assert "TAILQ_EMPTY(&lock->lf_blkhd)" failed in vfs_lockf.c
0 views
Skip to first unread message
syzbot
Apr 14, 2022, 10:43:20 PM4/14/22
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3fe80b7fb1a5 ddb: constify command tables
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=170381b7700000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=892e886a6113db341da1
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+892e88...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "TAILQ_EMPTY(&lock->lf_blkhd)" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_lockf.c", line 205
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*187815 49942 32767 0x10 0x4000000 1 syz-executor.3
326036 89397 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258ff61) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff826059bb,ffffffff825abd50,cd,ffffffff825e079b) at __assert+0x25 sys/kern/subr_prf.c:161
lf_free(fffffd806f22ba90) at lf_free+0xe2 ls_rele sys/kern/vfs_lockf.c:152 [inline]
lf_free(fffffd806f22ba90) at lf_free+0xe2 sys/kern/vfs_lockf.c:208
lf_setlock(fffffd806f22ba90) at lf_setlock+0xadb
lf_advlock(ffff800000bc65a0,0,fffffd806c9d55d0,8,ffff8000294b8120,50) at lf_advlock+0x3a7 sys/kern/vfs_lockf.c:301
VOP_ADVLOCK(fffffd8075d1f408,fffffd806c9d55d0,8,ffff8000294b8120,50) at VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628
sys_fcntl(ffff8000fffeea88,ffff8000294b81a8,ffff8000294b8200) at sys_fcntl+0xad9
syscall(ffff8000294b8270) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000294b8270) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf0f26f9b890, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: kernel diagnostic assertion "TAILQ_EMPTY(&lock->lf_blkhd)" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_lockf.c", line 205
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258ff61) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff826059bb,ffffffff825abd50,cd,ffffffff825e079b) at __assert+0x25 sys/kern/subr_prf.c:161
lf_free(fffffd806f22ba90) at lf_free+0xe2 ls_rele sys/kern/vfs_lockf.c:152 [inline]
lf_free(fffffd806f22ba90) at lf_free+0xe2 sys/kern/vfs_lockf.c:208
lf_setlock(fffffd806f22ba90) at lf_setlock+0xadb
lf_advlock(ffff800000bc65a0,0,fffffd806c9d55d0,8,ffff8000294b8120,50) at lf_advlock+0x3a7 sys/kern/vfs_lockf.c:301
VOP_ADVLOCK(fffffd8075d1f408,fffffd806c9d55d0,8,ffff8000294b8120,50) at VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628
sys_fcntl(ffff8000fffeea88,ffff8000294b81a8,ffff8000294b8200) at sys_fcntl+0xad9
syscall(ffff8000294b8270) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000294b8270) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf0f26f9b890, count: -10
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000294b7e10
rbx 0xffff800020ce9bff
rdx 0xffff800000c2cd80
rcx 0
rax 0xffff8000fffeea88
r8 0x101010101010101
r9 0x8080808080808080
r10 0x2a119c7b93c4c9e9
r11 0x1e1ed01ddc59b93c
r12 0xffff800020ce9a00
r13 0
r14 0
r15 0x1
rip 0xffffffff81b436c8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000294b7e00
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.3) pid=187815 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000fffec010,0xffffffff82a16690
process=0xffff8000ffff29a8 user=0xffff8000294b3000, vmspace=0xfffffd8008732170
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
63892 91659 84931 32767 2 0x10 syz-executor.5
49942 270430 27571 32767 2 0x10 syz-executor.3
49942 89050 27571 32767 3 0x4000090 lockf syz-executor.3
49942 456848 27571 32767 3 0x4000090 lockf syz-executor.3
*49942 187815 27571 32767 7 0x4000010 syz-executor.3
47970 152837 94417 32767 3 0x90 nanoslp syz-executor.2
94417 490846 9629 0 3 0x82 wait syz-executor.2
81901 241568 81118 32767 3 0x90 nanoslp syz-executor.7
81118 219241 9629 0 3 0x82 wait syz-executor.7
58868 106372 15253 32767 3 0x90 nanoslp syz-executor.4
15253 513465 9629 0 3 0x82 wait syz-executor.4
84931 404066 39105 32767 3 0x90 nanoslp syz-executor.5
39105 403163 9629 0 3 0x82 wait syz-executor.5
23681 78890 19405 32767 3 0x90 nanoslp syz-executor.0
19405 304963 9629 0 3 0x82 wait syz-executor.0
14395 245440 99894 32767 3 0x90 piperd syz-executor.1
99894 244534 9629 0 3 0x82 wait syz-executor.1
27571 341108 36317 32767 3 0x90 nanoslp syz-executor.3
36317 133456 9629 0 3 0x82 wait syz-executor.3
12220 221666 19985 32767 3 0x90 piperd syz-executor.6
19985 429342 9629 0 3 0x82 wait syz-executor.6
22218 458168 0 0 3 0x14200 bored sosplice
9629 75070 51271 0 3 0x82 kqread syz-fuzzer
9629 225670 51271 0 3 0x4000082 thrsleep syz-fuzzer
9629 276898 51271 0 3 0x4000082 thrsleep syz-fuzzer
9629 456039 51271 0 3 0x4000082 thrsleep syz-fuzzer
9629 329664 51271 0 3 0x4000082 thrsleep syz-fuzzer
9629 350908 51271 0 3 0x4000082 thrsleep syz-fuzzer
9629 105853 51271 0 3 0x4000082 thrsleep syz-fuzzer
9629 84583 51271 0 3 0x4000082 thrsleep syz-fuzzer
51271 260957 91206 0 3 0x10008a sigsusp ksh
91206 51597 36731 0 3 0x9a kqread sshd
41484 103058 1 0 3 0x100083 ttyin getty
36731 335865 1 0 3 0x88 kqread sshd
11347 33951 67372 73 3 0x1100090 kqread syslogd
67372 426659 1 0 3 0x100082 netio syslogd
11611 46046 1 0 3 0x100080 kqread resolvd
12376 260419 63560 77 3 0x100092 kqread dhcpleased
24838 92200 63560 77 3 0x100092 kqread dhcpleased
63560 402131 1 0 3 0x80 kqread dhcpleased
85431 29446 0 0 3 0x14200 bored smr
48123 126363 0 0 2 0x14200 zerothread
94490 10384 0 0 3 0x14200 aiodoned aiodoned
96546 285362 0 0 3 0x14200 syncer update
77363 141043 0 0 3 0x14200 cleaner cleaner
89397 326036 0 0 7 0x14200 reaper
21881 244895 0 0 3 0x14200 pgdaemon pagedaemon
52309 106049 0 0 3 0x14200 bored viomb
51822 335743 0 0 3 0x40014200 acpi0 acpi0
64202 75300 0 0 3 0x40014200 idle1
96981 485703 0 0 3 0x14200 bored softnet
3429 31750 0 0 3 0x14200 bored systqmp
27344 129348 0 0 3 0x14200 bored systq
83636 295848 0 0 3 0x40014200 bored softclock
62961 467010 0 0 3 0x40014200 idle0
1 468965 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 0:
exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff82b908b0)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 uvm_pmr_freepages+0x10c sys/uvm/uvm_pmemrange.c:1289
#4 pmap_do_remove+0x666 sys/arch/amd64/amd64/pmap.c:1884
#5 uvm_unmap_kill_entry_withlock+0x1af sys/uvm/uvm_map.c:2139
#6 uvm_map_teardown+0x197 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
#6 uvm_map_teardown+0x197 sys/uvm/uvm_map.c:2771
#7 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
#8 reaper+0x19a sys/kern/kern_exit.c:454
#9 proc_trampoline+0x1c
Process 49942 (syz-executor.3) thread 0xffff8000fffeea88 (187815)
exclusive rwlock lockflk r = 0 (0xffffffff82910aa0)
#0 witness_lock+0x44d
#1 lf_advlock+0x189 sys/kern/vfs_lockf.c:263
#2 VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628
#3 sys_fcntl+0xad9
#4 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#4 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#5 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10209 6412K 6419K 78643K 11466 0
pcb 13 16K 18K 78643K 19 0
rtable 270 7K 8K 78643K 4933 0
ifaddr 81 18K 18K 78643K 470 0
sysctl 3 1K 4K 78643K 5 0
counters 56 35K 35K 78643K 166 0
ioctlops 0 0K 2K 78643K 590 0
iov 0 0K 32K 78643K 9388 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1271 79K 80K 78643K 11040 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 13K 78643K 669 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 21256 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 20 73K 117K 78643K 56422 0
sigio 0 0K 0K 78643K 1107 0
proc 56 78K 115K 78643K 5940 0
subproc 104 6K 6K 78643K 819 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 8344 0
in_multi 99 6K 7K 78643K 1369 0
ether_multi 1 0K 0K 78643K 179 0
mrt 1 0K 0K 78643K 7 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 271 1208K 1208K 78643K 271 0
exec 0 0K 2K 78643K 9270 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 362 87K 104K 78643K 339692 0
UVM aobj 131 4K 4K 78643K 137 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 1304 0
NDP 11 0K 2K 78643K 192 0
temp 124 4722K 4850K 78643K 137197 0
kqueue 12 18K 30K 78643K 5469 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 7415 0 7412 56 54 2 5 0 8 1
rtentry 112 824 0 698 4 0 4 4 0 8 0
unpcb 136 44401 0 44388 353 352 1 10 0 8 0
syncache 296 556 0 556 96 96 0 1 0 8 0
tcpqe 32 167 0 167 49 49 0 1 0 8 0
tcpcb 736 74920 0 74876 1328 1324 4 36 0 8 0
arp 120 140 0 122 1 0 1 1 0 8 0
ipq 40 102 0 101 33 32 1 1 0 8 0
ipqe 40 1174 0 1173 33 32 1 1 0 8 0
inpcb 312 102891 0 102884 671 667 4 21 0 8 3
rttmr 72 175 0 173 5 4 1 1 0 8 0
ip6q 72 103 0 103 19 19 0 1 0 8 0
ip6af 40 265 0 265 19 19 0 1 0 8 0
nd6 48 275 0 237 1 0 1 1 0 8 0
kcovpl 48 63 0 55 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 3646 0 3050 55 17 38 43 0 8 0
art_table 32 3647 0 3050 6 1 5 6 0 8 0
art_node 16 823 0 707 1 0 1 1 0 8 0
sysvmsgpl 40 8 0 8 1 1 0 1 0 8 0
semapl 112 21254 0 21244 1 0 1 1 0 8 0
shmpl 112 134 0 6 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 75607 0 74029 99 0 99 99 0 8 0
ffsino 272 75607 0 74029 106 0 106 106 0 8 0
nchpl 144 152007 0 150370 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 486378 0 486378 22 21 1 2 0 8 1
percpumem 16 95 0 55 1 0 1 1 0 8 0
scxspl 216 442328 0 442328 132 131 1 8 0 8 1
plimitpl 152 10980 0 10958 40 39 1 2 0 8 0
sigapl 424 56590 0 56540 7 1 6 7 0 8 0
futexpl 64 513888 0 513888 21 20 1 1 0 8 1
knotepl 120 3154 0 0 22 5 17 17 0 8 0
kqueuepl 216 18875 0 18867 250 249 1 8 0 8 0
pipepl 336 15541 0 15513 350 347 3 13 0 8 0
fdescpl 496 56575 0 56544 7 2 5 6 0 8 0
filepl 152 407519 0 407284 628 617 11 23 0 8 1
lockfpl 104 10336 0 10330 5 4 1 2 0 8 0
lockfspl 48 3203 0 3200 1 0 1 1 0 8 0
sessionpl 144 78 0 62 1 0 1 1 0 8 0
pgrppl 48 573 0 557 1 0 1 1 0 8 0
ucredpl 96 58156 0 58138 1 0 1 1 0 8 0
zombiepl 144 56544 0 56540 11 10 1 1 0 8 0
processpl 1064 56590 0 56540 5 1 4 4 0 8 0
procpl 672 167323 0 167263 63 56 7 8 0 8 0
sosppl 168 756 0 756 70 70 0 1 0 8 0
sockpl 480 156553 0 156526 2447 2438 9 42 0 8 4
mcl64k 65536 113 0 0 3 0 3 3 0 8 0
mcl16k 16384 81 0 0 7 4 3 3 0 8 0
mcl12k 12288 65 0 0 3 1 2 2 0 8 0
mcl9k 9216 65 0 0 3 1 2 2 0 8 0
mcl8k 8192 97 0 0 4 1 3 3 0 8 0
mcl4k 4096 143 0 0 13 10 3 9 0 8 0
mcl2k2 2112 20 0 0 2 0 2 2 0 8 0
mcl2k 2048 655 0 0 17 3 14 17 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 8159 0 0 434 0 434 434 0 8 0
bufpl 288 88232 0 81901 453 0 453 453 0 8 0
anonpl 24 11137387 0 11124298 409 300 109 135 0 186 0
amapchunkpl 152 1017050 0 1016511 348 322 26 48 0 158 0
amappl16 200 163229 0 162851 706 683 23 46 0 8 0
amappl15 192 13324 0 13322 1 0 1 1 0 8 0
amappl14 184 3464 0 3459 6 5 1 1 0 8 0
amappl13 176 11381 0 11378 1 0 1 1 0 8 0
amappl12 168 10039 0 10029 1 0 1 1 0 8 0
amappl11 160 1959 0 1943 1 0 1 1 0 8 0
amappl10 152 11705 0 11701 1 0 1 1 0 8 0
amappl9 144 1022 0 1017 1 0 1 1 0 8 0
amappl8 136 9318 0 9072 10 1 9 9 0 8 0
amappl7 128 5989 0 5976 1 0 1 1 0 8 0
amappl6 120 1244 0 1213 5 4 1 2 0 8 0
amappl5 112 60549 0 60533 3 2 1 2 0 8 0
amappl4 104 6266 0 6226 4 2 2 2 0 8 0
amappl3 96 189723 0 189674 3 1 2 3 0 8 0
amappl2 88 72712 0 72630 5 2 3 3 0 8 0
amappl1 80 1341900 0 1341263 37 21 16 19 0 8 0
amappl 88 334985 0 334825 6 1 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 136 0 6 3 0 3 3 0 8 0
uaddrrnd 24 56575 0 56544 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 56575 0 56544 1 0 1 1 0 8 0
vmmpekpl 168 461979 0 461925 4 0 4 4 0 8 0
vmmpepl 168 5541845 0 5539266 530 393 137 157 0 357 0
vmsppl 368 56574 0 56544 4 0 4 4 0 8 0
rwobjpl 56 1363415 0 1355855 158 46 112 115 0 8 0
pdppl 4096 113157 0 113088 1146 1065 81 91 0 8 12
pvpl 32 21414088 0 21395722 1076 893 183 259 0 265 0
pmappl 248 56574 0 56544 4 1 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 4719 0 3461 37 0 37 37 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff82986ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_const_cmp4(0,1) at __sanitizer_cov_trace_const_cmp4+0x31 kd_curproc sys/dev/kcov.c:578 [inline]
__sanitizer_cov_trace_const_cmp4(0,1) at __sanitizer_cov_trace_const_cmp4+0x31 sys/dev/kcov.c:225
mtx_enter(ffffffff829be730) at mtx_enter+0x57 sys/kern/kern_lock.c:266
msleep(ffffffff82b8fda8,ffffffff829be730,4,ffffffff8263b683,0) at msleep+0x25d
reaper(ffff8000210f9a40) at reaper+0xdb sys/kern/kern_exit.c:425
end trace frame: 0x0, count: 8
ddb{0}> trace
x86_ipi_db(ffffffff82986ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_const_cmp4(0,1) at __sanitizer_cov_trace_const_cmp4+0x31 kd_curproc sys/dev/kcov.c:578 [inline]
__sanitizer_cov_trace_const_cmp4(0,1) at __sanitizer_cov_trace_const_cmp4+0x31 sys/dev/kcov.c:225
mtx_enter(ffffffff829be730) at mtx_enter+0x57 sys/kern/kern_lock.c:266
msleep(ffffffff82b8fda8,ffffffff829be730,4,ffffffff8263b683,0) at msleep+0x25d
reaper(ffff8000210f9a40) at reaper+0xdb sys/kern/kern_exit.c:425
end trace frame: 0x0, count: -7
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258ff61) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff826059bb,ffffffff825abd50,cd,ffffffff825e079b) at __assert+0x25 sys/kern/subr_prf.c:161
lf_free(fffffd806f22ba90) at lf_free+0xe2 ls_rele sys/kern/vfs_lockf.c:152 [inline]
lf_free(fffffd806f22ba90) at lf_free+0xe2 sys/kern/vfs_lockf.c:208
lf_setlock(fffffd806f22ba90) at lf_setlock+0xadb
lf_advlock(ffff800000bc65a0,0,fffffd806c9d55d0,8,ffff8000294b8120,50) at lf_advlock+0x3a7 sys/kern/vfs_lockf.c:301
VOP_ADVLOCK(fffffd8075d1f408,fffffd806c9d55d0,8,ffff8000294b8120,50) at VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628
sys_fcntl(ffff8000fffeea88,ffff8000294b81a8,ffff8000294b8200) at sys_fcntl+0xad9
syscall(ffff8000294b8270) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000294b8270) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf0f26f9b890, count: 5
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258ff61) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff826059bb,ffffffff825abd50,cd,ffffffff825e079b) at __assert+0x25 sys/kern/subr_prf.c:161
lf_free(fffffd806f22ba90) at lf_free+0xe2 ls_rele sys/kern/vfs_lockf.c:152 [inline]
lf_free(fffffd806f22ba90) at lf_free+0xe2 sys/kern/vfs_lockf.c:208
lf_setlock(fffffd806f22ba90) at lf_setlock+0xadb
lf_advlock(ffff800000bc65a0,0,fffffd806c9d55d0,8,ffff8000294b8120,50) at lf_advlock+0x3a7 sys/kern/vfs_lockf.c:301
VOP_ADVLOCK(fffffd8075d1f408,fffffd806c9d55d0,8,ffff8000294b8120,50) at VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628
sys_fcntl(ffff8000fffeea88,ffff8000294b81a8,ffff8000294b8200) at sys_fcntl+0xad9
syscall(ffff8000294b8270) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000294b8270) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf0f26f9b890, count: -10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 3fe80b7fb1a5 ddb: constify command tables
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=170381b7700000
kernel config: https://syzkaller.appspot.com/x/.config?x=bf87b6915a88cd0d
dashboard link: https://syzkaller.appspot.com/bug?extid=892e886a6113db341da1
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+892e88...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "TAILQ_EMPTY(&lock->lf_blkhd)" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_lockf.c", line 205
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*187815 49942 32767 0x10 0x4000000 1 syz-executor.3
326036 89397 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258ff61) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff826059bb,ffffffff825abd50,cd,ffffffff825e079b) at __assert+0x25 sys/kern/subr_prf.c:161
lf_free(fffffd806f22ba90) at lf_free+0xe2 ls_rele sys/kern/vfs_lockf.c:152 [inline]
lf_free(fffffd806f22ba90) at lf_free+0xe2 sys/kern/vfs_lockf.c:208
lf_setlock(fffffd806f22ba90) at lf_setlock+0xadb
lf_advlock(ffff800000bc65a0,0,fffffd806c9d55d0,8,ffff8000294b8120,50) at lf_advlock+0x3a7 sys/kern/vfs_lockf.c:301
VOP_ADVLOCK(fffffd8075d1f408,fffffd806c9d55d0,8,ffff8000294b8120,50) at VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628
sys_fcntl(ffff8000fffeea88,ffff8000294b81a8,ffff8000294b8200) at sys_fcntl+0xad9
syscall(ffff8000294b8270) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000294b8270) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf0f26f9b890, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: kernel diagnostic assertion "TAILQ_EMPTY(&lock->lf_blkhd)" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_lockf.c", line 205
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258ff61) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff826059bb,ffffffff825abd50,cd,ffffffff825e079b) at __assert+0x25 sys/kern/subr_prf.c:161
lf_free(fffffd806f22ba90) at lf_free+0xe2 ls_rele sys/kern/vfs_lockf.c:152 [inline]
lf_free(fffffd806f22ba90) at lf_free+0xe2 sys/kern/vfs_lockf.c:208
lf_setlock(fffffd806f22ba90) at lf_setlock+0xadb
lf_advlock(ffff800000bc65a0,0,fffffd806c9d55d0,8,ffff8000294b8120,50) at lf_advlock+0x3a7 sys/kern/vfs_lockf.c:301
VOP_ADVLOCK(fffffd8075d1f408,fffffd806c9d55d0,8,ffff8000294b8120,50) at VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628
sys_fcntl(ffff8000fffeea88,ffff8000294b81a8,ffff8000294b8200) at sys_fcntl+0xad9
syscall(ffff8000294b8270) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000294b8270) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf0f26f9b890, count: -10
ddb{1}> show registers
rdi 0
rsi 0x1
rbp 0xffff8000294b7e10
rbx 0xffff800020ce9bff
rdx 0xffff800000c2cd80
rcx 0
rax 0xffff8000fffeea88
r8 0x101010101010101
r9 0x8080808080808080
r10 0x2a119c7b93c4c9e9
r11 0x1e1ed01ddc59b93c
r12 0xffff800020ce9a00
r13 0
r14 0
r15 0x1
rip 0xffffffff81b436c8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000294b7e00
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.3) pid=187815 stat=onproc
flags process=10<SUGID> proc=4000000<THREAD>
pri=32, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000fffec010,0xffffffff82a16690
process=0xffff8000ffff29a8 user=0xffff8000294b3000, vmspace=0xfffffd8008732170
estcpu=36, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
63892 91659 84931 32767 2 0x10 syz-executor.5
49942 270430 27571 32767 2 0x10 syz-executor.3
49942 89050 27571 32767 3 0x4000090 lockf syz-executor.3
49942 456848 27571 32767 3 0x4000090 lockf syz-executor.3
*49942 187815 27571 32767 7 0x4000010 syz-executor.3
47970 152837 94417 32767 3 0x90 nanoslp syz-executor.2
94417 490846 9629 0 3 0x82 wait syz-executor.2
81901 241568 81118 32767 3 0x90 nanoslp syz-executor.7
81118 219241 9629 0 3 0x82 wait syz-executor.7
58868 106372 15253 32767 3 0x90 nanoslp syz-executor.4
15253 513465 9629 0 3 0x82 wait syz-executor.4
84931 404066 39105 32767 3 0x90 nanoslp syz-executor.5
39105 403163 9629 0 3 0x82 wait syz-executor.5
23681 78890 19405 32767 3 0x90 nanoslp syz-executor.0
19405 304963 9629 0 3 0x82 wait syz-executor.0
14395 245440 99894 32767 3 0x90 piperd syz-executor.1
99894 244534 9629 0 3 0x82 wait syz-executor.1
27571 341108 36317 32767 3 0x90 nanoslp syz-executor.3
36317 133456 9629 0 3 0x82 wait syz-executor.3
12220 221666 19985 32767 3 0x90 piperd syz-executor.6
19985 429342 9629 0 3 0x82 wait syz-executor.6
22218 458168 0 0 3 0x14200 bored sosplice
9629 75070 51271 0 3 0x82 kqread syz-fuzzer
9629 225670 51271 0 3 0x4000082 thrsleep syz-fuzzer
9629 276898 51271 0 3 0x4000082 thrsleep syz-fuzzer
9629 456039 51271 0 3 0x4000082 thrsleep syz-fuzzer
9629 329664 51271 0 3 0x4000082 thrsleep syz-fuzzer
9629 350908 51271 0 3 0x4000082 thrsleep syz-fuzzer
9629 105853 51271 0 3 0x4000082 thrsleep syz-fuzzer
9629 84583 51271 0 3 0x4000082 thrsleep syz-fuzzer
51271 260957 91206 0 3 0x10008a sigsusp ksh
91206 51597 36731 0 3 0x9a kqread sshd
41484 103058 1 0 3 0x100083 ttyin getty
36731 335865 1 0 3 0x88 kqread sshd
11347 33951 67372 73 3 0x1100090 kqread syslogd
67372 426659 1 0 3 0x100082 netio syslogd
11611 46046 1 0 3 0x100080 kqread resolvd
12376 260419 63560 77 3 0x100092 kqread dhcpleased
24838 92200 63560 77 3 0x100092 kqread dhcpleased
63560 402131 1 0 3 0x80 kqread dhcpleased
85431 29446 0 0 3 0x14200 bored smr
48123 126363 0 0 2 0x14200 zerothread
94490 10384 0 0 3 0x14200 aiodoned aiodoned
96546 285362 0 0 3 0x14200 syncer update
77363 141043 0 0 3 0x14200 cleaner cleaner
89397 326036 0 0 7 0x14200 reaper
21881 244895 0 0 3 0x14200 pgdaemon pagedaemon
52309 106049 0 0 3 0x14200 bored viomb
51822 335743 0 0 3 0x40014200 acpi0 acpi0
64202 75300 0 0 3 0x40014200 idle1
96981 485703 0 0 3 0x14200 bored softnet
3429 31750 0 0 3 0x14200 bored systqmp
27344 129348 0 0 3 0x14200 bored systq
83636 295848 0 0 3 0x40014200 bored softclock
62961 467010 0 0 3 0x40014200 idle0
1 468965 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{1}> show all locks
CPU 0:
exclusive mutex &uvm.fpageqlock r = 0 (0xffffffff82b908b0)
#0 witness_lock+0x44d
#1 mtx_enter_try+0x100
#2 mtx_enter+0x4b sys/kern/kern_lock.c:266
#3 uvm_pmr_freepages+0x10c sys/uvm/uvm_pmemrange.c:1289
#4 pmap_do_remove+0x666 sys/arch/amd64/amd64/pmap.c:1884
#5 uvm_unmap_kill_entry_withlock+0x1af sys/uvm/uvm_map.c:2139
#6 uvm_map_teardown+0x197 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
#6 uvm_map_teardown+0x197 sys/uvm/uvm_map.c:2771
#7 uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
#8 reaper+0x19a sys/kern/kern_exit.c:454
#9 proc_trampoline+0x1c
Process 49942 (syz-executor.3) thread 0xffff8000fffeea88 (187815)
exclusive rwlock lockflk r = 0 (0xffffffff82910aa0)
#0 witness_lock+0x44d
#1 lf_advlock+0x189 sys/kern/vfs_lockf.c:263
#2 VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628
#3 sys_fcntl+0xad9
#4 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#4 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#5 Xsyscall+0x128
ddb{1}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10209 6412K 6419K 78643K 11466 0
pcb 13 16K 18K 78643K 19 0
rtable 270 7K 8K 78643K 4933 0
ifaddr 81 18K 18K 78643K 470 0
sysctl 3 1K 4K 78643K 5 0
counters 56 35K 35K 78643K 166 0
ioctlops 0 0K 2K 78643K 590 0
iov 0 0K 32K 78643K 9388 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1271 79K 80K 78643K 11040 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 13K 78643K 669 0
VM map 2 1K 1K 78643K 2 0
sem 12 0K 0K 78643K 21256 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 20 73K 117K 78643K 56422 0
sigio 0 0K 0K 78643K 1107 0
proc 56 78K 115K 78643K 5940 0
subproc 104 6K 6K 78643K 819 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 8344 0
in_multi 99 6K 7K 78643K 1369 0
ether_multi 1 0K 0K 78643K 179 0
mrt 1 0K 0K 78643K 7 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 271 1208K 1208K 78643K 271 0
exec 0 0K 2K 78643K 9270 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 362 87K 104K 78643K 339692 0
UVM aobj 131 4K 4K 78643K 137 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 1304 0
NDP 11 0K 2K 78643K 192 0
temp 124 4722K 4850K 78643K 137197 0
kqueue 12 18K 30K 78643K 5469 0
SYN cache 2 16K 16K 78643K 2 0
ddb{1}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 7415 0 7412 56 54 2 5 0 8 1
rtentry 112 824 0 698 4 0 4 4 0 8 0
unpcb 136 44401 0 44388 353 352 1 10 0 8 0
syncache 296 556 0 556 96 96 0 1 0 8 0
tcpqe 32 167 0 167 49 49 0 1 0 8 0
tcpcb 736 74920 0 74876 1328 1324 4 36 0 8 0
arp 120 140 0 122 1 0 1 1 0 8 0
ipq 40 102 0 101 33 32 1 1 0 8 0
ipqe 40 1174 0 1173 33 32 1 1 0 8 0
inpcb 312 102891 0 102884 671 667 4 21 0 8 3
rttmr 72 175 0 173 5 4 1 1 0 8 0
ip6q 72 103 0 103 19 19 0 1 0 8 0
ip6af 40 265 0 265 19 19 0 1 0 8 0
nd6 48 275 0 237 1 0 1 1 0 8 0
kcovpl 48 63 0 55 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 3646 0 3050 55 17 38 43 0 8 0
art_table 32 3647 0 3050 6 1 5 6 0 8 0
art_node 16 823 0 707 1 0 1 1 0 8 0
sysvmsgpl 40 8 0 8 1 1 0 1 0 8 0
semapl 112 21254 0 21244 1 0 1 1 0 8 0
shmpl 112 134 0 6 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 75607 0 74029 99 0 99 99 0 8 0
ffsino 272 75607 0 74029 106 0 106 106 0 8 0
nchpl 144 152007 0 150370 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 486378 0 486378 22 21 1 2 0 8 1
percpumem 16 95 0 55 1 0 1 1 0 8 0
scxspl 216 442328 0 442328 132 131 1 8 0 8 1
plimitpl 152 10980 0 10958 40 39 1 2 0 8 0
sigapl 424 56590 0 56540 7 1 6 7 0 8 0
futexpl 64 513888 0 513888 21 20 1 1 0 8 1
knotepl 120 3154 0 0 22 5 17 17 0 8 0
kqueuepl 216 18875 0 18867 250 249 1 8 0 8 0
pipepl 336 15541 0 15513 350 347 3 13 0 8 0
fdescpl 496 56575 0 56544 7 2 5 6 0 8 0
filepl 152 407519 0 407284 628 617 11 23 0 8 1
lockfpl 104 10336 0 10330 5 4 1 2 0 8 0
lockfspl 48 3203 0 3200 1 0 1 1 0 8 0
sessionpl 144 78 0 62 1 0 1 1 0 8 0
pgrppl 48 573 0 557 1 0 1 1 0 8 0
ucredpl 96 58156 0 58138 1 0 1 1 0 8 0
zombiepl 144 56544 0 56540 11 10 1 1 0 8 0
processpl 1064 56590 0 56540 5 1 4 4 0 8 0
procpl 672 167323 0 167263 63 56 7 8 0 8 0
sosppl 168 756 0 756 70 70 0 1 0 8 0
sockpl 480 156553 0 156526 2447 2438 9 42 0 8 4
mcl64k 65536 113 0 0 3 0 3 3 0 8 0
mcl16k 16384 81 0 0 7 4 3 3 0 8 0
mcl12k 12288 65 0 0 3 1 2 2 0 8 0
mcl9k 9216 65 0 0 3 1 2 2 0 8 0
mcl8k 8192 97 0 0 4 1 3 3 0 8 0
mcl4k 4096 143 0 0 13 10 3 9 0 8 0
mcl2k2 2112 20 0 0 2 0 2 2 0 8 0
mcl2k 2048 655 0 0 17 3 14 17 0 8 0
mtagpl 96 2 0 0 1 0 1 1 0 8 0
mbufpl 256 8159 0 0 434 0 434 434 0 8 0
bufpl 288 88232 0 81901 453 0 453 453 0 8 0
anonpl 24 11137387 0 11124298 409 300 109 135 0 186 0
amapchunkpl 152 1017050 0 1016511 348 322 26 48 0 158 0
amappl16 200 163229 0 162851 706 683 23 46 0 8 0
amappl15 192 13324 0 13322 1 0 1 1 0 8 0
amappl14 184 3464 0 3459 6 5 1 1 0 8 0
amappl13 176 11381 0 11378 1 0 1 1 0 8 0
amappl12 168 10039 0 10029 1 0 1 1 0 8 0
amappl11 160 1959 0 1943 1 0 1 1 0 8 0
amappl10 152 11705 0 11701 1 0 1 1 0 8 0
amappl9 144 1022 0 1017 1 0 1 1 0 8 0
amappl8 136 9318 0 9072 10 1 9 9 0 8 0
amappl7 128 5989 0 5976 1 0 1 1 0 8 0
amappl6 120 1244 0 1213 5 4 1 2 0 8 0
amappl5 112 60549 0 60533 3 2 1 2 0 8 0
amappl4 104 6266 0 6226 4 2 2 2 0 8 0
amappl3 96 189723 0 189674 3 1 2 3 0 8 0
amappl2 88 72712 0 72630 5 2 3 3 0 8 0
amappl1 80 1341900 0 1341263 37 21 16 19 0 8 0
amappl 88 334985 0 334825 6 1 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 136 0 6 3 0 3 3 0 8 0
uaddrrnd 24 56575 0 56544 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 56575 0 56544 1 0 1 1 0 8 0
vmmpekpl 168 461979 0 461925 4 0 4 4 0 8 0
vmmpepl 168 5541845 0 5539266 530 393 137 157 0 357 0
vmsppl 368 56574 0 56544 4 0 4 4 0 8 0
rwobjpl 56 1363415 0 1355855 158 46 112 115 0 8 0
pdppl 4096 113157 0 113088 1146 1065 81 91 0 8 12
pvpl 32 21414088 0 21395722 1076 893 183 259 0 265 0
pmappl 248 56574 0 56544 4 1 3 3 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 4719 0 3461 37 0 37 37 0 8 0
ddb{1}> machine ddbcpu 0
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
x86_ipi_db(ffffffff82986ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_const_cmp4(0,1) at __sanitizer_cov_trace_const_cmp4+0x31 kd_curproc sys/dev/kcov.c:578 [inline]
__sanitizer_cov_trace_const_cmp4(0,1) at __sanitizer_cov_trace_const_cmp4+0x31 sys/dev/kcov.c:225
mtx_enter(ffffffff829be730) at mtx_enter+0x57 sys/kern/kern_lock.c:266
msleep(ffffffff82b8fda8,ffffffff829be730,4,ffffffff8263b683,0) at msleep+0x25d
reaper(ffff8000210f9a40) at reaper+0xdb sys/kern/kern_exit.c:425
end trace frame: 0x0, count: 8
ddb{0}> trace
x86_ipi_db(ffffffff82986ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
__sanitizer_cov_trace_const_cmp4(0,1) at __sanitizer_cov_trace_const_cmp4+0x31 kd_curproc sys/dev/kcov.c:578 [inline]
__sanitizer_cov_trace_const_cmp4(0,1) at __sanitizer_cov_trace_const_cmp4+0x31 sys/dev/kcov.c:225
mtx_enter(ffffffff829be730) at mtx_enter+0x57 sys/kern/kern_lock.c:266
msleep(ffffffff82b8fda8,ffffffff829be730,4,ffffffff8263b683,0) at msleep+0x25d
reaper(ffff8000210f9a40) at reaper+0xdb sys/kern/kern_exit.c:425
end trace frame: 0x0, count: -7
ddb{0}> machine ddbcpu 1
Stopped at db_enter+0x18: addq $0x8,%rsp
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258ff61) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff826059bb,ffffffff825abd50,cd,ffffffff825e079b) at __assert+0x25 sys/kern/subr_prf.c:161
lf_free(fffffd806f22ba90) at lf_free+0xe2 ls_rele sys/kern/vfs_lockf.c:152 [inline]
lf_free(fffffd806f22ba90) at lf_free+0xe2 sys/kern/vfs_lockf.c:208
lf_setlock(fffffd806f22ba90) at lf_setlock+0xadb
lf_advlock(ffff800000bc65a0,0,fffffd806c9d55d0,8,ffff8000294b8120,50) at lf_advlock+0x3a7 sys/kern/vfs_lockf.c:301
VOP_ADVLOCK(fffffd8075d1f408,fffffd806c9d55d0,8,ffff8000294b8120,50) at VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628
sys_fcntl(ffff8000fffeea88,ffff8000294b81a8,ffff8000294b8200) at sys_fcntl+0xad9
syscall(ffff8000294b8270) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000294b8270) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf0f26f9b890, count: 5
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437
panic(ffffffff8258ff61) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff826059bb,ffffffff825abd50,cd,ffffffff825e079b) at __assert+0x25 sys/kern/subr_prf.c:161
lf_free(fffffd806f22ba90) at lf_free+0xe2 ls_rele sys/kern/vfs_lockf.c:152 [inline]
lf_free(fffffd806f22ba90) at lf_free+0xe2 sys/kern/vfs_lockf.c:208
lf_setlock(fffffd806f22ba90) at lf_setlock+0xadb
lf_advlock(ffff800000bc65a0,0,fffffd806c9d55d0,8,ffff8000294b8120,50) at lf_advlock+0x3a7 sys/kern/vfs_lockf.c:301
VOP_ADVLOCK(fffffd8075d1f408,fffffd806c9d55d0,8,ffff8000294b8120,50) at VOP_ADVLOCK+0x71 sys/kern/vfs_vops.c:628
sys_fcntl(ffff8000fffeea88,ffff8000294b81a8,ffff8000294b8200) at sys_fcntl+0xad9
syscall(ffff8000294b8270) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000294b8270) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xf0f26f9b890, count: -10
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Reply all
Reply to author
Forward
0 new messages