1st 0xfffffd807f00d720 vmmaplk (&map->lock) @ /syzkaller/managers/multicore/kernel/sys/uvm/uvm_fault.c:1442 2nd 0xfffffd806cf581b0 inode (&ip->i_lock) @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547 lock order "&ip->i_lock"(rrwlock) -> "&map->lock"(rwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 vm_map_lock_ln+0x14e #3 uvm_map+0x2e2 #4 km_alloc+0x19a #5 pool_multi_alloc_ni+0xe4 #6 pool_p_alloc+0x70 #7 pool_do_get+0x127 #8 pool_get+0x104 #9 ufsdirhash_build+0x40b #10 ufs_lookup+0x2a5 #11 VOP_LOOKUP+0x63 #12 vfs_lookup+0x552 #13 namei+0x4af #14 start_init+0xd6 lock order "&map->lock"(rwlock) -> "&ip->i_lock"(rrwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 _rrw_enter+0x5c #3 VOP_LOCK+0x55 #4 vn_lock+0x6e #5 uvn_io+0x2ca #6 uvn_get+0x206 #7 uvm_fault+0x12c1 #8 uvm_fault_wire+0x70 #9 uvm_map_pageable_wire+0x2fd #10 sys_mlockall+0x69 #11 syscall+0x5a0 #12 Xsyscall+0x128 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 witness_checkorder(d188f5c06ace06cc,81,fffffd806cf581a0,fffffd806cf581a0,0) at witness_checkorder+0x12f9 witness_debugger sys/kern/subr_witness.c:2543 [inline] witness_checkorder(d188f5c06ace06cc,81,fffffd806cf581a0,fffffd806cf581a0,0) at witness_checkorder+0x12f9 sys/kern/subr_witness.c:1089 _rw_enter(3aee82342aea344d,60b,fffffd806cf581a0,ffffffff81ed5429) at _rw_enter+0xbf _rrw_enter(de6e7e466f5d22e9,fffffd806dffaa30,ffffffff819017a0,0) at _rrw_enter+0x5c sys/kern/kern_rwlock.c:410 VOP_LOCK(ddd3063542635616,fffffd806dffaa30) at VOP_LOCK+0x55 sys/kern/vfs_vops.c:598 vn_lock(bb3f789286072f46,5000) at vn_lock+0x6e sys/kern/vfs_vnops.c:549 uvn_io(d5db958323f7c64c,0,0,fffffd806e290098,4000) at uvn_io+0x2ca sys/uvm/uvm_vnode.c:1188 uvn_get(5ed7f0a759e6f0f4,ffffffff8136c1a0,fffffd806e290098,fffffd806ceef358,4000,3) at uvn_get+0x206 sys/uvm/uvm_vnode.c:1048 uvm_fault(1ec11ce00920d413,1b2da20000,ffffffffffffc000,3) at uvm_fault+0x12c1 sys/uvm/uvm_fault.c:1023 uvm_fault_wire(eed6992eb5f6fb4e,3,1b2da20000,fffffd806ceef358) at uvm_fault_wire+0x70 sys/uvm/uvm_fault.c:1293 uvm_map_pageable_wire(dbc488e6ea314238,1,ffff800020bba018,863c5e61e28,0,10f0) at uvm_map_pageable_wire+0x2fd sys/uvm/uvm_map.c:2258 sys_mlockall(50aab497e2353ffc,0,ffff800020bba018) at sys_mlockall+0x69 sys/uvm/uvm_mmap.c:801 syscall(13fca04fd2c5281c) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(13fca04fd2c5281c) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffa2,0,1,86196c08010) at Xsyscall+0x128 end of kernel end trace frame: 0x863c5e61eb0, count: -14 ddb{0}> show registers rdi 0x3 rsi 0x3ffff acpi_pdirpa+0x2be67 rbp 0xffff800020c6ce50 rbx 0x3 rdx 0x40000 acpi_pdirpa+0x2be68 rcx 0xffff800000946000 rax 0xffff800000940fc0 r8 0xffffffff81bca74f witness_checkorder+0x12cf r9 0x5 r10 0x31191b3c04c98f r11 0xc2f5826f1b5f54e5 r12 0xfffffd80025ccc30 r13 0xffffffff81eba9a8 cmd0646_9_tim_udma+0xd171 r14 0xffffffff822c6340 w_lodata+0x50ff0 r15 0xffffffff822cb1a0 w_lodata+0x55e50 rip 0xffffffff817711a8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c6ce40 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor0) pid=466818 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020bba270,0xffffffff822db680 process=0xffff800020b946a0 user=0xffff800020c68000, vmspace=0xfffffd807f00d708 estcpu=36, cpticks=3, pctcpu=0.0 user=0, sys=3, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 60684 58691 83086 0 2 0 syz-executor0 *60684 466818 83086 0 7 0x4000000 syz-executor0 70092 345631 54063 0 2 0x2 syz-executor1 83086 352619 54063 0 2 0x482 syz-executor0 54063 135516 43757 0 3 0x82 thrsleep syz-fuzzer 54063 64853 43757 0 7 0x4000482 syz-fuzzer 54063 395400 43757 0 3 0x4000082 thrsleep syz-fuzzer 54063 36384 43757 0 3 0x4000082 thrsleep syz-fuzzer 54063 173204 43757 0 3 0x4000082 thrsleep syz-fuzzer 54063 503783 43757 0 3 0x4000082 kqread syz-fuzzer 54063 355157 43757 0 3 0x4000082 thrsleep syz-fuzzer 54063 6324 43757 0 3 0x4000082 thrsleep syz-fuzzer 54063 61602 43757 0 3 0x4000082 thrsleep syz-fuzzer 54063 427700 43757 0 3 0x4000082 thrsleep syz-fuzzer 43757 114329 92101 0 3 0x10008a pause ksh 92101 325282 79519 0 3 0x92 select sshd 83908 75939 1 0 3 0x100083 ttyin getty 79519 29783 1 0 3 0x80 select sshd 6878 156458 45134 73 2 0x100090 syslogd 45134 507024 1 0 3 0x100082 netio syslogd 68971 130158 1 77 3 0x100090 poll dhclient 22056 519677 1 0 3 0x80 poll dhclient 89570 75561 0 0 2 0x14200 zerothread 60605 219316 0 0 3 0x14200 aiodoned aiodoned 16375 33582 0 0 3 0x14200 syncer update 98141 458129 0 0 3 0x14200 cleaner cleaner 2983 237792 0 0 3 0x14200 reaper reaper 19965 173544 0 0 3 0x14200 pgdaemon pagedaemon 40686 387656 0 0 3 0x14200 bored crynlk 41314 485318 0 0 3 0x14200 bored crypto 42875 412529 0 0 3 0x40014200 acpi0 acpi0 30447 213697 0 0 3 0x40014200 idle1 49982 252885 0 0 3 0x14200 bored softnet 60885 483500 0 0 3 0x14200 bored systqmp 11102 471460 0 0 3 0x14200 bored systq 90064 274880 0 0 3 0x40014200 bored softclock 4540 65207 0 0 3 0x40014200 idle0 1 12325 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper