lock order reversal: 1st 0xfffffd806e920728 vmmaplk (&map->lock) @ /syzkaller/managers/setuid/kernel/sys/uvm/uvm_fault.c:1442 2nd 0xfffffd806dd58d60 inode (&ip->i_lock) @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 lock order "&ip->i_lock"(rrwlock) -> "&map->lock"(rwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 vm_map_lock_ln+0x14e #3 uvm_map+0x2e2 #4 km_alloc+0x19a #5 pool_multi_alloc_ni+0xe4 #6 pool_p_alloc+0x70 #7 pool_do_get+0x127 #8 pool_get+0x104 #9 ufsdirhash_build+0x40b #10 ufs_lookup+0x2a5 #11 VOP_LOOKUP+0x63 #12 vfs_lookup+0x552 #13 namei+0x4af #14 start_init+0xd6 lock order "&map->lock"(rwlock) -> "&ip->i_lock"(rrwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 _rrw_enter+0x5c #3 VOP_LOCK+0x55 #4 vn_lock+0x6e #5 uvn_io+0x2ca #6 uvn_get+0x206 #7 uvm_fault+0x12c1 #8 uvm_fault_wire+0x70 #9 uvm_map_pageable_wire+0x2fd #10 sys_mlock+0x187 #11 syscall+0x5a0 #12 Xsyscall+0x128 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 witness_checkorder(783d89990ce68da3,81,fffffd806dd58d50,fffffd806dd58d50,0) at witness_checkorder+0x12f9 witness_debugger sys/kern/subr_witness.c:2543 [inline] witness_checkorder(783d89990ce68da3,81,fffffd806dd58d50,fffffd806dd58d50,0) at witness_checkorder+0x12f9 sys/kern/subr_witness.c:1089 _rw_enter(f9e5e3fa391ccb08,60b,fffffd806dd58d50,ffffffff81ee040a) at _rw_enter+0xbf _rrw_enter(168d5318f85792db,fffffd806dc2b3f0,ffffffff8125c1f0,0) at _rrw_enter+0x5c sys/kern/kern_rwlock.c:410 VOP_LOCK(78b6b976a3b6b5c1,fffffd806dc2b3f0) at VOP_LOCK+0x55 sys/kern/vfs_vops.c:598 vn_lock(5821da352c9d35c5,1000) at vn_lock+0x6e sys/kern/vfs_vnops.c:549 uvn_io(85cae18007ba5493,0,0,fffffd807a51d680,0) at uvn_io+0x2ca sys/uvm/uvm_vnode.c:1188 uvn_get(e4a40bb9d3e892ea,ffffffff81df4b90,fffffd807a51d680,fffffd806f1cfc80,0,1) at uvn_get+0x206 sys/uvm/uvm_vnode.c:1048 uvm_fault(cb16dea21491fcb7,2000e000,0,1) at uvm_fault+0x12c1 sys/uvm/uvm_fault.c:1023 uvm_fault_wire(8521360ee27bcf62,1,2000e000,fffffd806f1cfc80) at uvm_fault_wire+0x70 sys/uvm/uvm_fault.c:1293 uvm_map_pageable_wire(8495b2850821b61d,20801000,20001000,284f6555,fffffd806e920710,800000) at uvm_map_pageable_wire+0x2fd sys/uvm/uvm_map.c:2258 sys_mlock(d4e5009c897ac93d,2,ffff800020be4e20) at sys_mlock+0x187 sys/uvm/uvm_mmap.c:740 syscall(168d5318f8d1ca0a) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(168d5318f8d1ca0a) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,7f7fffff09d8,0,1,7f7fffff09e8) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff0970, count: -14 ddb{0}> show registers rdi 0x3 rsi 0xffffffff821a8f48 __sancov_gen_cov_switch_values.125+0x28rbp 0xffff800020bff360 rbx 0x3 rdx 0x8b rcx 0x3 rax 0 r8 0xffffffff81c2c0ff witness_checkorder+0x12cf r9 0x5 r10 0xfdbdf5c90bbb5cbe r11 0x2b1aff6308c023cd r12 0xfffffd80025cec30 r13 0xffffffff81ebdb3f cmd0646_9_tim_udma+0xa8ca r14 0xffffffff82299230 w_lodata+0x50e90 r15 0xffffffff8229e1f0 w_lodata+0x55e50 rip 0xffffffff817aed68 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020bff350 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor2481) pid=291407 stat=onproc flags process=2 proc=0 pri=50, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020be4268,0xffffffff82307ab0 process=0xffff800020bca360 user=0xffff800020bfa000, vmspace=0xfffffd806e920710 estcpu=0, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND *64758 291407 22935 0 7 0x2 syz-executor2481 22935 472110 87886 0 3 0x10008a pause ksh 87886 238231 20806 0 3 0x92 select sshd 7267 455628 1 0 3 0x100083 ttyin getty 20806 465556 1 0 3 0x80 select sshd 988 74643 36562 73 7 0x100090 syslogd 36562 191413 1 0 3 0x100082 netio syslogd 61160 35837 1 77 3 0x100090 poll dhclient 55573 68993 1 0 3 0x80 poll dhclient 36315 44829 0 0 3 0x14200 pgzero zerothread 27181 229231 0 0 3 0x14200 aiodoned aiodoned 45888 237598 0 0 3 0x14200 syncer update 1991 237630 0 0 3 0x14200 cleaner cleaner 59872 515262 0 0 3 0x14200 reaper reaper 88946 315490 0 0 3 0x14200 pgdaemon pagedaemon 64287 164955 0 0 3 0x14200 bored crynlk 45944 178539 0 0 3 0x14200 bored crypto 27440 465585 0 0 3 0x40014200 acpi0 acpi0 95886 371008 0 0 3 0x40014200 idle1 41437 353173 0 0 3 0x14200 bored softnet 95943 116970 0 0 3 0x14200 bored systqmp 21947 56787 0 0 3 0x14200 bored systq 9096 195365 0 0 3 0x40014200 bored softclock 75281 111273 0 0 3 0x40014200 idle0 1 168460 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}>