1st 0xfffffd807f00c450 vmmaplk (&map->lock) @ /syzkaller/managers/setuid/kernel/sys/uvm/uvm_fault.c:1442 2nd 0xfffffd80772c14e8 inode (&ip->i_lock) @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 lock order "&ip->i_lock"(rrwlock) -> "&map->lock"(rwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 vm_map_lock_ln+0x14e #3 uvm_map+0x2e2 #4 km_alloc+0x19a #5 pool_multi_alloc_ni+0xe4 #6 pool_p_alloc+0x70 #7 pool_do_get+0x127 #8 pool_get+0x104 #9 ufsdirhash_build+0x40b #10 ufs_lookup+0x2a5 #11 VOP_LOOKUP+0x63 #12 vfs_lookup+0x552 #13 namei+0x4af #14 start_init+0xd6 lock order "&map->lock"(rwlock) -> "&ip->i_lock"(rrwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 _rrw_enter+0x5c #3 VOP_LOCK+0x55 #4 vn_lock+0x6e #5 uvn_io+0x2ca #6 uvn_get+0x206 #7 uvm_fault+0x12c1 #8 uvm_fault_wire+0x70 #9 uvm_map_pageable_wire+0x2fd #10 sys_mlock+0x187 #11 syscall+0x5a0 #12 Xsyscall+0x128 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 witness_checkorder(3abbae0c98da472d,81,fffffd80772c14d8,fffffd80772c14d8,0) at witness_checkorder+0x12f9 witness_debugger sys/kern/subr_witness.c:2543 [inline] witness_checkorder(3abbae0c98da472d,81,fffffd80772c14d8,fffffd80772c14d8,0) at witness_checkorder+0x12f9 sys/kern/subr_witness.c:1089 _rw_enter(eef4a4b23ed0f857,60b,fffffd80772c14d8,ffffffff81edebdf) at _rw_enter+0xbf _rrw_enter(b9252f3d524f4519,fffffd807d204aa0,ffffffff8139fd50,0) at _rrw_enter+0x5c sys/kern/kern_rwlock.c:410 VOP_LOCK(af176b4772969376,fffffd807d204aa0) at VOP_LOCK+0x55 sys/kern/vfs_vops.c:598 vn_lock(c80bfd96c59a1de5,1000) at vn_lock+0x6e sys/kern/vfs_vnops.c:549 uvn_io(86dc7d18534c3df5,0,0,fffffd807719f5a0,0) at uvn_io+0x2ca sys/uvm/uvm_vnode.c:1188 uvn_get(4a9bd9723d9f20ac,ffffffff8146c190,fffffd807719f5a0,fffffd806afdd040,0,1) at uvn_get+0x206 sys/uvm/uvm_vnode.c:1048 uvm_fault(86dc7d1853b8c9a3,20010000,0,3) at uvm_fault+0x12c1 sys/uvm/uvm_fault.c:1023 uvm_fault_wire(8744197e1bf75bb7,3,20010000,fffffd806afdd040) at uvm_fault_wire+0x70 sys/uvm/uvm_fault.c:1293 uvm_map_pageable_wire(af176b4772bf548f,20801000,20001000,800000,fffffd807f00c438,800000) at uvm_map_pageable_wire+0x2fd sys/uvm/uvm_map.c:2258 sys_mlock(b5019564e7784ddd,10,ffff800020b939e0) at sys_mlock+0x187 sys/uvm/uvm_mmap.c:740 syscall(bb512f7cedc27ae8) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(bb512f7cedc27ae8) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffa1,0,2,c819b008010) at Xsyscall+0x128 end of kernel end trace frame: 0xc841b6d1750, count: -14 ddb{1}> show registers rdi 0x3 rsi 0x3ffff acpi_pdirpa+0x2be67 rbp 0xffff800020cc1790 rbx 0x3 rdx 0x40000 acpi_pdirpa+0x2be68 rcx 0xffff800001947000 rax 0xffff80000414bb80 r8 0xffffffff817c727f witness_checkorder+0x12cf r9 0x5 r10 0x44aed0836c280bdc r11 0x865cf3663add89cf r12 0xfffffd80025cdc30 r13 0xffffffff81ebbd52 cmd0646_9_tim_udma+0xc96d r14 0xffffffff82271500 w_lodata+0x46f10 r15 0xffffffff82280440 w_lodata+0x55e50 rip 0xffffffff81107618 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020cc1780 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor0) pid=299390 stat=onproc flags process=10 proc=4000000 pri=82, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff800020b92bd0,0xffffffff82300be0 process=0xffff800020bca6a8 user=0xffff800020cbc000, vmspace=0xfffffd807f00c438 estcpu=32, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 99994 83287 86245 32767 2 0x10 syz-executor0 *99994 299390 86245 32767 7 0x4000010 syz-executor0 86245 350558 36388 32767 3 0x90 nanosleep syz-executor0 36388 185219 21072 0 3 0x82 wait syz-executor0 95709 398582 19438 32767 2 0x10 syz-executor1 19438 357005 21072 0 3 0x82 wait syz-executor1 80344 161238 0 0 3 0x14200 bored sosplice 21072 174490 18476 0 3 0x82 kqread syz-fuzzer 21072 114699 18476 0 3 0x4000082 nanosleep syz-fuzzer 21072 110114 18476 0 3 0x4000082 thrsleep syz-fuzzer 21072 168201 18476 0 7 0x4000002 syz-fuzzer 21072 71586 18476 0 3 0x4000082 thrsleep syz-fuzzer 21072 104581 18476 0 3 0x4000082 thrsleep syz-fuzzer 21072 170086 18476 0 3 0x4000082 thrsleep syz-fuzzer 21072 270031 18476 0 3 0x4000082 thrsleep syz-fuzzer 21072 447823 18476 0 3 0x4000082 thrsleep syz-fuzzer 21072 244956 18476 0 3 0x4000082 thrsleep syz-fuzzer 21072 346758 18476 0 3 0x4000082 thrsleep syz-fuzzer 21072 408106 18476 0 3 0x4000082 thrsleep syz-fuzzer 18476 93824 10419 0 3 0x10008a pause ksh 10419 54828 90364 0 3 0x92 select sshd 64999 105182 1 0 3 0x100083 ttyin getty 90364 283576 1 0 3 0x80 select sshd 47281 449708 17105 73 2 0x100090 syslogd 17105 320476 1 0 3 0x100082 netio syslogd 98206 125825 1 77 3 0x100090 poll dhclient 11090 235237 1 0 3 0x80 poll dhclient 17202 333990 0 0 2 0x14200 zerothread 15361 410295 0 0 3 0x14200 aiodoned aiodoned 18397 236162 0 0 3 0x14200 syncer update 11925 258143 0 0 3 0x14200 cleaner cleaner 53857 470740 0 0 3 0x14200 reaper reaper 61440 316168 0 0 3 0x14200 pgdaemon pagedaemon 19012 151363 0 0 3 0x14200 bored crynlk 32246 139453 0 0 3 0x14200 bored crypto 45858 306309 0 0 3 0x40014200 acpi0 acpi0 82802 219214 0 0 3 0x40014200 idle1 59942 324266 0 0 3 0x14200 bored softnet 31405 79766 0 0 3 0x14200 bored systqmp 33292 268651 0 0 3 0x14200 bored systq 11002 203636 0 0 3 0x40014200 bored softclock 24726 506731 0 0 3 0x40014200 idle0 1 393094 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper