login: witness: lock order reversal: 1st 0xfffffd8073bac638 fdlock (&newfdp->fd_fd.fd_lock) 2nd 0xfffffd807c2682c0 inode (&ip->i_lock) lock order data w2 -> w1 missing lock order data w1 -> w2 missing Stopped at db_enter+0x18: addq $0x8,%rsp ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 witness_checkorder(fffffd807c2682c0,9,0) at witness_checkorder+0x108b rw_enter(fffffd807c2682b0,1) at rw_enter+0xd4 rrw_enter(fffffd807c2682b0,1) at rrw_enter+0x88 sys/kern/kern_rwlock.c:461 VOP_LOCK(fffffd8068a0c628,2001) at VOP_LOCK+0x87 sys/kern/vfs_vops.c:614 vn_lock(fffffd8068a0c628,2001) at vn_lock+0x84 sys/kern/vfs_vnops.c:579 vget(fffffd8068a0c628,2001) at vget+0x1f7 sys/kern/vfs_subr.c:676 ktrwriteraw(ffff800021272000,fffffd8068a0c628,fffffd807f7d87e0,ffff8000222f9880,ffff8000222f9860) at ktrwriteraw+0x138 sys/kern/kern_ktrace.c:659 ktrstruct(ffff800021272000,ffffffff823c1cdf,ffff8000222f9968,8) at ktrstruct+0x169 ktrwrite2 sys/kern/kern_ktrace.c:627 [inline] ktrstruct(ffff800021272000,ffffffff823c1cdf,ffff8000222f9968,8) at ktrstruct+0x169 sys/kern/kern_ktrace.c:311 sys_socketpair(ffff800021272000,ffff8000222f99d8,ffff8000222f9a20) at sys_socketpair+0x3ed sys/kern/uipc_syscalls.c:470 syscall(ffff8000222f9aa0) at syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000222f9aa0) at syscall+0x5bf sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x42e974ea700, count: -12 ddb{1}> show registers rdi 0xffff8000234be000 rsi 0x16e58 acpi_pdirpa+0x2cc0 rbp 0xffff8000222f9490 rbx 0x3 rdx 0xffff8000234be000 rcx 0x16e57 acpi_pdirpa+0x2cbf rax 0xffffffff81809987 db_enter+0x17 r8 0xffffffff81a353e1 witness_checkorder+0x1061 r9 0x5 r10 0x7456b54e9103f343 r11 0x381faacbd549fa9b r12 0 r13 0xfffffd807c2682c0 r14 0 r15 0xfffffd8002cf9740 rip 0xffffffff81809988 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000222f9480 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.1) pid=375124 stat=onproc flags process=0 proc=4000001 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000212722a0,0xffffffff82950ee8 process=0xffff8000212261d0 user=0xffff8000222f4000, vmspace=0xfffffd80669fc180 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 85991 462609 58309 0 7 0 syz-executor.1 *85991 375124 58309 0 7 0x4000001 syz-executor.1 26456 57579 1 0 3 0x100083 ttyin getty 58309 136559 56196 0 3 0x82 nanoslp syz-executor.1 13106 44225 0 0 3 0x14200 bored sosplice 53863 92869 56196 0 3 0x2 biowait syz-executor.0 56196 215950 91683 0 3 0x82 thrsleep syz-fuzzer 56196 422718 91683 0 3 0x4000082 nanoslp syz-fuzzer 56196 322332 91683 0 3 0x4000082 thrsleep syz-fuzzer 56196 10655 91683 0 3 0x4000082 kqread syz-fuzzer 56196 349479 91683 0 3 0x4000082 thrsleep syz-fuzzer 56196 222862 91683 0 3 0x4000082 thrsleep syz-fuzzer 56196 115855 91683 0 3 0x4000082 thrsleep syz-fuzzer 56196 509998 91683 0 3 0x4000082 thrsleep syz-fuzzer 91683 279579 663 0 3 0x10008a sigsusp ksh 663 160511 82688 0 3 0x92 select sshd 82688 225841 1 0 3 0x80 select sshd 82159 295119 20842 74 3 0x100092 bpf pflogd 20842 501313 1 0 3 0x80 netio pflogd 71701 178444 41869 73 3 0x100090 kqread syslogd 41869 218839 1 0 3 0x100082 netio syslogd 1963 473630 1 77 3 0x100090 poll dhclient 13703 394551 1 0 3 0x80 poll dhclient 87873 272012 0 0 3 0x14200 bored smr 79963 226836 0 0 3 0x14200 pgzero zerothread 4752 167469 0 0 3 0x14200 aiodoned aiodoned 18103 280586 0 0 3 0x14200 syncer update 99213 169707 0 0 3 0x14200 cleaner cleaner 76173 367632 0 0 3 0x14200 reaper reaper 55290 380734 0 0 3 0x14200 pgdaemon pagedaemon 90597 459392 0 0 3 0x14200 bored crynlk 63905 444967 0 0 3 0x14200 bored crypto 75502 346440 0 0 3 0x14200 bored viomb 79234 495734 0 0 3 0x40014200 acpi0 acpi0 19917 476535 0 0 3 0x40014200 idle1 1500 496073 0 0 3 0x14200 bored softnet 38102 28334 0 0 3 0x14200 bored systqmp 7475 199968 0 0 3 0x14200 bored systq 78707 433333 0 0 3 0x40014200 bored softclock 4885 110136 0 0 3 0x40014200 idle0 1 348945 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 85991 (syz-executor.1) thread 0xffff800021272000 (375124) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff829444f0) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 ktrstruct+0xee #2 sys_socketpair+0x3ed sys/kern/uipc_syscalls.c:470 #3 syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x5bf sys/arch/amd64/amd64/trap.c:585 #4 Xsyscall+0x128 exclusive rwlock fdlock r = 0 (0xfffffd8073bac638) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 sys_socketpair+0x219 #2 syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] #2 syscall+0x5bf sys/arch/amd64/amd64/trap.c:585 #3 Xsyscall+0x128 Process 53863 (syz-executor.0) thread 0xffff800021273a40 (92869) exclusive rrwlock inode r = 0 (0xfffffd807c2684e0) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 rw_enter+0x416 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x88 sys/kern/kern_rwlock.c:461 #3 ufs_ihashins+0x45 sys/ufs/ufs/ufs_ihash.c:140 #4 ffs_vget+0x135 sys/ufs/ffs/ffs_vfsops.c:1350 #5 ffs_inode_alloc+0x1e1 sys/ufs/ffs/ffs_alloc.c:394 #6 ufs_mkdir+0xf4 sys/ufs/ufs/ufs_vnops.c:1162 #7 VOP_MKDIR+0xc6 sys/kern/vfs_vops.c:457 #8 domkdirat+0x121 sys/kern/vfs_syscalls.c:3075 #9 syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] #9 syscall+0x5bf sys/arch/amd64/amd64/trap.c:585 #10 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffffd806abe22b8) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 rw_enter+0x416 sys/kern/kern_rwlock.c:310 #2 rrw_enter+0x88 sys/kern/kern_rwlock.c:461 #3 VOP_LOCK+0x87 sys/kern/vfs_vops.c:614 #4 vn_lock+0x84 sys/kern/vfs_vnops.c:579 #5 vfs_lookup+0xe6 sys/kern/vfs_lookup.c:413 #6 namei+0x58a sys/kern/vfs_lookup.c:245 #7 domkdirat+0x75 sys/kern/vfs_syscalls.c:3060 #8 syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] #8 syscall+0x5bf sys/arch/amd64/amd64/trap.c:585 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10144 6490K 6936K 78643K 13501 0 pcb 13 8K 8K 78643K 162 0 rtable 96 3K 4K 78643K 762 0 ifaddr 55 11K 12K 78643K 119 0 counters 44 34K 34K 78643K 64 0 ioctlops 0 0K 4K 78643K 1561 0 iov 0 0K 24K 78643K 86 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 1 0 vnodes 1224 77K 77K 78643K 2033 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 17 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 305 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 5 13K 25K 78643K 3448 0 proc 63 63K 95K 78643K 766 0 subproc 32 2K 2K 78643K 68 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 194 0 in_multi 25 1K 2K 78643K 200 0 ether_multi 1 0K 0K 78643K 37 0 mrt 0 0K 0K 78643K 15 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 2K 78643K 588 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 207 140K 148K 78643K 42593 0 UVM aobj 16 2K 2K 78643K 16 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 105 0 NDP 9 0K 0K 78643K 39 0 temp 119 3986K 4054K 78643K 17810 0 kqueue 3 4K 8K 78643K 131 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 120 227 0 225 1 0 1 1 0 8 0 rtentry 112 159 0 121 2 0 2 2 0 8 0 unpcb 120 602 0 590 1 0 1 1 0 8 0 syncache 296 45 0 45 4 4 0 1 0 8 0 tcpqe 32 5 0 5 1 1 0 1 0 8 0 tcpcb 736 563 0 559 15 14 1 5 0 8 0 arp 120 21 0 15 1 0 1 1 0 8 0 inpcb 304 1360 0 1354 2 1 1 2 0 8 0 nd6 48 24 0 22 1 0 1 1 0 8 0 pkpcb 40 29 0 28 4 3 1 1 0 8 0 kcovpl 48 4 0 2 1 0 1 1 0 8 0 ppxss 1128 8 0 8 2 2 0 1 0 8 0 pffrag 232 3 0 3 1 1 0 1 0 482 0 pffrnode 88 3 0 3 1 1 0 1 0 8 0 pffrent 40 15 0 15 2 2 0 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 44 0 38 1 0 1 1 0 8 0 pfstkey 112 44 0 38 1 0 1 1 0 8 0 pfstate 320 44 0 38 4 3 1 3 0 8 0 pfrule 1360 30 0 24 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 597 0 439 14 3 11 13 0 8 0 art_table 32 598 0 439 2 0 2 2 0 8 0 art_node 16 147 0 111 1 0 1 1 0 8 0 sysvmsgpl 40 60 0 20 1 0 1 1 0 8 0 semapl 112 303 0 293 1 0 1 1 0 8 0 shmpl 112 13 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 5555 0 4147 90 1 89 89 0 8 0 ffsino 272 5555 0 4147 95 0 95 95 0 8 0 nchpl 144 9778 0 8184 60 0 60 60 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 22918 0 22917 1 0 1 1 0 8 0 percpumem 16 43 0 10 1 0 1 1 0 8 0 vcpupl 1984 8 0 0 1 0 1 1 0 8 0 vmpool 560 8 0 0 1 0 1 1 0 8 0 scxspl 216 30032 0 30031 9 8 1 8 0 8 0 plimitpl 152 62 0 54 1 0 1 1 0 8 0 sigapl 424 3660 0 3627 4 0 4 4 0 8 0 futexpl 56 22976 0 22976 1 0 1 1 0 8 1 knotepl 112 204 0 184 1 0 1 1 0 8 0 kqueuepl 168 1703 0 1696 1 0 1 1 0 8 0 pipepl 336 245 0 234 6 5 1 2 0 8 0 fdescpl 496 3643 0 3627 3 0 3 3 0 8 0 filepl 152 11044 0 10940 5 0 5 5 0 8 1 lockfpl 104 298 0 297 1 0 1 1 0 8 0 lockfspl 48 120 0 119 1 0 1 1 0 8 0 sessionpl 144 21 0 10 1 0 1 1 0 8 0 pgrppl 48 21 0 10 1 0 1 1 0 8 0 ucredpl 96 844 0 835 1 0 1 1 0 8 0 zombiepl 144 3627 0 3627 1 0 1 1 0 8 1 processpl 1080 3660 0 3627 3 0 3 3 0 8 0 procpl 672 7796 0 7755 5 1 4 5 0 8 0 sosppl 168 28 0 28 3 3 0 1 0 8 0 sockpl 480 2242 0 2221 10 7 3 4 0 8 0 mcl64k 65536 24 0 0 3 0 3 3 0 8 0 mcl16k 16384 10 0 0 2 0 2 2 0 8 0 mcl12k 12288 17 0 0 2 0 2 2 0 8 0 mcl9k 9216 17 0 0 2 0 2 2 0 8 0 mcl8k 8192 8 0 0 1 0 1 1 0 8 0 mcl4k 4096 10 0 0 2 0 2 2 0 8 0 mcl2k 2048 230 0 0 15 0 15 15 0 8 0 mtagpl 96 112 0 0 3 0 3 3 0 8 0 mbufpl 256 531 0 0 30 0 30 30 0 8 0 bufpl 280 8398 0 2132 448 0 448 448 0 8 0 anonpl 24 954402 0 946255 131 75 56 95 0 186 5 amapchunkpl 152 102434 0 102031 34 16 18 30 0 158 0 amappl16 200 9233 0 9009 71 59 12 33 0 8 0 amappl15 192 70 0 64 1 0 1 1 0 8 0 amappl14 184 8 0 6 1 0 1 1 0 8 0 amappl13 176 45 0 44 1 0 1 1 0 8 0 amappl12 168 38 0 31 1 0 1 1 0 8 0 amappl11 160 47 0 36 1 0 1 1 0 8 0 amappl10 152 874 0 862 1 0 1 1 0 8 0 amappl9 144 1745 0 1742 1 0 1 1 0 8 0 amappl8 136 2080 0 2018 3 0 3 3 0 8 0 amappl7 128 1788 0 1777 1 0 1 1 0 8 0 amappl6 120 972 0 953 1 0 1 1 0 8 0 amappl5 112 4056 0 4044 1 0 1 1 0 8 0 amappl4 104 579 0 550 1 0 1 1 0 8 0 amappl3 96 177 0 169 1 0 1 1 0 8 0 amappl2 88 531 0 486 2 0 2 2 0 8 0 amappl1 80 62894 0 62474 12 2 10 12 0 8 0 amappl 88 42083 0 41960 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 15 0 0 1 0 1 1 0 8 0 uaddrrnd 24 3651 0 3627 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3651 0 3627 1 0 1 1 0 8 0 vmmpekpl 168 21242 0 21213 2 0 2 2 0 8 0 vmmpepl 168 405030 0 403537 111 41 70 88 0 357 0 vmsppl 368 3650 0 3627 3 0 3 3 0 8 0 rwobjpl 56 73263 0 72333 30 16 14 20 0 8 0 pdppl 4096 7309 0 7262 66 17 49 50 0 8 2 pvpl 32 2042366 0 2031595 242 127 115 154 0 265 24 pmappl 232 3650 0 3627 3 1 2 2 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 352 0 43 9 0 9 9 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff8271bff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc intr_handler(ffff8000212b9ed0,ffff80000006a400) at intr_handler+0x5e sys/arch/amd64/amd64/intr.c:532 Xintr_ioapic_edge17_untramp() at Xintr_ioapic_edge17_untramp+0x18f end of kernel end trace frame: 0x7f7ffffefd50, count: -6 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 witness_checkorder(fffffd807c2682c0,9,0) at witness_checkorder+0x108b rw_enter(fffffd807c2682b0,1) at rw_enter+0xd4 rrw_enter(fffffd807c2682b0,1) at rrw_enter+0x88 sys/kern/kern_rwlock.c:461 VOP_LOCK(fffffd8068a0c628,2001) at VOP_LOCK+0x87 sys/kern/vfs_vops.c:614 vn_lock(fffffd8068a0c628,2001) at vn_lock+0x84 sys/kern/vfs_vnops.c:579 vget(fffffd8068a0c628,2001) at vget+0x1f7 sys/kern/vfs_subr.c:676 ktrwriteraw(ffff800021272000,fffffd8068a0c628,fffffd807f7d87e0,ffff8000222f9880,ffff8000222f9860) at ktrwriteraw+0x138 sys/kern/kern_ktrace.c:659 ktrstruct(ffff800021272000,ffffffff823c1cdf,ffff8000222f9968,8) at ktrstruct+0x169 ktrwrite2 sys/kern/kern_ktrace.c:627 [inline] ktrstruct(ffff800021272000,ffffffff823c1cdf,ffff8000222f9968,8) at ktrstruct+0x169 sys/kern/kern_ktrace.c:311 sys_socketpair(ffff800021272000,ffff8000222f99d8,ffff8000222f9a20) at sys_socketpair+0x3ed sys/kern/uipc_syscalls.c:470 syscall(ffff8000222f9aa0) at syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000222f9aa0) at syscall+0x5bf sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x42e974ea700, count: -12