login: lock order reversal: 1st 0xfffffd806d614f80 inode (&ip->i_lock) @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547 2nd 0xfffffd807f7c67f8 fdlock (&newfdp->fd_fd.fd_lock) @ /syzkaller/managers/multicore/kernel/sys/kern/vfs_syscalls.c:1113 lock order "&newfdp->fd_fd.fd_lock"(rwlock) -> "&ip->i_lock"(rrwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 _rrw_enter+0x5c #3 VOP_LOCK+0x55 #4 vn_closefile+0x11e #5 fdrop+0xdf #6 closef+0x128 #7 finishdup+0x2cc #8 dodup3+0x5da #9 syscall+0x5a0 #10 Xsyscall+0x128 lock order "&ip->i_lock"(rrwlock) -> "&newfdp->fd_fd.fd_lock"(rwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter_write+0x6b #2 doopenat+0x679 #3 syscall+0x5a0 #4 Xsyscall+0x128 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 witness_checkorder(79db3275ff2465d5,ffffffff81ee4b9d,459,0,fffffd807f7c67f8) at witness_checkorder+0x12f9 witness_debugger sys/kern/subr_witness.c:2543 [inline] witness_checkorder(79db3275ff2465d5,ffffffff81ee4b9d,459,0,fffffd807f7c67f8) at witness_checkorder+0x12f9 sys/kern/subr_witness.c:1089 _rw_enter_write(0,1,1) at _rw_enter_write+0x6b sys/kern/kern_rwlock.c:118 doopenat(ae693c3f463dc669,0,ffff800020b744b8,1190e5cb7c8,0,50) at doopenat+0x679 sys/kern/vfs_syscalls.c:1114 syscall(caf084539f826dba) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(caf084539f826dba) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,1165bf9e0c8,0,1165bf9e0a8,1165bf9e0a0) at Xsyscall+0x128 end of kernel end trace frame: 0x1190e5cb800, count: -6 ddb{0}> show registers rdi 0x3 rsi 0xffffffff821dad78 __sancov_gen_cov_switch_values.125+0x28rbp 0xffff800020c17b00 rbx 0x3 rdx 0x8b rcx 0x3 rax 0 r8 0xffffffff81e8d9bf witness_checkorder+0x12cf r9 0x5 r10 0x51d18c2bd52e6884 r11 0x5ccd9507b4682770 r12 0xfffffd80025d8570 r13 0xffffffff81f25008 apollo_pio_rec+0x161 r14 0xffffffff822ca450 w_lodata+0x51830 r15 0xffffffff822cdec0 w_lodata+0x552a0 rip 0xffffffff8171e6c8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c17af0 ss 0 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor1946) pid=190813 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff800020b74260,0xffff800020b752d8 process=0xffff800020bcb710 user=0xffff800020c12000, vmspace=0xfffffd806e921b48 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 47543 9107 98686 0 2 0 syz-executor1946 47543 358443 98686 0 7 0x4000000 syz-executor1946 91694 252564 6151 0 2 0 syz-executor1946 *91694 190813 6151 0 7 0x4000000 syz-executor1946 91694 409568 6151 0 2 0x4000000 syz-executor1946 98686 88220 24258 0 3 0x80 nanosleep syz-executor1946 6151 277969 24258 0 3 0x80 nanosleep syz-executor1946 24258 94023 48006 0 3 0x82 nanosleep syz-executor1946 48006 180577 11174 0 3 0x10008a pause ksh 11174 132453 50816 0 3 0x92 select sshd 55781 272133 1 0 3 0x100083 ttyin getty 50816 169381 1 0 3 0x80 select sshd 44756 465893 69120 73 2 0x100090 syslogd 69120 508776 1 0 3 0x100082 netio syslogd 86756 63979 1 77 3 0x100090 poll dhclient 36293 324585 1 0 3 0x80 poll dhclient 59764 425633 0 0 2 0x14200 zerothread 28593 348272 0 0 3 0x14200 aiodoned aiodoned 52471 305557 0 0 3 0x14200 syncer update 60144 412117 0 0 3 0x14200 cleaner cleaner 4133 92384 0 0 3 0x14200 reaper reaper 82005 17799 0 0 3 0x14200 pgdaemon pagedaemon 61041 458604 0 0 3 0x14200 bored crynlk 98719 277870 0 0 3 0x14200 bored crypto 46537 56770 0 0 3 0x40014200 acpi0 acpi0 98249 504127 0 0 3 0x40014200 idle1 96670 508805 0 0 3 0x14200 bored softnet 96927 55003 0 0 3 0x14200 bored systqmp 45333 356745 0 0 3 0x14200 bored systq 21283 43065 0 0 3 0x40014200 bored softclock 83456 368178 0 0 3 0x40014200 idle0 1 38763 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}>