witness: lock order reversal: 1st 0xffff800010fde100 sbufrcv (&so->so_rcv.sb_lock) 2nd 0xfffffd806bbc87b8 inode (&ip->i_lock) lock order [1] sbufrcv (&so->so_rcv.sb_lock) -> [2] inode (&ip->i_lock) lock order data 0xffffffff834325d0 -> 0xffffffff8347e106 is missing lock order [2] inode (&ip->i_lock) -> [1] sbufrcv (&so->so_rcv.sb_lock) #0 rw_do_enter_write+0xba sys/kern/kern_rwlock.c:234 #1 sblock+0xb6 sys/kern/uipc_socket2.c:536 #2 soreceive+0x27d sys/kern/uipc_socket.c:890 #3 fifo_read+0x117 sys/miscfs/fifofs/fifo_vnops.c:264 #4 VOP_READ+0x101 sys/kern/vfs_vops.c:227 #5 vn_rdwr+0x15b sys/kern/vfs_vnops.c:-1 #6 vndsetcred+0xa1 sys/dev/vnd.c:685 #7 vndioctl+0xdfc sys/dev/vnd.c:486 #8 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264 #9 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:537 #10 sys_ioctl+0x674 sys/kern/sys_generic.c:-1 #11 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #11 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #12 Xsyscall+0x128 Stopped at db_enter+0x25: addq $0x8,%rsp ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 witness_checkorder(fffffd806bbc87b8,9,0) at witness_checkorder+0x10d1 sys/kern/subr_witness.c:-1 rw_do_enter_write(fffffd806bbc87a0,1) at rw_do_enter_write+0xba sys/kern/kern_rwlock.c:234 rrw_enter(fffffd806bbc87a0,1) at rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 VOP_LOCK(fffffd806bde4ca8,2001) at VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 vn_lock(fffffd806bde4ca8,2001) at vn_lock+0xa4 sys/kern/vfs_vnops.c:576 vfs_getcwd_common(fffffd806bde4ca8,fffffd806bde4ca8,0,0,200,0,8f946f179ad2f280) at vfs_getcwd_common+0xd1 sys/kern/vfs_getcwd.c:287 vn_isunder(fffffd806bde4ca8,fffffd806bde4ca8,ffff80002a222540) at vn_isunder+0x56 sys/kern/vfs_vnops.c:700 unp_externalize(fffffd806b7bd300,33,0) at unp_externalize+0x26f sys/kern/uipc_usrreq.c:1090 soreceive(ffff800010fde010,ffff80002a23d018,ffff80002a23cfc8,0,ffff80002a23d000,ffff80002a23d18c,74ab5f576470655c) at soreceive+0xc24 sys/kern/uipc_socket.c:1029 recvit(ffff80002a222540,8,ffff80002a23d160,0,ffff80002a23d210) at recvit+0x40b sys/kern/uipc_syscalls.c:1078 sys_recvmsg(ffff80002a222540,ffff80002a23d2c0,ffff80002a23d210) at sys_recvmsg+0x1bf sys/kern/uipc_syscalls.c:878 syscall(ffff80002a23d2c0) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a23d2c0) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd5fdc6a8dd0, count: -14 ddb{0}> show registers rdi 0 rsi 0 rbp 0xffff80002a23caa0 rbx 0 rdx 0 rcx 0xffff80002a222540 rax 0xffffffff838d4ff0 cpu_info_full_primary+0x1ff0 r8 0xffff80002a23c980 r9 0x8080808080808080 r10 0x324f7087a6670514 r11 0x1333e88c6f60f7f0 r12 0xfffffd80040aa880 r13 0xfffffd80048924e8 r14 0x3 r15 0xffffffff83512289 substchar+0xfc85 rip 0xffffffff831a0d75 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a23ca90 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=278947 pid=76578 tcnt=3 stat=onproc flags process=1000000 proc=4000000 runpri=32, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a223768,0xffff80002a222a80 process=0xffff80003abba1d0 user=0xffff80002a238000, vmspace=0xfffffd807c63a3d8 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 76578 187639 61782 0 2 0x1000000 syz-executor *76578 278947 61782 0 7 0x5000000 syz-executor 76578 148934 61782 0 3 0x5000080 fsleep syz-executor 84540 321096 33498 0 2 0 syz-executor 84540 58943 33498 0 7 0x4000000 syz-executor 37936 365918 479 0 2 0 syz-executor 37936 82403 479 0 3 0x4000080 dtread syz-executor 69400 450073 23566 0 3 0x80 nanoslp syz-executor 69400 313338 23566 0 3 0x4000080 netacc syz-executor 69400 458909 23566 0 3 0x4000080 fsleep syz-executor 64381 257745 90761 60929 2 0x10 syz-executor 64381 127926 90761 60929 3 0x4000090 fsleep syz-executor 64381 58080 90761 60929 3 0x4000090 fsleep syz-executor 14240 309665 26566 0 3 0x80 nanoslp syz-executor 14240 512024 26566 0 3 0x4000080 rest syz-executor 14240 474645 26566 0 3 0x4000080 fsleep syz-executor 41857 221320 1 0 3 0x80 nanoslp init 18633 12114 89257 0 3 0x100082 sbwait ndp 89257 57599 93038 0 3 0x10008a sigsusp sh 93038 156451 19634 0 3 0x82 wait syz-executor 72718 477958 19634 0 3 0x82 nanoslp syz-executor 23566 329888 19634 0 3 0x82 nanoslp syz-executor 61782 187949 19634 0 3 0x82 nanoslp syz-executor 479 297685 19634 0 3 0x82 nanoslp syz-executor 90761 74804 19634 0 3 0x82 nanoslp syz-executor 33498 122329 19634 0 3 0x82 nanoslp syz-executor 26566 315200 19634 0 3 0x82 nanoslp syz-executor 19634 27441 1 0 3 0x82 kqread syz-executor 25219 390791 1 74 3 0x1100092 bpf pflogd 61824 166427 1 73 3 0x1100090 kqread syslogd 79777 468210 0 0 3 0x14200 bored smr 58560 427531 0 0 2 0x14200 zerothread 39881 225142 0 0 3 0x14200 aiodoned aiodoned 67260 17952 0 0 3 0x14200 syncer update 64980 413726 0 0 3 0x14200 cleaner cleaner 71629 365343 0 0 3 0x14200 reaper reaper 17430 59426 0 0 3 0x14200 pgdaemon pagedaemon 98946 41369 0 0 3 0x14200 bored viomb 11730 12331 0 0 3 0x40014200 acpi0 acpi0 56764 258918 0 0 3 0x40014200 idle1 84101 43128 0 0 3 0x14200 bored softnet1 40235 98460 0 0 3 0x14200 bored softnet0 35049 186600 0 0 3 0x14200 bored systqmp 46129 3050 0 0 3 0x14200 bored systq 71150 349641 0 0 3 0x14200 tmoslp softclockmp 10379 521689 0 0 3 0x40014200 tmoslp softclock 20417 45896 0 0 3 0x40014200 idle0 1 106731 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}>