login: witness: lock order reversal:
1st 0xffffffff8290fe50 netlock (netlock)
2nd 0xfffffd800872e188 vmmaplk (&map->lock)
lock order "&map->lock"(rwlock) -> "netlock"(rwlock) first seen at:
#0 rw_enter_write+0x5b sys/kern/kern_rwlock.c:128
#1 udp_sysctl+0x8a sys/netinet/udp_usrreq.c:1269
#2 sys_sysctl+0x209 sys/kern/kern_sysctl.c:249
#3 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#3 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#4 Xsyscall+0x128
lock order "netlock"(rwlock) -> "&map->lock"(rwlock) first seen at:
#0 rw_enter_read+0x66 sys/kern/kern_rwlock.c:112
#1 uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1758
#2 uvm_fault_check+0x3a sys/uvm/uvm_fault.c:674
#3 uvm_fault+0x102 sys/uvm/uvm_fault.c:602
#4 kpageflttrap+0x209
#5 kerntrap+0xef sys/arch/amd64/amd64/trap.c:318
#6 alltraps_kern_meltdown+0x7b
#7 copyout+0x53
#8 ifioctl_get+0x2dd
#9 soo_ioctl+0x26c
#10 fifo_ioctl+0x104 sys/miscfs/fifofs/fifo_vnops.c:307
#11 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264
#12 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531
#13 sys_ioctl+0x4a2
#14 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#14 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#15 Xsyscall+0x128
Stopped at db_enter+0x18: addq $0x8,%rsp
ddb{0}>
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
witness_checkorder(fffffd800872e188,1,0) at witness_checkorder+0x10b7 witness_debugger sys/kern/subr_witness.c:2502 [inline]
witness_checkorder(fffffd800872e188,1,0) at witness_checkorder+0x10b7 sys/kern/subr_witness.c:1105
rw_enter_read(fffffd800872e178) at rw_enter_read+0x66 sys/kern/kern_rwlock.c:112
uvmfault_lookup(ffff8000211bbd60,0) at uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1758
uvm_fault_check(ffff8000211bbd60,ffff8000211bbd98,ffff8000211bbdc0) at uvm_fault_check+0x3a sys/uvm/uvm_fault.c:674
uvm_fault(fffffd800872e170,20004000,0,2) at uvm_fault+0x102 sys/uvm/uvm_fault.c:602
kpageflttrap(ffff8000211bbef0,200041f7) at kpageflttrap+0x209
kerntrap(ffff8000211bbef0) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x53
ifioctl_get(c0106924,ffff8000211bc440) at ifioctl_get+0x2dd
soo_ioctl(ffff8000211bc1a0,c0106924,ffff8000211bc440,ffff800021142548) at soo_ioctl+0x26c
fifo_ioctl(ffff8000211bc288) at fifo_ioctl+0x104 sys/miscfs/fifofs/fifo_vnops.c:307
VOP_IOCTL(fffffd806eec44d0,c0106924,ffff8000211bc440,3,fffffd807f7d8a20,ffff800021142548) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806e615600,c0106924,ffff8000211bc440,ffff800021142548) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531
sys_ioctl(ffff800021142548,ffff8000211bc558,ffff8000211bc5b0) at sys_ioctl+0x4a2
syscall(ffff8000211bc620) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000211bc620) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe3810, count: -18
ddb{0}> show registers
rdi 0x3
rsi 0xffffffff8294abb0 __sancov_gen_cov_switch_values.134
rbp 0xffff8000211bba50
rbx 0x3
rdx 0x3fd
rcx 0
rax 0x1
r8 0xffff8000211bb9c0
r9 0x8080808080808080
r10 0xc12b07be5ed63e0f
r11 0xf82b5537488ec965
r12 0xffffffff82ab0900 w_lodata+0x52f90
r13 0
r14 0xffffffff82aac910 w_lodata+0x4efa0
r15 0xfffffd8002f62d80
rip 0xffffffff8138d658 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000211bba40
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor4258206138) pid=477729 stat=onproc
flags process=2<EXEC> proc=0
pri=17, usrpri=52, nice=20
forw=0xffffffffffffffff, list=0xffff8000211427e8,0xffffffff82b3d400
process=0xffff8000ffff94d0 user=0xffff8000211b7000, vmspace=0xfffffd800872e170
estcpu=2, cpticks=0, pctcpu=0.0
user=0, sys=0, intr=0
ddb{0}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*16242 477729 36456 0 7 0x2 syz-executor4258206138
36456 405076 94374 0 3 0x10008a sigsusp ksh
94374 65530 91918 0 3 0x9a kqread sshd
84948 51440 1 0 3 0x100083 ttyin getty
91918 196869 1 0 3 0x88 kqread sshd
44516 225686 85172 73 3 0x1100090 kqread syslogd
85172 182253 1 0 3 0x100082 netio syslogd
36764 6232 1 0 3 0x100080 kqread resolvd
28961 96207 13667 77 3 0x100092 kqread dhcpleased
9876 117103 13667 77 3 0x100092 kqread dhcpleased
13667 410466 1 0 3 0x80 kqread dhcpleased
61858 271553 0 0 3 0x14200 bored smr
15588 416771 0 0 3 0x14200 pgzero zerothread
99835 20073 0 0 3 0x14200 aiodoned aiodoned
63287 151687 0 0 3 0x14200 syncer update
82843 150219 0 0 3 0x14200 cleaner cleaner
37181 111190 0 0 3 0x14200 reaper reaper
98556 77054 0 0 3 0x14200 pgdaemon pagedaemon
33262 45910 0 0 3 0x14200 bored viomb
12515 410526 0 0 3 0x40014200 acpi0 acpi0
84867 35831 0 0 7 0x40014200 idle1
67496 409908 0 0 3 0x14200 bored softnet
29852 249938 0 0 3 0x14200 bored systqmp
29850 392125 0 0 3 0x14200 bored systq
52049 251082 0 0 3 0x40014200 bored softclock
25321 246638 0 0 3 0x40014200 idle0
1 176171 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb{0}> show all locks
Process 16242 (syz-executor4258206138) thread 0xffff800021142548 (477729)
shared rwlock netlock r = 0 (0xffffffff8290fe50)
#0 witness_lock+0x44d
#1 ifioctl_get+0x2d5 sys/net/if.c:2319
#2 soo_ioctl+0x26c
#3 fifo_ioctl+0x104 sys/miscfs/fifofs/fifo_vnops.c:307
#4 VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264
#5 vn_ioctl+0xbc sys/kern/vfs_vnops.c:531
#6 sys_ioctl+0x4a2
#7 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#7 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#8 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 1 (0xffffffff829de988)
#0 witness_lock+0x44d
#1 vn_ioctl+0x41 sys/kern/vfs_vnops.c:514
#2 sys_ioctl+0x4a2
#3 syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
#3 syscall+0x489 sys/arch/amd64/amd64/trap.c:585
#4 Xsyscall+0x128
ddb{0}> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10143 6388K 6419K 78643K 11233 0
pcb 13 8K 8K 78643K 13 0
rtable 62 2K 2K 78643K 114 0
ifaddr 24 7K 7K 78643K 24 0
counters 40 33K 33K 78643K 40 0
ioctlops 0 0K 2K 78643K 25 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1167 73K 73K 78643K 1180 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 1K 78643K 2 0
VM map 2 1K 1K 78643K 2 0
sem 2 0K 0K 78643K 2 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 1 0K 0K 78643K 1 0
proc 55 74K 75K 78643K 226 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
in_multi 11 0K 0K 78643K 11 0
ether_multi 1 0K 0K 78643K 1 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 25 122K 122K 78643K 25 0
exec 0 0K 2K 78643K 406 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 72 3K 5K 78643K 2044 0
UVM aobj 3 2K 2K 78643K 3 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
NDP 3 0K 0K 78643K 3 0
temp 19 4690K 4753K 78643K 3118 0
kqueue 11 16K 18K 78643K 24 0
SYN cache 2 16K 16K 78643K 2 0
ddb{0}> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
plcache 128 22 0 0 1 0 1 1 0 8 0
rtpcb 120 20 0 17 1 0 1 1 0 8 0
rtentry 112 23 0 1 1 0 1 1 0 8 0
unpcb 136 35 0 20 1 0 1 1 0 8 0
syncache 296 5 0 5 2 1 1 1 0 8 1
tcpcb 736 8 0 5 1 0 1 1 0 8 0
arp 120 2 0 0 1 0 1 1 0 8 0
inpcb 304 25 0 19 1 0 1 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 97 0 0 7 0 7 7 0 8 0
art_table 32 98 0 0 1 0 1 1 0 8 0
art_node 16 22 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1417 0 39 87 0 87 87 0 8 0
ffsino 272 1417 0 39 92 0 92 92 0 8 0
nchpl 144 1591 0 47 58 0 58 58 0 8 0
uvmvnodes 80 1426 0 0 30 0 30 30 0 8 0
vnodes 224 1426 0 0 84 0 84 84 0 8 0
namei 1024 4183 0 4183 1 0 1 1 0 8 1
percpumem 16 32 0 0 1 0 1 1 0 8 0
scxspl 216 3780 0 3780 2 1 1 2 0 8 1
plimitpl 152 15 0 9 1 0 1 1 0 8 0
sigapl 424 301 0 274 4 0 4 4 0 8 0
knotepl 120 45 0 0 2 0 2 2 0 8 0
kqueuepl 216 20 0 13 1 0 1 1 0 8 0
pipepl 336 82 0 79 1 0 1 1 0 8 0
fdescpl 496 287 0 274 3 1 2 3 0 8 0
filepl 152 1029 0 975 3 0 3 3 0 8 0
lockfpl 104 6 0 4 1 0 1 1 0 8 0
lockfspl 48 4 0 2 1 0 1 1 0 8 0
sessionpl 144 17 0 9 1 0 1 1 0 8 0
pgrppl 48 17 0 9 1 0 1 1 0 8 0
ucredpl 96 64 0 54 1 0 1 1 0 8 0
zombiepl 144 274 0 274 1 0 1 1 0 8 1
processpl 1064 301 0 274 3 1 2 3 0 8 0
procpl 672 301 0 274 3 0 3 3 0 8 0
sockpl 480 80 0 56 3 0 3 3 0 8 0
mcl8k 8192 4 0 0 1 0 1 1 0 8 0
mcl4k 4096 4 0 0 1 0 1 1 0 8 0
mcl2k 2048 63 0 0 8 0 8 8 0 8 0
mtagpl 96 3 0 0 1 0 1 1 0 8 0
mbufpl 256 106 0 0 7 0 7 7 0 8 0
bufpl 288 1938 0 89 133 0 133 133 0 8 0
anonpl 24 38832 0 36784 16 2 14 15 0 186 1
amapchunkpl 152 3732 0 3606 7 1 6 7 0 158 0
amappl16 200 26 0 25 2 1 1 1 0 8 0
amappl15 192 62 0 59 1 0 1 1 0 8 0
amappl14 184 1 0 1 1 1 0 1 0 8 0
amappl13 176 32 0 31 2 1 1 1 0 8 0
amappl12 168 16 0 16 2 1 1 1 0 8 1
amappl11 160 38 0 28 1 0 1 1 0 8 0
amappl10 152 4 0 4 1 1 0 1 0 8 0
amappl9 144 444 0 442 1 0 1 1 0 8 0
amappl8 136 352 0 348 1 0 1 1 0 8 0
amappl7 128 60 0 57 1 0 1 1 0 8 0
amappl6 120 109 0 96 1 0 1 1 0 8 0
amappl5 112 171 0 162 1 0 1 1 0 8 0
amappl4 104 597 0 576 1 0 1 1 0 8 0
amappl3 96 115 0 106 1 0 1 1 0 8 0
amappl2 88 356 0 319 1 0 1 1 0 8 0
amappl1 80 8210 0 7859 9 0 9 9 0 8 0
amappl 88 1782 0 1726 2 0 2 2 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 2 0 0 1 0 1 1 0 8 0
uaddrrnd 24 287 0 274 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 287 0 274 1 0 1 1 0 8 0
vmmpekpl 168 5963 0 5949 1 0 1 1 0 8 0
vmmpepl 168 25037 0 24273 38 0 38 38 0 357 0
vmsppl 368 286 0 274 2 0 2 2 0 8 0
rwobjpl 56 9008 0 7072 28 0 28 28 0 8 0
pdppl 4096 581 0 548 54 21 33 41 0 8 0
pvpl 32 126588 0 122801 34 0 34 34 0 265 1
pmappl 248 286 0 274 2 1 1 2 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 402 0 23 11 0 11 11 0 8 0
ddb{0}> machine ddbcpu 0
Invalid cpu 0
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
witness_checkorder(fffffd800872e188,1,0) at witness_checkorder+0x10b7 witness_debugger sys/kern/subr_witness.c:2502 [inline]
witness_checkorder(fffffd800872e188,1,0) at witness_checkorder+0x10b7 sys/kern/subr_witness.c:1105
rw_enter_read(fffffd800872e178) at rw_enter_read+0x66 sys/kern/kern_rwlock.c:112
uvmfault_lookup(ffff8000211bbd60,0) at uvmfault_lookup+0xd9 sys/uvm/uvm_fault.c:1758
uvm_fault_check(ffff8000211bbd60,ffff8000211bbd98,ffff8000211bbdc0) at uvm_fault_check+0x3a sys/uvm/uvm_fault.c:674
uvm_fault(fffffd800872e170,20004000,0,2) at uvm_fault+0x102 sys/uvm/uvm_fault.c:602
kpageflttrap(ffff8000211bbef0,200041f7) at kpageflttrap+0x209
kerntrap(ffff8000211bbef0) at kerntrap+0xef sys/arch/amd64/amd64/trap.c:318
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
copyout() at copyout+0x53
ifioctl_get(c0106924,ffff8000211bc440) at ifioctl_get+0x2dd
soo_ioctl(ffff8000211bc1a0,c0106924,ffff8000211bc440,ffff800021142548) at soo_ioctl+0x26c
fifo_ioctl(ffff8000211bc288) at fifo_ioctl+0x104 sys/miscfs/fifofs/fifo_vnops.c:307
VOP_IOCTL(fffffd806eec44d0,c0106924,ffff8000211bc440,3,fffffd807f7d8a20,ffff800021142548) at VOP_IOCTL+0x96 sys/kern/vfs_vops.c:264
vn_ioctl(fffffd806e615600,c0106924,ffff8000211bc440,ffff800021142548) at vn_ioctl+0xbc sys/kern/vfs_vnops.c:531
sys_ioctl(ffff800021142548,ffff8000211bc558,ffff8000211bc5b0) at sys_ioctl+0x4a2
syscall(ffff8000211bc620) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:102 [inline]
syscall(ffff8000211bc620) at syscall+0x489 sys/arch/amd64/amd64/trap.c:585
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffe3810, count: -18
ddb{0}> machine ddbcpu 1
Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp
ddb{1}> trace
x86_ipi_db(ffff800020ce8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393
x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106
Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23
acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206
sched_idle(ffff800020ce8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178
end trace frame: 0x0, count: -5
ddb{1}>