witness: reversal: lock order data missing (5)
2 views
Skip to first unread message
syzbot
Feb 3, 2025, 4:07:18 AM2/3/25
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: db5d28f093d6 Bump kcov buffer size limit
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11e2aeb0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=6e45b18b14156f1df9f4
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/daa0f9ba3aa0/disk-db5d28f0.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/da471e678042/bsd-db5d28f0.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fca6ec5e4a2d/kernel-db5d28f0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6e45b1...@syzkaller.appspotmail.com
login: witness: lock order reversal:
1st 0xffff800010fde1d0 sbufsnd (&so->so_snd.sb_lock)
2nd 0xfffffd806de4da90 inode (&ip->i_lock)
lock order [1] sbufsnd (&so->so_snd.sb_lock) -> [2] inode (&ip->i_lock)
lock order data 0xffffffff8311d8b8 -> 0xffffffff830ca204 is missing
lock order [2] inode (&ip->i_lock) -> [3] sbufrcv (&so->so_rcv.sb_lock)
#0 rw_do_enter_write+0xb7 sys/kern/kern_rwlock.c:233
#1 sblock+0xb7 sys/kern/uipc_socket2.c:537
#2 soreceive+0x28e sys/kern/uipc_socket.c:876
#3 fifo_read+0x11a sys/miscfs/fifofs/fifo_vnops.c:264
#4 VOP_READ+0x102 sys/kern/vfs_vops.c:227
#5 vn_rdwr+0x15b
#6 vndsetcred+0xa1 sys/dev/vnd.c:684
#7 vndioctl+0xe6c sys/dev/vnd.c:485
#8 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#9 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:531
#10 sys_ioctl+0x5c3
#11 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#11 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#12 Xsyscall+0x128
lock order [3] sbufrcv (&so->so_rcv.sb_lock) -> [1] sbufsnd (&so->so_snd.sb_lock)
#0 rw_do_enter_write+0xb7 sys/kern/kern_rwlock.c:233
#1 sblock+0xb7 sys/kern/uipc_socket2.c:537
#2 sosplice+0x40d sys/kern/uipc_socket.c:1358
#3 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1221
#4 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#4 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#5 Xsyscall+0x128
Stopped at db_enter+0x25: addq $0x8,%rsp
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
witness_checkorder(fffffd806de4da90,9,0) at witness_checkorder+0x1047
rw_do_enter_write(fffffd806de4da78,1) at rw_do_enter_write+0xb7 sys/kern/kern_rwlock.c:233
rrw_enter(fffffd806de4da78,1) at rrw_enter+0xc6 sys/kern/kern_rwlock.c:616
VOP_LOCK(fffffd80634800f8,2001) at VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
vn_lock(fffffd80634800f8,2001) at vn_lock+0xa4 sys/kern/vfs_vnops.c:570
vfs_lookup(ffff80003c649bb8) at vfs_lookup+0x109 sys/kern/vfs_lookup.c:418
namei(ffff80003c649bb8) at namei+0x7aa sys/kern/vfs_lookup.c:250
unp_connect(ffff800010fde010,fffffd8062af2d00,ffff8000ffff82a8) at unp_connect+0x27d sys/kern/uipc_usrreq.c:868
uipc_dgram_send(ffff800010fde010,fffffd806afd5700,fffffd8062af2d00,0) at uipc_dgram_send+0x131 sys/kern/uipc_usrreq.c:607
sosend(ffff800010fde010,fffffd8062af2d00,ffff80003c649e38,0,0,0) at sosend+0x804
sendit(ffff8000ffff82a8,3,ffff80003c649fb0,0,ffff80003c64a070) at sendit+0x721 sys/kern/uipc_syscalls.c:779
sys_sendmsg(ffff8000ffff82a8,ffff80003c64a120,ffff80003c64a070) at sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:597
syscall(ffff80003c64a120) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c64a120) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xdd504a4d5a0, count: -15
ddb{0}> show registers
rdi 0
rsi 0x80000 acpi_pdirpa+0x6be71
rbp 0xffff80003c649830
rbx 0xfffffd8004341b48
rdx 0xffff80000128ac80
rcx 0xffff8000ffff82a8
rax 0x7ffff acpi_pdirpa+0x6be70
r8 0xffff80003c649710
r9 0x8080808080808080
r10 0xe8cb9983bd16dcb8
r11 0x5c4b48b915e658d7
r12 0
r13 0xfffffd8003b58f00
r14 0x3
r15 0xffffffff
rip 0xffffffff81bee6b5 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c649820
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=274635 pid=46173 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003857f1f8,0xffffffff83683328
process=0xffff80003796eb58 user=0xffff80003c645000, vmspace=0xfffffd806ec48c80
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
46173 352351 17210 0 2 0 syz-executor
*46173 274635 17210 0 7 0x4000000 syz-executor
81811 386540 16374 0 2 0 syz-executor
81811 132499 16374 0 3 0x4000080 fsleep syz-executor
61094 290292 27079 0 2 0 syz-executor
61094 97612 27079 0 3 0x4000080 fsleep syz-executor
11166 10386 42489 0 2 0 syz-executor
11166 9633 42489 0 3 0x4000080 kqread syz-executor
11166 495705 42489 0 3 0x4000080 kqread syz-executor
18802 79729 8917 0 2 0 syz-executor
18802 13323 8917 0 3 0x4000080 fsleep syz-executor
40517 41497 80081 0 2 0 syz-executor
40517 340463 80081 0 3 0x4000080 ttyout syz-executor
40517 469694 80081 0 3 0x4000080 ttyout syz-executor
14228 263006 60103 0 3 0x80 nanoslp syz-executor
14228 4953 60103 0 3 0x4000080 sbwait syz-executor
14228 412937 60103 0 3 0x4000080 fsleep syz-executor
14228 476230 60103 0 3 0x4000080 fsleep syz-executor
56742 422309 1 0 3 0x100083 ttyin getty
26583 364256 0 0 3 0x14200 bored sosplice
76647 192052 0 0 3 0x14280 nfsidl nfsio
73246 22279 0 0 3 0x14280 nfsidl nfsio
82266 330965 0 0 3 0x14280 nfsidl nfsio
23931 440068 0 0 3 0x14280 nfsidl nfsio
79640 193355 0 0 3 0x14280 nfsidl nfsio
90712 30215 0 0 3 0x14280 nfsidl nfsio
6213 493057 0 0 3 0x14280 nfsidl nfsio
34975 79964 0 0 3 0x14280 nfsidl nfsio
38112 149823 0 0 3 0x14280 nfsidl nfsio
93553 50542 0 0 3 0x14280 nfsidl nfsio
1549 301824 0 0 3 0x14280 nfsidl nfsio
47549 319029 0 0 3 0x14280 nfsidl nfsio
66282 441089 0 0 3 0x14280 nfsidl nfsio
81840 108942 0 0 3 0x14280 nfsidl nfsio
10619 426877 0 0 3 0x14280 nfsidl nfsio
29350 288304 0 0 3 0x14280 nfsidl nfsio
96819 347254 0 0 3 0x14280 nfsidl nfsio
34488 498649 0 0 3 0x14280 nfsidl nfsio
11643 329670 0 0 3 0x14280 nfsidl nfsio
62565 376890 0 0 3 0x14280 nfsidl nfsio
16374 155001 52774 0 3 0x82 nanoslp syz-executor
27079 368888 52774 0 3 0x82 nanoslp syz-executor
60103 60944 52774 0 3 0x82 nanoslp syz-executor
56876 393554 52774 0 3 0x2 biowait syz-executor
42489 147844 52774 0 3 0x82 nanoslp syz-executor
80081 188156 52774 0 3 0x82 nanoslp syz-executor
8917 166675 52774 0 3 0x82 nanoslp syz-executor
17210 436802 52774 0 3 0x82 nanoslp syz-executor
52774 44526 28895 0 3 0x82 kqread syz-executor
28895 252160 63242 0 3 0x10008a sigsusp ksh
63242 165826 4239 0 3 0x98 kqread sshd-session
4239 333717 64537 0 3 0x92 kqread sshd-session
64537 249170 1 0 3 0x88 kqread sshd
51137 360630 26468 74 3 0x1100092 bpf pflogd
26468 261570 1 0 3 0x80 sbwait pflogd
67284 22468 78545 73 3 0x1100090 kqread syslogd
78545 188043 1 0 3 0x100082 sbwait syslogd
17072 439272 1 0 3 0x100080 kqread resolvd
96419 192931 79800 77 3 0x100092 kqread dhcpleased
64171 489753 79800 77 3 0x100092 kqread dhcpleased
79800 227196 1 0 3 0x80 kqread dhcpleased
17658 355828 0 0 3 0x14200 bored smr
38856 126001 0 0 2 0x14200 zerothread
40996 277507 0 0 3 0x14200 aiodoned aiodoned
91163 386004 0 0 3 0x14200 syncer update
51529 318257 0 0 3 0x14200 cleaner cleaner
66294 6510 0 0 3 0x14200 reaper reaper
39442 32255 0 0 3 0x14200 pgdaemon pagedaemon
79701 117468 0 0 3 0x14200 bored viomb
16247 38901 0 0 3 0x40014200 acpi0 acpi0
29888 305513 0 0 7 0x40014200 idle1
78605 116102 0 0 3 0x14200 bored softnet3
90457 360991 0 0 3 0x14200 bored softnet2
60429 2245 0 0 3 0x14200 bored softnet1
86869 229265 0 0 3 0x14200 bored softnet0
90146 190727 0 0 3 0x14200 bored systqmp
77278 76502 0 0 3 0x14200 bored systq
10655 440656 0 0 3 0x14200 tmoslp softclockmp
75814 508876 0 0 3 0x40014200 tmoslp softclock
54114 208502 0 0 3 0x40014200 idle0
1 176113 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 46173 (syz-executor) thread 0xffff8000ffff82a8 (274635)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8365d108)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 unp_connect+0x26c sys/kern/uipc_usrreq.c:868
#2 uipc_dgram_send+0x131 sys/kern/uipc_usrreq.c:607
#3 sosend+0x804
#4 sendit+0x721 sys/kern/uipc_syscalls.c:779
#5 sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:597
#6 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
exclusive rwlock sbufsnd r = 0 (0xffff800010fde1d0)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 sblock+0xb7 sys/kern/uipc_socket2.c:537
#3 sosend+0x2e2 sys/kern/uipc_socket.c:625
#4 sendit+0x721 sys/kern/uipc_syscalls.c:779
#5 sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:597
#6 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
Process 14228 (syz-executor) thread 0xffff8000ffffa298 (4953)
exclusive rrwlock inode r = 0 (0xfffffd806f272410)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:616
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570
#5 vget+0x2bd sys/kern/vfs_subr.c:694
#6 cache_lookup+0x36e sys/kern/vfs_cache.c:222
#7 ufs_lookup+0x21b sys/ufs/ufs/ufs_lookup.c:160
#8 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
#9 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566
#10 namei+0x7aa sys/kern/vfs_lookup.c:250
#11 vn_open+0x13f sys/kern/vfs_vnops.c:140
#12 vndioctl+0xcb1 sys/dev/vnd.c:457
#13 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#14 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:531
#15 sys_ioctl+0x5c3
#16 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#16 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#17 Xsyscall+0x128
Process 56876 (syz-executor) thread 0xffff8000ffff96e8 (393554)
exclusive rrwlock inode r = 0 (0xfffffd806e966ca8)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:616
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570
#5 vget+0x2bd sys/kern/vfs_subr.c:694
#6 ufs_ihashget+0x185 sys/ufs/ufs/ufs_ihash.c:98
#7 ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1201
#8 ufs_lookup+0x19f8 sys/ufs/ufs/ufs_lookup.c:478
#9 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566
#11 namei+0x7aa sys/kern/vfs_lookup.c:250
#12 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1851
#13 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#13 syscall+0xb08 sys/arch/amd64/amd64/trap.c:577
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806fe1b768)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:616
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570
#5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418
#6 namei+0x7aa sys/kern/vfs_lookup.c:250
#7 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1851
#8 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb08 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10202 11029K 11416K 166960K 11845 0
pcb 17 12K 12K 166960K 100 0
rtable 254 7K 8K 166960K 424 0
pf 36 18K 25K 166960K 92 0
ifaddr 43 7K 7K 166960K 65 0
ifgroup 58 2K 2K 166960K 112 0
sysctl 4 1K 1K 166960K 4 0
counters 64 36K 36K 166960K 100 0
ioctlops 0 0K 4K 166960K 1524 0
iov 0 0K 16K 166960K 31 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1324 83K 84K 166960K 1743 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 8 0
VM map 2 1K 1K 166960K 2 0
sem 6 0K 0K 166960K 7 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1690 195K 286K 166960K 12468 0
file desc 17 61K 89K 166960K 2063 0
sigio 0 0K 0K 166960K 10 0
proc 72 91K 128K 166960K 585 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 89 0
in_multi 99 7K 7K 166960K 128 0
ether_multi 1 0K 0K 166960K 5 0
mrt 1 0K 0K 166960K 5 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 67 307K 307K 166960K 67 0
exec 0 0K 1K 166960K 430 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 227 72K 86K 166960K 18905 0
UVM aobj 12 4K 4K 166960K 13 0
pinsyscall 42 84K 103K 166960K 3148 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 2 0K 0K 166960K 11 0
NDP 12 0K 2K 166960K 46 0
temp 47 6893K 6957K 166960K 26350 0
kqueue 13 20K 26K 166960K 133 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 56 0 53 1 0 1 1 0 8 0
rtentry 112 133 0 15 4 0 4 4 0 8 0
unpcb 144 263 0 241 1 0 1 1 0 8 0
syncache 336 3 0 3 1 1 0 1 0 8 0
tcpcb 808 98 0 93 1 0 1 1 0 8 0
arp 120 24 0 5 1 0 1 1 0 8 0
inpcb 376 404 0 396 4 2 2 2 0 8 1
nd6 136 30 0 0 2 0 2 2 0 8 0
pkpcb 40 4 0 4 2 2 0 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
ppxss 1168 12 0 12 2 1 1 1 0 8 1
pffrag 232 13 0 2 1 0 1 1 0 482 0
pffrnode 88 11 0 1 1 0 1 1 0 8 0
pffrent 40 19 0 8 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 64 0 25 1 0 1 1 0 8 0
pfstkey 128 64 0 25 2 0 2 2 0 8 0
pfstate 376 64 0 25 6 0 6 6 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 506 0 8 32 0 32 32 0 8 0
art_table 32 508 0 8 5 0 5 5 0 8 0
art_node 16 132 0 24 1 0 1 1 0 8 0
sysvmsgpl 40 5 0 4 2 1 1 1 0 8 0
semapl 112 4 0 0 1 0 1 1 0 8 0
shmpl 112 10 0 1 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 4054 0 2556 95 0 95 95 0 8 0
ffsino 280 4054 0 2556 108 0 108 108 0 8 0
nchpl 144 6317 0 4630 63 0 63 63 0 8 0
uvmvnodes 80 4295 0 0 88 0 88 88 0 8 0
vnodes 216 4295 0 0 239 0 239 239 0 8 0
namei 1024 15159 0 15158 7 6 1 4 0 8 0
percpumem 16 64 0 18 1 0 1 1 0 8 0
kstatmem 264 60 0 36 2 0 2 2 0 8 0
scsiplug 72 5 0 5 1 0 1 1 0 8 1
scxspl 216 19257 0 19256 11 10 1 8 1 8 0
plimitpl 152 47 0 30 1 0 1 1 0 8 0
sigapl 424 2384 0 2314 10 2 8 8 0 8 0
futexpl 64 6129 0 6124 1 0 1 1 0 8 0
knotepl 120 329 0 0 10 0 10 10 0 8 0
kqueuepl 216 136 0 126 1 0 1 1 0 8 0
pipepl 328 117 0 90 3 0 3 3 0 8 0
fdescpl 504 2345 0 2314 6 1 5 5 0 8 0
filepl 152 4811 0 4592 9 0 9 9 0 8 0
lockfpl 104 171 0 169 1 0 1 1 0 8 0
lockfspl 48 71 0 69 1 0 1 1 0 8 0
sessionpl 144 23 0 14 1 0 1 1 0 8 0
pgrppl 48 38 0 21 1 0 1 1 0 8 0
ucredpl 104 362 0 348 1 0 1 1 0 8 0
zombiepl 144 2362 0 2362 2 1 1 1 0 8 1
processpl 1168 2384 0 2314 7 1 6 6 0 8 0
procpl 648 4456 0 4375 9 1 8 8 0 8 0
sockpl 688 729 0 696 5 1 4 4 0 8 0
mcl64k 65536 5 0 0 1 0 1 1 0 8 0
mcl16k 16384 7 0 0 1 0 1 1 0 8 0
mcl12k 12288 15 0 0 2 0 2 2 0 8 0
mcl9k 9216 12 0 0 1 0 1 1 0 8 0
mcl8k 8192 18 0 0 3 0 3 3 0 8 0
mcl4k 4096 122 0 0 16 0 16 16 0 8 0
mcl2k2 2112 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 21 0 0 3 0 3 3 0 8 0
mtagpl 96 22 0 0 1 0 1 1 0 8 0
mbufpl 256 1183 0 0 74 0 74 74 0 8 0
bufpl 280 4972 0 136 346 0 346 346 0 8 0
anonpl 24 285753 0 282520 95 31 64 71 0 185 33
amapchunkpl 152 61265 0 60776 30 5 25 25 0 158 5
amappl16 200 6009 0 5976 44 31 13 28 0 8 8
amappl15 192 2 0 2 1 1 0 1 0 8 0
amappl14 184 114 0 102 1 0 1 1 0 8 0
amappl13 176 9 0 9 2 2 0 1 0 8 0
amappl12 168 2988 0 2957 3 1 2 2 0 8 0
amappl11 160 51 0 37 1 0 1 1 0 8 0
amappl10 152 57 0 57 1 1 0 1 0 8 0
amappl9 144 255 0 255 2 2 0 1 0 8 0
amappl8 136 38 0 36 1 0 1 1 0 8 0
amappl7 128 108 0 96 1 0 1 1 0 8 0
amappl6 120 173 0 170 1 0 1 1 0 8 0
amappl5 112 147 0 138 1 0 1 1 0 8 0
amappl4 104 369 0 351 1 0 1 1 0 8 0
amappl3 96 13323 0 13207 4 0 4 4 0 8 0
amappl2 88 643 0 583 2 0 2 2 0 8 0
amappl1 80 13546 0 12970 14 1 13 14 0 8 0
amappl 88 18496 0 18325 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 7 0 7 2 2 0 1 0 8 0
dma128 128 254 0 254 2 2 0 1 0 8 0
dma64 64 7 0 7 2 1 1 1 0 8 1
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 12 0 1 1 0 1 1 0 8 0
uaddrrnd 24 2345 0 2314 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2345 0 2314 1 0 1 1 0 8 0
vmmpekpl 168 16260 0 16221 3 0 3 3 0 8 0
vmmpepl 168 137255 0 135385 113 15 98 105 0 357 14
vmsppl 456 2344 0 2314 5 1 4 5 0 8 0
rwobjpl 64 37496 0 32252 88 1 87 87 0 8 1
pdppl 4096 4697 0 4628 95 24 71 83 0 8 2
pvpl 32 19743 0 0 160 0 160 160 0 265 0
pmappl 248 2344 0 2314 3 1 2 3 0 8 0
extentpl 40 55 0 38 1 0 1 1 0 8 0
phpool 112 353 0 37 10 0 10 10 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
witness_checkorder(fffffd806de4da90,9,0) at witness_checkorder+0x1047
rw_do_enter_write(fffffd806de4da78,1) at rw_do_enter_write+0xb7 sys/kern/kern_rwlock.c:233
rrw_enter(fffffd806de4da78,1) at rrw_enter+0xc6 sys/kern/kern_rwlock.c:616
VOP_LOCK(fffffd80634800f8,2001) at VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
vn_lock(fffffd80634800f8,2001) at vn_lock+0xa4 sys/kern/vfs_vnops.c:570
vfs_lookup(ffff80003c649bb8) at vfs_lookup+0x109 sys/kern/vfs_lookup.c:418
namei(ffff80003c649bb8) at namei+0x7aa sys/kern/vfs_lookup.c:250
unp_connect(ffff800010fde010,fffffd8062af2d00,ffff8000ffff82a8) at unp_connect+0x27d sys/kern/uipc_usrreq.c:868
uipc_dgram_send(ffff800010fde010,fffffd806afd5700,fffffd8062af2d00,0) at uipc_dgram_send+0x131 sys/kern/uipc_usrreq.c:607
sosend(ffff800010fde010,fffffd8062af2d00,ffff80003c649e38,0,0,0) at sosend+0x804
sendit(ffff8000ffff82a8,3,ffff80003c649fb0,0,ffff80003c64a070) at sendit+0x721 sys/kern/uipc_syscalls.c:779
sys_sendmsg(ffff8000ffff82a8,ffff80003c64a120,ffff80003c64a070) at sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:597
syscall(ffff80003c64a120) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c64a120) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xdd504a4d5a0, count: -15
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800029b5bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1218
sched_idle(ffff800029b5bff0) at sched_idle+0x558 sys/kern/kern_sched.c:182
end trace frame: 0x0, count: -5
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: db5d28f093d6 Bump kcov buffer size limit
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11e2aeb0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=6e45b18b14156f1df9f4
