witness: reversal: inode fdlock

witness: reversal: inode fdlock
Status: upstream: reported C repro on 2019/01/25 09:28
Reported-by: syzbot+c278abadcbeb7150b6c2@syzkaller.appspotmail.com
First crash: 90d, last: 1d01h

Sample crash report:

login: lock order reversal:
 1st 0xfffffd806d614f80 inode (&ip->i_lock) @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547
 2nd 0xfffffd807f7c67f8 fdlock (&newfdp->fd_fd.fd_lock) @ /syzkaller/managers/multicore/kernel/sys/kern/vfs_syscalls.c:1113
lock order "&newfdp->fd_fd.fd_lock"(rwlock) -> "&ip->i_lock"(rrwlock) first seen at:
#0  witness_checkorder+0x6d8
#1  _rw_enter+0xbf
#2  _rrw_enter+0x5c
#3  VOP_LOCK+0x55
#4  vn_closefile+0x11e
#5  fdrop+0xdf
#6  closef+0x128
#7  finishdup+0x2cc
#8  dodup3+0x5da
#9  syscall+0x5a0
#10 Xsyscall+0x128
lock order "&ip->i_lock"(rrwlock) -> "&newfdp->fd_fd.fd_lock"(rwlock) first seen at:
#0  witness_checkorder+0x6d8
#1  _rw_enter_write+0x6b
#2  doopenat+0x679
#3  syscall+0x5a0
#4  Xsyscall+0x128
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399
witness_checkorder(79db3275ff2465d5,ffffffff81ee4b9d,459,0,fffffd807f7c67f8) at witness_checkorder+0x12f9 witness_debugger sys/kern/subr_witness.c:2543 [inline]
witness_checkorder(79db3275ff2465d5,ffffffff81ee4b9d,459,0,fffffd807f7c67f8) at witness_checkorder+0x12f9 sys/kern/subr_witness.c:1089
_rw_enter_write(0,1,1) at _rw_enter_write+0x6b sys/kern/kern_rwlock.c:118
doopenat(ae693c3f463dc669,0,ffff800020b744b8,1190e5cb7c8,0,50) at doopenat+0x679 sys/kern/vfs_syscalls.c:1114
syscall(caf084539f826dba) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(caf084539f826dba) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,0,1165bf9e0c8,0,1165bf9e0a8,1165bf9e0a0) at Xsyscall+0x128
end of kernel
end trace frame: 0x1190e5cb800, count: -6
ddb{0}> show registers
rdi                              0x3
rsi               0xffffffff821dad78    __sancov_gen_cov_switch_values.125+0x28rbp               0xffff800020c17b00
rbx                              0x3
rdx                             0x8b
rcx                              0x3
rax                                0
r8                0xffffffff81e8d9bf    witness_checkorder+0x12cf
r9                               0x5
r10               0x51d18c2bd52e6884
r11               0x5ccd9507b4682770
r12               0xfffffd80025d8570
r13               0xffffffff81f25008    apollo_pio_rec+0x161
r14               0xffffffff822ca450    w_lodata+0x51830
r15               0xffffffff822cdec0    w_lodata+0x552a0
rip               0xffffffff8171e6c8    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff800020c17af0
ss                                 0
db_enter+0x18:  addq    $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor1946) pid=190813 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=32, usrpri=50, nice=20
    forw=0xffffffffffffffff, list=0xffff800020b74260,0xffff800020b752d8
    process=0xffff800020bcb710 user=0xffff800020c12000, vmspace=0xfffffd806e921b48
    estcpu=36, cpticks=0, pctcpu=0.0
    user=0, sys=0, intr=0
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 47543    9107  98686      0  2           0                syz-executor1946
 47543  358443  98686      0  7   0x4000000                syz-executor1946
 91694  252564   6151      0  2           0                syz-executor1946
*91694  190813   6151      0  7   0x4000000                syz-executor1946
 91694  409568   6151      0  2   0x4000000                syz-executor1946
 98686   88220  24258      0  3        0x80  nanosleep     syz-executor1946
  6151  277969  24258      0  3        0x80  nanosleep     syz-executor1946
 24258   94023  48006      0  3        0x82  nanosleep     syz-executor1946
 48006  180577  11174      0  3    0x10008a  pause         ksh
 11174  132453  50816      0  3        0x92  select        sshd
 55781  272133      1      0  3    0x100083  ttyin         getty
 50816  169381      1      0  3        0x80  select        sshd
 44756  465893  69120     73  2    0x100090                syslogd
 69120  508776      1      0  3    0x100082  netio         syslogd
 86756   63979      1     77  3    0x100090  poll          dhclient
 36293  324585      1      0  3        0x80  poll          dhclient
 59764  425633      0      0  2     0x14200                zerothread
 28593  348272      0      0  3     0x14200  aiodoned      aiodoned
 52471  305557      0      0  3     0x14200  syncer        update
 60144  412117      0      0  3     0x14200  cleaner       cleaner
  4133   92384      0      0  3     0x14200  reaper        reaper
 82005   17799      0      0  3     0x14200  pgdaemon      pagedaemon
 61041  458604      0      0  3     0x14200  bored         crynlk
 98719  277870      0      0  3     0x14200  bored         crypto
 46537   56770      0      0  3  0x40014200  acpi0         acpi0
 98249  504127      0      0  3  0x40014200                idle1
 96670  508805      0      0  3     0x14200  bored         softnet
 96927   55003      0      0  3     0x14200  bored         systqmp
 45333  356745      0      0  3     0x14200  bored         systq
 21283   43065      0      0  3  0x40014200  bored         softclock
 83456  368178      0      0  3  0x40014200                idle0
     1   38763      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{0}>

All crashes (186):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-openbsd-multicore	2019/01/25 09:46	openbsd	6f9e9be9	b5d78bce	.config	log	report	syz	C
ci-openbsd-multicore	2019/04/22 01:28	openbsd	735677bb	b0e8efcb	.config	log	report	syz	C
ci-openbsd-multicore	2019/01/25 09:27	openbsd	6f9e9be9	b5d78bce	.config	log	report
ci-openbsd-multicore	2019/04/24 12:45	openbsd	61b6b4dc	0766ce61	.config	log	report
ci-openbsd-multicore	2019/04/24 02:28	openbsd	61b6b4dc	0766ce61	.config	log	report
ci-openbsd-multicore	2019/04/22 13:04	openbsd	1afff35c	0a77c33c	.config	log	report
ci-openbsd-multicore	2019/04/21 13:43	openbsd	00740c5d	b0e8efcb	.config	log	report
ci-openbsd-multicore	2019/04/21 06:10	openbsd	e2502dba	b0e8efcb	.config	log	report
ci-openbsd-multicore	2019/04/21 05:35	openbsd	e2502dba	b0e8efcb	.config	log	report
ci-openbsd-multicore	2019/04/20 08:56	openbsd	59d550fc	b0e8efcb	.config	log	report
ci-openbsd-multicore	2019/04/19 14:40	openbsd	288b7a5c	b0e8efcb	.config	log	report
ci-openbsd-multicore	2019/04/18 07:34	openbsd	c2f34caa	b0e8efcb	.config	log	report
ci-openbsd-multicore	2019/04/16 23:51	openbsd	5c9c6d70	505ab413	.config	log	report
ci-openbsd-multicore	2019/04/15 15:19	openbsd	c87f73dd	505ab413	.config	log	report
ci-openbsd-multicore	2019/04/14 22:13	openbsd	62302bca	505ab413	.config	log	report
ci-openbsd-multicore	2019/04/14 08:04	openbsd	23a4e4a1	c402d8f1	.config	log	report
ci-openbsd-multicore	2019/04/13 22:40	openbsd	23a4e4a1	c402d8f1	.config	log	report
ci-openbsd-multicore	2019/04/13 10:33	openbsd	23a4e4a1	c402d8f1	.config	log	report
ci-openbsd-multicore	2019/04/10 20:59	openbsd	66f3c4a6	e955ac50	.config	log	report
ci-openbsd-multicore	2019/04/10 16:39	openbsd	66f3c4a6	e955ac50	.config	log	report
ci-openbsd-multicore	2019/04/10 07:48	openbsd	41dd9580	65b612b7	.config	log	report
ci-openbsd-multicore	2019/04/09 22:08	openbsd	996953b3	91d50a67	.config	log	report
ci-openbsd-multicore	2019/04/08 09:18	openbsd	e4c7564c	c34fde03	.config	log	report
ci-openbsd-multicore	2019/04/06 15:29	openbsd	c0101cce	c34fde03	.config	log	report
ci-openbsd-multicore	2019/04/06 08:28	openbsd	724ae923	c34fde03	.config	log	report
ci-openbsd-multicore	2019/04/06 03:12	openbsd	724ae923	c34fde03	.config	log	report
ci-openbsd-multicore	2019/04/04 16:54	openbsd	1c3d4160	6a475fff	.config	log	report
ci-openbsd-multicore	2019/04/04 10:35	openbsd	1c3d4160	6a475fff	.config	log	report
ci-openbsd-multicore	2019/04/01 01:15	openbsd	fc0605b6	ccf2355a	.config	log	report
ci-openbsd-multicore	2019/03/31 18:38	openbsd	de3d60f8	0c624d4d	.config	log	report
ci-openbsd-multicore	2019/03/30 06:30	openbsd	20a55602	c35ee0ea	.config	log	report
ci-openbsd-multicore	2019/03/30 04:21	openbsd	20a55602	c35ee0ea	.config	log	report
ci-openbsd-multicore	2019/03/29 19:19	openbsd	20a55602	c35ee0ea	.config	log	report
ci-openbsd-multicore	2019/03/27 16:12	openbsd	690d147b	70d776a2	.config	log	report
ci-openbsd-multicore	2019/03/27 12:23	openbsd	690d147b	70d776a2	.config	log	report
ci-openbsd-multicore	2019/03/26 17:31	openbsd	6a51f920	55684ce1	.config	log	report
ci-openbsd-multicore	2019/03/26 05:56	openbsd	6a51f920	55684ce1	.config	log	report
ci-openbsd-multicore	2019/03/26 00:09	openbsd	13a73e99	52a20ba4	.config	log	report
ci-openbsd-multicore	2019/03/24 19:02	openbsd	d42c39d7	acbc5b7d	.config	log	report
ci-openbsd-multicore	2019/03/24 12:37	openbsd	d42c39d7	acbc5b7d	.config	log	report
ci-openbsd-multicore	2019/03/23 12:09	openbsd	8ed1f8bf	3361bde5	.config	log	report
ci-openbsd-multicore	2019/03/22 07:38	openbsd	31520b76	dce6e62f	.config	log	report
ci-openbsd-multicore	2019/03/20 21:18	openbsd	180e3f4c	142c38ee	.config	log	report
ci-openbsd-multicore	2019/03/20 07:49	openbsd	6a543b34	2458c1c6	.config	log	report
ci-openbsd-multicore	2019/03/19 09:11	openbsd	e6d0a5bd	46264c32	.config	log	report
ci-openbsd-multicore	2019/03/19 07:25	openbsd	e6d0a5bd	46264c32	.config	log	report
ci-openbsd-multicore	2019/03/18 14:49	openbsd	5f6e3232	4656beca	.config	log	report
ci-openbsd-multicore	2019/03/18 04:47	openbsd	990bad0a	f8757044	.config	log	report
ci-openbsd-pf	2019/03/05 13:36	openbsd	da8fceb2	3419571c	.config	log	report