[.zX;j?xe!`=^gp2U@LF~1nT CڪqS50hȍdɶpN NRKr0[J/3^eb* V"H}Rt>j@MBl(~XJsgXz'9ccesx8>`aDf^cq_mtx (&cq->cq_mtx) 2nd 0xffffffff838c2a98 &sched_lock (&sched_lock) lock order [1] &cq->cq_mtx (&cq->cq_mtx) -> [2] &sched_lock (&sched_lock) #0 mtx_enter+149 #1 sleep_setup+237 #2 msleep_nsec+267 #3 dt_ioctl_record_stop+188 #4 dtclose+265 #5 spec_close+1126 #6 VOP_CLOSE+306 #7 vn_closefile+299 #8 fdrop+289 #9 closef+402 #10 syscall+3028 #11 Xsyscall+296 lock order [2] &sched_lock (&sched_lock) -> [1] &cq->cq_mtx (&cq->cq_mtx) #0 mtx_enter+149 #1 clockintr_cancel+47 #2 mi_switch+391 #3 ast+346 #4 Xsyscall+342 Stopped at db_enter+37: addq $8,%rsp ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace db_enter() at db_enter+37 witness_checkorder(ffffffff838c2a98,9,0) at witness_checkorder+4305 mtx_enter(ffffffff838c2a88) at mtx_enter+149 sleep_setup(ffffffff837cee80,220,ffffffff83432e1d) at sleep_setup+237 msleep_nsec(ffffffff837cee80,ffffffff837cee20,220,ffffffff83432e1d,ffffffffffffffff) at msleep_nsec+267 dt_ioctl_record_stop(ffff80000158a000) at dt_ioctl_record_stop+188 dtclose(31e5f,81,2000,ffff80003c4a22c8) at dtclose+265 spec_close(ffff80002a2d4880) at spec_close+1126 VOP_CLOSE(fffffd8065b897a0,81,fffffd80097fd680,ffff80003c4a22c8) at VOP_CLOSE+306 vn_closefile(fffffd805db72260,ffff80003c4a22c8) at vn_closefile+299 fdrop(fffffd805db72260,ffff80003c4a22c8) at fdrop+289 closef(fffffd805db72260,ffff80003c4a22c8) at closef+402 syscall(ffff80002a2d4ae0) at syscall+3028 Xsyscall() at Xsyscall+296 end of kernel end trace frame: 0xee8c78ce410, count: -14 ddb{1}> show registers rdi 0 rsi 0 rbp 18446603336928806224 rbx 0 rdx 0 rcx 18446603337232687816 rax 18446603336919474160 r8 18446603336928805936 r9 9259542123273814144 r10 5428507005399941792 r11 1047420081153847555 r12 18446741324996812352 r13 18446741325005127000 r14 3 r15 18446744071616720814 substchar+49727 rip 18446744071603872309 db_enter+37 cs 8 rflags 582 rsp 18446603336928806208 ss 16 db_enter+37: addq $8,%rsp ddb{1}> show proc PROC (syz-executor) tid=324328 pid=89340 tcnt=2 stat=onproc flags process=0 proc=4000000 runpri=32, usrpri=83, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80003c4a2030,0xffff80003c4a2808 process=0xffff8000ffff44d8 user=0xffff80002a2cf000, vmspace=0xfffffd806eabc010 estcpu=33, cpticks=0, pctcpu=0.0, user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 50767 512332 98865 0 2 0 syz-executor 50767 159073 98865 0 3 0x4000080 fsleep syz-executor 50767 278583 98865 0 3 0x4000080 fifor syz-executor 5798 390590 2146 0 2 0x3000 syz-executor 89340 172785 70206 0 2 0 syz-executor *89340 324328 70206 0 7 0x4000000 syz-executor 81588 94589 73298 0 2 0xc80 syz-executor 81588 202774 73298 0 3 0x4000080 kqread syz-executor 81588 21262 73298 0 3 0x4000080 fsleep syz-executor 89895 104703 0 0 3 0x14200 acct acct 2146 290172 54893 0 2 0xc82 syz-executor 91664 92198 1 0 3 0x100083 ttyopn getty 15607 383588 0 0 3 0x14280 nfsidl nfsio 32912 51260 0 0 3 0x14280 nfsidl nfsio 44855 158907 0 0 3 0x14280 nfsidl nfsio 43056 205380 0 0 3 0x14280 nfsidl nfsio 76234 302792 0 0 3 0x14280 nfsidl nfsio 18453 86049 0 0 3 0x14280 nfsidl nfsio 71113 158231 0 0 3 0x14280 nfsidl nfsio 78395 229057 0 0 3 0x14280 nfsidl nfsio 43585 178335 0 0 3 0x14280 nfsidl nfsio 52755 196387 0 0 3 0x14280 nfsidl nfsio 80345 311280 0 0 3 0x14280 nfsidl nfsio 1194 521788 0 0 3 0x14280 nfsidl nfsio 69594 135501 0 0 3 0x14280 nfsidl nfsio 17354 19604 0 0 3 0x14280 nfsidl nfsio 24256 54195 0 0 3 0x14280 nfsidl nfsio 91743 24842 0 0 3 0x14280 nfsidl nfsio 454 353974 0 0 3 0x14280 nfsidl nfsio 20046 3491 0 0 3 0x14280 nfsidl nfsio 68352 291737 0 0 3 0x14280 nfsidl nfsio 49843 174421 0 0 3 0x14280 nfsidl nfsio 87304 413136 54893 0 3 0x82 wait syz-executor 99792 333429 54893 0 3 0x2 biowait syz-executor 98865 88425 54893 0 2 0xc82 syz-executor 10162 344290 54893 0 2 0xc82 syz-executor 70206 26435 54893 0 3 0x82 nanoslp syz-executor 73298 391038 54893 0 3 0x82 nanoslp syz-executor 95659 189038 54893 0 2 0xc82 syz-executor 54893 30745 30824 0 3 0x82 kqread syz-executor 30824 161018 99747 0 3 0x10008a sigsusp ksh 99747 17596 92286 0 3 0x98 kqread sshd-session 92286 80609 68600 0 3 0x92 kqread sshd-session 68600 195252 1 0 3 0x88 kqread sshd 4626 147660 78464 74 3 0x1100092 bpf pflogd 78464 160921 1 0 3 0x80 sbwait pflogd 59249 75248 83792 73 3 0x1100090 kqread syslogd 83792 483281 1 0 3 0x100082 sbwait syslogd 34700 310586 1 0 3 0x100080 kqread resolvd 5865 25029 11737 77 3 0x100092 kqread dhcpleased 77983 54313 11737 77 3 0x100092 kqread dhcpleased 11737 161213 1 0 3 0x80 kqread dhcpleased 33826 273577 0 0 3 0x14200 bored smr 7838 233530 0 0 2 0x14200 zerothread 93049 516588 0 0 3 0x14200 aiodoned aiodoned 21129 517754 0 0 3 0x14200 syncer update 96124 345077 0 0 3 0x14200 cleaner cleaner 88205 142214 0 0 7 0x14200 reaper 39629 51593 0 0 3 0x14200 pgdaemon pagedaemon 38620 390659 0 0 3 0x14200 bored viomb 61391 131082 0 0 3 0x40014200 acpi0 acpi0 6256 198685 0 0 3 0x40014200 idle1 32820 484011 0 0 3 0x14200 bored softnet1 64140 322617 0 0 3 0x14200 bored softnet0 6699 400261 0 0 3 0x14200 bored systqmp 15654 223917 0 0 3 0x14200 bored systq 31121 290978 0 0 3 0x14200 tmoslp softclockmp 71420 513424 0 0 3 0x40014200 tmoslp softclock 13523 27143 0 0 3 0x40014200 idle0 1 159695 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks CPU 1: exclusive mutex &cq->cq_mtx r = 0 (0xffffffff837cee30) #0 witness_lock+1521 #1 mtx_enter+1204 #2 clockintr_unbind+86 #3 dt_ioctl_record_stop+188 #4 dtclose+265 #5 spec_close+1126 #6 VOP_CLOSE+306 #7 vn_closefile+299 #8 fdrop+289 #9 closef+402 #10 syscall+3028 #11 Xsyscall+296 Process 89340 (syz-executor) thread 0xffff80003c4a22c8 (324328) exclusive rwlock dtlk r = 0 (0xffffffff8385e0a8) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 dt_ioctl_record_stop+46 #3 dtclose+265 #4 spec_close+1126 #5 VOP_CLOSE+306 #6 vn_closefile+299 #7 fdrop+289 #8 closef+402 #9 syscall+3028 #10 Xsyscall+296 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff838b9a08) #0 witness_lock+1521 #1 vn_closefile+65 #2 fdrop+289 #3 closef+402 #4 syscall+3028 #5 Xsyscall+296 exclusive mutex &cq->cq_mtx r = 0 (0xffffffff837cee30) #0 witness_lock+1521 #1 mtx_enter+1204 #2 clockintr_unbind+86 #3 dt_ioctl_record_stop+188 #4 dtclose+265 #5 spec_close+1126 #6 VOP_CLOSE+306 #7 vn_closefile+299 #8 fdrop+289 #9 closef+402 #10 syscall+3028 #11 Xsyscall+296 Process 99792 (syz-executor) thread 0xffff8000ffff2fa8 (333429) exclusive rrwlock inode r = 0 (0xfffffd80705796e8) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 rrw_enter+198 #3 VOP_LOCK+189 #4 vn_lock+164 #5 vget+674 #6 ufs_ihashget+389 #7 ffs_vget+140 #8 ufs_lookup+6710 #9 VOP_LOOKUP+110 #10 vfs_lookup+2362 #11 namei+1994 #12 dounlinkat+193 #13 syscall+2839 #14 Xsyscall+296 exclusive rrwlock inode r = 0 (0xfffffd806bd467d8) #0 witness_lock+1521 #1 rw_do_enter_write+1049 #2 rrw_enter+198 #3 VOP_LOCK+189 #4 vn_lock+164 #5 vget+674 #6 cache_lookup+849 #7 ufs_lookup+483 #8 VOP_LOOKUP+110 #9 vfs_lookup+2362 #10 namei+1994 #11 dounlinkat+193 #12 syscall+2839 #13 Xsyscall+296 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11083 12158K 12407K 166960K 12770 0 pcb 17 16K 18K 166960K 414 0 rtable 239 8K 9K 166960K 592 0 pf 39 18K 18K 166960K 101 0 ifaddr 46 8K 8K 166960K 92 0 ifgroup 60 2K 2K 166960K 132 0 sysctl 4 1K 9K 166960K 9 0 counters 74 37K 37K 166960K 152 0 ioctlops 0 0K 4K 166960K 1728 0 iov 0 0K 16K 166960K 112 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1398 88K 89K 166960K 2028 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 2K 10K 166960K 18 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 38 0 dirhash 12 2K 2K 166960K 36 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 17 61K 93K 166960K 1045 0 sigio 0 0K 0K 166960K 9 0 proc 73 115K 180K 166960K 654 0 subproc 72 4K 4K 166960K 81 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 113 0 in_multi 96 7K 7K 166960K 169 0 ether_multi 1 0K 0K 166960K 14 0 mrt 1 0K 0K 166960K 9 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 103 466K 466K 166960K 103 0 exec 0 0K 1K 166960K 599 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 249 159K 174K 166960K 11662 0 UVM aobj 89 5K 5K 166960K 93 0 pinsyscall 42 84K 106K 166960K 2243 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 95 0 NDP 13 0K 2K 166960K 60 0 temp 109 8680K 8794K 166960K 52216 0 kqueue 15 20K 32K 166960K 209 0 SYN cache 2 8K 16K 166960K 3 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 109 0 106 1 0 1 1 0 8 0 rtentry 176 179 0 75 6 0 6 6 0 8 0 unpcb 144 733 0 711 8 4 4 4 0 8 3 syncache 336 9 0 9 4 3 1 1 0 8 1 tcpqe 32 1 0 1 1 1 0 1 0 8 0 tcpcb 736 403 0 397 16 10 6 7 0 8 5 arp 136 22 0 2 1 0 1 1 0 8 0 inpcb 328 1482 0 1470 12 5 7 7 0 8 5 nd6 152 30 0 5 1 0 1 1 0 8 0 pkpcb 40 8 0 8 3 2 1 1 0 8 1 kcovpl 48 9 0 1 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 1 0 1 0 8 0 ppxss 1192 33 0 32 2 1 1 1 0 8 0 pppxif 1504 4 0 3 3 2 1 1 0 8 0 pffrag 232 16 0 8 1 0 1 1 0 482 0 pffrnode 88 16 0 8 1 0 1 1 0 8 0 pffrent 40 29 0 21 1 0 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 rttmr 136 2 0 2 2 1 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 657 0 209 33 4 29 31 0 8 0 art_table 40 659 0 209 5 0 5 5 0 8 0 art_node 32 176 0 84 2 1 1 2 0 8 0 sysvmsgpl 40 2 0 2 1 1 0 1 0 8 0 semupl 112 6 0 6 3 2 1 1 0 8 1 semapl 112 34 0 24 1 0 1 1 0 8 0 shmpl 112 89 0 4 3 0 3 3 0 8 0 dirhash 1024 34 0 17 3 0 3 3 0 8 0 dino2pl 256 3481 0 1967 96 0 96 96 0 8 0 ffsino 296 3481 0 1967 118 1 117 118 0 8 0 nchpl 144 4995 0 3280 64 0 64 64 0 8 0 rtmask 32 6 0 6 1 1 0 1 0 8 0 vnodes 216 3775 0 0 210 0 210 210 0 8 0 namei 1024 17100 0 17100 4 2 2 2 0 8 2 percpumem 16 91 0 39 1 0 1 1 0 8 0 vcpupl 3968 1 0 0 1 0 1 1 0 8 0 vmpool 848 1 0 0 1 0 1 1 0 8 0 kstatmem 264 82 0 54 4 2 2 3 0 8 0 scsiplug 72 4 0 4 2 2 0 1 0 8 0 scxspl 216 31080 0 31079 10 9 1 8 1 8 0 plimitpl 152 199 0 180 1 0 1 1 0 8 0 sigapl 424 1388 0 1320 8 0 8 8 0 8 0 knotepl 120 805 0 0 25 0 25 25 0 8 0 kqueuepl 224 350 0 339 5 4 1 5 0 8 0 pipepl 344 195 0 168 3 0 3 3 0 8 0 fdescpl 528 1348 0 1317 3 0 3 3 0 8 0 filepl 160 8761 0 8525 22 6 16 16 0 8 4 lockfpl 104 724 0 722 3 1 2 2 0 8 1 lockfspl 48 215 0 213 1 0 1 1 0 8 0 sessionpl 144 27 0 18 1 0 1 1 0 8 0 pgrppl 48 45 0 28 1 0 1 1 0 8 0 ucredpl 104 1340 0 1327 1 0 1 1 0 8 0 zombiepl 144 1324 0 1320 1 0 1 1 0 8 0 processpl 1232 1388 0 1320 6 0 6 6 0 8 0 procpl 664 2983 0 2909 8 0 8 8 0 8 0 sosppl 176 8 0 8 2 1 1 1 0 8 1 sockpl 752 2362 0 2325 18 7 11 11 0 8 7 mcl64k 65536 5 0 0 1 0 1 1 0 8 0 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 3 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 3 0 0 1 0 1 1 0 8 0 mcl4k 4096 118 0 0 15 0 15 15 0 8 0 mcl2k 2048 33 0 0 4 0 4 4 0 8 0 mtagpl 96 5 0 0 1 0 1 1 0 8 0 mbufpl 256 1811 0 0 114 0 114 114 0 8 0 bufpl 280 12244 0 6107 439 0 439 439 0 8 0 anonpl 32 11195 0 0 91 0 91 91 0 246 0 amapchunkpl 152 38779 0 38282 31 2 29 30 0 158 5 amappl16 200 6087 0 6054 55 41 14 26 0 8 8 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 7 0 7 1 1 0 1 0 8 0 amappl13 176 444 0 443 1 0 1 1 0 8 0 amappl12 168 1737 0 1694 3 0 3 3 0 8 0 amappl11 160 3 0 2 1 0 1 1 0 8 0 amappl10 152 67 0 52 1 0 1 1 0 8 0 amappl9 144 249 0 249 1 1 0 1 0 8 0 amappl8 136 23 0 21 1 0 1 1 0 8 0 amappl7 128 88 0 87 1 0 1 1 0 8 0 amappl6 120 299 0 286 1 0 1 1 0 8 0 amappl5 112 95 0 84 1 0 1 1 0 8 0 amappl4 104 451 0 421 1 0 1 1 0 8 0 amappl3 96 6657 0 6564 4 1 3 3 0 8 0 amappl2 88 1485 0 1408 2 0 2 2 0 8 0 amappl1 80 13730 0 13143 16 2 14 15 0 8 0 amappl 88 10741 0 10570 5 0 5 5 0 92 0 uvmvnodes 80 132 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 254 0 254 2 2 0 1 0 8 0 dma64 64 11 0 11 4 3 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 92 0 4 2 0 2 2 0 8 0 uaddrrnd 24 1349 0 1318 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1349 0 1318 1 0 1 1 0 8 0 vmmpekpl 168 12444 0 12403 3 0 3 3 0 8 0 vmmpepl 168 94344 0 92411 119 13 106 107 0 357 13 vmsppl 488 1348 0 1318 7 2 5 5 0 8 0 rwobjpl 80 28247 0 27100 36 3 33 33 0 8 0 pdppl 4096 2708 0 2637 115 42 73 86 0 8 2 pvpl 32 19698 0 0 159 0 159 159 0 265 0 pmappl 256 1349 0 1318 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 416 0 64 12 1 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+39: addq $8,%rsp ddb{0}> trace x86_ipi_db(ffffffff837cdff0) at x86_ipi_db+39 x86_ipi_handler() at x86_ipi_handler+217 Xresume_lapic_ipi() at Xresume_lapic_ipi+39 __sanitizer_cov_trace_pc() at __sanitizer_cov_trace_pc+44 mtx_enter(ffffffff837cee20) at mtx_enter+885 clockintr_dispatch(ffff80002a243f40) at clockintr_dispatch+1025 lapic_clockintr(0,0) at lapic_clockintr+81 Xresume_lapic_ltimer() at Xresume_lapic_ltimer+42 x2apic_ipi(f2,1,0) at x2apic_ipi+127 x86_fast_ipi(ffff8000299edff0,f2) at x86_fast_ipi+155 pmap_tlb_shootrange(ffffffff83998000,ffff800031be3000,ffff800031be9000,1) at pmap_tlb_shootrange+890 pmap_kremove(ffff800031be3000,6000) at pmap_kremove+276 km_free(ffff800031be3000,6000,ffffffff834a8800,ffffffff8367ca18) at km_free+857 uvm_uarea_free(ffff80003c4a3cb8) at uvm_uarea_free+79 reaper(ffff8000ffffd9f8) at reaper+458 end trace frame: 0x0, count: -15 ddb{0}> machine ddbcpu 1 Stopped at db_enter+37: addq $8,%rsp ddb{1}> trace db_enter() at db_enter+37 witness_checkorder(ffffffff838c2a98,9,0) at witness_checkorder+4305 mtx_enter(ffffffff838c2a88) at mtx_enter+149 sleep_setup(ffffffff837cee80,220,ffffffff83432e1d) at sleep_setup+237 msleep_nsec(ffffffff837cee80,ffffffff837cee20,220,ffffffff83432e1d,ffffffffffffffff) at msleep_nsec+267 dt_ioctl_record_stop(ffff80000158a000) at dt_ioctl_record_stop+188 dtclose(31e5f,81,2000,ffff80003c4a22c8) at dtclose+265 spec_close(ffff80002a2d4880) at spec_close+1126 VOP_CLOSE(fffffd8065b897a0,81,fffffd80097fd680,ffff80003c4a22c8) at VOP_CLOSE+306 vn_closefile(fffffd805db72260,ffff80003c4a22c8) at vn_closefile+299 fdrop(fffffd805db72260,ffff80003c4a22c8) at fdrop+289 closef(fffffd805db72260,ffff80003c4a22c8) at closef+402 syscall(ffff80002a2d4ae0) at syscall+3028 Xsyscall() at Xsyscall+296 end of kernel end trace frame: 0xee8c78ce410, count: -14