panic: thread -ADDR p_stat is -NUM
2 views
Skip to first unread message
syzbot
Nov 4, 2024, 6:32:27 AM11/4/24
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 8eda69bd84da Allow downloading firmware without root
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=116aa1f7980000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=964b416fdc3c5d9c8cb4
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e1a8e9972cdc/disk-8eda69bd.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/7c3640badb48/bsd-8eda69bd.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3adce15cf63a/kernel-8eda69bd.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+964b41...@syzkaller.appspotmail.com
panic: thread -538976289 p_stat is -33
Starting stack trace...
panic(ffffffff830303fc) at panic+0x1ba sys/kern/subr_prf.c:229
wakeup_n(fffffd807413c358,ffffffff) at wakeup_n+0x395 sys/kern/kern_synch.c:554
sd_buf_done(fffffd805ffeea68) at sd_buf_done+0x2da sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2218) at vioscsi_vq_done+0xe1
intr_handler(ffff800037664610,ffff800000077c80) at intr_handler+0xcf
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
softintr_dispatch(0) at softintr_dispatch+0xd4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x27
buf_get(0,0,2000000) at buf_get+0x5d5 sys/kern/vfs_bio.c:1182
geteblk(2000000) at geteblk+0x3c
readdisklabel(2902,ffffffff8106b1f0,ffff80000130aa00,0) at readdisklabel+0x1c4 sys/arch/amd64/amd64/disksubr.c:96
vndopen(2902,1,2000,ffff800035c031f0) at vndopen+0x207 sys/dev/vnd.c:204
spec_open(ffff800037664b28) at spec_open+0x2e9 sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806fe9fd08,1,fffffd807f7d7680,ffff800035c031f0) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff800037664d78,1,0) at vn_open+0x708 sys/kern/vfs_vnops.c:177
doopenat(ffff800035c031f0,ffffff9c,20000080,0,0,ffff800037664f20) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123
syscall(ffff800037664fd0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xcb9135ec2c0, count: 238
End of stack trace.
syncing disks...uppanic: thread 0 p_stat is 0
Starting stack trace...
panic(ffffffff830303fc) at panic+0x1ba sys/kern/subr_prf.c:229
wakeup_n(ffff800000b12a10,ffffffff) at wakeup_n+0x395 sys/kern/kern_synch.c:554
ttyinput(a,ffff800000b12a00) at ttyinput+0x1c7a sys/kern/tty.c:559
nmeainput(a,ffff800000b12a00) at nmeainput+0x324 sys/kern/tty_nmea.c:251
comsoft(ffff80000007e000) at comsoft+0x392 sys/dev/ic/com.c:1037
softintr_dispatch(2) at softintr_dispatch+0xea sys/arch/amd64/amd64/softintr.c:90
Xsofttty() at Xsofttty+0x27
Xspllower() at Xspllower+0x1d
cnputc(70) at cnputc+0x61 sys/dev/cons.c:218
db_putchar(70) at db_putchar+0x65c sys/ddb/db_output.c:155
kprintf() at kprintf+0x833
db_printf(ffffffff830697e5) at db_printf+0x9b
panic(ffffffff830303fc) at panic+0x11a sys/kern/subr_prf.c:218
wakeup_n(ffff80000002c000,1) at wakeup_n+0x395 sys/kern/kern_synch.c:554
task_add(ffff80000002c000,ffff8000000394a8) at task_add+0x15e sys/kern/kern_task.c:374
ifiq_input(ffff800000039468,ffff800037663680) at ifiq_input+0x38d sys/net/ifq.c:780
vio_rxeof(ffff800000078b00) at vio_rxeof+0x371 sys/dev/pv/if_vio.c:1318
vio_rx_intr(ffff80000019e000) at vio_rx_intr+0x78 sys/dev/pv/if_vio.c:1334
intr_handler(ffff8000376637d0,ffff800000078780) at intr_handler+0xcf
Xintr_ioapic_edge25_untramp() at Xintr_ioapic_edge25_untramp+0x18f
Xspllower() at Xspllower+0x1d
cnputc(75) at cnputc+0x61 sys/dev/cons.c:218
db_putchar(75) at db_putchar+0x65c sys/ddb/db_output.c:155
kprintf() at kprintf+0x2aaa sys/kern/subr_prf.c:1065
db_printf(ffffffff83061f23) at db_printf+0x9b
fault(ffffffff83013680) at fault+0xa3 sys/arch/amd64/amd64/trap.c:157
