witness: denied attempt to set clock forward to ADDR
0 views
Skip to first unread message
syzbot
Jul 11, 2024, 4:43:25 PM (6 days ago) Jul 11
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: fa6dda612fe5 umoddi3.c is now needed for libz
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=141bbc31980000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=4ac4d191e4c8209a70b0
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5ed8f2c58092/disk-fa6dda61.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/65ed8467ebee/bsd-fa6dda61.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b8e5ee2cc6d4/kernel-fa6dda61.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4ac4d1...@syzkaller.appspotmail.com
witness: denied attempt to set clock forward to 283467841537
lock order reversal:
denied attempt to set clock forward to 283467841537
1st 0xffff800010fd4450 sbufsnd (&so->so_snd.sb_lock)
denied attempt to set clock forward to 283467841537
2nd 0xfffffd8055a7ff80 inode (&ip->i_lock)
denied attempt to set clock forward to 283467841537
lock order [1] sbufsnd (&so->so_snd.sb_lock) -> [2] inode (&ip->i_lock)
denied attempt to set clock forward to 283467841537
lock order data 0xffffffff830a5026 -> 0xffffffff8304fe51 is missing
denied attempt to set clock forward to 283467841537
lock order [2] inode (&ip->i_lock) -> [3] sbufrcv (&so->so_rcv.sb_lock)
denied attempt to set clock forward to 283467841537
#0 denied attempt to set clock forward to 283467841537
rw_enterdenied attempt to set clock forward to 283467841537
+0x122denied attempt to set clock forward to 283467841537
denied attempt to set clock forward to 283467841537
#1 denied attempt to set clock forward to 283467841537
sblockdenied attempt to set clock forward to 283467841537
+0xb7denied attempt to set clock forward to 283467841537
denied attempt to set clock forward to 283467841537
#2 denied attempt to set clock forward to 283467841537
soreceivedenied attempt to set clock forward to 283467841537
+0x298denied attempt to set clock forward to 283467841537
#3 fifo_read+0x11a sys/miscfs/fifofs/fifo_vnops.c:264
#4 VOP_READ+0x102 sys/kern/vfs_vops.c:227
#5 vn_rdwr+0x15b
#6 vndsetcred+0xa1 sys/dev/vnd.c:684
#7 vndioctl+0xe6c sys/dev/vnd.c:485
#8 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#9 vn_ioctl+0xf6 sys/kern/vfs_vnops.c:525
#10 sys_ioctl+0x67c
#11 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#11 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#12 Xsyscall+0x128
lock order [3] sbufrcv (&so->so_rcv.sb_lock) -> [1] sbufsnd (&so->so_snd.sb_lock)
#0 rw_enter+0x122
#1 sblock+0xb7 sys/kern/uipc_socket2.c:549
#2 sosplice+0x3e3 sys/kern/uipc_socket.c:1386
#3 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1231
#4 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#4 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#5 Xsyscall+0x128
Stopped at db_enter+0x25: addq $0x8,%rsp
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
witness_checkorder(fffffd8055a7ff80,9,0) at witness_checkorder+0x1024
rw_enter(fffffd8055a7ff70,1) at rw_enter+0x122
rrw_enter(fffffd8055a7ff70,1) at rrw_enter+0xbe sys/kern/kern_rwlock.c:464
VOP_LOCK(fffffd80664705f0,2001) at VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
vn_lock(fffffd80664705f0,2001) at vn_lock+0xa4 sys/kern/vfs_vnops.c:564
vfs_lookup(ffff80002a1458a8) at vfs_lookup+0x109 sys/kern/vfs_lookup.c:418
namei(ffff80002a1458a8) at namei+0x7aa sys/kern/vfs_lookup.c:250
unp_connect(ffff800010fd42a8,fffffd806c240100,ffff8000ffffc7a8) at unp_connect+0x27d sys/kern/uipc_usrreq.c:862
uipc_dgram_send(ffff800010fd42a8,fffffd806c240d00,fffffd806c240100,0) at uipc_dgram_send+0x131 sys/kern/uipc_usrreq.c:601
sosend(ffff800010fd42a8,fffffd806c240100,ffff80002a145b38,0,0,0) at sosend+0xa43
sendit(ffff8000ffffc7a8,4,ffff80002a145cb0,0,ffff80002a145d70) at sendit+0x721 sys/kern/uipc_syscalls.c:786
sys_sendmsg(ffff8000ffffc7a8,ffff80002a145e20,ffff80002a145d70) at sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:604
syscall(ffff80002a145e20) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002a145e20) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x47281a1fd50, count: -15
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a145500
rbx 0xffffffff83065a89 pp_r600_decoded_lanes+0x347e8
rdx 0
rcx 0xffff8000ffffc7a8
rax 0xffffffff83422ff0 cpu_info_full_primary+0x1ff0
r8 0xffff80002a1453e0
r9 0x8080808080808080
r10 0x738616164d0662ac
r11 0x45395c41d7d2dddd
r12 0xfffffd80042a8570
r13 0xfffffd8003abfdc0
r14 0x3
r15 0xffffffff
rip 0xffffffff821ea615 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002a1454f0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=280499 pid=25335 tcnt=3 stat=onproc
flags process=8000010<SUGID> proc=4000000<THREAD>
runpri=32, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000ffffccb8,0xffff80002a0411e0
process=0xffff80002c85cdb0 user=0xffff80002a140000, vmspace=0xfffffd806bf23898
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
25335 79010 41446 0 2 0x8000010 syz-executor
*25335 280499 41446 0 7 0xc000010 syz-executor
25335 124183 41446 0 3 0xc000090 fsleep syz-executor
8393 14740 38543 0 3 0x8000080 nanoslp syz-executor
8393 147213 38543 0 3 0xc000080 fsleep syz-executor
8393 230626 38543 0 3 0xc000080 fsleep syz-executor
8393 500080 38543 0 3 0xc000080 fsleep syz-executor
36318 515825 9675 0 3 0x8000080 nanoslp syz-executor
36318 84495 9675 0 3 0xc000080 kqread syz-executor
36318 240048 9675 0 3 0xc000080 fsleep syz-executor
7736 155291 33411 0 3 0x8000080 nanoslp syz-executor
7736 86353 33411 0 3 0xc000080 sbwait syz-executor
55630 212723 17358 0 3 0x8000080 nanoslp syz-executor
55630 314869 17358 0 3 0xc000080 kqread syz-executor
55630 308802 17358 0 3 0xc000080 fsleep syz-executor
21957 120914 1 0 3 0x18000082 nanoslp getty
77755 50910 78040 0 3 0x8000082 nanoslp syz-executor
61520 194272 78040 0 3 0x8000082 nanoslp syz-executor
41446 220600 78040 0 3 0x8000082 nanoslp syz-executor
33411 85768 78040 0 3 0x8000082 nanoslp syz-executor
17358 68636 78040 0 3 0x8000082 nanoslp syz-executor
55067 331828 78040 0 3 0x8000082 nanoslp syz-executor
9675 109492 78040 0 3 0x8000082 nanoslp syz-executor
38543 163616 78040 0 3 0x8000082 nanoslp syz-executor
78700 270794 0 0 3 0x14200 bored sosplice
78040 136157 96885 0 3 0x8000082 kqread syz-executor
96885 38922 27915 0 3 0x810008a sigsusp ksh
27915 240057 45404 0 3 0x18000098 kqread sshd-session
45404 274186 89816 0 3 0x18000092 kqread sshd-session
89816 473983 1 0 3 0x18000088 kqread sshd
22216 411560 95639 74 3 0x19100092 bpf pflogd
95639 383890 1 0 3 0x18000080 sbwait pflogd
86672 62707 21091 73 3 0x19100010 ffs_fsync syslogd
21091 442718 1 0 3 0x18100082 sbwait syslogd
11703 354807 1 0 3 0x18100080 kqread resolvd
62395 260635 71584 77 3 0x18100092 kqread dhcpleased
4286 479060 71584 77 3 0x18100092 kqread dhcpleased
71584 151693 1 0 3 0x18000080 kqread dhcpleased
94823 200024 0 0 3 0x14200 bored smr
95815 44539 0 0 3 0x14200 pgzero zerothread
86725 121537 0 0 3 0x14200 aiodoned aiodoned
8603 102008 0 0 3 0x14200 syncer update
80995 5521 0 0 3 0x14200 cleaner cleaner
83373 86441 0 0 3 0x14200 reaper reaper
97456 425225 0 0 3 0x14200 pgdaemon pagedaemon
45334 437711 0 0 3 0x14200 bored viomb
15166 277459 0 0 3 0x40014200 acpi0 acpi0
44784 213421 0 0 3 0x40014200 idle1
79499 367299 0 0 3 0x14200 bored softnet3
22273 222572 0 0 3 0x14200 bored softnet2
14909 410355 0 0 3 0x14200 bored softnet1
2707 207430 0 0 3 0x14200 bored softnet0
51357 267013 0 0 3 0x14200 bored systqmp
32213 59761 0 0 3 0x14200 bored systq
31539 393185 0 0 3 0x14200 tmoslp softclockmp
93571 307597 0 0 3 0x40014200 tmoslp softclock
17434 23922 0 0 3 0x40014200 idle0
1 240374 0 0 3 0x8000082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 25335 (syz-executor) thread 0xffff8000ffffc7a8 (280499)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83505470)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 unp_connect+0x26c sys/kern/uipc_usrreq.c:862
#2 uipc_dgram_send+0x131 sys/kern/uipc_usrreq.c:601
#3 sosend+0xa43
#4 sendit+0x721 sys/kern/uipc_syscalls.c:786
#5 sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:604
#6 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#6 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
exclusive rwlock sbufsnd r = 0 (0xffff800010fd4450)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 sblock+0xb7 sys/kern/uipc_socket2.c:549
#3 sosend+0x2ff sys/kern/uipc_socket.c:611
#4 sendit+0x721 sys/kern/uipc_syscalls.c:786
#5 sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:604
#6 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#6 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
Process 86672 (syslogd) thread 0xffff8000ffffdbe8 (62707)
exclusive rrwlock inode r = 0 (0xfffffd806e4961b0)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564
#5 sys_fsync+0x152 sys/kern/vfs_syscalls.c:2927
#6 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#6 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10239 10327K 11358K 166960K 15617 0
pcb 20 16K 17K 166960K 412 0
rtable 206 14K 15K 166960K 5380 0
pf 36 10K 11K 166960K 415 0
ifaddr 42 16K 17K 166960K 707 0
ifgroup 60 2K 2K 166960K 743 0
sysctl 3 0K 2K 166960K 10 0
counters 66 36K 37K 166960K 422 0
ioctlops 0 0K 4K 166960K 1900 0
iov 0 0K 16K 166960K 180 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1559 98K 98K 166960K 6051 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 10K 18K 166960K 50 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 204 0
dirhash 15 2K 3K 166960K 48 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 18 65K 93K 166960K 4260 0
sigio 0 0K 0K 166960K 94 0
proc 70 91K 140K 166960K 5014 0
subproc 104 6K 7K 166960K 2122 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 290 0
in_multi 85 6K 7K 166960K 1842 0
ether_multi 1 0K 0K 166960K 14 0
mrt 1 0K 0K 166960K 10 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 211 943K 943K 166960K 211 0
exec 0 0K 1K 166960K 2763 0
pfkey data 0 0K 0K 166960K 2 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 260 97K 115K 166960K 32484 0
UVM aobj 70 3K 3K 166960K 75 0
pinsyscall 43 86K 106K 166960K 9388 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 216 0
NDP 13 0K 1K 166960K 516 0
temp 76 6816K 6892K 166960K 155230 0
kqueue 15 24K 30K 166960K 296 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 735 0 731 5 2 3 3 0 8 2
rtentry 112 1959 0 1868 6 3 3 4 0 8 0
unpcb 144 2704 0 2680 34 28 6 8 0 8 4
syncache 336 9 0 9 6 6 0 1 0 8 0
tcpcb 808 928 0 923 28 27 1 8 0 8 0
arp 120 363 0 348 1 0 1 1 0 8 0
inpcb 384 4006 0 3992 74 66 8 14 0 8 6
nd6 136 520 0 494 2 1 1 2 0 8 0
pkpcb 40 68 0 68 11 11 0 1 0 8 0
kcovpl 48 163 0 155 1 0 1 1 0 8 0
ppxss 1168 16 0 16 7 6 1 1 0 8 1
pffrag 232 20 0 17 1 0 1 1 0 482 0
pffrnode 88 17 0 14 1 0 1 1 0 8 0
pffrent 40 113 0 110 1 0 1 1 0 8 0
pfosfp 40 1429 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1429 0 714 21 0 21 21 0 8 0
pftag 88 2 0 0 1 0 1 1 0 8 0
pfstitem 24 243 0 237 1 0 1 1 0 8 0
pfstkey 128 243 0 237 2 0 2 2 0 8 0
pfstate 376 243 0 237 6 4 2 4 0 8 0
pfrule 1344 29 0 24 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 7440 0 7052 45 18 27 30 0 8 2
art_table 32 7441 0 7052 4 0 4 4 0 8 0
art_node 16 1951 0 1870 1 0 1 1 0 8 0
sysvmsgpl 40 12 0 7 1 0 1 1 0 8 0
semapl 112 201 0 191 1 0 1 1 0 8 0
shmpl 112 72 0 5 2 0 2 2 0 8 0
dirhash 1024 42 0 22 3 0 3 3 0 8 0
dino2pl 256 5590 0 3773 115 0 115 115 0 8 0
ffsino 272 5590 0 3773 122 0 122 122 0 8 0
nchpl 144 8674 0 6780 71 0 71 71 0 8 0
uvmvnodes 80 9152 0 0 187 0 187 187 0 8 0
vnodes 216 9152 0 0 509 0 509 509 0 8 0
namei 1024 47326 0 47325 13 12 1 2 0 8 0
percpumem 16 225 0 178 1 0 1 1 0 8 0
vcpupl 3904 70 0 2 9 0 9 9 0 8 0
vmpool 696 86 0 18 14 7 7 7 0 8 0
kstatmem 264 382 0 356 8 6 2 3 0 8 0
scsiplug 72 4 0 4 3 3 0 1 0 8 0
scxspl 216 93563 0 93562 19 17 2 8 1 8 1
plimitpl 152 823 0 806 1 0 1 1 0 8 0
sigapl 424 4284 0 4233 10 3 7 9 0 8 0
futexpl 64 41759 0 41753 17 16 1 1 0 8 0
knotepl 120 801 0 0 17 0 17 17 0 8 0
kqueuepl 216 809 0 795 13 12 1 5 0 8 0
pipepl 320 1010 0 983 13 5 8 8 0 8 5
fdescpl 496 4241 0 4209 8 3 5 5 0 8 0
filepl 152 27160 0 26887 75 54 21 23 0 8 8
lockfpl 104 896 0 894 2 1 1 2 0 8 0
lockfspl 48 380 0 378 1 0 1 1 0 8 0
sessionpl 144 178 0 170 1 0 1 1 0 8 0
pgrppl 48 361 0 345 1 0 1 1 0 8 0
ucredpl 104 3768 0 3753 1 0 1 1 0 8 0
zombiepl 144 4236 0 4233 1 0 1 1 0 8 0
processpl 1152 4284 0 4233 7 3 4 6 0 8 0
procpl 648 7574 0 7513 12 6 6 8 0 8 0
srpgc 96 15 0 15 5 4 1 1 0 8 1
sosppl 168 9 0 9 3 2 1 1 0 8 1
sockpl 664 7528 0 7486 98 86 12 23 0 8 8
mcl64k 65536 4 0 0 1 0 1 1 0 8 0
mcl16k 16384 2 0 0 1 0 1 1 0 8 0
mcl12k 12288 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 11 0 0 2 0 2 2 0 8 0
mcl4k 4096 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 353 0 0 30 4 26 30 0 8 0
mtagpl 96 74 0 0 2 0 2 2 0 8 0
mbufpl 256 738 0 0 35 0 35 35 0 8 0
bufpl 280 14624 0 5471 655 0 655 655 0 8 0
anonpl 24 606472 0 602767 147 95 52 99 0 185 11
amapchunkpl 152 105843 0 105294 91 59 32 50 0 158 10
amappl16 200 9425 0 9401 85 73 12 14 0 8 8
amappl15 192 17 0 17 2 2 0 1 0 8 0
amappl14 184 485 0 473 1 0 1 1 0 8 0
amappl13 176 12 0 12 1 1 0 1 0 8 0
amappl12 168 7374 0 7342 3 1 2 3 0 8 0
amappl11 160 57 0 42 1 0 1 1 0 8 0
amappl10 152 27 0 27 1 1 0 1 0 8 0
amappl9 144 184 0 184 1 1 0 1 0 8 0
amappl8 136 33 0 30 1 0 1 1 0 8 0
amappl7 128 423 0 410 1 0 1 1 0 8 0
amappl6 120 1719 0 1718 1 0 1 1 0 8 0
amappl5 112 757 0 745 1 0 1 1 0 8 0
amappl4 104 753 0 731 1 0 1 1 0 8 0
amappl3 96 19346 0 19215 5 1 4 4 0 8 0
amappl2 88 2800 0 2735 2 0 2 2 0 8 0
amappl1 80 29618 0 29033 19 6 13 15 0 8 0
amappl 88 30840 0 30648 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 74 0 5 2 0 2 2 0 8 0
uaddrrnd 24 4327 0 4227 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 4327 0 4227 1 0 1 1 0 8 0
vmmpekpl 168 36836 0 36777 4 0 4 4 0 8 0
vmmpepl 168 262297 0 260271 155 55 100 100 0 357 10
vmsppl 440 4326 0 4227 14 2 12 12 0 8 0
rwobjpl 56 81694 0 71497 151 3 148 148 0 8 2
pdppl 4096 8662 0 8522 363 221 142 146 0 8 2
pvpl 32 36252 0 0 292 1 291 291 0 265 0
pmappl 248 4326 0 4227 7 0 7 7 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 776 0 296 14 0 14 14 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
witness_checkorder(fffffd8055a7ff80,9,0) at witness_checkorder+0x1024
rw_enter(fffffd8055a7ff70,1) at rw_enter+0x122
rrw_enter(fffffd8055a7ff70,1) at rrw_enter+0xbe sys/kern/kern_rwlock.c:464
VOP_LOCK(fffffd80664705f0,2001) at VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
vn_lock(fffffd80664705f0,2001) at vn_lock+0xa4 sys/kern/vfs_vnops.c:564
vfs_lookup(ffff80002a1458a8) at vfs_lookup+0x109 sys/kern/vfs_lookup.c:418
namei(ffff80002a1458a8) at namei+0x7aa sys/kern/vfs_lookup.c:250
unp_connect(ffff800010fd42a8,fffffd806c240100,ffff8000ffffc7a8) at unp_connect+0x27d sys/kern/uipc_usrreq.c:862
uipc_dgram_send(ffff800010fd42a8,fffffd806c240d00,fffffd806c240100,0) at uipc_dgram_send+0x131 sys/kern/uipc_usrreq.c:601
sosend(ffff800010fd42a8,fffffd806c240100,ffff80002a145b38,0,0,0) at sosend+0xa43
sendit(ffff8000ffffc7a8,4,ffff80002a145cb0,0,ffff80002a145d70) at sendit+0x721 sys/kern/uipc_syscalls.c:786
sys_sendmsg(ffff8000ffffc7a8,ffff80002a145e20,ffff80002a145d70) at sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:604
syscall(ffff80002a145e20) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002a145e20) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x47281a1fd50, count: -15
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83505268) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff83505268) at __mp_lock+0x192 sys/kern/kern_lock.c:144
__mp_acquire_count(ffffffff83505268,1) at __mp_acquire_count+0x58
mi_switch() at mi_switch+0x658 sys/kern/sched_bsd.c:460
sleep_finish(0,1) at sleep_finish+0x229 sys/kern/kern_synch.c:416
cond_wait(ffff80002c839230,ffffffff8307d691) at cond_wait+0x76 sys/kern/kern_synch.c:899
timeout_barrier(fffffd806ec919f0) at timeout_barrier+0x2a7 sys/kern/kern_timeout.c:511
timeout_del_barrier(fffffd806ec919f0) at timeout_del_barrier+0x14a sys/kern/kern_timeout.c:464
route_detach(ffff800010fd4a70) at route_detach+0x19a sys/net/rtsock.c:282
soclose(ffff800010fd4a70,0) at soclose+0xb0 pru_detach sys/sys/protosw.h:284 [inline]
soclose(ffff800010fd4a70,0) at soclose+0xb0 sys/kern/uipc_socket.c:430
soo_close(fffffd8072da0ac8,ffff80002c8036f8) at soo_close+0x56
fdrop(fffffd8072da0ac8,ffff80002c8036f8) at fdrop+0x126 sys/kern/kern_descrip.c:1274
closef(fffffd8072da0ac8,ffff80002c8036f8) at closef+0x192 sys/kern/kern_descrip.c:1258
fdfree(ffff80002c8036f8) at fdfree+0x116 sys/kern/kern_descrip.c:1190
exit1(ffff80002c8036f8,0,0,1) at exit1+0x71b sys/kern/kern_exit.c:221
sys_exit(ffff80002c8036f8,ffff80002c839650,ffff80002c8395a0) at sys_exit+0x1a
syscall(ffff80002c839650) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002c839650) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x77251592b230, count: -20
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: fa6dda612fe5 umoddi3.c is now needed for libz
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=141bbc31980000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=4ac4d191e4c8209a70b0
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5ed8f2c58092/disk-fa6dda61.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/65ed8467ebee/bsd-fa6dda61.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b8e5ee2cc6d4/kernel-fa6dda61.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4ac4d1...@syzkaller.appspotmail.com
witness: denied attempt to set clock forward to 283467841537
lock order reversal:
denied attempt to set clock forward to 283467841537
1st 0xffff800010fd4450 sbufsnd (&so->so_snd.sb_lock)
denied attempt to set clock forward to 283467841537
2nd 0xfffffd8055a7ff80 inode (&ip->i_lock)
denied attempt to set clock forward to 283467841537
lock order [1] sbufsnd (&so->so_snd.sb_lock) -> [2] inode (&ip->i_lock)
denied attempt to set clock forward to 283467841537
lock order data 0xffffffff830a5026 -> 0xffffffff8304fe51 is missing
denied attempt to set clock forward to 283467841537
lock order [2] inode (&ip->i_lock) -> [3] sbufrcv (&so->so_rcv.sb_lock)
denied attempt to set clock forward to 283467841537
#0 denied attempt to set clock forward to 283467841537
rw_enterdenied attempt to set clock forward to 283467841537
+0x122denied attempt to set clock forward to 283467841537
denied attempt to set clock forward to 283467841537
#1 denied attempt to set clock forward to 283467841537
sblockdenied attempt to set clock forward to 283467841537
+0xb7denied attempt to set clock forward to 283467841537
denied attempt to set clock forward to 283467841537
#2 denied attempt to set clock forward to 283467841537
soreceivedenied attempt to set clock forward to 283467841537
+0x298denied attempt to set clock forward to 283467841537
#3 fifo_read+0x11a sys/miscfs/fifofs/fifo_vnops.c:264
#4 VOP_READ+0x102 sys/kern/vfs_vops.c:227
#5 vn_rdwr+0x15b
#6 vndsetcred+0xa1 sys/dev/vnd.c:684
#7 vndioctl+0xe6c sys/dev/vnd.c:485
#8 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#9 vn_ioctl+0xf6 sys/kern/vfs_vnops.c:525
#10 sys_ioctl+0x67c
#11 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#11 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#12 Xsyscall+0x128
lock order [3] sbufrcv (&so->so_rcv.sb_lock) -> [1] sbufsnd (&so->so_snd.sb_lock)
#0 rw_enter+0x122
#1 sblock+0xb7 sys/kern/uipc_socket2.c:549
#2 sosplice+0x3e3 sys/kern/uipc_socket.c:1386
#3 sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1231
#4 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#4 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#5 Xsyscall+0x128
Stopped at db_enter+0x25: addq $0x8,%rsp
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
witness_checkorder(fffffd8055a7ff80,9,0) at witness_checkorder+0x1024
rw_enter(fffffd8055a7ff70,1) at rw_enter+0x122
rrw_enter(fffffd8055a7ff70,1) at rrw_enter+0xbe sys/kern/kern_rwlock.c:464
VOP_LOCK(fffffd80664705f0,2001) at VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
vn_lock(fffffd80664705f0,2001) at vn_lock+0xa4 sys/kern/vfs_vnops.c:564
vfs_lookup(ffff80002a1458a8) at vfs_lookup+0x109 sys/kern/vfs_lookup.c:418
namei(ffff80002a1458a8) at namei+0x7aa sys/kern/vfs_lookup.c:250
unp_connect(ffff800010fd42a8,fffffd806c240100,ffff8000ffffc7a8) at unp_connect+0x27d sys/kern/uipc_usrreq.c:862
uipc_dgram_send(ffff800010fd42a8,fffffd806c240d00,fffffd806c240100,0) at uipc_dgram_send+0x131 sys/kern/uipc_usrreq.c:601
sosend(ffff800010fd42a8,fffffd806c240100,ffff80002a145b38,0,0,0) at sosend+0xa43
sendit(ffff8000ffffc7a8,4,ffff80002a145cb0,0,ffff80002a145d70) at sendit+0x721 sys/kern/uipc_syscalls.c:786
sys_sendmsg(ffff8000ffffc7a8,ffff80002a145e20,ffff80002a145d70) at sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:604
syscall(ffff80002a145e20) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002a145e20) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x47281a1fd50, count: -15
ddb{0}> show registers
rdi 0
rsi 0
rbp 0xffff80002a145500
rbx 0xffffffff83065a89 pp_r600_decoded_lanes+0x347e8
rdx 0
rcx 0xffff8000ffffc7a8
rax 0xffffffff83422ff0 cpu_info_full_primary+0x1ff0
r8 0xffff80002a1453e0
r9 0x8080808080808080
r10 0x738616164d0662ac
r11 0x45395c41d7d2dddd
r12 0xfffffd80042a8570
r13 0xfffffd8003abfdc0
r14 0x3
r15 0xffffffff
rip 0xffffffff821ea615 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002a1454f0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=280499 pid=25335 tcnt=3 stat=onproc
flags process=8000010<SUGID> proc=4000000<THREAD>
runpri=32, usrpri=86, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff8000ffffccb8,0xffff80002a0411e0
process=0xffff80002c85cdb0 user=0xffff80002a140000, vmspace=0xfffffd806bf23898
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
25335 79010 41446 0 2 0x8000010 syz-executor
*25335 280499 41446 0 7 0xc000010 syz-executor
25335 124183 41446 0 3 0xc000090 fsleep syz-executor
8393 14740 38543 0 3 0x8000080 nanoslp syz-executor
8393 147213 38543 0 3 0xc000080 fsleep syz-executor
8393 230626 38543 0 3 0xc000080 fsleep syz-executor
8393 500080 38543 0 3 0xc000080 fsleep syz-executor
36318 515825 9675 0 3 0x8000080 nanoslp syz-executor
36318 84495 9675 0 3 0xc000080 kqread syz-executor
36318 240048 9675 0 3 0xc000080 fsleep syz-executor
7736 155291 33411 0 3 0x8000080 nanoslp syz-executor
7736 86353 33411 0 3 0xc000080 sbwait syz-executor
55630 212723 17358 0 3 0x8000080 nanoslp syz-executor
55630 314869 17358 0 3 0xc000080 kqread syz-executor
55630 308802 17358 0 3 0xc000080 fsleep syz-executor
21957 120914 1 0 3 0x18000082 nanoslp getty
77755 50910 78040 0 3 0x8000082 nanoslp syz-executor
61520 194272 78040 0 3 0x8000082 nanoslp syz-executor
41446 220600 78040 0 3 0x8000082 nanoslp syz-executor
33411 85768 78040 0 3 0x8000082 nanoslp syz-executor
17358 68636 78040 0 3 0x8000082 nanoslp syz-executor
55067 331828 78040 0 3 0x8000082 nanoslp syz-executor
9675 109492 78040 0 3 0x8000082 nanoslp syz-executor
38543 163616 78040 0 3 0x8000082 nanoslp syz-executor
78700 270794 0 0 3 0x14200 bored sosplice
78040 136157 96885 0 3 0x8000082 kqread syz-executor
96885 38922 27915 0 3 0x810008a sigsusp ksh
27915 240057 45404 0 3 0x18000098 kqread sshd-session
45404 274186 89816 0 3 0x18000092 kqread sshd-session
89816 473983 1 0 3 0x18000088 kqread sshd
22216 411560 95639 74 3 0x19100092 bpf pflogd
95639 383890 1 0 3 0x18000080 sbwait pflogd
86672 62707 21091 73 3 0x19100010 ffs_fsync syslogd
21091 442718 1 0 3 0x18100082 sbwait syslogd
11703 354807 1 0 3 0x18100080 kqread resolvd
62395 260635 71584 77 3 0x18100092 kqread dhcpleased
4286 479060 71584 77 3 0x18100092 kqread dhcpleased
71584 151693 1 0 3 0x18000080 kqread dhcpleased
94823 200024 0 0 3 0x14200 bored smr
95815 44539 0 0 3 0x14200 pgzero zerothread
86725 121537 0 0 3 0x14200 aiodoned aiodoned
8603 102008 0 0 3 0x14200 syncer update
80995 5521 0 0 3 0x14200 cleaner cleaner
83373 86441 0 0 3 0x14200 reaper reaper
97456 425225 0 0 3 0x14200 pgdaemon pagedaemon
45334 437711 0 0 3 0x14200 bored viomb
15166 277459 0 0 3 0x40014200 acpi0 acpi0
44784 213421 0 0 3 0x40014200 idle1
79499 367299 0 0 3 0x14200 bored softnet3
22273 222572 0 0 3 0x14200 bored softnet2
14909 410355 0 0 3 0x14200 bored softnet1
2707 207430 0 0 3 0x14200 bored softnet0
51357 267013 0 0 3 0x14200 bored systqmp
32213 59761 0 0 3 0x14200 bored systq
31539 393185 0 0 3 0x14200 tmoslp softclockmp
93571 307597 0 0 3 0x40014200 tmoslp softclock
17434 23922 0 0 3 0x40014200 idle0
1 240374 0 0 3 0x8000082 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 25335 (syz-executor) thread 0xffff8000ffffc7a8 (280499)
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83505470)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 unp_connect+0x26c sys/kern/uipc_usrreq.c:862
#2 uipc_dgram_send+0x131 sys/kern/uipc_usrreq.c:601
#3 sosend+0xa43
#4 sendit+0x721 sys/kern/uipc_syscalls.c:786
#5 sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:604
#6 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#6 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
exclusive rwlock sbufsnd r = 0 (0xffff800010fd4450)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 sblock+0xb7 sys/kern/uipc_socket2.c:549
#3 sosend+0x2ff sys/kern/uipc_socket.c:611
#4 sendit+0x721 sys/kern/uipc_syscalls.c:786
#5 sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:604
#6 syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#6 syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
Process 86672 (syslogd) thread 0xffff8000ffffdbe8 (62707)
exclusive rrwlock inode r = 0 (0xfffffd806e4961b0)
#0 witness_lock+0x5b8 stacktrace_save sys/sys/stacktrace.h:37 [inline]
#0 witness_lock+0x5b8 sys/kern/subr_witness.c:1151
#1 rw_enter+0x41b sys/kern/kern_rwlock.c:309
#2 rrw_enter+0xbe sys/kern/kern_rwlock.c:464
#3 VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
#4 vn_lock+0xa4 sys/kern/vfs_vnops.c:564
#5 sys_fsync+0x152 sys/kern/vfs_syscalls.c:2927
#6 syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
#6 syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
#7 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10239 10327K 11358K 166960K 15617 0
pcb 20 16K 17K 166960K 412 0
rtable 206 14K 15K 166960K 5380 0
pf 36 10K 11K 166960K 415 0
ifaddr 42 16K 17K 166960K 707 0
ifgroup 60 2K 2K 166960K 743 0
sysctl 3 0K 2K 166960K 10 0
counters 66 36K 37K 166960K 422 0
ioctlops 0 0K 4K 166960K 1900 0
iov 0 0K 16K 166960K 180 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1559 98K 98K 166960K 6051 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 10K 18K 166960K 50 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 204 0
dirhash 15 2K 3K 166960K 48 0
ACPI 1697 195K 286K 166960K 12548 0
file desc 18 65K 93K 166960K 4260 0
sigio 0 0K 0K 166960K 94 0
proc 70 91K 140K 166960K 5014 0
subproc 104 6K 7K 166960K 2122 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 290 0
in_multi 85 6K 7K 166960K 1842 0
ether_multi 1 0K 0K 166960K 14 0
mrt 1 0K 0K 166960K 10 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 211 943K 943K 166960K 211 0
exec 0 0K 1K 166960K 2763 0
pfkey data 0 0K 0K 166960K 2 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 260 97K 115K 166960K 32484 0
UVM aobj 70 3K 3K 166960K 75 0
pinsyscall 43 86K 106K 166960K 9388 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 216 0
NDP 13 0K 1K 166960K 516 0
temp 76 6816K 6892K 166960K 155230 0
kqueue 15 24K 30K 166960K 296 0
SYN cache 2 16K 16K 166960K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 24 0 0 1 0 1 1 0 8 0
rtpcb 120 735 0 731 5 2 3 3 0 8 2
rtentry 112 1959 0 1868 6 3 3 4 0 8 0
unpcb 144 2704 0 2680 34 28 6 8 0 8 4
syncache 336 9 0 9 6 6 0 1 0 8 0
tcpcb 808 928 0 923 28 27 1 8 0 8 0
arp 120 363 0 348 1 0 1 1 0 8 0
inpcb 384 4006 0 3992 74 66 8 14 0 8 6
nd6 136 520 0 494 2 1 1 2 0 8 0
pkpcb 40 68 0 68 11 11 0 1 0 8 0
kcovpl 48 163 0 155 1 0 1 1 0 8 0
ppxss 1168 16 0 16 7 6 1 1 0 8 1
pffrag 232 20 0 17 1 0 1 1 0 482 0
pffrnode 88 17 0 14 1 0 1 1 0 8 0
pffrent 40 113 0 110 1 0 1 1 0 8 0
pfosfp 40 1429 0 1005 5 0 5 5 0 8 0
pfosfpen 112 1429 0 714 21 0 21 21 0 8 0
pftag 88 2 0 0 1 0 1 1 0 8 0
pfstitem 24 243 0 237 1 0 1 1 0 8 0
pfstkey 128 243 0 237 2 0 2 2 0 8 0
pfstate 376 243 0 237 6 4 2 4 0 8 0
pfrule 1344 29 0 24 2 1 1 2 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 7440 0 7052 45 18 27 30 0 8 2
art_table 32 7441 0 7052 4 0 4 4 0 8 0
art_node 16 1951 0 1870 1 0 1 1 0 8 0
sysvmsgpl 40 12 0 7 1 0 1 1 0 8 0
semapl 112 201 0 191 1 0 1 1 0 8 0
shmpl 112 72 0 5 2 0 2 2 0 8 0
dirhash 1024 42 0 22 3 0 3 3 0 8 0
dino2pl 256 5590 0 3773 115 0 115 115 0 8 0
ffsino 272 5590 0 3773 122 0 122 122 0 8 0
nchpl 144 8674 0 6780 71 0 71 71 0 8 0
uvmvnodes 80 9152 0 0 187 0 187 187 0 8 0
vnodes 216 9152 0 0 509 0 509 509 0 8 0
namei 1024 47326 0 47325 13 12 1 2 0 8 0
percpumem 16 225 0 178 1 0 1 1 0 8 0
vcpupl 3904 70 0 2 9 0 9 9 0 8 0
vmpool 696 86 0 18 14 7 7 7 0 8 0
kstatmem 264 382 0 356 8 6 2 3 0 8 0
scsiplug 72 4 0 4 3 3 0 1 0 8 0
scxspl 216 93563 0 93562 19 17 2 8 1 8 1
plimitpl 152 823 0 806 1 0 1 1 0 8 0
sigapl 424 4284 0 4233 10 3 7 9 0 8 0
futexpl 64 41759 0 41753 17 16 1 1 0 8 0
knotepl 120 801 0 0 17 0 17 17 0 8 0
kqueuepl 216 809 0 795 13 12 1 5 0 8 0
pipepl 320 1010 0 983 13 5 8 8 0 8 5
fdescpl 496 4241 0 4209 8 3 5 5 0 8 0
filepl 152 27160 0 26887 75 54 21 23 0 8 8
lockfpl 104 896 0 894 2 1 1 2 0 8 0
lockfspl 48 380 0 378 1 0 1 1 0 8 0
sessionpl 144 178 0 170 1 0 1 1 0 8 0
pgrppl 48 361 0 345 1 0 1 1 0 8 0
ucredpl 104 3768 0 3753 1 0 1 1 0 8 0
zombiepl 144 4236 0 4233 1 0 1 1 0 8 0
processpl 1152 4284 0 4233 7 3 4 6 0 8 0
procpl 648 7574 0 7513 12 6 6 8 0 8 0
srpgc 96 15 0 15 5 4 1 1 0 8 1
sosppl 168 9 0 9 3 2 1 1 0 8 1
sockpl 664 7528 0 7486 98 86 12 23 0 8 8
mcl64k 65536 4 0 0 1 0 1 1 0 8 0
mcl16k 16384 2 0 0 1 0 1 1 0 8 0
mcl12k 12288 1 0 0 1 0 1 1 0 8 0
mcl9k 9216 2 0 0 1 0 1 1 0 8 0
mcl8k 8192 11 0 0 2 0 2 2 0 8 0
mcl4k 4096 3 0 0 1 0 1 1 0 8 0
mcl2k 2048 353 0 0 30 4 26 30 0 8 0
mtagpl 96 74 0 0 2 0 2 2 0 8 0
mbufpl 256 738 0 0 35 0 35 35 0 8 0
bufpl 280 14624 0 5471 655 0 655 655 0 8 0
anonpl 24 606472 0 602767 147 95 52 99 0 185 11
amapchunkpl 152 105843 0 105294 91 59 32 50 0 158 10
amappl16 200 9425 0 9401 85 73 12 14 0 8 8
amappl15 192 17 0 17 2 2 0 1 0 8 0
amappl14 184 485 0 473 1 0 1 1 0 8 0
amappl13 176 12 0 12 1 1 0 1 0 8 0
amappl12 168 7374 0 7342 3 1 2 3 0 8 0
amappl11 160 57 0 42 1 0 1 1 0 8 0
amappl10 152 27 0 27 1 1 0 1 0 8 0
amappl9 144 184 0 184 1 1 0 1 0 8 0
amappl8 136 33 0 30 1 0 1 1 0 8 0
amappl7 128 423 0 410 1 0 1 1 0 8 0
amappl6 120 1719 0 1718 1 0 1 1 0 8 0
amappl5 112 757 0 745 1 0 1 1 0 8 0
amappl4 104 753 0 731 1 0 1 1 0 8 0
amappl3 96 19346 0 19215 5 1 4 4 0 8 0
amappl2 88 2800 0 2735 2 0 2 2 0 8 0
amappl1 80 29618 0 29033 19 6 13 15 0 8 0
amappl 88 30840 0 30648 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 74 0 5 2 0 2 2 0 8 0
uaddrrnd 24 4327 0 4227 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 4327 0 4227 1 0 1 1 0 8 0
vmmpekpl 168 36836 0 36777 4 0 4 4 0 8 0
vmmpepl 168 262297 0 260271 155 55 100 100 0 357 10
vmsppl 440 4326 0 4227 14 2 12 12 0 8 0
rwobjpl 56 81694 0 71497 151 3 148 148 0 8 2
pdppl 4096 8662 0 8522 363 221 142 146 0 8 2
pvpl 32 36252 0 0 292 1 291 291 0 265 0
pmappl 248 4326 0 4227 7 0 7 7 0 8 0
extentpl 40 56 0 38 1 0 1 1 0 8 0
phpool 112 776 0 296 14 0 14 14 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437
witness_checkorder(fffffd8055a7ff80,9,0) at witness_checkorder+0x1024
rw_enter(fffffd8055a7ff70,1) at rw_enter+0x122
rrw_enter(fffffd8055a7ff70,1) at rrw_enter+0xbe sys/kern/kern_rwlock.c:464
VOP_LOCK(fffffd80664705f0,2001) at VOP_LOCK+0xa6 sys/kern/vfs_vops.c:524
vn_lock(fffffd80664705f0,2001) at vn_lock+0xa4 sys/kern/vfs_vnops.c:564
vfs_lookup(ffff80002a1458a8) at vfs_lookup+0x109 sys/kern/vfs_lookup.c:418
namei(ffff80002a1458a8) at namei+0x7aa sys/kern/vfs_lookup.c:250
unp_connect(ffff800010fd42a8,fffffd806c240100,ffff8000ffffc7a8) at unp_connect+0x27d sys/kern/uipc_usrreq.c:862
uipc_dgram_send(ffff800010fd42a8,fffffd806c240d00,fffffd806c240100,0) at uipc_dgram_send+0x131 sys/kern/uipc_usrreq.c:601
sosend(ffff800010fd42a8,fffffd806c240100,ffff80002a145b38,0,0,0) at sosend+0xa43
sendit(ffff8000ffffc7a8,4,ffff80002a145cb0,0,ffff80002a145d70) at sendit+0x721 sys/kern/uipc_syscalls.c:786
sys_sendmsg(ffff8000ffffc7a8,ffff80002a145e20,ffff80002a145d70) at sys_sendmsg+0x246 sys/kern/uipc_syscalls.c:604
syscall(ffff80002a145e20) at syscall+0xbb6 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002a145e20) at syscall+0xbb6 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x47281a1fd50, count: -15
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x27: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800029b7bff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27
__mp_lock(ffffffff83505268) at __mp_lock+0x192 __mp_lock_spin sys/kern/kern_lock.c:113 [inline]
__mp_lock(ffffffff83505268) at __mp_lock+0x192 sys/kern/kern_lock.c:144
__mp_acquire_count(ffffffff83505268,1) at __mp_acquire_count+0x58
mi_switch() at mi_switch+0x658 sys/kern/sched_bsd.c:460
sleep_finish(0,1) at sleep_finish+0x229 sys/kern/kern_synch.c:416
cond_wait(ffff80002c839230,ffffffff8307d691) at cond_wait+0x76 sys/kern/kern_synch.c:899
timeout_barrier(fffffd806ec919f0) at timeout_barrier+0x2a7 sys/kern/kern_timeout.c:511
timeout_del_barrier(fffffd806ec919f0) at timeout_del_barrier+0x14a sys/kern/kern_timeout.c:464
route_detach(ffff800010fd4a70) at route_detach+0x19a sys/net/rtsock.c:282
soclose(ffff800010fd4a70,0) at soclose+0xb0 pru_detach sys/sys/protosw.h:284 [inline]
soclose(ffff800010fd4a70,0) at soclose+0xb0 sys/kern/uipc_socket.c:430
soo_close(fffffd8072da0ac8,ffff80002c8036f8) at soo_close+0x56
fdrop(fffffd8072da0ac8,ffff80002c8036f8) at fdrop+0x126 sys/kern/kern_descrip.c:1274
closef(fffffd8072da0ac8,ffff80002c8036f8) at closef+0x192 sys/kern/kern_descrip.c:1258
fdfree(ffff80002c8036f8) at fdfree+0x116 sys/kern/kern_descrip.c:1190
exit1(ffff80002c8036f8,0,0,1) at exit1+0x71b sys/kern/kern_exit.c:221
sys_exit(ffff80002c8036f8,ffff80002c839650,ffff80002c8395a0) at sys_exit+0x1a
syscall(ffff80002c839650) at syscall+0xaf8 mi_syscall sys/sys/syscall_mi.h:179 [inline]
syscall(ffff80002c839650) at syscall+0xaf8 sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x77251592b230, count: -20
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages