1st 0xfffffd807f00d180 vmmaplk (&map->lock) @ /syzkaller/managers/setuid/kernel/sys/uvm/uvm_fault.c:1442 2nd 0xfffffd806cf49810 inode (&ip->i_lock) @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 lock order "&ip->i_lock"(rrwlock) -> "&map->lock"(rwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 vm_map_lock_ln+0x14e #3 uvm_map+0x2e2 #4 km_alloc+0x19a #5 pool_multi_alloc_ni+0xe4 #6 pool_p_alloc+0x70 #7 pool_do_get+0x127 #8 pool_get+0x104 #9 ufsdirhash_build+0x40b #10 ufs_lookup+0x2a5 #11 VOP_LOOKUP+0x63 #12 vfs_lookup+0x552 #13 namei+0x4af #14 start_init+0xd6 lock order "&map->lock"(rwlock) -> "&ip->i_lock"(rrwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 _rrw_enter+0x5c #3 VOP_LOCK+0x55 #4 vn_lock+0x6e #5 uvn_io+0x2ca #6 uvn_get+0x206 #7 uvm_fault+0x12c1 #8 uvm_fault_wire+0x70 #9 uvm_map_pageable_wire+0x2fd #10 sys_mlockall+0x69 #11 syscall+0x5a0 #12 Xsyscall+0x128 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 witness_checkorder(28afd600227f7dcb,81,fffffd806cf49800,fffffd806cf49800,0) at witness_checkorder+0x12f9 witness_debugger sys/kern/subr_witness.c:2543 [inline] witness_checkorder(28afd600227f7dcb,81,fffffd806cf49800,fffffd806cf49800,0) at witness_checkorder+0x12f9 sys/kern/subr_witness.c:1089 _rw_enter(f158a1f2f09d9e35,60b,fffffd806cf49800,ffffffff81ee1643) at _rw_enter+0xbf _rrw_enter(2234b47b4d447388,fffffd806dc2dc88,ffffffff81c4fb70,0) at _rrw_enter+0x5c sys/kern/kern_rwlock.c:410 VOP_LOCK(41fcef5c46ac67df,fffffd806dc2dc88) at VOP_LOCK+0x55 sys/kern/vfs_vops.c:598 vn_lock(1610f3b4e52413b7,b000) at vn_lock+0x6e sys/kern/vfs_vnops.c:549 uvn_io(51797241cb85aa25,0,0,fffffd806e057200,a000) at uvn_io+0x2ca sys/uvm/uvm_vnode.c:1188 uvn_get(df16afdd39b4af60,ffffffff817d4e70,fffffd806e057200,fffffd806a28f3a0,a000,3) at uvn_get+0x206 sys/uvm/uvm_vnode.c:1048 uvm_fault(df16afdd39b55791,1b33d20000,ffffffffffff6000,3) at uvm_fault+0x12c1 sys/uvm/uvm_fault.c:1023 uvm_fault_wire(2414d20ce11fa9d3,3,1b33d20000,fffffd806a28f3a0) at uvm_fault_wire+0x70 sys/uvm/uvm_fault.c:1293 uvm_map_pageable_wire(b790cc13d7da9147,3,ffff800020b92bd0,4c1761a0f48,2,10f0) at uvm_map_pageable_wire+0x2fd sys/uvm/uvm_map.c:2258 sys_mlockall(65717a1cc97af711,10,ffff800020b92bd0) at sys_mlockall+0x69 sys/uvm/uvm_mmap.c:801 syscall(5166dea6ead31b17) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(5166dea6ead31b17) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffa2,0,1,4bf6aa86010) at Xsyscall+0x128 end of kernel end trace frame: 0x4c1761a0fd0, count: -14 ddb{0}> show registers rdi 0x3 rsi 0x3ffff acpi_pdirpa+0x2be67 rbp 0xffff800020c514d0 rbx 0x3 rdx 0x40000 acpi_pdirpa+0x2be68 rcx 0xffff800002347000 rax 0xffff800001946f40 r8 0xffffffff8142346f witness_checkorder+0x12cf r9 0x5 r10 0xef9ecf8b046e9be5 r11 0x9e08ccfd98c511ca r12 0xfffffd80025cec30 r13 0xffffffff81ebc499 cmd0646_9_tim_udma+0xded3 r14 0xffffffff8226ee20 w_lodata+0x45440 r15 0xffffffff8227f830 w_lodata+0x55e50 rip 0xffffffff81391848 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c514c0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor1) pid=501419 stat=onproc flags process=10 proc=4000000 pri=80, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff800020b924c8,0xffffffff82319e38 process=0xffff800020bca018 user=0xffff800020c4c000, vmspace=0xfffffd807f00d168 estcpu=30, cpticks=1, pctcpu=0.5 user=0, sys=6, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 18248 44904 48400 32767 2 0x10 syz-executor1 *18248 501419 48400 32767 7 0x4000010 syz-executor1 93283 225503 94082 0 7 0x2 syz-executor0 48400 182709 20337 32767 2 0x490 syz-executor1 20337 368796 94082 0 3 0x82 wait syz-executor1 95178 168401 0 0 3 0x14200 bored sosplice 94082 33822 50914 0 3 0x82 thrsleep syz-fuzzer 94082 477750 50914 0 2 0x4000482 syz-fuzzer 94082 354544 50914 0 3 0x4000082 thrsleep syz-fuzzer 94082 235672 50914 0 2 0x4000482 syz-fuzzer 94082 421682 50914 0 3 0x4000082 thrsleep syz-fuzzer 94082 4622 50914 0 3 0x4000082 thrsleep syz-fuzzer 94082 373913 50914 0 3 0x4000082 thrsleep syz-fuzzer 94082 69490 50914 0 3 0x4000082 thrsleep syz-fuzzer 94082 396238 50914 0 3 0x4000082 thrsleep syz-fuzzer 94082 89617 50914 0 3 0x4000082 kqread syz-fuzzer 94082 455226 50914 0 3 0x4000082 thrsleep syz-fuzzer 50914 499912 42659 0 3 0x10008a pause ksh 42659 150538 90372 0 3 0x92 select sshd 61093 344135 1 0 3 0x100083 ttyin getty 90372 213707 1 0 3 0x80 select sshd 30986 322220 50637 73 2 0x100090 syslogd 50637 64185 1 0 3 0x100082 netio syslogd 86050 295302 1 77 3 0x100090 poll dhclient 9862 218267 1 0 3 0x80 poll dhclient 81455 412690 0 0 2 0x14200 zerothread 59430 454379 0 0 3 0x14200 aiodoned aiodoned 49108 42808 0 0 2 0x14200 update 13707 504521 0 0 3 0x14200 cleaner cleaner 29043 206449 0 0 3 0x14200 reaper reaper 22072 327527 0 0 3 0x14200 pgdaemon pagedaemon 97465 426740 0 0 3 0x14200 bored crynlk 76771 475712 0 0 3 0x14200 bored crypto 54887 502756 0 0 3 0x40014200 acpi0 acpi0 82052 340481 0 0 3 0x40014200 idle1 10924 96001 0 0 3 0x14200 bored softnet 2990 28413 0 0 2 0x14200 systqmp 44033 311377 0 0 3 0x14200 bored systq 1364 197884 0 0 2 0x40014200 softclock 19261 349513 0 0 3 0x40014200 idle0 1 223647 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper