Hello,
syzbot found the following issue on:
HEAD commit: 08f6b236ad6b Redraw when sync stops again (accidentally tu..
git tree: openbsd
console output:
https://syzkaller.appspot.com/x/log.txt?x=13e2f51c580000
kernel config:
https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link:
https://syzkaller.appspot.com/bug?extid=21683eaa3d0ab21fe622
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/906de97b05d1/disk-08f6b236.raw.xz
bsd.gdb:
https://storage.googleapis.com/syzbot-assets/17fc1d7b0d16/bsd-08f6b236.gdb.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/8314bcaf33c0/kernel-08f6b236.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+21683e...@syzkaller.appspotmail.com
pf: key search, in on vio0: witness: TCPlock order reversal:
wire: (0) 1st 0xffff8000015aafb0 sbufrcv (&so->so_rcv.sb_lock)
10.128.15.235 2nd 0xfffff6006a229d80 inode (&ip->i_lock)
:30002lock order [1] sbufrcv (&so->so_rcv.sb_lock) -> [2] inode (&ip->i_lock)
lock order data 0xffffffff8343de93 -> 0xffffffff834927a5 is missing
10.128.0.91lock order [2] inode (&ip->i_lock) -> [1] sbufrcv (&so->so_rcv.sb_lock)
:21930#0
pf: key search, in on vio0: TCP wire: (0) rw_do_enter_write10.128.15.235+0xba:30002
#1
10.128.0.91:21930
pf: key search, in on vio0: sblockTCP+0xb6 wire: (0)
10.128.15.235#2 :30002
10.128.0.91:21930
soreceivepf: key search, out on vio0: +0x27dTCP
wire: (0) #3
10.128.15.235:30002 10.128.0.91fifo_read:21930+0x117
#4 VOP_READ+0x101 sys/kern/vfs_vops.c:227
#5 vn_rdwr+0x15b sys/kern/vfs_vnops.c:-1
#6 vndsetcred+0xa1 sys/dev/vnd.c:685
#7 vndioctl+0xdfc sys/dev/vnd.c:486
#8 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264
#9 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:537
#10 sys_ioctl+0x674 sys/kern/sys_generic.c:-1
#11 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
#11 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
#12 Xsyscall+0x128
Stopped at db_enter+0x25: addq $0x8,%rsp
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
witness_checkorder(fffff6006a229d80,9,0) at witness_checkorder+0x10d1 sys/kern/subr_witness.c:-1
rw_do_enter_write(fffff6006a229d68,1) at rw_do_enter_write+0xba sys/kern/kern_rwlock.c:234
rrw_enter(fffff6006a229d68,1) at rrw_enter+0xc6 sys/kern/kern_rwlock.c:621
VOP_LOCK(fffff600609e56f0,2001) at VOP_LOCK+0xbd sys/kern/vfs_vops.c:527
vn_lock(fffff600609e56f0,2001) at vn_lock+0xa4 sys/kern/vfs_vnops.c:576
vfs_getcwd_common(fffff600609e56f0,fffff6005f88de90,0,0,200,0,d69ccbf3908f7554) at vfs_getcwd_common+0xd1 sys/kern/vfs_getcwd.c:287
vn_isunder(fffff600609e56f0,fffff6005f88de90,ffff800045fee548) at vn_isunder+0x56 sys/kern/vfs_vnops.c:700
unp_externalize(fffff6006d915400,33,0) at unp_externalize+0x26f sys/kern/uipc_usrreq.c:1090
soreceive(ffff8000015aaec0,ffff80003abc5428,ffff80003abc53d8,0,ffff80003abc5410,ffff80003abc559c,146c914bf6bbd154) at soreceive+0xc24 sys/kern/uipc_socket.c:1029
recvit(ffff800045fee548,1,ffff80003abc5570,0,ffff80003abc5620) at recvit+0x40b sys/kern/uipc_syscalls.c:1078
sys_recvmsg(ffff800045fee548,ffff80003abc56d0,ffff80003abc5620) at sys_recvmsg+0x1bf sys/kern/uipc_syscalls.c:878
syscall(ffff80003abc56d0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003abc56d0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x98be43c3fb0, count: -14
ddb{0}> show registers
rdi 0
rsi 0x80000 acpi_pdirpa+0x6be71
rbp 0xffff80003abc4eb0
rbx 0
rdx 0xffff8000015fc4c0
rcx 0xffff800045fee548
rax 0x7ffff acpi_pdirpa+0x6be70
r8 0xffff80003abc4d90
r9 0x8080808080808080
r10 0x3c445f6aaa732515
r11 0x503e456304b34b2
r12 0xfffff600040be880
r13 0xfffff600048a69b0
r14 0x3
r15 0xffffffff83521880 substchar+0x3a69
rip 0xffffffff81740505 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003abc4ea0
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor) tid=269706 pid=14682 tcnt=2 stat=onproc
flags process=1000000<CHROOT> proc=4000000<THREAD>
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff800045fef240,0xffff800045feefb8
process=0xffff80003638d368 user=0xffff80003abc0000, vmspace=0xfffff6006cd535d0
estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0
ddb{0}>
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup