assert "(sih->sih_state & SIS_RESTART) == NUM" failed in kern_softintr.c (2)
0 views
Skip to first unread message
syzbot
Dec 9, 2025, 3:54:25 AM (3 days ago) Dec 9
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: bf8f637750de sync
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=139c2a1a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=6dcebce55cd7bf035840
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ed8ba5807488/disk-bf8f6377.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/86d04e4de645/bsd-bf8f6377.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f8df0913ed04/kernel-bf8f6377.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6dcebc...@syzkaller.appspotmail.com
syncing disks...panic: kernel diagnostic assertion "(sih->sih_state & SIS_RESTART) == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_softintr.c", line 181
Starting stack trace...
panic(ffffffff8337d550) at panic+0x1ba sys/kern/subr_prf.c:229
__assert(ffffffff833b8254,ffffffff8334d9a8,b5,ffffffff8336bd23) at __assert+0x29 sys/kern/subr_prf.c:-1
softintr_schedule(ffff80000002a040) at softintr_schedule+0x1d1
timeout_hardclock_update() at timeout_hardclock_update+0x6f5 sys/kern/kern_timeout.c:669
clockintr_hardclock(ffffffff837f9c20,ffff80002a84f090,0) at clockintr_hardclock+0x148 sys/kern/kern_clockintr.c:-1
clockintr_dispatch(ffff80002a84f090) at clockintr_dispatch+0x339 sys/kern/kern_clockintr.c:-1
lapic_clockintr(0,0) at lapic_clockintr+0x43 sys/arch/amd64/amd64/lapic.c:482
Xresume_lapic_ltimer() at Xresume_lapic_ltimer+0x2a
spllower(0) at spllower+0xa2 sys/arch/amd64/amd64/intr.c:833
tsleep_nsec(ffffffff838f2e54,4,ffffffff834015c8,ffffffffffffffff) at tsleep_nsec+0x197 sys/kern/kern_synch.c:148
uvn_io(fffffd806f04f148,ffff80002a84f3f0,1,31,1) at uvn_io+0x765 sys/uvm/uvm_vnode.c:1295
uvn_put(fffffd806f04f148,ffff80002a84f3f0,1,31) at uvn_put+0x125 sys/uvm/uvm_vnode.c:905
uvm_pager_put(fffffd806f04f148,fffffd8007168100,ffff80002a84f480,ffff80002a84f4b4,31,0,5c79ea5fe4385e57) at uvm_pager_put+0x164 sys/uvm/uvm_pager.c:527
uvn_flush(fffffd806f04f148,0,0,31) at uvn_flush+0x6a6 sys/uvm/uvm_vnode.c:706
uvm_vnp_sync(ffff800000b58800) at uvm_vnp_sync+0x1e7 sys/uvm/uvm_vnode.c:1515
sys_sync(ffff80002a7b9238,0,0) at sys_sync+0xd4 sys/kern/vfs_syscalls.c:534
vfs_syncwait(ffff80002a7b9238,1) at vfs_syncwait+0x44 sys/kern/vfs_subr.c:-1
vfs_shutdown(ffff80002a7b9238) at vfs_shutdown+0x97 sys/kern/vfs_subr.c:1803
boot(100) at boot+0x166 sys/arch/amd64/amd64/machdep.c:927
reboot(100) at reboot+0xa8
panic(ffffffff8330e9be) at panic+0x1e3
vgonel(fffffd806c3ae370,ffff80002a7b9238) at vgonel+0x663
vrecycle(fffffd806c3ae370,ffff80002a7b9238) at vrecycle+0x7c sys/kern/vfs_subr.c:1136
ufs_inactive(ffff80002a84f870) at ufs_inactive+0x359 sys/ufs/ufs/ufs_inode.c:107
VOP_INACTIVE(fffffd806c3ae370,ffff80002a7b9238) at VOP_INACTIVE+0xfb sys/kern/vfs_vops.c:498
vput(fffffd806c3ae370) at vput+0xdc sys/kern/vfs_subr.c:789
VOP_REMOVE(fffffd8069e2ccc8,fffffd806c3ae370,ffff80002a84f9d8) at VOP_REMOVE+0x199 sys/kern/vfs_vops.c:336
dounlinkat(ffff80002a7b9238,ffffff9c,73da673ee0e0,0) at dounlinkat+0x1c4 sys/kern/vfs_syscalls.c:1904
syscall(ffff80002a84fb40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a84fb40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x73da673ee590, count: 227
End of stack trace.
dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2 Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 8a8635c2-f252-d190-235a-0f50a6ed73cd
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f26e0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.67
boot> set $maxwidth = 0
set: syntax error
boot> show panic
boot: illegal argument panic
boot> trace
boot> show registers
boot> show proc
boot> ps
boot> show all locks
boot> show malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: bf8f637750de sync
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=139c2a1a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=6dcebce55cd7bf035840
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ed8ba5807488/disk-bf8f6377.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/86d04e4de645/bsd-bf8f6377.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f8df0913ed04/kernel-bf8f6377.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6dcebc...@syzkaller.appspotmail.com
syncing disks...panic: kernel diagnostic assertion "(sih->sih_state & SIS_RESTART) == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_softintr.c", line 181
Starting stack trace...
panic(ffffffff8337d550) at panic+0x1ba sys/kern/subr_prf.c:229
__assert(ffffffff833b8254,ffffffff8334d9a8,b5,ffffffff8336bd23) at __assert+0x29 sys/kern/subr_prf.c:-1
softintr_schedule(ffff80000002a040) at softintr_schedule+0x1d1
timeout_hardclock_update() at timeout_hardclock_update+0x6f5 sys/kern/kern_timeout.c:669
clockintr_hardclock(ffffffff837f9c20,ffff80002a84f090,0) at clockintr_hardclock+0x148 sys/kern/kern_clockintr.c:-1
clockintr_dispatch(ffff80002a84f090) at clockintr_dispatch+0x339 sys/kern/kern_clockintr.c:-1
lapic_clockintr(0,0) at lapic_clockintr+0x43 sys/arch/amd64/amd64/lapic.c:482
Xresume_lapic_ltimer() at Xresume_lapic_ltimer+0x2a
spllower(0) at spllower+0xa2 sys/arch/amd64/amd64/intr.c:833
tsleep_nsec(ffffffff838f2e54,4,ffffffff834015c8,ffffffffffffffff) at tsleep_nsec+0x197 sys/kern/kern_synch.c:148
uvn_io(fffffd806f04f148,ffff80002a84f3f0,1,31,1) at uvn_io+0x765 sys/uvm/uvm_vnode.c:1295
uvn_put(fffffd806f04f148,ffff80002a84f3f0,1,31) at uvn_put+0x125 sys/uvm/uvm_vnode.c:905
uvm_pager_put(fffffd806f04f148,fffffd8007168100,ffff80002a84f480,ffff80002a84f4b4,31,0,5c79ea5fe4385e57) at uvm_pager_put+0x164 sys/uvm/uvm_pager.c:527
uvn_flush(fffffd806f04f148,0,0,31) at uvn_flush+0x6a6 sys/uvm/uvm_vnode.c:706
uvm_vnp_sync(ffff800000b58800) at uvm_vnp_sync+0x1e7 sys/uvm/uvm_vnode.c:1515
sys_sync(ffff80002a7b9238,0,0) at sys_sync+0xd4 sys/kern/vfs_syscalls.c:534
vfs_syncwait(ffff80002a7b9238,1) at vfs_syncwait+0x44 sys/kern/vfs_subr.c:-1
vfs_shutdown(ffff80002a7b9238) at vfs_shutdown+0x97 sys/kern/vfs_subr.c:1803
boot(100) at boot+0x166 sys/arch/amd64/amd64/machdep.c:927
reboot(100) at reboot+0xa8
panic(ffffffff8330e9be) at panic+0x1e3
vgonel(fffffd806c3ae370,ffff80002a7b9238) at vgonel+0x663
vrecycle(fffffd806c3ae370,ffff80002a7b9238) at vrecycle+0x7c sys/kern/vfs_subr.c:1136
ufs_inactive(ffff80002a84f870) at ufs_inactive+0x359 sys/ufs/ufs/ufs_inode.c:107
VOP_INACTIVE(fffffd806c3ae370,ffff80002a7b9238) at VOP_INACTIVE+0xfb sys/kern/vfs_vops.c:498
vput(fffffd806c3ae370) at vput+0xdc sys/kern/vfs_subr.c:789
VOP_REMOVE(fffffd8069e2ccc8,fffffd806c3ae370,ffff80002a84f9d8) at VOP_REMOVE+0x199 sys/kern/vfs_vops.c:336
dounlinkat(ffff80002a7b9238,ffffff9c,73da673ee0e0,0) at dounlinkat+0x1c4 sys/kern/vfs_syscalls.c:1904
syscall(ffff80002a84fb40) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a84fb40) at syscall+0x962 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x73da673ee590, count: 227
End of stack trace.
dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2 Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 8a8635c2-f252-d190-235a-0f50a6ed73cd
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f26e0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.67
boot> set $maxwidth = 0
set: syntax error
boot> show panic
boot: illegal argument panic
boot> trace
boot> show registers
boot> show proc
boot> ps
boot> show all locks
boot> show malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages