ÿ¬D[kÁwitness: lock order reversal: 1st 0xfffffd8074785448 fdlock (&newfdp->fd_fd.fd_lock) 2nd 0xfffffd8067d5da30 inode (&ip->i_lock) lock order data w2 -> w1 missing lock order data w1 -> w2 missing Stopped at db_enter+0x18: addq $0x8,%rsp ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 witness_checkorder(fffffd8067d5da30,9,0) at witness_checkorder+0x108b rw_enter(fffffd8067d5da20,1) at rw_enter+0xd4 rrw_enter(fffffd8067d5da20,1) at rrw_enter+0x88 sys/kern/kern_rwlock.c:461 VOP_LOCK(fffffd80681febf8,2001) at VOP_LOCK+0x87 sys/kern/vfs_vops.c:614 vn_lock(fffffd80681febf8,2001) at vn_lock+0x84 sys/kern/vfs_vnops.c:579 vget(fffffd80681febf8,2001) at vget+0x1f7 sys/kern/vfs_subr.c:676 ktrwriteraw(ffff800024539cf0,fffffd80681febf8,fffffd807f7d8720,ffff8000212a5130,ffff8000212a5110) at ktrwriteraw+0x138 sys/kern/kern_ktrace.c:659 ktrstruct(ffff800024539cf0,ffffffff823b9dc3,ffff8000212a5218,8) at ktrstruct+0x169 ktrwrite2 sys/kern/kern_ktrace.c:627 [inline] ktrstruct(ffff800024539cf0,ffffffff823b9dc3,ffff8000212a5218,8) at ktrstruct+0x169 sys/kern/kern_ktrace.c:311 sys_socketpair(ffff800024539cf0,ffff8000212a5288,ffff8000212a52d0) at sys_socketpair+0x3ed sys/kern/uipc_syscalls.c:470 syscall(ffff8000212a5350) at syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000212a5350) at syscall+0x5bf sys/arch/amd64/amd64/trap.c:590 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd4dd7ed9b00, count: -12 ddb{1}> show registers rdi 0xffff8000212ba000 rsi 0x14f36 acpi_pdirpa+0xd9e rbp 0xffff8000212a4d40 rbx 0x3 rdx 0xffff8000212ba000 rcx 0x14f35 acpi_pdirpa+0xd9d rax 0xffffffff8183eaa7 db_enter+0x17 r8 0xffffffff81567231 witness_checkorder+0x1061 r9 0x5 r10 0x2623af72a5ae24e4 r11 0x2966886500efca93 r12 0 r13 0xfffffd8067d5da30 r14 0 r15 0xfffffd8002cf4740 rip 0xffffffff8183eaa8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000212a4d30 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor.0) pid=26162 stat=onproc flags process=0 proc=4000001 pri=32, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff800024539270,0xffff800024538560 process=0xffff8000246bdda0 user=0xffff8000212a0000, vmspace=0xfffffd80084d25c0 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 37708 136814 65775 0 2 0 syz-executor.1 42243 466039 5603 0 7 0 syz-executor.0 *42243 26162 5603 0 7 0x4000001 syz-executor.0 65775 431144 82895 0 3 0x82 nanoslp syz-executor.1 52475 247865 1 0 3 0x100083 ttyin getty 5136 479782 0 0 3 0x14200 bored sosplice 71275 386266 0 0 3 0x14280 nfsidl nfsio 6674 254993 0 0 3 0x14280 nfsidl nfsio 9641 394334 0 0 3 0x14280 nfsidl nfsio 66154 74735 0 0 3 0x14280 nfsidl nfsio 25770 217324 0 0 3 0x14280 nfsidl nfsio 10787 4650 0 0 3 0x14280 nfsidl nfsio 4364 253986 0 0 3 0x14280 nfsidl nfsio 38699 264425 0 0 3 0x14280 nfsidl nfsio 33949 135279 0 0 3 0x14280 nfsidl nfsio 8606 232976 0 0 3 0x14280 nfsidl nfsio 77159 320974 0 0 3 0x14280 nfsidl nfsio 14127 13091 0 0 3 0x14280 nfsidl nfsio 62679 498604 0 0 3 0x14280 nfsidl nfsio 69129 522583 0 0 3 0x14280 nfsidl nfsio 74860 281651 0 0 3 0x14280 nfsidl nfsio 56694 309999 0 0 3 0x14280 nfsidl nfsio 89751 187798 0 0 3 0x14280 nfsidl nfsio 19275 372401 0 0 3 0x14280 nfsidl nfsio 9425 271953 0 0 3 0x14280 nfsidl nfsio 94417 176854 0 0 3 0x14280 nfsidl nfsio 5603 159408 82895 0 3 0x82 nanoslp syz-executor.0 82895 500527 98142 0 3 0x82 thrsleep syz-fuzzer 82895 47957 98142 0 3 0x4000082 thrsleep syz-fuzzer 82895 498510 98142 0 3 0x4000082 thrsleep syz-fuzzer 82895 188192 98142 0 3 0x4000082 thrsleep syz-fuzzer 82895 133830 98142 0 3 0x4000082 thrsleep syz-fuzzer 82895 438372 98142 0 3 0x4000082 thrsleep syz-fuzzer 82895 518974 98142 0 3 0x4000082 kqread syz-fuzzer 82895 111208 98142 0 3 0x4000082 thrsleep syz-fuzzer 98142 163392 20091 0 3 0x10008a sigsusp ksh 20091 190092 58404 0 3 0x92 select sshd 58404 58884 1 0 3 0x80 select sshd 28395 458025 74565 74 3 0x100092 bpf pflogd 74565 238223 1 0 3 0x80 netio pflogd 51347 456051 21705 73 3 0x100090 kqread syslogd 21705 318279 1 0 3 0x100082 netio syslogd 80571 409596 1 77 3 0x100090 poll dhclient 96468 86500 1 0 3 0x80 poll dhclient 47803 211499 0 0 3 0x14200 bored smr 41180 198584 0 0 2 0x14200 zerothread 53740 503883 0 0 3 0x14200 aiodoned aiodoned 20843 411001 0 0 3 0x14200 syncer update 11082 213867 0 0 3 0x14200 cleaner cleaner 33350 239517 0 0 3 0x14200 reaper reaper 55571 208793 0 0 3 0x14200 pgdaemon pagedaemon 13823 113689 0 0 3 0x14200 bored crynlk 64274 73635 0 0 3 0x14200 bored crypto 36605 447824 0 0 3 0x14200 bored viomb 2038 362976 0 0 3 0x40014200 acpi0 acpi0 13078 469738 0 0 3 0x40014200 idle1 81458 42662 0 0 3 0x14200 bored softnet 63824 48142 0 0 3 0x14200 bored systqmp 76733 292438 0 0 3 0x14200 bored systq 14901 515670 0 0 3 0x40014200 bored softclock 33325 25870 0 0 3 0x40014200 idle0 1 251903 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 42243 (syz-executor.0) thread 0xffff800024539cf0 (26162) exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82795c40) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 ktrstruct+0xee #2 sys_socketpair+0x3ed sys/kern/uipc_syscalls.c:470 #3 syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] #3 syscall+0x5bf sys/arch/amd64/amd64/trap.c:590 #4 Xsyscall+0x128 exclusive rwlock fdlock r = 0 (0xfffffd8074785448) #0 witness_lock+0x4b0 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4b0 sys/kern/subr_witness.c:1182 #1 sys_socketpair+0x219 #2 syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] #2 syscall+0x5bf sys/arch/amd64/amd64/trap.c:590 #3 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10166 6577K 6997K 78643K 12712 0 pcb 13 8K 8K 78643K 66 0 rtable 102 3K 3K 78643K 412 0 ifaddr 65 13K 14K 78643K 129 0 sysctl 2 0K 0K 78643K 2 0 counters 44 34K 34K 78643K 70 0 ioctlops 0 0K 4K 78643K 1503 0 iov 0 0K 12K 78643K 40 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 1 0 vnodes 1221 77K 77K 78643K 1673 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 3 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 109 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 6 17K 25K 78643K 1483 0 sigio 0 0K 0K 78643K 7 0 proc 62 63K 95K 78643K 521 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 65 0 in_multi 33 2K 2K 78643K 67 0 ether_multi 1 0K 0K 78643K 12 0 mrt 0 0K 0K 78643K 5 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 43 201K 201K 78643K 43 0 exec 0 0K 2K 78643K 409 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 227 46K 61K 78643K 19480 0 UVM aobj 14 2K 2K 78643K 14 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 40 0 NDP 11 0K 0K 78643K 30 0 temp 128 3986K 4054K 78643K 9448 0 kqueue 3 4K 8K 78643K 21 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 120 44 0 42 1 0 1 1 0 8 0 rtentry 112 74 0 31 2 0 2 2 0 8 0 unpcb 120 322 0 309 1 0 1 1 0 8 0 syncache 296 13 0 13 2 2 0 1 0 8 0 tcpqe 32 1876 0 1876 2 2 0 1 0 8 0 tcpcb 736 179 0 175 3 2 1 2 0 8 0 arp 120 16 0 10 1 0 1 1 0 8 0 inpcb 304 467 0 461 3 1 2 2 0 8 1 nd6 48 9 0 3 1 0 1 1 0 8 0 pkpcb 40 8 0 8 3 3 0 1 0 8 0 kcovpl 48 3 0 1 1 0 1 1 0 8 0 pffrag 232 6 0 5 1 0 1 1 0 482 0 pffrnode 88 6 0 5 1 0 1 1 0 8 0 pffrent 40 227 0 226 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 35 0 20 1 0 1 1 0 8 0 pfstkey 112 35 0 20 1 0 1 1 0 8 0 pfstate 320 35 0 20 2 0 2 2 0 8 0 pfrule 1360 28 0 23 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 246 0 59 13 0 13 13 0 8 0 art_table 32 247 0 59 2 0 2 2 0 8 0 art_node 16 73 0 35 1 0 1 1 0 8 0 sysvmsgpl 40 25 0 17 1 0 1 1 0 8 0 semapl 112 97 0 87 1 0 1 1 0 8 0 shmpl 112 11 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 3060 0 1654 89 0 89 89 0 8 0 ffsino 272 3060 0 1654 96 1 95 95 0 8 1 nchpl 144 4802 0 3205 60 0 60 60 0 8 0 uvmvnodes 72 3466 0 0 64 0 64 64 0 8 0 vnodes 224 3466 0 0 204 0 204 204 0 8 0 namei 1024 12111 0 12111 3 2 1 1 0 8 1 percpumem 16 46 0 13 1 0 1 1 0 8 0 vcpupl 1984 3 0 0 1 0 1 1 0 8 0 vmpool 560 3 0 0 1 0 1 1 0 8 0 scxspl 216 14172 0 14172 13 12 1 8 0 8 1 plimitpl 152 38 0 30 1 0 1 1 0 8 0 sigapl 424 1717 0 1663 7 0 7 7 0 8 0 futexpl 56 10309 0 10309 2 1 1 1 0 8 1 knotepl 112 95 0 75 1 0 1 1 0 8 0 kqueuepl 168 1117 0 1115 1 0 1 1 0 8 0 pipepl 336 153 0 142 8 6 2 2 0 8 1 fdescpl 496 1680 0 1663 3 0 3 3 0 8 0 filepl 152 5900 0 5796 8 3 5 6 0 8 0 lockfpl 104 183 0 182 1 0 1 1 0 8 0 lockfspl 48 59 0 58 1 0 1 1 0 8 0 sessionpl 144 20 0 9 1 0 1 1 0 8 0 pgrppl 48 26 0 15 1 0 1 1 0 8 0 ucredpl 96 543 0 534 1 0 1 1 0 8 0 zombiepl 144 1663 0 1663 2 1 1 1 0 8 1 processpl 1080 1717 0 1663 4 0 4 4 0 8 0 procpl 672 3720 0 3658 6 0 6 6 0 8 0 sosppl 168 9 0 9 2 2 0 1 0 8 0 sockpl 480 844 0 823 11 7 4 5 0 8 1 mcl64k 65536 19 0 0 3 1 2 3 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 6 0 0 1 0 1 1 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 9 0 0 2 0 2 2 0 8 0 mcl2k 2048 253 0 0 31 0 31 31 0 8 0 mtagpl 96 102 0 0 3 0 3 3 0 8 0 mbufpl 256 541 0 0 31 0 31 31 0 8 0 bufpl 280 5057 0 157 350 0 350 350 0 8 0 anonpl 24 441749 0 425009 153 25 128 140 0 186 8 amapchunkpl 152 46931 0 46325 47 22 25 39 0 158 0 amappl16 200 3504 0 2794 62 23 39 49 0 8 0 amappl15 192 738 0 732 1 0 1 1 0 8 0 amappl14 184 4 0 2 1 0 1 1 0 8 0 amappl13 176 767 0 764 1 0 1 1 0 8 0 amappl12 168 36 0 29 1 0 1 1 0 8 0 amappl11 160 50 0 37 1 0 1 1 0 8 0 amappl10 152 21 0 14 1 0 1 1 0 8 0 amappl9 144 287 0 286 1 0 1 1 0 8 0 amappl8 136 461 0 408 2 0 2 2 0 8 0 amappl7 128 63 0 53 1 0 1 1 0 8 0 amappl6 120 121 0 101 1 0 1 1 0 8 0 amappl5 112 865 0 851 1 0 1 1 0 8 0 amappl4 104 551 0 523 1 0 1 1 0 8 0 amappl3 96 1504 0 1496 1 0 1 1 0 8 0 amappl2 88 487 0 440 2 0 2 2 0 8 0 amappl1 80 32461 0 32038 14 4 10 12 0 8 0 amappl 88 19099 0 18939 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 13 0 0 1 0 1 1 0 8 0 uaddrrnd 24 1683 0 1663 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1683 0 1663 1 0 1 1 0 8 0 vmmpekpl 168 13130 0 13102 2 0 2 2 0 8 0 vmmpepl 168 188985 0 186919 155 35 120 120 0 357 28 vmsppl 368 1682 0 1663 2 0 2 2 0 8 0 rwobjpl 56 36163 0 34728 28 6 22 24 0 8 0 pdppl 4096 3373 0 3329 67 23 44 45 0 8 0 pvpl 32 1033160 0 1013513 242 34 208 219 0 265 23 pmappl 232 1682 0 1663 3 1 2 2 0 8 0 extentpl 40 58 0 40 1 0 1 1 0 8 0 phpool 112 359 0 38 11 1 10 10 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff826fbff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x3e kd_curproc sys/dev/kcov.c:571 [inline] __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+0x3e sys/dev/kcov.c:143 __mp_lock(ffffffff82795a38) at __mp_lock+0x133 __mp_lock_spin sys/kern/kern_lock.c:116 [inline] __mp_lock(ffffffff82795a38) at __mp_lock+0x133 sys/kern/kern_lock.c:147 softintr_dispatch(0) at softintr_dispatch+0x4e sys/arch/amd64/amd64/softintr.c:90 Xsoftclock() at Xsoftclock+0x1f end of kernel end trace frame: 0x7f7ffffc2c50, count: -7 ddb{0}> machine ddbcpu 1 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 witness_checkorder(fffffd8067d5da30,9,0) at witness_checkorder+0x108b rw_enter(fffffd8067d5da20,1) at rw_enter+0xd4 rrw_enter(fffffd8067d5da20,1) at rrw_enter+0x88 sys/kern/kern_rwlock.c:461 VOP_LOCK(fffffd80681febf8,2001) at VOP_LOCK+0x87 sys/kern/vfs_vops.c:614 vn_lock(fffffd80681febf8,2001) at vn_lock+0x84 sys/kern/vfs_vnops.c:579 vget(fffffd80681febf8,2001) at vget+0x1f7 sys/kern/vfs_subr.c:676 ktrwriteraw(ffff800024539cf0,fffffd80681febf8,fffffd807f7d8720,ffff8000212a5130,ffff8000212a5110) at ktrwriteraw+0x138 sys/kern/kern_ktrace.c:659 ktrstruct(ffff800024539cf0,ffffffff823b9dc3,ffff8000212a5218,8) at ktrstruct+0x169 ktrwrite2 sys/kern/kern_ktrace.c:627 [inline] ktrstruct(ffff800024539cf0,ffffffff823b9dc3,ffff8000212a5218,8) at ktrstruct+0x169 sys/kern/kern_ktrace.c:311 sys_socketpair(ffff800024539cf0,ffff8000212a5288,ffff8000212a52d0) at sys_socketpair+0x3ed sys/kern/uipc_syscalls.c:470 syscall(ffff8000212a5350) at syscall+0x5bf mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff8000212a5350) at syscall+0x5bf sys/arch/amd64/amd64/trap.c:590 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xd4dd7ed9b00, count: -12