witness: reversal: inode fdlock

witness: reversal: inode fdlock
Status: upstream: reported C repro on 2019/01/25 09:28
Reported-by: syzbot+c278abadcbeb7150b6c2@syzkaller.appspotmail.com
First crash: 211d, last: 2h32m

Sample crash report:

login: lock order reversal:
 1st 0xfffffd806d614f80 inode (&ip->i_lock) @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547
 2nd 0xfffffd807f7c67f8 fdlock (&newfdp->fd_fd.fd_lock) @ /syzkaller/managers/multicore/kernel/sys/kern/vfs_syscalls.c:1113
lock order "&newfdp->fd_fd.fd_lock"(rwlock) -> "&ip->i_lock"(rrwlock) first seen at:
#0  witness_checkorder+0x6d8
#1  _rw_enter+0xbf
#2  _rrw_enter+0x5c
#3  VOP_LOCK+0x55
#4  vn_closefile+0x11e
#5  fdrop+0xdf
#6  closef+0x128
#7  finishdup+0x2cc
#8  dodup3+0x5da
#9  syscall+0x5a0
#10 Xsyscall+0x128
lock order "&ip->i_lock"(rrwlock) -> "&newfdp->fd_fd.fd_lock"(rwlock) first seen at:
#0  witness_checkorder+0x6d8
#1  _rw_enter_write+0x6b
#2  doopenat+0x679
#3  syscall+0x5a0
#4  Xsyscall+0x128
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
witness_checkorder(79db3275ff2465d5,ffffffff81ee4b9d,459,0,fffffd807f7c67f8) at witness_checkorder+0x12f9 witness_debugger sys/kern/subr_witness.c:2543 [inline]
witness_checkorder(79db3275ff2465d5,ffffffff81ee4b9d,459,0,fffffd807f7c67f8) at witness_checkorder+0x12f9 sys/kern/subr_witness.c:1089
_rw_enter_write(0,1,1) at _rw_enter_write+0x6b sys/kern/kern_rwlock.c:118
doopenat(ae693c3f463dc669,0,ffff800020b744b8,1190e5cb7c8,0,50) at doopenat+0x679 sys/kern/vfs_syscalls.c:1114
syscall(caf084539f826dba) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(caf084539f826dba) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,0,1165bf9e0c8,0,1165bf9e0a8,1165bf9e0a0) at Xsyscall+0x128
end of kernel
end trace frame: 0x1190e5cb800, count: -6
ddb{0}> show registers
rdi                              0x3
rsi               0xffffffff821dad78    __sancov_gen_cov_switch_values.125+0x28rbp               0xffff800020c17b00
rbx                              0x3
rdx                             0x8b
rcx                              0x3
rax                                0
r8                0xffffffff81e8d9bf    witness_checkorder+0x12cf
r9                               0x5
r10               0x51d18c2bd52e6884
r11               0x5ccd9507b4682770
r12               0xfffffd80025d8570
r13               0xffffffff81f25008    apollo_pio_rec+0x161
r14               0xffffffff822ca450    w_lodata+0x51830
r15               0xffffffff822cdec0    w_lodata+0x552a0
rip               0xffffffff8171e6c8    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff800020c17af0
ss                                 0
db_enter+0x18:  addq    $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor1946) pid=190813 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=32, usrpri=50, nice=20
    forw=0xffffffffffffffff, list=0xffff800020b74260,0xffff800020b752d8
    process=0xffff800020bcb710 user=0xffff800020c12000, vmspace=0xfffffd806e921b48
    estcpu=36, cpticks=0, pctcpu=0.0
    user=0, sys=0, intr=0
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 47543    9107  98686      0  2           0                syz-executor1946
 47543  358443  98686      0  7   0x4000000                syz-executor1946
 91694  252564   6151      0  2           0                syz-executor1946
*91694  190813   6151      0  7   0x4000000                syz-executor1946
 91694  409568   6151      0  2   0x4000000                syz-executor1946
 98686   88220  24258      0  3        0x80  nanosleep     syz-executor1946
  6151  277969  24258      0  3        0x80  nanosleep     syz-executor1946
 24258   94023  48006      0  3        0x82  nanosleep     syz-executor1946
 48006  180577  11174      0  3    0x10008a  pause         ksh
 11174  132453  50816      0  3        0x92  select        sshd
 55781  272133      1      0  3    0x100083  ttyin         getty
 50816  169381      1      0  3        0x80  select        sshd
 44756  465893  69120     73  2    0x100090                syslogd
 69120  508776      1      0  3    0x100082  netio         syslogd
 86756   63979      1     77  3    0x100090  poll          dhclient
 36293  324585      1      0  3        0x80  poll          dhclient
 59764  425633      0      0  2     0x14200                zerothread
 28593  348272      0      0  3     0x14200  aiodoned      aiodoned
 52471  305557      0      0  3     0x14200  syncer        update
 60144  412117      0      0  3     0x14200  cleaner       cleaner
  4133   92384      0      0  3     0x14200  reaper        reaper
 82005   17799      0      0  3     0x14200  pgdaemon      pagedaemon
 61041  458604      0      0  3     0x14200  bored         crynlk
 98719  277870      0      0  3     0x14200  bored         crypto
 46537   56770      0      0  3  0x40014200  acpi0         acpi0
 98249  504127      0      0  3  0x40014200                idle1
 96670  508805      0      0  3     0x14200  bored         softnet
 96927   55003      0      0  3     0x14200  bored         systqmp
 45333  356745      0      0  3     0x14200  bored         systq
 21283   43065      0      0  3  0x40014200  bored         softclock
 83456  368178      0      0  3  0x40014200                idle0
     1   38763      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{0}>

All crashes (519):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-openbsd-multicore	2019/01/25 09:46	openbsd	6f9e9be9	b5d78bce	.config	log	report	syz	C
ci-openbsd-multicore	2019/07/28 00:22	openbsd	6181cd34	c85e1c5b	.config	log	report	syz	C
ci-openbsd-multicore	2019/04/26 14:49	openbsd	7d9a3feb	b617407b	.config	log	report	syz	C
ci-openbsd-multicore	2019/04/22 01:28	openbsd	735677bb	b0e8efcb	.config	log	report	syz	C
ci-openbsd-multicore	2019/01/25 09:27	openbsd	6f9e9be9	b5d78bce	.config	log	report
ci-openbsd-multicore	2019/08/25 04:58	openbsd	1507cfe1	d21c5d9d	.config	log	report
ci-openbsd-multicore	2019/08/24 23:46	openbsd	1507cfe1	d21c5d9d	.config	log	report
ci-openbsd-multicore	2019/08/24 17:06	openbsd	1507cfe1	78ded196	.config	log	report
ci-openbsd-multicore	2019/08/24 06:28	openbsd	9be55947	78ded196	.config	log	report
ci-openbsd-multicore	2019/08/24 01:12	openbsd	afd5172b	78ded196	.config	log	report
ci-openbsd-multicore	2019/08/23 22:10	openbsd	afd5172b	78ded196	.config	log	report
ci-openbsd-multicore	2019/08/23 11:28	openbsd	9f57e42b	ca6f3cfa	.config	log	report
ci-openbsd-multicore	2019/08/23 05:05	openbsd	9f57e42b	ca6f3cfa	.config	log	report
ci-openbsd-multicore	2019/08/22 19:54	openbsd	d4b29719	c6c81a0b	.config	log	report
ci-openbsd-multicore	2019/08/22 17:41	openbsd	d4b29719	c6c81a0b	.config	log	report
ci-openbsd-multicore	2019/08/22 15:25	openbsd	d4b29719	c6c81a0b	.config	log	report
ci-openbsd-multicore	2019/08/22 10:10	openbsd	d4b29719	984250d5	.config	log	report
ci-openbsd-multicore	2019/08/22 08:56	openbsd	d4b29719	984250d5	.config	log	report
ci-openbsd-multicore	2019/08/21 16:21	openbsd	ceaaae1d	4ea67ff8	.config	log	report
ci-openbsd-multicore	2019/08/21 14:44	openbsd	ceaaae1d	4ea67ff8	.config	log	report
ci-openbsd-multicore	2019/08/21 11:57	openbsd	ceaaae1d	4ea67ff8	.config	log	report
ci-openbsd-multicore	2019/08/21 07:22	openbsd	ceaaae1d	4ea67ff8	.config	log	report
ci-openbsd-multicore	2019/08/21 04:38	openbsd	288889b9	6b8391d0	.config	log	report
ci-openbsd-multicore	2019/08/20 23:03	openbsd	288889b9	6b8391d0	.config	log	report
ci-openbsd-multicore	2019/08/20 21:41	openbsd	288889b9	6b8391d0	.config	log	report
ci-openbsd-multicore	2019/08/20 19:30	openbsd	288889b9	6b8391d0	.config	log	report
ci-openbsd-multicore	2019/08/20 17:14	openbsd	55fd3d87	cfc9868f	.config	log	report
ci-openbsd-multicore	2019/08/20 15:23	openbsd	55fd3d87	cfc9868f	.config	log	report
ci-openbsd-multicore	2019/08/20 14:00	openbsd	55fd3d87	cfc9868f	.config	log	report
ci-openbsd-multicore	2019/08/20 09:22	openbsd	55fd3d87	cfc9868f	.config	log	report
ci-openbsd-multicore	2019/08/20 04:15	openbsd	85b8fad3	ae348fb7	.config	log	report
ci-openbsd-multicore	2019/08/20 01:07	openbsd	85b8fad3	ae348fb7	.config	log	report
ci-openbsd-multicore	2019/08/19 18:13	openbsd	85b8fad3	ae348fb7	.config	log	report
ci-openbsd-multicore	2019/08/19 14:20	openbsd	85b8fad3	b8ceabfc	.config	log	report
ci-openbsd-multicore	2019/08/19 10:31	openbsd	682277b9	b8ceabfc	.config	log	report
ci-openbsd-multicore	2019/08/19 03:24	openbsd	682277b9	b8ceabfc	.config	log	report
ci-openbsd-multicore	2019/08/18 22:39	openbsd	682277b9	b8ceabfc	.config	log	report
ci-openbsd-multicore	2019/08/18 16:44	openbsd	682277b9	55bf8926	.config	log	report
ci-openbsd-multicore	2019/08/18 14:49	openbsd	f7a04f0f	55bf8926	.config	log	report
ci-openbsd-multicore	2019/08/18 12:22	openbsd	f7a04f0f	55bf8926	.config	log	report
ci-openbsd-multicore	2019/08/18 11:07	openbsd	f7a04f0f	55bf8926	.config	log	report
ci-openbsd-multicore	2019/08/18 04:34	openbsd	f7a04f0f	55bf8926	.config	log	report
ci-openbsd-multicore	2019/08/18 02:32	openbsd	67dad36e	55bf8926	.config	log	report
ci-openbsd-multicore	2019/08/17 22:04	openbsd	67dad36e	55bf8926	.config	log	report
ci-openbsd-multicore	2019/08/17 10:27	openbsd	8a28f249	8fd428a1	.config	log	report
ci-openbsd-multicore	2019/08/17 08:32	openbsd	8a28f249	8fd428a1	.config	log	report
ci-openbsd-multicore	2019/08/16 12:21	openbsd	bb94865e	8fd428a1	.config	log	report
ci-openbsd-multicore	2019/08/16 10:43	openbsd	bb94865e	8fd428a1	.config	log	report
ci-openbsd-multicore	2019/08/16 08:26	openbsd	bb94865e	8fd428a1	.config	log	report
ci-openbsd-multicore	2019/08/16 04:30	openbsd	bb94865e	8fd428a1	.config	log	report
ci-openbsd-multicore	2019/08/16 01:53	openbsd	dbf2fc74	faeffb00	.config	log	report
ci-openbsd-multicore	2019/08/14 23:54	openbsd	e3943314	5576551b	.config	log	report
ci-openbsd-multicore	2019/08/14 18:14	openbsd	e3943314	5576551b	.config	log	report
ci-openbsd-pf	2019/03/05 13:36	openbsd	da8fceb2	3419571c	.config	log	report