kpageflttrap(ffff800037663c70,8) at kpageflttrap+0x34d sys/arch/amd64/amd64/trap.c:290
kerntrap(ffff800037663c70) at kerntrap+0x138 sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
softclock(0) at softclock+0xf7 sys/kern/kern_timeout.c:748
softintr_dispatch(0) at softintr_dispatch+0xea sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
Xspllower() at Xspllower+0x1d
tsleep(ffffffff835a5550,4,ffffffff83034832,0) at tsleep+0x174 sys/kern/kern_synch.c:149
uvn_io(fffffd806fa568d8,ffff800037664150,1,31,1) at uvn_io+0x765 sys/uvm/uvm_vnode.c:1319
uvn_put(fffffd806fa568d8,ffff800037664150,1,31) at uvn_put+0x125 sys/uvm/uvm_vnode.c:927
uvm_pager_put(fffffd806fa568d8,fffffd8006cbf380,ffff8000376641e8,ffff800037664220,31,0,634b5cc2ef13949a) at uvm_pager_put+0x18e sys/uvm/uvm_pager.c:525
uvn_flush(fffffd806fa568d8,0,0,31) at uvn_flush+0x726 sys/uvm/uvm_vnode.c:726
uvm_vnp_sync(ffff800000b5d400) at uvm_vnp_sync+0x1e7 sys/uvm/uvm_vnode.c:1541
sys_sync(ffff800035c031f0,0,0) at sys_sync+0xd4 sys/kern/vfs_syscalls.c:536
vfs_syncwait(ffff800035c031f0,1) at vfs_syncwait+0x44
vfs_shutdown(ffff800035c031f0) at vfs_shutdown+0x97 sys/kern/vfs_subr.c:1793
boot(100) at boot+0x153 sys/arch/amd64/amd64/machdep.c:907
reboot(100) at reboot+0xa8
panic(ffffffff830303fc) at panic+0x1e3 sys/kern/subr_prf.c:231
wakeup_n(fffffd807413c358,ffffffff) at wakeup_n+0x395 sys/kern/kern_synch.c:554
sd_buf_done(fffffd805ffeea68) at sd_buf_done+0x2da sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2218) at vioscsi_vq_done+0xe1
intr_handler(ffff800037664610,ffff800000077c80) at intr_handler+0xcf
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
softintr_dispatch(0) at softintr_dispatch+0xd4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x27
buf_get(0,0,2000000) at buf_get+0x5d5 sys/kern/vfs_bio.c:1182
geteblk(2000000) at geteblk+0x3c
readdisklabel(2902,ffffffff8106b1f0,ffff80000130aa00,0) at readdisklabel+0x1c4 sys/arch/amd64/amd64/disksubr.c:96
vndopen(2902,1,2000,ffff800035c031f0) at vndopen+0x207 sys/dev/vnd.c:204
spec_open(ffff800037664b28) at spec_open+0x2e9 sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806fe9fd08,1,fffffd807f7d7680,ffff800035c031f0) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff800037664d78,1,0) at vn_open+0x708 sys/kern/vfs_vnops.c:177
doopenat(ffff800035c031f0,ffffff9c,20000080,0,0,ffff800037664f20) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123
syscall(ffff800037664fd0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xcb9135ec2c0, count: 194
End of stack trace.
dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2 Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 0fee9609-1d66-d0cb-3385-b9d53e0469ef
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f27c0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.67
boot> set $maxwidth = 0
set: syntax error
boot> show panic
boot: illegal argument panic
boot> trace
boot> show registers
boot> show proc
boot> ps
boot> show all locks
boot> show malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 8eda69bd84da Allow downloading firmware without root
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=116aa1f7980000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=964b416fdc3c5d9c8cb4
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e1a8e9972cdc/disk-8eda69bd.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/7c3640badb48/bsd-8eda69bd.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3adce15cf63a/kernel-8eda69bd.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+964b41...@syzkaller.appspotmail.com
panic: thread -538976289 p_stat is -33
Starting stack trace...
panic(ffffffff830303fc) at panic+0x1ba sys/kern/subr_prf.c:229
wakeup_n(fffffd807413c358,ffffffff) at wakeup_n+0x395 sys/kern/kern_synch.c:554
sd_buf_done(fffffd805ffeea68) at sd_buf_done+0x2da sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2218) at vioscsi_vq_done+0xe1
intr_handler(ffff800037664610,ffff800000077c80) at intr_handler+0xcf
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
softintr_dispatch(0) at softintr_dispatch+0xd4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x27
buf_get(0,0,2000000) at buf_get+0x5d5 sys/kern/vfs_bio.c:1182
geteblk(2000000) at geteblk+0x3c
readdisklabel(2902,ffffffff8106b1f0,ffff80000130aa00,0) at readdisklabel+0x1c4 sys/arch/amd64/amd64/disksubr.c:96
vndopen(2902,1,2000,ffff800035c031f0) at vndopen+0x207 sys/dev/vnd.c:204
spec_open(ffff800037664b28) at spec_open+0x2e9 sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806fe9fd08,1,fffffd807f7d7680,ffff800035c031f0) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff800037664d78,1,0) at vn_open+0x708 sys/kern/vfs_vnops.c:177
doopenat(ffff800035c031f0,ffffff9c,20000080,0,0,ffff800037664f20) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123
syscall(ffff800037664fd0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xcb9135ec2c0, count: 238
End of stack trace.
syncing disks...uppanic: thread 0 p_stat is 0
Starting stack trace...
panic(ffffffff830303fc) at panic+0x1ba sys/kern/subr_prf.c:229
wakeup_n(ffff800000b12a10,ffffffff) at wakeup_n+0x395 sys/kern/kern_synch.c:554
ttyinput(a,ffff800000b12a00) at ttyinput+0x1c7a sys/kern/tty.c:559
nmeainput(a,ffff800000b12a00) at nmeainput+0x324 sys/kern/tty_nmea.c:251
comsoft(ffff80000007e000) at comsoft+0x392 sys/dev/ic/com.c:1037
softintr_dispatch(2) at softintr_dispatch+0xea sys/arch/amd64/amd64/softintr.c:90
Xsofttty() at Xsofttty+0x27
Xspllower() at Xspllower+0x1d
cnputc(70) at cnputc+0x61 sys/dev/cons.c:218
db_putchar(70) at db_putchar+0x65c sys/ddb/db_output.c:155
kprintf() at kprintf+0x833
db_printf(ffffffff830697e5) at db_printf+0x9b
panic(ffffffff830303fc) at panic+0x11a sys/kern/subr_prf.c:218
wakeup_n(ffff80000002c000,1) at wakeup_n+0x395 sys/kern/kern_synch.c:554
task_add(ffff80000002c000,ffff8000000394a8) at task_add+0x15e sys/kern/kern_task.c:374
ifiq_input(ffff800000039468,ffff800037663680) at ifiq_input+0x38d sys/net/ifq.c:780
vio_rxeof(ffff800000078b00) at vio_rxeof+0x371 sys/dev/pv/if_vio.c:1318
vio_rx_intr(ffff80000019e000) at vio_rx_intr+0x78 sys/dev/pv/if_vio.c:1334
intr_handler(ffff8000376637d0,ffff800000078780) at intr_handler+0xcf
Xintr_ioapic_edge25_untramp() at Xintr_ioapic_edge25_untramp+0x18f
Xspllower() at Xspllower+0x1d
cnputc(75) at cnputc+0x61 sys/dev/cons.c:218
db_putchar(75) at db_putchar+0x65c sys/ddb/db_output.c:155
kprintf() at kprintf+0x2aaa sys/kern/subr_prf.c:1065
db_printf(ffffffff83061f23) at db_printf+0x9b
fault(ffffffff83013680) at fault+0xa3 sys/arch/amd64/amd64/trap.c:157
kpageflttrap(ffff800037663c70,8) at kpageflttrap+0x34d sys/arch/amd64/amd64/trap.c:290
kerntrap(ffff800037663c70) at kerntrap+0x138 sys/arch/amd64/amd64/trap.c:332
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
softclock(0) at softclock+0xf7 sys/kern/kern_timeout.c:748
softintr_dispatch(0) at softintr_dispatch+0xea sys/arch/amd64/amd64/softintr.c:90
Xsoftclock() at Xsoftclock+0x27
Xspllower() at Xspllower+0x1d
tsleep(ffffffff835a5550,4,ffffffff83034832,0) at tsleep+0x174 sys/kern/kern_synch.c:149
uvn_io(fffffd806fa568d8,ffff800037664150,1,31,1) at uvn_io+0x765 sys/uvm/uvm_vnode.c:1319
uvn_put(fffffd806fa568d8,ffff800037664150,1,31) at uvn_put+0x125 sys/uvm/uvm_vnode.c:927
uvm_pager_put(fffffd806fa568d8,fffffd8006cbf380,ffff8000376641e8,ffff800037664220,31,0,634b5cc2ef13949a) at uvm_pager_put+0x18e sys/uvm/uvm_pager.c:525
uvn_flush(fffffd806fa568d8,0,0,31) at uvn_flush+0x726 sys/uvm/uvm_vnode.c:726
uvm_vnp_sync(ffff800000b5d400) at uvm_vnp_sync+0x1e7 sys/uvm/uvm_vnode.c:1541
sys_sync(ffff800035c031f0,0,0) at sys_sync+0xd4 sys/kern/vfs_syscalls.c:536
vfs_syncwait(ffff800035c031f0,1) at vfs_syncwait+0x44
vfs_shutdown(ffff800035c031f0) at vfs_shutdown+0x97 sys/kern/vfs_subr.c:1793
boot(100) at boot+0x153 sys/arch/amd64/amd64/machdep.c:907
reboot(100) at reboot+0xa8
panic(ffffffff830303fc) at panic+0x1e3 sys/kern/subr_prf.c:231
wakeup_n(fffffd807413c358,ffffffff) at wakeup_n+0x395 sys/kern/kern_synch.c:554
sd_buf_done(fffffd805ffeea68) at sd_buf_done+0x2da sys/scsi/sd.c:772
vioscsi_vq_done(ffff8000000a2218) at vioscsi_vq_done+0xe1
intr_handler(ffff800037664610,ffff800000077c80) at intr_handler+0xcf
Xintr_ioapic_edge23_untramp() at Xintr_ioapic_edge23_untramp+0x18f
Xspllower() at Xspllower+0x1d
softintr_dispatch(0) at softintr_dispatch+0xd4 sys/arch/amd64/amd64/softintr.c:103
Xsoftclock() at Xsoftclock+0x27
buf_get(0,0,2000000) at buf_get+0x5d5 sys/kern/vfs_bio.c:1182
geteblk(2000000) at geteblk+0x3c
readdisklabel(2902,ffffffff8106b1f0,ffff80000130aa00,0) at readdisklabel+0x1c4 sys/arch/amd64/amd64/disksubr.c:96
vndopen(2902,1,2000,ffff800035c031f0) at vndopen+0x207 sys/dev/vnd.c:204
spec_open(ffff800037664b28) at spec_open+0x2e9 sys/kern/spec_vnops.c:150
VOP_OPEN(fffffd806fe9fd08,1,fffffd807f7d7680,ffff800035c031f0) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff800037664d78,1,0) at vn_open+0x708 sys/kern/vfs_vnops.c:177
doopenat(ffff800035c031f0,ffffff9c,20000080,0,0,ffff800037664f20) at doopenat+0x31d sys/kern/vfs_syscalls.c:1123
syscall(ffff800037664fd0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xcb9135ec2c0, count: 194
End of stack trace.
dump to dev 4,1 not possible
rebooting...
SeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2 Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 0fee9609-1d66-d0cb-3385-b9d53e0469ef
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f27c0: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.67
boot> set $maxwidth = 0
set: syntax error
boot> show panic
boot: illegal argument panic
boot> trace
boot> show registers
boot> show proc
boot> ps
boot> show all locks
boot> show malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Feb 5, 2025, 6:08:19 AM2/5/25
to syzkaller-o...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages