login: witness: lock order reversal: 1st 0xfffffd8076420df8 fdlock (&newfdp->fd_fd.fd_lock) 2nd 0xfffffd806b2a80a0 inode (&ip->i_lock) lock order data w2 -> w1 missing lock order data w1 -> w2 missing Stopped at db_enter+0x18: addq $0x8,%rsp ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 witness_checkorder(fffffd806b2a80a0,9,0) at witness_checkorder+0x108b rw_enter(fffffd806b2a8090,1) at rw_enter+0xd4 rrw_enter(fffffd806b2a8090,1) at rrw_enter+0x88 sys/kern/kern_rwlock.c:461 VOP_LOCK(fffffd806b21a2f8,2001) at VOP_LOCK+0x87 sys/kern/vfs_vops.c:614 vn_lock(fffffd806b21a2f8,2001) at vn_lock+0x84 sys/kern/vfs_vnops.c:579 vget(fffffd806b21a2f8,2001) at vget+0x1f7 sys/kern/vfs_subr.c:676 ktrwriteraw(ffff800021278000,fffffd806b21a2f8,fffffd807f7d86c0,ffff8000211de420,ffff8000211de400) at ktrwriteraw+0x138 sys/kern/kern_ktrace.c:659 ktrstruct(ffff800021278000,ffffffff823b951b,ffff8000211de508,8) at ktrstruct+0x169 ktrwrite2 sys/kern/kern_ktrace.c:627 [inline] ktrstruct(ffff800021278000,ffffffff823b951b,ffff8000211de508,8) at ktrstruct+0x169 sys/kern/kern_ktrace.c:311 sys_socketpair(ffff800021278000,ffff8000211de578,ffff8000211de5c0) at sys_socketpair+0x3ed sys/kern/uipc_syscalls.c:470 syscall(ffff8000211de640) at syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000211de640) at syscall+0x5bf sys/arch/amd64/amd64/trap.c:590 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9549ad00830, count: -12 ddb{1}> show registers rdi 0xffff8000244c6000 rsi 0x141e7 acpi_pdirpa+0x4f rbp 0xffff8000211de030 rbx 0x3 rdx 0xffff8000244c6000 rcx 0x141e6 acpi_pdirpa+0x4e rax 0xffffffff81fa90b7 db_enter+0x17 r8 0xffffffff81c70da1 witness_checkorder+0x1061 r9 0x5 r10 0x2931d3eed400b6fa r11 0x6e3c20fea8469f1a r12 0 r13 0xfffffd806b2a80a0 r14 0 r15 0xfffffd8002cf3740 rip 0xffffffff81fa90b8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000211de020 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.0) pid=147025 stat=onproc flags process=0 proc=4000001 pri=32, usrpri=79, nice=20 forw=0xffffffffffffffff, list=0xffff8000212782a0,0xffff800021279270 process=0xffff800021226e78 user=0xffff8000211d9000, vmspace=0xfffffd807f009730 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 35126 333620 60298 0 7 0x1 syz-executor.0 *35126 147025 60298 0 7 0x4000001 syz-executor.0 35126 260493 60298 0 3 0x4000080 fsleep syz-executor.0 35126 477032 60298 0 3 0x4000080 fsleep syz-executor.0 13610 411369 1 0 3 0x100083 ttyin getty 60298 230163 79600 0 3 0x82 nanoslp syz-executor.0 69914 52049 79600 0 3 0x82 nanoslp syz-executor.1 79600 353952 84585 0 3 0x82 thrsleep syz-fuzzer 79600 328278 84585 0 3 0x4000082 thrsleep syz-fuzzer 79600 88224 84585 0 3 0x4000082 thrsleep syz-fuzzer 79600 40400 84585 0 3 0x4000082 thrsleep syz-fuzzer 79600 209912 84585 0 3 0x4000082 thrsleep syz-fuzzer 79600 283322 84585 0 3 0x4000082 thrsleep syz-fuzzer 79600 214029 84585 0 3 0x4000082 thrsleep syz-fuzzer 79600 187614 84585 0 3 0x4000082 kqread syz-fuzzer 84585 30237 79951 0 3 0x10008a sigsusp ksh 79951 365011 48430 0 3 0x92 select sshd 48430 401902 1 0 3 0x80 select sshd 53898 262524 43976 74 3 0x100092 bpf pflogd 43976 320554 1 0 3 0x80 netio pflogd 34464 965 77616 73 3 0x100090 kqread syslogd 77616 71351 1 0 3 0x100082 netio syslogd 74894 284463 1 77 3 0x100090 poll dhclient 30522 276774 1 0 3 0x80 poll dhclient 50928 416485 0 0 3 0x14200 bored smr 27384 126589 0 0 3 0x14200 pgzero zerothread 20650 242448 0 0 3 0x14200 aiodoned aiodoned 16094 450364 0 0 3 0x14200 syncer update 33651 138281 0 0 3 0x14200 cleaner cleaner 30628 177000 0 0 3 0x14200 reaper reaper 69253 193722 0 0 3 0x14200 pgdaemon pagedaemon 25786 451312 0 0 3 0x14200 bored crynlk 78227 458770 0 0 3 0x14200 bored crypto 96768 420186 0 0 3 0x14200 bored viomb 56969 252216 0 0 3 0x40014200 acpi0 acpi0 74574 265000 0 0 3 0x40014200 idle1 58082 254850 0 0 3 0x14200 bored softnet 83670 136293 0 0 3 0x14200 bored systqmp 38181 431757 0 0 3 0x14200 bored systq 32935 183607 0 0 3 0x40014200 bored softclock 87204 490590 0 0 3 0x40014200 idle0 1 169447 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 35126 (syz-executor.0) thread 0xffff800021278000 (147025) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82909908) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 ktrstruct+0xee #2 sys_socketpair+0x3ed sys/kern/uipc_syscalls.c:470 #3 syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x5bf sys/arch/amd64/amd64/trap.c:590 #4 Xsyscall+0x128 exclusive rwlock fdlock r = 0 (0xfffffd8076420df8) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 sys_socketpair+0x219 #2 syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] #2 syscall+0x5bf sys/arch/amd64/amd64/trap.c:590 #3 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10122 6481K 6997K 78643K 11776 0 pcb 13 8K 8K 78643K 82 0 rtable 105 3K 3K 78643K 316 0 ifaddr 44 10K 10K 78643K 52 0 counters 44 34K 34K 78643K 46 0 ioctlops 0 0K 4K 78643K 1470 0 iov 0 0K 12K 78643K 2 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 1 0 vnodes 1222 77K 77K 78643K 1475 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 20 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 122 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 5 13K 25K 78643K 745 0 proc 61 63K 95K 78643K 495 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 20 0 in_multi 33 2K 2K 78643K 44 0 ether_multi 1 0K 0K 78643K 10 0 mrt 0 0K 0K 78643K 43 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 2K 78643K 388 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 169 24K 24K 78643K 10190 0 UVM aobj 16 2K 2K 78643K 24 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 29 0 NDP 6 0K 0K 78643K 13 0 temp 106 3981K 4045K 78643K 3899 0 kqueue 3 4K 8K 78643K 8 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 120 26 0 24 1 0 1 1 0 8 0 rtentry 112 73 0 29 2 0 2 2 0 8 0 unpcb 120 377 0 353 1 0 1 1 0 8 0 syncache 296 4 0 4 1 1 0 1 0 8 0 tcpqe 32 116 0 116 2 2 0 1 0 8 0 tcpcb 736 90 0 86 4 2 2 2 0 8 1 arp 120 8 0 2 1 0 1 1 0 8 0 inpcb 304 301 0 295 1 0 1 1 0 8 0 rttmr 72 17 0 17 1 0 1 1 0 8 1 nd6 48 9 0 3 1 0 1 1 0 8 0 kcovpl 48 3 0 1 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 24 0 5 1 0 1 1 0 8 0 pfstkey 112 24 0 5 1 0 1 1 0 8 0 pfstate 320 24 0 5 2 0 2 2 0 8 0 pfrule 1360 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 233 0 44 12 0 12 12 0 8 0 art_table 32 234 0 44 2 0 2 2 0 8 0 art_node 16 72 0 32 1 0 1 1 0 8 0 sysvmsgpl 40 49 0 33 1 0 1 1 0 8 0 semapl 112 110 0 100 1 0 1 1 0 8 0 shmpl 112 21 0 8 2 1 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 2326 0 919 89 0 89 89 0 8 0 ffsino 272 2326 0 919 95 0 95 95 0 8 0 nchpl 144 3350 0 1753 60 0 60 60 0 8 0 uvmvnodes 72 2542 0 0 47 0 47 47 0 8 0 vnodes 224 2542 0 0 150 0 150 150 0 8 0 namei 1024 8604 0 8604 1 0 1 1 0 8 1 percpumem 16 34 0 1 1 0 1 1 0 8 0 scxspl 216 11260 0 11260 9 8 1 8 0 8 1 plimitpl 152 22 0 14 1 0 1 1 0 8 0 sigapl 424 958 0 926 4 0 4 4 0 8 0 futexpl 56 5356 0 5354 1 0 1 1 0 8 0 knotepl 112 79 0 59 1 0 1 1 0 8 0 kqueuepl 168 303 0 301 1 0 1 1 0 8 0 pipepl 336 85 0 74 2 0 2 2 0 8 0 fdescpl 496 942 0 926 3 0 3 3 0 8 0 filepl 152 3606 0 3501 5 0 5 5 0 8 0 lockfpl 104 23 0 22 1 0 1 1 0 8 0 lockfspl 48 12 0 11 1 0 1 1 0 8 0 sessionpl 144 20 0 9 1 0 1 1 0 8 0 pgrppl 48 20 0 9 1 0 1 1 0 8 0 ucredpl 96 504 0 495 1 0 1 1 0 8 0 zombiepl 144 926 0 925 1 0 1 1 0 8 0 processpl 1080 958 0 925 3 0 3 3 0 8 0 procpl 672 1870 0 1827 4 0 4 4 0 8 0 sockpl 480 704 0 672 7 2 5 5 0 8 1 mcl12k 12288 6 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 6 0 0 1 0 1 1 0 8 0 mcl2k 2048 164 0 0 18 0 18 18 0 8 0 mtagpl 96 41 0 0 1 0 1 1 0 8 0 mbufpl 256 410 0 0 24 0 24 24 0 8 0 bufpl 280 5021 0 177 346 0 346 346 0 8 0 anonpl 24 221464 0 214556 45 0 45 45 0 186 2 amapchunkpl 152 23947 0 23548 19 2 17 17 0 158 0 amappl16 200 1621 0 1461 11 1 10 10 0 8 1 amappl15 192 64 0 57 1 0 1 1 0 8 0 amappl14 184 4 0 2 1 0 1 1 0 8 0 amappl13 176 37 0 35 1 0 1 1 0 8 0 amappl12 168 33 0 24 1 0 1 1 0 8 0 amappl11 160 260 0 246 1 0 1 1 0 8 0 amappl10 152 31 0 23 1 0 1 1 0 8 0 amappl9 144 559 0 558 1 0 1 1 0 8 0 amappl8 136 333 0 300 2 0 2 2 0 8 0 amappl7 128 553 0 544 1 0 1 1 0 8 0 amappl6 120 113 0 99 1 0 1 1 0 8 0 amappl5 112 1467 0 1454 1 0 1 1 0 8 0 amappl4 104 539 0 508 1 0 1 1 0 8 0 amappl3 96 61 0 55 1 0 1 1 0 8 0 amappl2 88 451 0 402 2 0 2 2 0 8 0 amappl1 80 18659 0 18233 12 2 10 12 0 8 0 amappl 88 9865 0 9744 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 23 0 8 1 0 1 1 0 8 0 uaddrrnd 24 942 0 926 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 942 0 926 1 0 1 1 0 8 0 vmmpekpl 168 8966 0 8936 2 0 2 2 0 8 0 vmmpepl 168 103280 0 101882 74 7 67 70 0 357 1 vmsppl 368 941 0 926 2 0 2 2 0 8 0 rwobjpl 56 20599 0 19760 14 1 13 13 0 8 0 pdppl 4096 1891 0 1852 57 16 41 45 0 8 2 pvpl 32 540897 0 530673 128 37 91 128 0 265 4 pmappl 232 941 0 926 2 1 1 2 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 315 0 21 9 0 9 9 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff82734ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x37 kd_curproc sys/dev/kcov.c:570 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x37 sys/dev/kcov.c:143 __mp_lock(ffffffff82909700) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82909700) at __mp_lock+0x133 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x1f __mp_lock(ffffffff82909700) at __mp_lock+0x129 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82909700) at __mp_lock+0x129 sys/kern/kern_lock.c:147 ktrstruct(ffff8000212782a0,ffffffff823c91c4,ffff800021aa53b8,10) at ktrstruct+0xee sys_clock_gettime(ffff8000212782a0,ffff800021aa5420,ffff800021aa5470) at sys_clock_gettime+0xfb sys/kern/kern_time.c:171 syscall(ffff800021aa54f0) at syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800021aa54f0) at syscall+0x5bf sys/arch/amd64/amd64/trap.c:590 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffdfd50, count: -12 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 witness_checkorder(fffffd806b2a80a0,9,0) at witness_checkorder+0x108b rw_enter(fffffd806b2a8090,1) at rw_enter+0xd4 rrw_enter(fffffd806b2a8090,1) at rrw_enter+0x88 sys/kern/kern_rwlock.c:461 VOP_LOCK(fffffd806b21a2f8,2001) at VOP_LOCK+0x87 sys/kern/vfs_vops.c:614 vn_lock(fffffd806b21a2f8,2001) at vn_lock+0x84 sys/kern/vfs_vnops.c:579 vget(fffffd806b21a2f8,2001) at vget+0x1f7 sys/kern/vfs_subr.c:676 ktrwriteraw(ffff800021278000,fffffd806b21a2f8,fffffd807f7d86c0,ffff8000211de420,ffff8000211de400) at ktrwriteraw+0x138 sys/kern/kern_ktrace.c:659 ktrstruct(ffff800021278000,ffffffff823b951b,ffff8000211de508,8) at ktrstruct+0x169 ktrwrite2 sys/kern/kern_ktrace.c:627 [inline] ktrstruct(ffff800021278000,ffffffff823b951b,ffff8000211de508,8) at ktrstruct+0x169 sys/kern/kern_ktrace.c:311 sys_socketpair(ffff800021278000,ffff8000211de578,ffff8000211de5c0) at sys_socketpair+0x3ed sys/kern/uipc_syscalls.c:470 syscall(ffff8000211de640) at syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000211de640) at syscall+0x5bf sys/arch/amd64/amd64/trap.c:590 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9549ad00830, count: -12