kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Wed Jan 23 23:38:43 PST 2019 OpenBSD/amd64 (ci-openbsd-multicore-4.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.0.178' (ECDSA) to the list of known hosts. executing program login: lock order reversal: 1st 0xfffffd806e92a5c0 vmmaplk (&map->lock) @ /syzkaller/managers/multicore/kernel/sys/uvm/uvm_fault.c:1442 2nd 0xfffffd806d870f80 inode (&ip->i_lock) @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547 lock order "&ip->i_lock"(rrwlock) -> "&map->lock"(rwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 vm_map_lock_ln+0x14e #3 uvm_map+0x2e2 #4 km_alloc+0x19a #5 pool_multi_alloc_ni+0xe4 #6 pool_p_alloc+0x70 #7 pool_do_get+0x127 #8 pool_get+0x104 #9 ufsdirhash_build+0x40b #10 ufs_lookup+0x2a5 #11 VOP_LOOKUP+0x63 #12 vfs_lookup+0x552 #13 namei+0x4af #14 start_init+0xd6 lock order "&map->lock"(rwlock) -> "&ip->i_lock"(rrwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 _rrw_enter+0x5c #3 VOP_LOCK+0x55 #4 vn_lock+0x6e #5 uvn_io+0x2ca #6 uvn_get+0x206 #7 uvm_fault+0x12c1 #8 uvm_fault_wire+0x70 #9 uvm_map_pageable_wire+0x2fd #10 sys_mlockall+0x69 #11 syscall+0x5a0 #12 Xsyscall+0x128 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace db_enter() at db_enter+0x18 witness_checkorder(72a623f26d85e94e,81,fffffd806d870f70,fffffd806d870f70,0) at witness_checkorder+0x12f9 _rw_enter(12d6dbe3c21ee85b,60b,fffffd806d870f70,ffffffff81ed5429) at _rw_enter+0xbf _rrw_enter(c2988ca6058dba98,fffffd807a85b7d8,ffffffff819017a0,2) at _rrw_enter+0x5c VOP_LOCK(beddcbc5d5f12898,fffffd807a85b7d8) at VOP_LOCK+0x55 vn_lock(21a1bc0c1a9e9724,5000) at vn_lock+0x6e uvn_io(f937a3a2a2b8103a,0,0,fffffd807a866638,4000) at uvn_io+0x2ca uvn_get(1e6e127a88fa1d7d,ffffffff8136c1a0,fffffd807a866638,fffffd806ecf3828,4000,1) at uvn_get+0x206 uvm_fault(bd27e3a602578423,14e01a67000,ffffffffffffc000,1) at uvm_fault+0x12c1 uvm_fault_wire(7c6f377f80f749a8,1,14e01a67000,fffffd806ecf3828) at uvm_fault_wire+0x70 uvm_map_pageable_wire(922f5d9ae2b6f9f9,3,ffff800020be4718,15057c45ba8,2,10f0) at uvm_map_pageable_wire+0x2fd sys_mlockall(66f3819f104a21b4,2,ffff800020be4718) at sys_mlockall+0x69 syscall(5cfd3667bc7c7da2) at syscall+0x5a0 Xsyscall(6,0,14e01a890b8,0,14e01a89098,14e01a89090) at Xsyscall+0x128 end of kernel end trace frame: 0x15057c45be0, count: -14 ddb{1}> show registers rdi 0x3 rsi 0xffffffff821c2428 __sancov_gen_cov_switch_values.125+0x28 rbp 0xffff800020c05050 rbx 0x3 rdx 0x8b rcx 0x3 rax 0 r8 0xffffffff81bca74f witness_checkorder+0x12cf r9 0x5 r10 0x74d476ef474d86a4 r11 0x5a36fe3d5315a934 r12 0xfffffd80025ccc30 r13 0xffffffff81eba9a8 cmd0646_9_tim_udma+0xd171 r14 0xffffffff822c6ef0 w_lodata+0x51ba0 r15 0xffffffff822cb1a0 w_lodata+0x55e50 rip 0xffffffff817711a8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c05040 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor1105) pid=254401 stat=onproc flags process=2 proc=4000000 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020be4970,0xffffffff822db680 process=0xffff800020bca360 user=0xffff800020c00000, vmspace=0xfffffd806e92a5a8 estcpu=0, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 94545 216611 51845 0 7 0x2 syz-executor1105 *94545 254401 51845 0 7 0x4000002 syz-executor1105 51845 316229 72465 0 3 0x10008a pause ksh 72465 34890 65371 0 3 0x92 select sshd 33311 509218 1 0 3 0x100083 ttyin getty 65371 38016 1 0 3 0x80 select sshd 49319 508706 38929 73 2 0x100090 syslogd 38929 477642 1 0 3 0x100082 netio syslogd 25556 291565 1 77 3 0x100090 poll dhclient 69799 20279 1 0 3 0x80 poll dhclient 25351 27349 0 0 2 0x14200 zerothread 64243 399045 0 0 3 0x14200 aiodoned aiodoned 43668 303145 0 0 3 0x14200 syncer update 13289 325024 0 0 3 0x14200 cleaner cleaner 16592 66029 0 0 3 0x14200 reaper reaper 83815 153718 0 0 3 0x14200 pgdaemon pagedaemon 81201 104160 0 0 3 0x14200 bored crynlk 85518 20755 0 0 3 0x14200 bored crypto 28801 90894 0 0 3 0x40014200 acpi0 acpi0 26662 421706 0 0 3 0x40014200 idle1 27613 385006 0 0 3 0x14200 bored softnet 70866 135848 0 0 3 0x14200 bored systqmp 69979 319379 0 0 3 0x14200 bored systq 42996 56768 0 0 3 0x40014200 bored softclock 39857 495034 0 0 3 0x40014200 idle0 1 95188 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}>