witness: shared lock of (rwlock) maddr while exclusively locked
0 views
Skip to first unread message
syzbot
Jan 3, 2026, 7:51:28 AM (9 days ago) Jan 3
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 80bc9799356e Protect IGMP and MLD6 fast timer with rwlock.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1562d69a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=de6bcf8e746b8a631885
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/91089fc9acd2/disk-80bc9799.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/d43f4be640bc/bsd-80bc9799.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d583b541db80/kernel-80bc9799.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+de6bcf...@syzkaller.appspotmail.com
witness: shared lock of (rwlock) maddr while exclusively locked
panic: excl->share
Starting stack trace...
panic(ffffffff833b5a1c) at panic+0x1d0 sys/kern/subr_prf.c:229
witness_checkorder(ffff8000000508d0,1,0) at witness_checkorder+0x122c sys/kern/subr_witness.c:854
rw_do_enter_read(ffff8000000508b8,0) at rw_do_enter_read+0x99 sys/kern/kern_rwlock.c:355
in_hasmulti(fffffd805f4130bc,ffff800000050858) at in_hasmulti+0x41 in_lookupmulti sys/netinet/in.c:-1 [inline]
in_hasmulti(fffffd805f4130bc,ffff800000050858) at in_hasmulti+0x41 sys/netinet/in.c:991
ip_output(fffffd805f413000,fffffd807eb5cd00,0,0,ffff80003c4155e8,0,99e95ded6b9934eb) at ip_output+0x9c9 sys/netinet/ip_output.c:302
igmp_sendpkt(ffff800000050858,ffff8000015b3c80,16,0) at igmp_sendpkt+0x193 igmpstat_inc sys/netinet/igmp_var.h:-1 [inline]
igmp_sendpkt(ffff800000050858,ffff8000015b3c80,16,0) at igmp_sendpkt+0x193 sys/netinet/igmp.c:734
igmp_joingroup(ffff8000015b3c80,ffff800000050858) at igmp_joingroup+0xd9 sys/netinet/igmp.c:561
in_addmulti(ffff80003c415780,ffff800000050858) at in_addmulti+0x325 sys/netinet/in.c:925
ip_setmoptions(c,fffffd805e590c98,fffffd805fa5b000,0) at ip_setmoptions+0xdcb sys/netinet/ip_output.c:1602
sosetopt(ffff800001634ee8,0,c,fffffd805fa5b000) at sosetopt+0x118 sys/kern/uipc_socket.c:-1
sys_setsockopt(ffff8000fffe6a80,ffff80003c415980,ffff80003c4158d0) at sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
syscall(ffff80003c415980) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c415980) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x840d2ac6f80, count: 244
End of stack trace.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 80bc9799356e Protect IGMP and MLD6 fast timer with rwlock.
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1562d69a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7058272de1526588
dashboard link: https://syzkaller.appspot.com/bug?extid=de6bcf8e746b8a631885
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/91089fc9acd2/disk-80bc9799.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/d43f4be640bc/bsd-80bc9799.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d583b541db80/kernel-80bc9799.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+de6bcf...@syzkaller.appspotmail.com
witness: shared lock of (rwlock) maddr while exclusively locked
panic: excl->share
Starting stack trace...
panic(ffffffff833b5a1c) at panic+0x1d0 sys/kern/subr_prf.c:229
witness_checkorder(ffff8000000508d0,1,0) at witness_checkorder+0x122c sys/kern/subr_witness.c:854
rw_do_enter_read(ffff8000000508b8,0) at rw_do_enter_read+0x99 sys/kern/kern_rwlock.c:355
in_hasmulti(fffffd805f4130bc,ffff800000050858) at in_hasmulti+0x41 in_lookupmulti sys/netinet/in.c:-1 [inline]
in_hasmulti(fffffd805f4130bc,ffff800000050858) at in_hasmulti+0x41 sys/netinet/in.c:991
ip_output(fffffd805f413000,fffffd807eb5cd00,0,0,ffff80003c4155e8,0,99e95ded6b9934eb) at ip_output+0x9c9 sys/netinet/ip_output.c:302
igmp_sendpkt(ffff800000050858,ffff8000015b3c80,16,0) at igmp_sendpkt+0x193 igmpstat_inc sys/netinet/igmp_var.h:-1 [inline]
igmp_sendpkt(ffff800000050858,ffff8000015b3c80,16,0) at igmp_sendpkt+0x193 sys/netinet/igmp.c:734
igmp_joingroup(ffff8000015b3c80,ffff800000050858) at igmp_joingroup+0xd9 sys/netinet/igmp.c:561
in_addmulti(ffff80003c415780,ffff800000050858) at in_addmulti+0x325 sys/netinet/in.c:925
ip_setmoptions(c,fffffd805e590c98,fffffd805fa5b000,0) at ip_setmoptions+0xdcb sys/netinet/ip_output.c:1602
sosetopt(ffff800001634ee8,0,c,fffffd805fa5b000) at sosetopt+0x118 sys/kern/uipc_socket.c:-1
sys_setsockopt(ffff8000fffe6a80,ffff80003c415980,ffff80003c4158d0) at sys_setsockopt+0x2ba sys/kern/uipc_syscalls.c:1227
syscall(ffff80003c415980) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline]
syscall(ffff80003c415980) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:775
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x840d2ac6f80, count: 244
End of stack trace.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages