 0 26 1 0 1 1 0 8 0
pgrppl 48 98 0 85 1 0 1 1 0 8 0
ucredpl 104 312 0 305 1 0 1 1 0 8 0
zombiepl 144 556 0 555 1 0 1 1 0 8 0
processpl 1232 591 0 555 5 0 5 5 0 8 1
procpl 664 795 0 752 6 0 6 6 0 8 0
sosppl 176 2 0 2 1 0 1 1 0 8 1
sockpl 752 386 0 375 8 0 8 8 0 8 4
mcl64k 65536 5 0 0 1 0 1 1 0 8 0
mcl8k 8192 2 0 0 1 0 1 1 0 8 0
mcl4k 4096 118 0 0 15 0 15 15 0 8 0
mcl2k 2048 22 0 0 3 0 3 3 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 153 0 0 10 0 10 10 0 8 0
bufpl 272 2607 0 107 167 0 167 167 0 8 0
anonpl 32 5535 0 0 45 0 45 45 0 246 0
amapchunkpl 152 12912 0 12586 34 0 34 34 0 158 13
amappl16 200 1764 0 1750 5 2 3 5 0 8 0
amappl15 192 10 0 10 1 1 0 1 0 8 0
amappl14 184 458 0 458 1 0 1 1 0 8 1
amappl13 176 137 0 134 1 0 1 1 0 8 0
amappl12 168 837 0 819 2 0 2 2 0 8 0
amappl11 160 7 0 7 1 1 0 1 0 8 0
amappl10 152 63 0 59 1 0 1 1 0 8 0
amappl9 144 303 0 303 1 1 0 1 0 8 0
amappl8 136 105 0 104 1 0 1 1 0 8 0
amappl7 128 155 0 150 1 0 1 1 0 8 0
amappl6 120 166 0 166 1 0 1 1 0 8 1
amappl5 112 100 0 98 1 0 1 1 0 8 0
amappl4 104 296 0 288 1 0 1 1 0 8 0
amappl3 96 2302 0 2232 5 1 4 4 0 8 1
amappl2 88 550 0 531 2 0 2 2 0 8 0
amappl1 80 10995 0 10822 15 0 15 15 0 8 2
amappl 88 3589 0 3475 5 0 5 5 0 92 0
uvmvnodes 80 104 0 0 3 0 3 3 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 9 0 0 1 0 1 1 0 8 0
uaddrrnd 24 575 0 556 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 575 0 556 1 0 1 1 0 8 0
vmmpekpl 168 6613 0 6571 2 0 2 2 0 8 0
vmmpepl 168 45539 0 44658 88 0 88 88 0 357 29
vmsppl 488 574 0 555 5 0 5 5 0 8 0
rwobjpl 80 15899 0 15397 24 0 24 24 0 8 2
pdppl 4096 1157 0 1110 99 26 73 85 0 8 26
pvpl 32 11714 0 0 95 0 95 95 0 265 0
pmappl 256 574 0 555 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 441 0 29 12 0 12 12 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
x86_ipi_db(ffffffff8397cff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:682
acpitimer_delay(1) at acpitimer_delay+0xb7 acpitimer_read sys/dev/acpi/acpitimer.c:146 [inline]
acpitimer_delay(1) at acpitimer_delay+0xb7 sys/dev/acpi/acpitimer.c:120
comcnputc(800,20) at comcnputc+0x29b sys/dev/ic/com.c:1274
cnputc(20) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(66) at db_putchar+0x126 db_force_whitespace sys/ddb/db_output.c:102 [inline]
db_putchar(66) at db_putchar+0x126 sys/ddb/db_output.c:153
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff83494ae8) at db_printf+0x9b sys/kern/subr_prf.c:-1
panic(ffffffff834bbea8) at panic+0x103 sys/kern/subr_prf.c:217
__assert(ffffffff834f7cf7,ffffffff8345b8c8,642,ffffffff8343d7cd) at __assert+0x29 sys/kern/subr_prf.c:-1
process_stop(ffff80002a37e698,8000000,1) at process_stop+0x3fe
cursig(ffff80003c3de2c0,ffff80003138afd8,0) at cursig+0x509 x86_atomic_setbits_u32 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:-1 [inline]
cursig(ffff80003c3de2c0,ffff80003138afd8,0) at cursig+0x509 sys/kern/kern_sig.c:1445
end trace frame: 0xffff80003138b030, count: 0
ddb{0}> trace
x86_ipi_db(ffffffff8397cff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
x86_bus_space_io_read_4(b008,0) at x86_bus_space_io_read_4+0x37 sys/arch/amd64/amd64/bus_space.c:682
acpitimer_delay(1) at acpitimer_delay+0xb7 acpitimer_read sys/dev/acpi/acpitimer.c:146 [inline]
acpitimer_delay(1) at acpitimer_delay+0xb7 sys/dev/acpi/acpitimer.c:120
comcnputc(800,20) at comcnputc+0x29b sys/dev/ic/com.c:1274
cnputc(20) at cnputc+0x67 sys/dev/cons.c:218
db_putchar(66) at db_putchar+0x126 db_force_whitespace sys/ddb/db_output.c:102 [inline]
db_putchar(66) at db_putchar+0x126 sys/ddb/db_output.c:153
kprintf() at kprintf+0x29c5 sys/kern/subr_prf.c:-1
db_printf(ffffffff83494ae8) at db_printf+0x9b sys/kern/subr_prf.c:-1
panic(ffffffff834bbea8) at panic+0x103 sys/kern/subr_prf.c:217
__assert(ffffffff834f7cf7,ffffffff8345b8c8,642,ffffffff8343d7cd) at __assert+0x29 sys/kern/subr_prf.c:-1
process_stop(ffff80002a37e698,8000000,1) at process_stop+0x3fe
cursig(ffff80003c3de2c0,ffff80003138afd8,0) at cursig+0x509 x86_atomic_setbits_u32 sys/arch/amd64/compile/SYZKALLER/obj/machine/atomic.h:-1 [inline]
cursig(ffff80003c3de2c0,ffff80003138afd8,0) at cursig+0x509 sys/kern/kern_sig.c:1445
userret(ffff80003c3de2c0) at userret+0x203 sys/kern/kern_sig.c:2207
syscall(ffff80003138b110) at syscall+0x9ce mi_syscall_return sys/sys/syscall_mi.h:203 [inline]
syscall(ffff80003138b110) at syscall+0x9ce sys/arch/amd64/amd64/trap.c:804
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7c4443a335b0, count: -17
ddb{0}> machine ddbcpu 1
Stopped at savectx+0xae: movl $0,%gs:0x688
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7b5ba2f3b5a0, count: 14
ddb{1}> trace
savectx() at savectx+0xae
end of kernel
end trace frame: 0x7b5ba2f3b5a0, count: -1
ddb{1}>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages