1st 0xfffffd807f00d5b8 vmmaplk (&map->lock) @ /syzkaller/managers/multicore/kernel/sys/uvm/uvm_fault.c:1442 2nd 0xfffffd806cf1fb40 inode (&ip->i_lock) @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547 lock order "&ip->i_lock"(rrwlock) -> "&map->lock"(rwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 vm_map_lock_ln+0x14e #3 uvm_map+0x2e2 #4 km_alloc+0x19a #5 pool_multi_alloc_ni+0xe4 #6 pool_p_alloc+0x70 #7 pool_do_get+0x127 #8 pool_get+0x104 #9 ufsdirhash_build+0x40b #10 ufs_lookup+0x2a5 #11 VOP_LOOKUP+0x63 #12 vfs_lookup+0x552 #13 namei+0x4af #14 start_init+0xd6 lock order "&map->lock"(rwlock) -> "&ip->i_lock"(rrwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 _rrw_enter+0x5c #3 VOP_LOCK+0x55 #4 vn_lock+0x6e #5 uvn_io+0x2ca #6 uvn_get+0x206 #7 uvm_fault+0x12c1 #8 uvm_fault_wire+0x70 #9 uvm_map_pageable_wire+0x2fd #10 sys_mlockall+0x69 #11 syscall+0x5a0 #12 Xsyscall+0x128 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic the kernel did not panic ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 witness_checkorder(55f2fc55c0a60843,81,fffffd806cf1fb30,fffffd806cf1fb30,0) at witness_checkorder+0x12f9 witness_debugger sys/kern/subr_witness.c:2543 [inline] witness_checkorder(55f2fc55c0a60843,81,fffffd806cf1fb30,fffffd806cf1fb30,0) at witness_checkorder+0x12f9 sys/kern/subr_witness.c:1089 _rw_enter(e0066a3664a57de0,60b,fffffd806cf1fb30,ffffffff81ed388a) at _rw_enter+0xbf _rrw_enter(54ea4f364d495c13,fffffd806dc3aaf8,ffffffff8164e290,0) at _rrw_enter+0x5c sys/kern/kern_rwlock.c:410 VOP_LOCK(d1bbf8efc1422944,fffffd806dc3aaf8) at VOP_LOCK+0x55 sys/kern/vfs_vops.c:598 vn_lock(4800a20d045d34e2,9000) at vn_lock+0x6e sys/kern/vfs_vnops.c:549 uvn_io(1ca19fb9b0a9ae9b,0,0,fffffd807aea7248,8000) at uvn_io+0x2ca sys/uvm/uvm_vnode.c:1188 uvn_get(55f2fc55c0f8ec6d,ffffffff81c275a0,fffffd807aea7248,fffffd806aee03a8,8000,3) at uvn_get+0x206 sys/uvm/uvm_vnode.c:1048 uvm_fault(e69811f04e779dfd,1b2f220000,ffffffffffff8000,3) at uvm_fault+0x12c1 sys/uvm/uvm_fault.c:1023 uvm_fault_wire(16ef4192f831099c,3,1b2f220000,fffffd806aee03a8) at uvm_fault_wire+0x70 sys/uvm/uvm_fault.c:1293 uvm_map_pageable_wire(f179ca9d3ac3ada7,3,ffff800020b92978,39351404eb8,2,10f0) at uvm_map_pageable_wire+0x2fd sys/uvm/uvm_map.c:2258 sys_mlockall(6f98095100949796,0,ffff800020b92978) at sys_mlockall+0x69 sys/uvm/uvm_mmap.c:801 syscall(1ca19fb9b081a809) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(1ca19fb9b081a809) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffa2,0,1,390c9684010) at Xsyscall+0x128 end of kernel end trace frame: 0x39351404f40, count: -14 ddb{1}> show registers rdi 0x3 rsi 0x3ffff acpi_pdirpa+0x2be67 rbp 0xffff800020c81150 rbx 0x3 rdx 0x40000 acpi_pdirpa+0x2be68 rcx 0xffff800002b49000 rax 0xffff800001947940 r8 0xffffffff81d74cdf witness_checkorder+0x12cf r9 0x5 r10 0xbb1604d76c393e88 r11 0xb2c9aee191899c81 r12 0xfffffd80025ccc30 r13 0xffffffff81ebb01a cmd0646_9_tim_udma+0xd31c r14 0xffffffff822bc480 w_lodata+0x4ab90 r15 0xffffffff822c75e0 w_lodata+0x55cf0 rip 0xffffffff81a668f8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c81140 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor1) pid=509778 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020b92e28,0xffffffff822e46c8 process=0xffff800020b94d30 user=0xffff800020c7c000, vmspace=0xfffffd807f00d5a0 estcpu=36, cpticks=8, pctcpu=0.0 user=0, sys=5, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 34424 327531 44326 0 7 0 syz-executor1 *34424 509778 44326 0 7 0x4000000 syz-executor1 77904 358803 1 0 3 0x100083 ttyin getty 323 313840 0 0 3 0x14200 bored sosplice 44326 106403 33040 0 3 0x82 nanosleep syz-executor1 36119 338857 33040 0 3 0x2 biowait syz-executor0 33040 386660 19691 0 3 0x82 thrsleep syz-fuzzer 33040 431363 19691 0 3 0x4000082 nanosleep syz-fuzzer 33040 434237 19691 0 3 0x4000082 thrsleep syz-fuzzer 33040 160929 19691 0 3 0x4000082 thrsleep syz-fuzzer 33040 38481 19691 0 3 0x4000082 thrsleep syz-fuzzer 33040 465910 19691 0 3 0x4000082 thrsleep syz-fuzzer 33040 510890 19691 0 3 0x4000082 thrsleep syz-fuzzer 33040 318971 19691 0 3 0x4000082 thrsleep syz-fuzzer 33040 515926 19691 0 3 0x4000082 kqread syz-fuzzer 33040 179320 19691 0 3 0x4000082 thrsleep syz-fuzzer 19691 390088 26768 0 3 0x10008a pause ksh 26768 259757 81805 0 3 0x92 select sshd 81805 56154 1 0 3 0x80 select sshd 76914 53594 75050 73 2 0x100090 syslogd 75050 83481 1 0 3 0x100082 netio syslogd 5104 34880 1 77 3 0x100090 poll dhclient 92260 446990 1 0 3 0x80 poll dhclient 50395 396531 0 0 2 0x14200 zerothread 89118 20345 0 0 3 0x14200 aiodoned aiodoned 12767 113786 0 0 3 0x14200 syncer update 54697 273971 0 0 3 0x14200 cleaner cleaner 18842 267058 0 0 3 0x14200 reaper reaper 51383 43498 0 0 3 0x14200 pgdaemon pagedaemon 54446 112058 0 0 3 0x14200 bored crynlk 20637 34764 0 0 3 0x14200 bored crypto 50250 442090 0 0 3 0x40014200 acpi0 acpi0 41749 62721 0 0 3 0x40014200 idle1 34969 354809 0 0 3 0x14200 bored softnet 20831 56006 0 0 3 0x14200 bored systqmp 38569 14243 0 0 3 0x14200 bored systq 20512 204120 0 0 3 0x40014200 bored softclock 6671 316101 0 0 3 0x40014200 idle0 1 398961 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper