1st 0xfffffd807f00d9f0 vmmaplk (&map->lock) @ /syzkaller/managers/multicore/kernel/sys/uvm/uvm_fault.c:1442 2nd 0xfffffd80788225f8 inode (&ip->i_lock) @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547 lock order "&ip->i_lock"(rrwlock) -> "&map->lock"(rwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 vm_map_lock_ln+0x14e #3 uvm_map+0x2e2 #4 km_alloc+0x19a #5 pool_multi_alloc_ni+0xe4 #6 pool_p_alloc+0x70 #7 pool_do_get+0x127 #8 pool_get+0x104 #9 ufsdirhash_build+0x40b #10 ufs_lookup+0x2a5 #11 VOP_LOOKUP+0x63 #12 vfs_lookup+0x552 #13 namei+0x4af #14 start_init+0xd6 lock order "&map->lock"(rwlock) -> "&ip->i_lock"(rrwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 _rrw_enter+0x5c #3 VOP_LOCK+0x55 #4 vn_lock+0x6e #5 uvn_io+0x2ca #6 uvn_get+0x206 #7 uvm_fault+0x12c1 #8 uvm_fault_wire+0x70 #9 uvm_map_pageable_wire+0x2fd #10 sys_mlock+0x187 #11 syscall+0x5a0 #12 Xsyscall+0x128 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 witness_checkorder(d0cd595249f5ec6d,81,fffffd80788225e8,fffffd80788225e8,0) at witness_checkorder+0x12f9 witness_debugger sys/kern/subr_witness.c:2543 [inline] witness_checkorder(d0cd595249f5ec6d,81,fffffd80788225e8,fffffd80788225e8,0) at witness_checkorder+0x12f9 sys/kern/subr_witness.c:1089 _rw_enter(13af60fd06804cc1,60b,fffffd80788225e8,ffffffff81ed388a) at _rw_enter+0xbf _rrw_enter(aab26785309197d8,fffffd8007d96180,ffffffff8164e290,0) at _rrw_enter+0x5c sys/kern/kern_rwlock.c:410 VOP_LOCK(48d9f5a6421e24c2,fffffd8007d96180) at VOP_LOCK+0x55 sys/kern/vfs_vops.c:598 vn_lock(d018c82ae82cb926,1000) at vn_lock+0x6e sys/kern/vfs_vnops.c:549 uvn_io(761a70e4efb22753,0,0,fffffd807a9c10f0,0) at uvn_io+0x2ca sys/uvm/uvm_vnode.c:1188 uvn_get(d0cd595249ab0843,ffffffff81c275a0,fffffd807a9c10f0,fffffd806bd80198,0,1) at uvn_get+0x206 sys/uvm/uvm_vnode.c:1048 uvm_fault(36888da25fc9f36d,20010000,0,3) at uvm_fault+0x12c1 sys/uvm/uvm_fault.c:1023 uvm_fault_wire(1cd3547a1a00c3d8,3,20010000,fffffd806bd80198) at uvm_fault_wire+0x70 sys/uvm/uvm_fault.c:1293 uvm_map_pageable_wire(84af1f7a664118a3,20801000,20001000,800000,fffffd807f00d9d8,800000) at uvm_map_pageable_wire+0x2fd sys/uvm/uvm_map.c:2258 sys_mlock(58410954b29f354c,0,ffff800020bba978) at sys_mlock+0x187 sys/uvm/uvm_mmap.c:740 syscall(761a70e4ef9a21c1) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(761a70e4ef9a21c1) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffa1,0,2,9b40510e010) at Xsyscall+0x128 end of kernel end trace frame: 0x9b6a81c2cb0, count: -14 ddb{0}> show registers rdi 0x3 rsi 0x3ffff acpi_pdirpa+0x2be67 rbp 0xffff800020c752a0 rbx 0x3 rdx 0x40000 acpi_pdirpa+0x2be68 rcx 0xffff800000947000 rax 0xffff800000941ec0 r8 0xffffffff81d74cdf witness_checkorder+0x12cf r9 0x5 r10 0x11d744dc0be64b2a r11 0x9e11d87a1e194f17 r12 0xfffffd80025ccc30 r13 0xffffffff81ebb01a cmd0646_9_tim_udma+0xd31c r14 0xffffffff822b8d80 w_lodata+0x47490 r15 0xffffffff822c7740 w_lodata+0x55e50 rip 0xffffffff81a668f8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c75290 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor0) pid=156224 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020bbb9e0,0xffffffff822e46c8 process=0xffff800020b94010 user=0xffff800020c70000, vmspace=0xfffffd807f00d9d8 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 3284 140550 93549 0 2 0 syz-executor0 * 3284 156224 93549 0 7 0x4000000 syz-executor0 34409 49690 1 0 3 0x80 nanosleep init 44616 218 0 0 3 0x14200 bored sosplice 44533 73500 50507 0 3 0x2 biowait syz-executor1 93549 79385 50507 0 3 0x82 nanosleep syz-executor0 50507 235093 88405 0 3 0x82 thrsleep syz-fuzzer 50507 313592 88405 0 3 0x4000082 nanosleep syz-fuzzer 50507 190381 88405 0 3 0x4000082 thrsleep syz-fuzzer 50507 455500 88405 0 3 0x4000082 thrsleep syz-fuzzer 50507 283793 88405 0 3 0x4000082 thrsleep syz-fuzzer 50507 440360 88405 0 3 0x4000082 thrsleep syz-fuzzer 50507 338896 88405 0 3 0x4000082 thrsleep syz-fuzzer 50507 370147 88405 0 3 0x4000082 kqread syz-fuzzer 50507 177830 88405 0 3 0x4000082 thrsleep syz-fuzzer 50507 162609 88405 0 3 0x4000082 thrsleep syz-fuzzer 88405 451030 50577 0 3 0x10008a pause ksh 50577 204100 89081 0 3 0x92 select sshd 89081 173683 1 0 3 0x80 select sshd 35175 172175 35282 73 7 0x100090 syslogd 35282 165009 1 0 3 0x100082 netio syslogd 80917 118805 1 77 3 0x100090 poll dhclient 84028 232649 1 0 3 0x80 poll dhclient 98516 237839 0 0 3 0x14200 pgzero zerothread 39818 178938 0 0 3 0x14200 aiodoned aiodoned 56737 57651 0 0 3 0x14200 syncer update 21093 447986 0 0 3 0x14200 cleaner cleaner 87292 125281 0 0 3 0x14200 reaper reaper 36841 372825 0 0 3 0x14200 pgdaemon pagedaemon 81321 135042 0 0 3 0x14200 bored crynlk 10778 439965 0 0 3 0x14200 bored crypto 32045 160750 0 0 3 0x40014200 acpi0 acpi0 45523 449657 0 0 3 0x40014200 idle1 59568 245577 0 0 3 0x14200 bored softnet 36878 351163 0 0 3 0x14200 bored systqmp 4573 287185 0 0 3 0x14200 bored systq 48334 502888 0 0 3 0x40014200 bored softclock 13739 470291 0 0 3 0x40014200 idle0 1 83189 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper