login: witness: lock order reversal: 1st 0xffff8000347870f0 fdlock (&newfdp->fd_fd.fd_lock) 2nd 0xfffffd806fb3ee98 inode (&ip->i_lock) lock order [1] fdlock (&newfdp->fd_fd.fd_lock) -> [2] inode (&ip->i_lock) lock order data 0xffffffff8348dd1d -> 0xffffffff8347bc4f is missing lock order [2] inode (&ip->i_lock) -> [3] sbufrcv (&so->so_rcv.sb_lock) #0 rw_do_enter_write+0xba sys/kern/kern_rwlock.c:234 #1 sblock+0xb6 sys/kern/uipc_socket2.c:536 #2 soreceive+0x27d sys/kern/uipc_socket.c:890 #3 fifo_read+0x117 sys/miscfs/fifofs/fifo_vnops.c:264 #4 VOP_READ+0x101 sys/kern/vfs_vops.c:227 #5 vn_rdwr+0x15b sys/kern/vfs_vnops.c:-1 #6 vndsetcred+0xa1 sys/dev/vnd.c:685 #7 vndioctl+0xdfc sys/dev/vnd.c:486 #8 VOP_IOCTL+0xac sys/kern/vfs_vops.c:264 #9 vn_ioctl+0xf8 sys/kern/vfs_vnops.c:537 #10 sys_ioctl+0x674 sys/kern/sys_generic.c:-1 #11 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #11 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #12 Xsyscall+0x128 lock order [3] sbufrcv (&so->so_rcv.sb_lock) -> [1] fdlock (&newfdp->fd_fd.fd_lock) #0 rw_do_enter_write+0xba sys/kern/kern_rwlock.c:234 #1 unp_externalize+0x3cf sys/kern/uipc_usrreq.c:1074 #2 soreceive+0xc24 sys/kern/uipc_socket.c:1029 #3 recvit+0x40b sys/kern/uipc_syscalls.c:1078 #4 sys_recvmsg+0x1bf sys/kern/uipc_syscalls.c:878 #5 syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] #5 syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 #6 Xsyscall+0x128 Stopped at db_enter+0x25: addq $0x8,%rsp ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 witness_checkorder(fffffd806fb3ee98,9,0) at witness_checkorder+0x10d1 sys/kern/subr_witness.c:-1 rw_do_enter_write(fffffd806fb3ee80,1) at rw_do_enter_write+0xba sys/kern/kern_rwlock.c:234 rrw_enter(fffffd806fb3ee80,1) at rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 VOP_LOCK(fffffd806fc3b448,2001) at VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 vn_lock(fffffd806fc3b448,2001) at vn_lock+0xa4 sys/kern/vfs_vnops.c:576 vn_closefile(fffffd806e931ab0,ffff8000fffe7a18) at vn_closefile+0x111 vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffffd806e931ab0,ffff8000fffe7a18) at vn_closefile+0x111 sys/kern/vfs_vnops.c:621 fdrop(fffffd806e931ab0,ffff8000fffe7a18) at fdrop+0x121 sys/kern/kern_descrip.c:1281 knote_drop(fffffd806b5fa4c8,ffff8000fffe7a18) at knote_drop+0x1a1 sys/kern/kern_event.c:2296 knote_remove(ffff8000fffe7a18,fffffd806f420700,fffffd806f420790,4,0) at knote_remove+0x215 sys/kern/kern_event.c:-1 knote_fdclose(ffff8000fffe7a18,4) at knote_fdclose+0xf9 sys/kern/kern_event.c:2203 fdrelease(ffff8000fffe7a18,4) at fdrelease+0xf9 sys/kern/kern_descrip.c:761 syscall(ffff80002a27c530) at syscall+0xbd4 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff80002a27c530) at syscall+0xbd4 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xead7924f240, count: -14 ddb{0}> show registers rdi 0 rsi 0x80000 acpi_pdirpa+0x6be71 rbp 0xffff80002a27bff0 rbx 0 rdx 0xffff8000015f9480 rcx 0xffff8000fffe7a18 rax 0x7ffff acpi_pdirpa+0x6be70 r8 0xffff80002a27bed0 r9 0x8080808080808080 r10 0xc82fd673cf7e6bc1 r11 0x56469a3a9b2b62eb r12 0xfffffd80040a7d00 r13 0xfffffd8004895808 r14 0x3 r15 0xffffffff8351501e substchar+0xe738 rip 0xffffffff8336ffa5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a27bfe0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=477045 pid=1926 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=75, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff8000fffe6d20,0xffff8000fffe74f8 process=0xffff8000fffe84f0 user=0xffff80002a277000, vmspace=0xfffffd800b0637a0 estcpu=36, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{0}>