witness: lock order reversal: 1st 0xffff8000fffed930 fdlock (&newfdp->fd_fd.fd_lock) 2nd 0xfffffd806fb44d70 inode (&ip->i_lock) lock order [1] fdlock (&newfdp->fd_fd.fd_lock) -> [2] inode (&ip->i_lock) lock order data 0xffffffff834858d1 -> 0xffffffff8347b7ef is missing lock order [2] inode (&ip->i_lock) -> [3] sbufrcv (&so->so_rcv.sb_lock) #0 rw_do_enter_write+0xba sys/kern/kern_rwlock.c:234 #1 sblock+0xb6 sys/kern/uipc_socket2.c:536 #2 soreceive+0x27d sys/kern/uipc_socket.c:890 #3 fifo_read+0x117 sys/miscfs/fifofs/fifo_vnops.c:264 #4 VOP_READ+0x101 sys/kern/vfs_vops.c:227 #5 vn_rdwr+0x15b sys/kern/vfs_vnops.c:-1 #6 vndsetcred+0xa1 sys/dev/vnd.c:685 #7 vndioctl+0xdfc sys/dev/vnd.c:486 #8 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264 #9 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:537 #10 sys_ioctl+0x674 sys/kern/sys_generic.c:-1 #11 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #11 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #12 Xsyscall+0x128 lock order [3] sbufrcv (&so->so_rcv.sb_lock) -> [1] fdlock (&newfdp->fd_fd.fd_lock) #0 rw_do_enter_write+0xba sys/kern/kern_rwlock.c:234 #1 unp_externalize+0x3cf sys/kern/uipc_usrreq.c:1074 #2 soreceive+0xc24 sys/kern/uipc_socket.c:1029 #3 recvit+0x40b sys/kern/uipc_syscalls.c:1078 #4 sys_recvmsg+0x1bf sys/kern/uipc_syscalls.c:878 #5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #6 Xsyscall+0x128 Stopped at db_enter+0x25: addq $0x8,%rsp ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 witness_checkorder(fffffd806fb44d70,9,0) at witness_checkorder+0x10d1 sys/kern/subr_witness.c:-1 rw_do_enter_write(fffffd806fb44d58,1) at rw_do_enter_write+0xba sys/kern/kern_rwlock.c:234 rrw_enter(fffffd806fb44d58,1) at rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 VOP_LOCK(fffffd806fc45298,2001) at VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 vn_lock(fffffd806fc45298,2001) at vn_lock+0xa4 sys/kern/vfs_vnops.c:576 vn_closefile(fffffd807bc8fb40,ffff80002a223238) at vn_closefile+0x111 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd807bc8fb40,ffff80002a223238) at vn_closefile+0x111 sys/kern/vfs_vnops.c:621 fdrop(fffffd807bc8fb40,ffff80002a223238) at fdrop+0x121 sys/kern/kern_descrip.c:1281 knote_drop(fffffd806430d108,ffff80002a223238) at knote_drop+0x1a1 sys/kern/kern_event.c:2296 knote_remove(ffff80002a223238,fffffd806f51a8c0,fffffd806f51a950,5,0) at knote_remove+0x215 sys/kern/kern_event.c:-1 knote_fdclose(ffff80002a223238,5) at knote_fdclose+0xf9 sys/kern/kern_event.c:2203 fdrelease(ffff80002a223238,5) at fdrelease+0xf9 sys/kern/kern_descrip.c:761 syscall(ffff80003339a8f0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80003339a8f0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x6ed1561a550, count: -14 ddb{1}> show registers rdi 0 rsi 0 rbp 0xffff80003339a3b0 rbx 0 rdx 0 rcx 0xffff80002a223238 rax 0xffff80002999dff0 r8 0xffff80003339a290 r9 0x8080808080808080 r10 0x85a6c86b4ad5a5ca r11 0xcd3a99bccdeb7fc r12 0xfffffd80040abd00 r13 0xfffffd8004899010 r14 0x3 r15 0xffffffff83512ed3 substchar+0x5b7c rip 0xffffffff8258b975 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003339a3a0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor) tid=37661 pid=72803 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=69, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a222d08,0xffff80002a222fb0 process=0xffff8000ffff21c0 user=0xffff800033395000, vmspace=0xfffffd806c6b17b8 estcpu=19, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 25684 445667 19122 0 2 0 syz-executor 72803 61829 81251 0 2 0 syz-executor *72803 37661 81251 0 7 0x4000000 syz-executor 62996 288585 58092 0 2 0 syz-executor 62996 236862 58092 0 3 0x4000080 fsleep syz-executor 18245 202116 9340 0 2 0x10 syz-executor 18245 370994 9340 0 2 0x4000010 syz-executor 3786 85250 10674 0 3 0x80 nanoslp syz-executor 3786 104735 10674 0 3 0x4000080 lockf syz-executor 3786 333263 10674 0 3 0x4000080 fsleep syz-executor 98599 487408 96485 0 3 0x90 nanoslp syz-executor 98599 289642 96485 0 3 0x4000090 msgwait syz-executor 98599 504840 96485 0 3 0x4000090 fsleep syz-executor 44991 443819 1 0 3 0x82 nanoslp getty 19122 245591 8074 0 3 0x82 nanoslp syz-executor 9340 314183 8074 0 3 0x82 nanoslp syz-executor 96485 412827 8074 0 3 0x82 nanoslp syz-executor 81251 109350 8074 0 3 0x82 nanoslp syz-executor 58092 501367 8074 0 3 0x82 nanoslp syz-executor 10674 391849 8074 0 3 0x82 nanoslp syz-executor 83018 146966 8074 0 3 0x2 biowait syz-executor 47357 13724 8074 0 2 0x2 syz-executor 8074 393326 1 0 7 0x3 syz-executor 71321 345317 0 0 3 0x14200 bored smr 44908 360647 0 0 2 0x14200 zerothread 87086 96913 0 0 3 0x14200 aiodoned aiodoned 92812 314067 0 0 3 0x14200 syncer update 447 507928 0 0 3 0x14200 cleaner cleaner 49453 409243 0 0 3 0x14200 reaper reaper 72891 460321 0 0 3 0x14200 pgdaemon pagedaemon 12500 29344 0 0 3 0x14200 bored viomb 86226 467020 0 0 3 0x40014200 acpi0 acpi0 75321 187577 0 0 3 0x40014200 idle1 25663 237602 0 0 3 0x14200 bored softnet1 59008 469240 0 0 2 0x14200 softnet0 56393 468532 0 0 3 0x14200 bored systqmp 5770 133770 0 0 3 0x14200 bored systq 4937 39895 0 0 3 0x14200 tmoslp softclockmp 33595 432507 0 0 3 0x40014200 tmoslp softclock 1285 156786 0 0 3 0x40014200 idle0 1 145517 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 72803 (syz-executor) thread 0xffff80002a223238 (37661) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff83aa7580) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 vn_closefile+0x41 sys/kern/vfs_vnops.c:614 #2 fdrop+0x121 sys/kern/kern_descrip.c:1281 #3 knote_drop+0x1a1 sys/kern/kern_event.c:2296 #4 knote_remove+0x215 sys/kern/kern_event.c:-1 #5 knote_fdclose+0xf9 sys/kern/kern_event.c:2203 #6 fdrelease+0xf9 sys/kern/kern_descrip.c:761 #7 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #7 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #8 Xsyscall+0x128 exclusive rwlock fdlock r = 0 (0xffff8000fffed930) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 sys_close+0xd0 sys/kern/kern_descrip.c:779 #3 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #3 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #4 Xsyscall+0x128 Process 83018 (syz-executor) thread 0xffff8000ffffd9f8 (146966) exclusive rrwlock inode r = 0 (0xfffffd806c424318) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 ufs_ihashins+0x4f ufs_ihash sys/ufs/ufs/ufs_ihash.c:-1 [inline] #4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:159 #5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1232 #6 ffs_inode_alloc+0x279 sys/ufs/ffs/ffs_alloc.c:393 #7 ufs_mkdir+0xfc sys/ufs/ufs/ufs_vnops.c:1112 #8 VOP_MKDIR+0x101 sys/kern/vfs_vops.c:394 #9 domkdirat+0x179 sys/kern/vfs_syscalls.c:3143 #10 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #10 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #11 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806d4bf300) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576 #5 vfs_lookup+0x10f sys/kern/vfs_lookup.c:431 #6 namei+0x7c5 sys/kern/vfs_lookup.c:250 #7 domkdirat+0x8b sys/kern/vfs_syscalls.c:3128 #8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #9 Xsyscall+0x128 ddb{1}>