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/daa0f9ba3aa0/disk-db5d28f0.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/da471e678042/bsd-db5d28f0.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fca6ec5e4a2d/kernel-db5d28f0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6e45b1...@syzkaller.appspotmail.com
login: witness: lock order reversal:
1st 0xffff800010fde1d0 sbufsnd (&so->so_snd.sb_lock)
2nd 0xfffffd806de4da90 inode (&ip->i_lock)
lock order [1] sbufsnd (&so->so_snd.sb_lock) -> [2] inode (&ip->i_lock)
lock order data 0xffffffff8311d8b8 -> 0xffffffff830ca204 is missing
lock order [2] inode (&ip->i_lock) -> [3] sbufrcv (&so->so_rcv.sb_lock)
#0 rw_do_enter_write+0xb7 sys/kern/kern_rwlock.c:233
#1 sblock+0xb7 sys/kern/uipc_socket2.c:537
#2 soreceive+0x28e sys/kern/uipc_socket.c:876
#3 fifo_read+0x11a sys/miscfs/fifofs/fifo_vnops.c:264
#4 VOP_READ+0x102 sys/kern/vfs_vops.c:227
#5 vn_rdwr+0x15b
#6 vndsetcred+0xa1 sys/dev/vnd.c:684
#7 vndioctl+0xe6c sys/dev/vnd.c:485
#8 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#9 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:531
#10 sys_ioctl+0x5c3
#11 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#11 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#12 Xsyscall+0x128
lock order [3] sbufrcv (&so->so_rcv.sb_lock) -> [1] sbufsnd (&so->so_snd.sb_lock)
#0 rw_do_enter_write+0xb7 sys/kern/kern_rwlock.c:233
#1 sblock+0xb7 sys/kern/uipc_socket2.c:537
#2 sosplice+0x40d sys/kern/uipc_socket.c:1358
#3 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1221
#4 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#4 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#5 Xsyscall+0x128
Stopped at db_enter+0x25: addq $0x8,%rsp
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
witness_checkorder(fffffd806de4da90,9,0) at witness_checkorder+0x1047
rw_do_enter_write(fffffd806de4da78,1) at rw_do_enter_write+0xb7 sys/kern/kern_rwlock.c:233
rrw_enter(fffffd806de4da78,1) at rrw_enter+0xc6 sys/kern/kern_rwlock.c:616
VOP_LOCK(fffffd80634800f8,2001) at VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
vn_lock(fffffd80634800f8,2001) at vn_lock+0xa4 sys/kern/vfs_vnops.c:570
vfs_lookup(ffff80003c649bb8) at vfs_lookup+0x109 sys/kern/vfs_lookup.c:418
namei(ffff80003c649bb8) at namei+0x7aa sys/kern/vfs_lookup.c:250
unp_connect(ffff800010fde010,fffffd8062af2d00,ffff8000ffff82a8) at unp_connect+0x27d sys/kern/uipc_usrreq.c:868
uipc_dgram_send(ffff800010fde010,fffffd806afd5700,fffffd8062af2d00,0) at uipc_dgram_send+0x131 sys/kern/uipc_usrreq.c:607
sosend(ffff800010fde010,fffffd8062af2d00,ffff80003c649e38,0,0,0) at sosend+0x804
sendit(ffff8000ffff82a8,3,ffff80003c649fb0,0,ffff80003c64a070) at sendit+0x721 sys/kern/uipc_syscalls.c:779
sys_sendmsg(ffff8000ffff82a8,ffff80003c64a120,ffff80003c64a070) at sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:597
syscall(ffff80003c64a120) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c64a120) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xdd504a4d5a0, count: -15
ddb{0}> show registers
rdi 0
rsi 0x80000 acpi_pdirpa+0x6be71
rbp 0xffff80003c649830
rbx 0xfffffd8004341b48
rdx 0xffff80000128ac80
rcx 0xffff8000ffff82a8
rax 0x7ffff acpi_pdirpa+0x6be70
r8 0xffff80003c649710
r9 0x8080808080808080
r10 0xe8cb9983bd16dcb8
r11 0x5c4b48b915e658d7
r12 0
r13 0xfffffd8003b58f00
r14 0x3
r15 0xffffffff
rip 0xffffffff81bee6b5 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c649820
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=274635 pid=46173 tcnt=2 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003857f1f8,0xffffffff83683328
process=0xffff80003796eb58 user=0xffff80003c645000, vmspace=0xfffffd806ec48c80
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
46173 352351 17210 0 2 0 syz-executor
*46173 274635 17210 0 7 0x4000000 syz-executor
81811 386540 16374 0 2 0 syz-executor
81811 132499 16374 0 3 0x4000080 fsleep syz-executor
61094 290292 27079 0 2 0 syz-executor
61094 97612 27079 0 3 0x4000080 fsleep syz-executor
11166 10386 42489 0 2 0 syz-executor
11166 9633 42489 0 3 0x4000080 kqread syz-executor
11166 495705 42489 0 3 0x4000080 kqread syz-executor
18802 79729 8917 0 2 0 syz-executor
18802 13323 8917 0 3 0x4000080 fsleep syz-executor
40517 41497 80081 0 2 0 syz-executor
40517 340463 80081 0 3 0x4000080 ttyout syz-executor
40517 469694 80081 0 3 0x4000080 ttyout syz-executor
14228 263006 60103 0 3 0x80 nanoslp syz-executor
14228 4953 60103 0 3 0x4000080 sbwait syz-executor
14228 412937 60103 0 3 0x4000080 fsleep syz-executor
14228 476230 60103 0 3 0x4000080 fsleep syz-executor
56742 422309 1 0 3 0x100083 ttyin getty
26583 364256 0 0 3 0x14200 bored sosplice
76647 192052 0 0 3 0x14280 nfsidl nfsio
73246 22279 0 0 3 0x14280 nfsidl nfsio
82266 330965 0 0 3 0x14280 nfsidl nfsio
23931 440068 0 0 3 0x14280 nfsidl nfsio
79640 193355 0 0 3 0x14280 nfsidl nfsio
90712 30215 0 0 3 0x14280 nfsidl nfsio
6213 493057 0 0 3 0x14280 nfsidl nfsio
34975 79964 0 0 3 0x14280 nfsidl nfsio
38112 149823 0 0 3 0x14280 nfsidl nfsio
93553 50542 0 0 3 0x14280 nfsidl nfsio
1549 301824 0 0 3 0x14280 nfsidl nfsio
47549 319029 0 0 3 0x14280 nfsidl nfsio
66282 441089 0 0 3 0x14280 nfsidl nfsio
81840 108942 0 0 3 0x14280 nfsidl nfsio
10619 426877 0 0 3 0x14280 nfsidl nfsio
29350 288304 0 0 3 0x14280 nfsidl nfsio
96819 347254 0 0 3 0x14280 nfsidl nfsio
34488 498649 0 0 3 0x14280 nfsidl nfsio
11643 329670 0 0 3 0x14280 nfsidl nfsio
62565 376890 0 0 3 0x14280 nfsidl nfsio
16374 155001 52774 0 3 0x82 nanoslp syz-executor
27079 368888 52774 0 3 0x82 nanoslp syz-executor
60103 60944 52774 0 3 0x82 nanoslp syz-executor
56876 393554 52774 0 3 0x2 biowait syz-executor
42489 147844 52774 0 3 0x82 nanoslp syz-executor
80081 188156 52774 0 3 0x82 nanoslp syz-executor
8917 166675 52774 0 3 0x82 nanoslp syz-executor
17210 436802 52774 0 3 0x82 nanoslp syz-executor
52774 44526 28895 0 3 0x82 kqread syz-executor
28895 252160 63242 0 3 0x10008a sigsusp ksh
63242 165826 4239 0 3 0x98 kqread sshd-session
4239 333717 64537 0 3 0x92 kqread sshd-session
64537 249170 1 0 3 0x88 kqread sshd
51137 360630 26468 74 3 0x1100092 bpf pflogd
26468 261570 1 0 3 0x80 sbwait pflogd
67284 22468 78545 73 3 0x1100090 kqread syslogd
78545 188043 1 0 3 0x100082 sbwait syslogd
17072 439272 1 0 3 0x100080 kqread resolvd
96419 192931 79800 77 3 0x100092 kqread dhcpleased
64171 489753 79800 77 3 0x100092 kqread dhcpleased
79800 227196 1 0 3 0x80 kqread dhcpleased
17658 355828 0 0 3 0x14200 bored smr
38856 126001 0 0 2 0x14200 zerothread
40996 277507 0 0 3 0x14200 aiodoned aiodoned
91163 386004 0 0 3 0x14200 syncer update
51529 318257 0 0 3 0x14200 cleaner cleaner
66294 6510 0 0 3 0x14200 reaper reaper
39442 32255 0 0 3 0x14200 pgdaemon pagedaemon
79701 117468 0 0 3 0x14200 bored viomb
16247 38901 0 0 3 0x40014200 acpi0 acpi0
29888 305513 0 0 7 0x40014200 idle1
78605 116102 0 0 3 0x14200 bored softnet3
90457 360991 0 0 3 0x14200 bored softnet2
60429 2245 0 0 3 0x14200 bored softnet1
86869 229265 0 0 3 0x14200 bored softnet0
90146 190727 0 0 3 0x14200 bored systqmp
77278 76502 0 0 3 0x14200 bored systq
10655 440656 0 0 3 0x14200 tmoslp softclockmp
75814 508876 0 0 3 0x40014200 tmoslp softclock
54114 208502 0 0 3 0x40014200 idle0
1 176113 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 46173 (syz-executor) thread 0xffff8000ffff82a8 (274635)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff8365d108)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 unp_connect+0x26c sys/kern/uipc_usrreq.c:868
#2 uipc_dgram_send+0x131 sys/kern/uipc_usrreq.c:607
#3 sosend+0x804
#4 sendit+0x721 sys/kern/uipc_syscalls.c:779
#5 sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:597
#6 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
exclusive rwlock sbufsnd r = 0 (0xffff800010fde1d0)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 sblock+0xb7 sys/kern/uipc_socket2.c:537
#3 sosend+0x2e2 sys/kern/uipc_socket.c:625
#4 sendit+0x721 sys/kern/uipc_syscalls.c:779
#5 sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:597
#6 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#6 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
Process 14228 (syz-executor) thread 0xffff8000ffffa298 (4953)
exclusive rrwlock inode r = 0 (0xfffffd806f272410)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:616
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570
#5 vget+0x2bd sys/kern/vfs_subr.c:694
#6 cache_lookup+0x36e sys/kern/vfs_cache.c:222
#7 ufs_lookup+0x21b sys/ufs/ufs/ufs_lookup.c:160
#8 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
#9 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566
#10 namei+0x7aa sys/kern/vfs_lookup.c:250
#11 vn_open+0x13f sys/kern/vfs_vnops.c:140
#12 vndioctl+0xcb1 sys/dev/vnd.c:457
#13 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#14 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:531
#15 sys_ioctl+0x5c3
#16 syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#16 syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
#17 Xsyscall+0x128
Process 56876 (syz-executor) thread 0xffff8000ffff96e8 (393554)
exclusive rrwlock inode r = 0 (0xfffffd806e966ca8)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:616
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570
#5 vget+0x2bd sys/kern/vfs_subr.c:694
#6 ufs_ihashget+0x185 sys/ufs/ufs/ufs_ihash.c:98
#7 ffs_vget+0x8c sys/ufs/ffs/ffs_vfsops.c:1201
#8 ufs_lookup+0x19f8 sys/ufs/ufs/ufs_lookup.c:478
#9 VOP_LOOKUP+0x6e sys/kern/vfs_vops.c:85
#10 vfs_lookup+0x8fa sys/kern/vfs_lookup.c:566
#11 namei+0x7aa sys/kern/vfs_lookup.c:250
#12 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1851
#13 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#13 syscall+0xb08 sys/arch/amd64/amd64/trap.c:577
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806fe1b768)
#0 witness_lock+0x5bb stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5bb sys/kern/subr_witness.c:1155
#1 rw_do_enter_write+0x3ea sys/kern/kern_rwlock.c:316
#2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:616
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:570
#5 vfs_lookup+0x109 sys/kern/vfs_lookup.c:418
#6 namei+0x7aa sys/kern/vfs_lookup.c:250
#7 dounlinkat+0xc1 sys/kern/vfs_syscalls.c:1851
#8 syscall+0xb08 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#8 syscall+0xb08 sys/arch/amd64/amd64/trap.c:577
#9 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10202 11029K 11416K 166960K 11845 0
pcb 17 12K 12K 166960K 100 0
rtable 254 7K 8K 166960K 424 0
pf 36 18K 25K 166960K 92 0
ifaddr 43 7K 7K 166960K 65 0
ifgroup 58 2K 2K 166960K 112 0
sysctl 4 1K 1K 166960K 4 0
counters 64 36K 36K 166960K 100 0
ioctlops 0 0K 4K 166960K 1524 0
iov 0 0K 16K 166960K 31 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1324 83K 84K 166960K 1743 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 8 0
VM map 2 1K 1K 166960K 2 0
sem 6 0K 0K 166960K 7 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1690 195K 286K 166960K 12468 0
file desc 17 61K 89K 166960K 2063 0
sigio 0 0K 0K 166960K 10 0
proc 72 91K 128K 166960K 585 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 89 0
in_multi 99 7K 7K 166960K 128 0
ether_multi 1 0K 0K 166960K 5 0
mrt 1 0K 0K 166960K 5 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 67 307K 307K 166960K 67 0
exec 0 0K 1K 166960K 430 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 227 72K 86K 166960K 18905 0
UVM aobj 12 4K 4K 166960K 13 0
pinsyscall 42 84K 103K 166960K 3148 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 2 0K 0K 166960K 11 0
NDP 12 0K 2K 166960K 46 0
temp 47 6893K 6957K 166960K 26350 0
kqueue 13 20K 26K 166960K 133 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 56 0 53 1 0 1 1 0 8 0
rtentry 112 133 0 15 4 0 4 4 0 8 0
unpcb 144 263 0 241 1 0 1 1 0 8 0
syncache 336 3 0 3 1 1 0 1 0 8 0
tcpcb 808 98 0 93 1 0 1 1 0 8 0
arp 120 24 0 5 1 0 1 1 0 8 0
inpcb 376 404 0 396 4 2 2 2 0 8 1
nd6 136 30 0 0 2 0 2 2 0 8 0
pkpcb 40 4 0 4 2 2 0 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
ppxss 1168 12 0 12 2 1 1 1 0 8 1
pffrag 232 13 0 2 1 0 1 1 0 482 0
pffrnode 88 11 0 1 1 0 1 1 0 8 0
pffrent 40 19 0 8 1 0 1 1 0 8 0
pfosfp 40 1428 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1428 0 714 21 0 21 21 0 8 0
pfstitem 24 64 0 25 1 0 1 1 0 8 0
pfstkey 128 64 0 25 2 0 2 2 0 8 0
pfstate 376 64 0 25 6 0 6 6 0 8 0
pfrule 1344 21 0 16 2 1 1 2 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 506 0 8 32 0 32 32 0 8 0
art_table 32 508 0 8 5 0 5 5 0 8 0
art_node 16 132 0 24 1 0 1 1 0 8 0
sysvmsgpl 40 5 0 4 2 1 1 1 0 8 0
semapl 112 4 0 0 1 0 1 1 0 8 0
shmpl 112 10 0 1 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 4054 0 2556 95 0 95 95 0 8 0
ffsino 280 4054 0 2556 108 0 108 108 0 8 0
nchpl 144 6317 0 4630 63 0 63 63 0 8 0
uvmvnodes 80 4295 0 0 88 0 88 88 0 8 0
vnodes 216 4295 0 0 239 0 239 239 0 8 0
namei 1024 15159 0 15158 7 6 1 4 0 8 0
percpumem 16 64 0 18 1 0 1 1 0 8 0
kstatmem 264 60 0 36 2 0 2 2 0 8 0
scsiplug 72 5 0 5 1 0 1 1 0 8 1
scxspl 216 19257 0 19256 11 10 1 8 1 8 0
plimitpl 152 47 0 30 1 0 1 1 0 8 0
sigapl 424 2384 0 2314 10 2 8 8 0 8 0
futexpl 64 6129 0 6124 1 0 1 1 0 8 0
knotepl 120 329 0 0 10 0 10 10 0 8 0
kqueuepl 216 136 0 126 1 0 1 1 0 8 0
pipepl 328 117 0 90 3 0 3 3 0 8 0
fdescpl 504 2345 0 2314 6 1 5 5 0 8 0
filepl 152 4811 0 4592 9 0 9 9 0 8 0
lockfpl 104 171 0 169 1 0 1 1 0 8 0
lockfspl 48 71 0 69 1 0 1 1 0 8 0
sessionpl 144 23 0 14 1 0 1 1 0 8 0
pgrppl 48 38 0 21 1 0 1 1 0 8 0
ucredpl 104 362 0 348 1 0 1 1 0 8 0
zombiepl 144 2362 0 2362 2 1 1 1 0 8 1
processpl 1168 2384 0 2314 7 1 6 6 0 8 0
procpl 648 4456 0 4375 9 1 8 8 0 8 0
sockpl 688 729 0 696 5 1 4 4 0 8 0
mcl64k 65536 5 0 0 1 0 1 1 0 8 0
mcl16k 16384 7 0 0 1 0 1 1 0 8 0
mcl12k 12288 15 0 0 2 0 2 2 0 8 0
mcl9k 9216 12 0 0 1 0 1 1 0 8 0
mcl8k 8192 18 0 0 3 0 3 3 0 8 0
mcl4k 4096 122 0 0 16 0 16 16 0 8 0
mcl2k2 2112 2 0 0 1 0 1 1 0 8 0
mcl2k 2048 21 0 0 3 0 3 3 0 8 0
mtagpl 96 22 0 0 1 0 1 1 0 8 0
mbufpl 256 1183 0 0 74 0 74 74 0 8 0
bufpl 280 4972 0 136 346 0 346 346 0 8 0
anonpl 24 285753 0 282520 95 31 64 71 0 185 33
amapchunkpl 152 61265 0 60776 30 5 25 25 0 158 5
amappl16 200 6009 0 5976 44 31 13 28 0 8 8
amappl15 192 2 0 2 1 1 0 1 0 8 0
amappl14 184 114 0 102 1 0 1 1 0 8 0
amappl13 176 9 0 9 2 2 0 1 0 8 0
amappl12 168 2988 0 2957 3 1 2 2 0 8 0
amappl11 160 51 0 37 1 0 1 1 0 8 0
amappl10 152 57 0 57 1 1 0 1 0 8 0
amappl9 144 255 0 255 2 2 0 1 0 8 0
amappl8 136 38 0 36 1 0 1 1 0 8 0
amappl7 128 108 0 96 1 0 1 1 0 8 0
amappl6 120 173 0 170 1 0 1 1 0 8 0
amappl5 112 147 0 138 1 0 1 1 0 8 0
amappl4 104 369 0 351 1 0 1 1 0 8 0
amappl3 96 13323 0 13207 4 0 4 4 0 8 0
amappl2 88 643 0 583 2 0 2 2 0 8 0
amappl1 80 13546 0 12970 14 1 13 14 0 8 0
amappl 88 18496 0 18325 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 7 0 7 2 2 0 1 0 8 0
dma128 128 254 0 254 2 2 0 1 0 8 0
dma64 64 7 0 7 2 1 1 1 0 8 1
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 12 0 1 1 0 1 1 0 8 0
uaddrrnd 24 2345 0 2314 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 2345 0 2314 1 0 1 1 0 8 0
vmmpekpl 168 16260 0 16221 3 0 3 3 0 8 0
vmmpepl 168 137255 0 135385 113 15 98 105 0 357 14
vmsppl 456 2344 0 2314 5 1 4 5 0 8 0
rwobjpl 64 37496 0 32252 88 1 87 87 0 8 1
pdppl 4096 4697 0 4628 95 24 71 83 0 8 2
pvpl 32 19743 0 0 160 0 160 160 0 265 0
pmappl 248 2344 0 2314 3 1 2 3 0 8 0
extentpl 40 55 0 38 1 0 1 1 0 8 0
phpool 112 353 0 37 10 0 10 10 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
witness_checkorder(fffffd806de4da90,9,0) at witness_checkorder+0x1047
rw_do_enter_write(fffffd806de4da78,1) at rw_do_enter_write+0xb7 sys/kern/kern_rwlock.c:233
rrw_enter(fffffd806de4da78,1) at rrw_enter+0xc6 sys/kern/kern_rwlock.c:616
VOP_LOCK(fffffd80634800f8,2001) at VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
vn_lock(fffffd80634800f8,2001) at vn_lock+0xa4 sys/kern/vfs_vnops.c:570
vfs_lookup(ffff80003c649bb8) at vfs_lookup+0x109 sys/kern/vfs_lookup.c:418
namei(ffff80003c649bb8) at namei+0x7aa sys/kern/vfs_lookup.c:250
unp_connect(ffff800010fde010,fffffd8062af2d00,ffff8000ffff82a8) at unp_connect+0x27d sys/kern/uipc_usrreq.c:868
uipc_dgram_send(ffff800010fde010,fffffd806afd5700,fffffd8062af2d00,0) at uipc_dgram_send+0x131 sys/kern/uipc_usrreq.c:607
sosend(ffff800010fde010,fffffd8062af2d00,ffff80003c649e38,0,0,0) at sosend+0x804
sendit(ffff8000ffff82a8,3,ffff80003c649fb0,0,ffff80003c64a070) at sendit+0x721 sys/kern/uipc_syscalls.c:779
sys_sendmsg(ffff8000ffff82a8,ffff80003c64a120,ffff80003c64a070) at sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:597
syscall(ffff80003c64a120) at syscall+0xbc6 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c64a120) at syscall+0xbc6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xdd504a4d5a0, count: -15
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800029b5bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
acpicpu_idle() at acpicpu_idle+0x41e sys/dev/acpi/acpicpu.c:1218
sched_idle(ffff800029b5bff0) at sched_idle+0x558 sys/kern/kern_sched.c:182
end trace frame: 0x0, count: -5
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages