1st 0xfffffd807f00c018 vmmaplk (&map->lock) @ /syzkaller/managers/setuid/kernel/sys/uvm/uvm_fault.c:1442 2nd 0xfffffd806cf535f0 inode (&ip->i_lock) @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 lock order "&ip->i_lock"(rrwlock) -> "&map->lock"(rwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 vm_map_lock_ln+0x14e #3 uvm_map+0x2e2 #4 km_alloc+0x19a #5 pool_multi_alloc_ni+0xe4 #6 pool_p_alloc+0x70 #7 pool_do_get+0x127 #8 pool_get+0x104 #9 ufsdirhash_build+0x40b #10 ufs_lookup+0x2a5 #11 VOP_LOOKUP+0x63 #12 vfs_lookup+0x552 #13 namei+0x4af #14 start_init+0xd6 lock order "&map->lock"(rwlock) -> "&ip->i_lock"(rrwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 _rrw_enter+0x5c #3 VOP_LOCK+0x55 #4 vn_lock+0x6e #5 uvn_io+0x2ca #6 uvn_get+0x206 #7 uvm_fault+0x12c1 #8 uvm_fault_wire+0x70 #9 uvm_map_pageable_wire+0x2fd #10 sys_mlockall+0x69 #11 syscall+0x5a0 #12 Xsyscall+0x128 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 witness_checkorder(4bee33b43a280ac1,81,fffffd806cf535e0,fffffd806cf535e0,0) at witness_checkorder+0x12f9 witness_debugger sys/kern/subr_witness.c:2543 [inline] witness_checkorder(4bee33b43a280ac1,81,fffffd806cf535e0,fffffd806cf535e0,0) at witness_checkorder+0x12f9 sys/kern/subr_witness.c:1089 _rw_enter(a5fcb3e1cf80990e,60b,fffffd806cf535e0,ffffffff81edebdf) at _rw_enter+0xbf _rrw_enter(a4bc7aeb3a2a3dd9,fffffd806fa94d50,ffffffff8139fd50,0) at _rrw_enter+0x5c sys/kern/kern_rwlock.c:410 VOP_LOCK(7d388f0a79a25283,fffffd806fa94d50) at VOP_LOCK+0x55 sys/kern/vfs_vops.c:598 vn_lock(f4e473cf682128d8,7000) at vn_lock+0x6e sys/kern/vfs_vnops.c:549 uvn_io(3994ffffb40a661d,0,0,fffffd807b4b40e0,6000) at uvn_io+0x2ca sys/uvm/uvm_vnode.c:1188 uvn_get(e0af148124d0fae9,ffffffff8146c190,fffffd807b4b40e0,fffffd806b7bcd70,6000,3) at uvn_get+0x206 sys/uvm/uvm_vnode.c:1048 uvm_fault(3994ffffb4fe924b,1b31020000,ffffffffffffa000,3) at uvm_fault+0x12c1 sys/uvm/uvm_fault.c:1023 uvm_fault_wire(7349d182b388de23,3,1b31020000,fffffd806b7bcd70) at uvm_fault_wire+0x70 sys/uvm/uvm_fault.c:1293 uvm_map_pageable_wire(7d388f0a798b9714,3,ffff800020b92270,234eb3d6b98,2,10f0) at uvm_map_pageable_wire+0x2fd sys/uvm/uvm_map.c:2258 sys_mlockall(6a2e1f90f884e35a,10,ffff800020b92270) at sys_mlockall+0x69 sys/uvm/uvm_mmap.c:801 syscall(6594b84118f65b48) at syscall+0x5a0 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(6594b84118f65b48) at syscall+0x5a0 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,0,ffffffffffffffa2,0,1,231fe532010) at Xsyscall+0x128 end of kernel end trace frame: 0x234eb3d6c20, count: -14 ddb{0}> show registers rdi 0x3 rsi 0x3ffff acpi_pdirpa+0x2be67 rbp 0xffff800020c9cdd0 rbx 0x3 rdx 0x40000 acpi_pdirpa+0x2be68 rcx 0xffff800002b4b000 rax 0xffff800001946840 r8 0xffffffff817c727f witness_checkorder+0x12cf r9 0x5 r10 0x9a6b47be991c2a7c r11 0x214707713b5813e9 r12 0xfffffd80025cdc30 r13 0xffffffff81ebbd52 cmd0646_9_tim_udma+0xc96d r14 0xffffffff8227a350 w_lodata+0x4fd60 r15 0xffffffff82280440 w_lodata+0x55e50 rip 0xffffffff81107618 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c9cdc0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor1) pid=426747 stat=onproc flags process=10 proc=4000000 pri=64, usrpri=64, nice=20 forw=0xffffffffffffffff, list=0xffff800020b92018,0xffff800020b92be0 process=0xffff800020b94010 user=0xffff800020c98000, vmspace=0xfffffd807f00c000 estcpu=14, cpticks=5, pctcpu=0.0 user=0, sys=5, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 85028 50069 79514 32767 2 0x10 syz-executor1 *85028 426747 79514 32767 7 0x4000010 syz-executor1 85028 83685 79514 32767 3 0x4000090 fsleep syz-executor1 19530 371172 50934 32767 2 0x10 syz-executor0 19530 522279 50934 32767 3 0x4000090 msgwait syz-executor0 19530 229622 50934 32767 3 0x4000090 msgwait syz-executor0 17419 134807 0 0 3 0x14200 bored sosplice 79514 521779 93380 32767 7 0x490 syz-executor1 50934 240902 18955 32767 2 0x490 syz-executor0 93380 153188 92936 0 3 0x82 wait syz-executor1 18955 107161 92936 0 3 0x82 wait syz-executor0 92936 179398 14294 0 3 0x82 thrsleep syz-fuzzer 92936 402408 14294 0 3 0x4000082 thrsleep syz-fuzzer 92936 260375 14294 0 3 0x4000082 thrsleep syz-fuzzer 92936 266584 14294 0 3 0x4000082 thrsleep syz-fuzzer 92936 250069 14294 0 3 0x4000082 kqread syz-fuzzer 92936 392752 14294 0 3 0x4000082 thrsleep syz-fuzzer 92936 448431 14294 0 3 0x4000082 thrsleep syz-fuzzer 92936 183506 14294 0 3 0x4000082 thrsleep syz-fuzzer 92936 440196 14294 0 3 0x4000082 thrsleep syz-fuzzer 92936 132214 14294 0 3 0x4000082 thrsleep syz-fuzzer 14294 420724 95056 0 3 0x10008a pause ksh 95056 216674 45734 0 3 0x92 select sshd 26748 482298 1 0 3 0x100083 ttyin getty 45734 428687 1 0 3 0x80 select sshd 69793 379079 18483 73 2 0x100090 syslogd 18483 478746 1 0 3 0x100082 netio syslogd 17270 123746 1 77 3 0x100090 poll dhclient 79754 343305 1 0 3 0x80 poll dhclient 81049 245153 0 0 2 0x14200 zerothread 1678 459168 0 0 3 0x14200 aiodoned aiodoned 30197 137093 0 0 3 0x14200 syncer update 20918 96299 0 0 3 0x14200 cleaner cleaner 63328 505532 0 0 3 0x14200 reaper reaper 60486 349223 0 0 3 0x14200 pgdaemon pagedaemon 79045 213686 0 0 3 0x14200 bored crynlk 67195 309654 0 0 3 0x14200 bored crypto 20921 235126 0 0 3 0x40014200 acpi0 acpi0 75979 309676 0 0 3 0x40014200 idle1 59739 417825 0 0 3 0x14200 bored softnet 82355 385433 0 0 3 0x14200 bored systqmp 77336 367130 0 0 3 0x14200 bored systq 15665 523532 0 0 2 0x40014200 softclock 51967 358710 0 0 3 0x40014200 idle0 1 138526 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper