Warning: Permanently added '10.128.0.232' (ECDSA) to the list of known hosts. 2019/01/23 23:07:41 fuzzer started 2019/01/23 23:07:46 dialing manager at 10.128.15.235:45991 2019/01/23 23:07:46 syscalls: 1 2019/01/23 23:07:46 code coverage: enabled 2019/01/23 23:07:46 comparison tracing: enabled 2019/01/23 23:07:46 extra coverage: support is not implemented in syzkaller 2019/01/23 23:07:46 setuid sandbox: enabled 2019/01/23 23:07:46 namespace sandbox: support is not implemented in syzkaller 2019/01/23 23:07:46 Android sandbox: support is not implemented in syzkaller 2019/01/23 23:07:46 fault injection: support is not implemented in syzkaller 2019/01/23 23:07:46 leak checking: support is not implemented in syzkaller 2019/01/23 23:07:46 net packet injection: enabled 2019/01/23 23:07:46 net device setup: support is not implemented in syzkaller 23:07:48 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt(r0, 0x6, 0x2, 0x0, 0x0) 23:07:48 executing program 1: r0 = socket$inet6(0x18, 0x1, 0x0) getsockopt$sock_int(r0, 0xffff, 0x10, 0x0, 0x0) ioctl$TIOCDRAIN(0xffffffffffffffff, 0x2000745e) 23:07:48 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt(r0, 0x6, 0x2, 0x0, 0x0) 23:07:48 executing program 1: r0 = socket$inet6(0x18, 0x1, 0x0) getsockopt$sock_int(r0, 0xffff, 0x10, 0x0, 0x0) ioctl$TIOCDRAIN(0xffffffffffffffff, 0x2000745e) 23:07:48 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt(r0, 0x6, 0x2, 0x0, 0x0) 23:07:48 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt(r0, 0x6, 0x2, 0x0, 0x0) 23:07:48 executing program 1: r0 = socket$inet6(0x18, 0x1, 0x0) getsockopt$sock_int(r0, 0xffff, 0x10, 0x0, 0x0) ioctl$TIOCDRAIN(0xffffffffffffffff, 0x2000745e) 23:07:48 executing program 1: r0 = socket$inet6(0x18, 0x1, 0x0) getsockopt$sock_int(r0, 0xffff, 0x10, 0x0, 0x0) ioctl$TIOCDRAIN(0xffffffffffffffff, 0x2000745e) 23:07:48 executing program 0: r0 = syz_open_pts() ioctl$TIOCSETAF(r0, 0x802c7416, &(0x7f0000000080)={0x0, 0x0, 0x90d2, 0x0, "d730c1e7bb6fc6e23c5b00000000000000e74de4"}) write(r0, &(0x7f0000000180)="582720efabd16ebae63225259560f8e5815f73f2a044fd33055552fbd5e41789632dfc94ff334a5619515a4c8ab06198824b3da025bbd47b3bf579456fc7d4096e8c8b6b87cb2d72b8bcdb9ad8a4f5f728193ef16ab93f12fc4d5f16b136a5d00d1628b53a", 0x65) write(r0, &(0x7f0000000200)="3e2a7913e4bad21c714f4dd36a27e5e27b75f3da216d675d473551c0c01b3dfaf91739ee6cfd0f85000000e552aaeefeaff0f2c85e2831c61ad4c9011f7800003c1fe9002049fa9da398bcd62b103434820abc4bcabba3444002007e14295fbaabbbafe214dea79d9917dd1d95e8f6b9d378ee4ef8f0c9ea73906e5afdc27b8c9831351d74122ab9bd510eb00bb2c4c7a18e6ba459df1eb4e812ee5df9a2905dbf2e4c142155b9567c3f82ffb82f432b1ed61bbb3d3d42c66ca3f8b0685dd54c4bb6d00192b39d68c0a6af994d360698b653f5b90b8493deaa52a3f4383eaf2febeea1c9c277d6b575d271a35e722ab4d35e464607572836b20d3774ed4b8eed5d4012d8d13f7936685f4dc73925ff9cf70e9afc6b2261ab1d91cf1309", 0x11d) r1 = syz_open_pts() close(r0) dup(r1) r2 = syz_open_pts() ioctl$TIOCSETA(r2, 0x802c7414, &(0x7f0000000000)={0x0, 0x1, 0x5, 0xffffffff, "f775940b1463b056ec09253642cf6dde3d658865"}) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/45, 0x2d}], 0x1) 23:07:48 executing program 1: r0 = socket(0x18, 0x2, 0x0) setsockopt(r0, 0x29, 0x3b, &(0x7f0000000000), 0x4e) 23:07:48 executing program 1: r0 = socket(0x18, 0x2, 0x0) setsockopt(r0, 0x29, 0x3b, &(0x7f0000000000), 0x4e) 23:07:48 executing program 0: r0 = syz_open_pts() ioctl$TIOCSETAF(r0, 0x802c7416, &(0x7f0000000080)={0x0, 0x0, 0x90d2, 0x0, "d730c1e7bb6fc6e23c5b00000000000000e74de4"}) write(r0, &(0x7f0000000180)="582720efabd16ebae63225259560f8e5815f73f2a044fd33055552fbd5e41789632dfc94ff334a5619515a4c8ab06198824b3da025bbd47b3bf579456fc7d4096e8c8b6b87cb2d72b8bcdb9ad8a4f5f728193ef16ab93f12fc4d5f16b136a5d00d1628b53a", 0x65) write(r0, &(0x7f0000000200)="3e2a7913e4bad21c714f4dd36a27e5e27b75f3da216d675d473551c0c01b3dfaf91739ee6cfd0f85000000e552aaeefeaff0f2c85e2831c61ad4c9011f7800003c1fe9002049fa9da398bcd62b103434820abc4bcabba3444002007e14295fbaabbbafe214dea79d9917dd1d95e8f6b9d378ee4ef8f0c9ea73906e5afdc27b8c9831351d74122ab9bd510eb00bb2c4c7a18e6ba459df1eb4e812ee5df9a2905dbf2e4c142155b9567c3f82ffb82f432b1ed61bbb3d3d42c66ca3f8b0685dd54c4bb6d00192b39d68c0a6af994d360698b653f5b90b8493deaa52a3f4383eaf2febeea1c9c277d6b575d271a35e722ab4d35e464607572836b20d3774ed4b8eed5d4012d8d13f7936685f4dc73925ff9cf70e9afc6b2261ab1d91cf1309", 0x11d) r1 = syz_open_pts() close(r0) dup(r1) r2 = syz_open_pts() ioctl$TIOCSETA(r2, 0x802c7414, &(0x7f0000000000)={0x0, 0x1, 0x5, 0xffffffff, "f775940b1463b056ec09253642cf6dde3d658865"}) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/45, 0x2d}], 0x1) 23:07:48 executing program 1: r0 = socket(0x18, 0x2, 0x0) setsockopt(r0, 0x29, 0x3b, &(0x7f0000000000), 0x4e) 23:07:48 executing program 1: r0 = socket(0x18, 0x2, 0x0) setsockopt(r0, 0x29, 0x3b, &(0x7f0000000000), 0x4e) 23:07:48 executing program 1: r0 = open$dir(&(0x7f0000001240)='./file0\x00', 0x40000400000002c2, 0x0) mlockall(0x3) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x2010, r0, 0x0, 0x0) pwritev(r0, &(0x7f0000000200)=[{&(0x7f0000000040)='B', 0x1}], 0x1, 0x0) mprotect(&(0x7f0000ff7000/0x9000)=nil, 0x9000, 0x1) 23:07:48 executing program 0: r0 = syz_open_pts() ioctl$TIOCSETAF(r0, 0x802c7416, &(0x7f0000000080)={0x0, 0x0, 0x90d2, 0x0, "d730c1e7bb6fc6e23c5b00000000000000e74de4"}) write(r0, &(0x7f0000000180)="582720efabd16ebae63225259560f8e5815f73f2a044fd33055552fbd5e41789632dfc94ff334a5619515a4c8ab06198824b3da025bbd47b3bf579456fc7d4096e8c8b6b87cb2d72b8bcdb9ad8a4f5f728193ef16ab93f12fc4d5f16b136a5d00d1628b53a", 0x65) write(r0, &(0x7f0000000200)="3e2a7913e4bad21c714f4dd36a27e5e27b75f3da216d675d473551c0c01b3dfaf91739ee6cfd0f85000000e552aaeefeaff0f2c85e2831c61ad4c9011f7800003c1fe9002049fa9da398bcd62b103434820abc4bcabba3444002007e14295fbaabbbafe214dea79d9917dd1d95e8f6b9d378ee4ef8f0c9ea73906e5afdc27b8c9831351d74122ab9bd510eb00bb2c4c7a18e6ba459df1eb4e812ee5df9a2905dbf2e4c142155b9567c3f82ffb82f432b1ed61bbb3d3d42c66ca3f8b0685dd54c4bb6d00192b39d68c0a6af994d360698b653f5b90b8493deaa52a3f4383eaf2febeea1c9c277d6b575d271a35e722ab4d35e464607572836b20d3774ed4b8eed5d4012d8d13f7936685f4dc73925ff9cf70e9afc6b2261ab1d91cf1309", 0x11d) r1 = syz_open_pts() close(r0) dup(r1) r2 = syz_open_pts() ioctl$TIOCSETA(r2, 0x802c7414, &(0x7f0000000000)={0x0, 0x1, 0x5, 0xffffffff, "f775940b1463b056ec09253642cf6dde3d658865"}) readv(r2, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/45, 0x2d}], 0x1) lock order reversal: 1st 0xfffffd807f00c888 vmmaplk (&map->lock) @ /syzkaller/managers/setuid/kernel/sys/uvm/uvm_fault.c:1442 2nd 0xfffffd8069d340a8 inode (&ip->i_lock) @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547 lock order "&ip->i_lock"(rrwlock) -> "&map->lock"(rwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 vm_map_lock_ln+0x14e #3 uvm_map+0x2e2 #4 km_alloc+0x19a #5 pool_multi_alloc_ni+0xe4 #6 pool_p_alloc+0x70 #7 pool_do_get+0x127 #8 pool_get+0x104 #9 ufsdirhash_build+0x40b #10 ufs_lookup+0x2a5 #11 VOP_LOOKUP+0x63 #12 vfs_lookup+0x552 #13 namei+0x4af #14 start_init+0xd6 lock order "&map->lock"(rwlock) -> "&ip->i_lock"(rrwlock) first seen at: #0 witness_checkorder+0x6d8 #1 _rw_enter+0xbf #2 _rrw_enter+0x5c #3 VOP_LOCK+0x55 #4 vn_lock+0x6e #5 uvn_io+0x2ca #6 uvn_get+0x206 #7 uvm_fault+0x12c1 #8 uvm_fault_wire+0x70 #9 uvm_map_pageable_wire+0x2fd #10 uvm_map_protect+0x610 #11 syscall+0x5a0 #12 Xsyscall+0x128 Stopped at db_enter+0x18: addq $0x8,%rsp ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic the kernel did not panic ddb{0}> trace db_enter() at db_enter+0x18 witness_checkorder(1490464373ba10d7,81,fffffd8069d34098,fffffd8069d34098,0) at witness_checkorder+0x12f9 _rw_enter(76aff5d8a9d4cbfc,60b,fffffd8069d34098,ffffffff81edebdf) at _rw_enter+0xbf _rrw_enter(e88967071590e681,fffffd807ae53b18,ffffffff8139fd50,0) at _rrw_enter+0x5c VOP_LOCK(377ec59536d028f6,fffffd807ae53b18) at VOP_LOCK+0x55 vn_lock(bd210356be97a4f4,1000) at vn_lock+0x6e uvn_io(490e631807c001a4,0,0,fffffd806770e520,0) at uvn_io+0x2ca uvn_get(43f7f608e534977f,ffffffff8146c190,fffffd806770e520,fffffd806cc645e8,0,1) at uvn_get+0x206 uvm_fault(490e63180734f5f2,20ffd000,0,1) at uvm_fault+0x12c1 uvm_fault_wire(2367fc82f5314d7c,1,20ffd000,fffffd806cc645e8) at uvm_fault_wire+0x70 uvm_map_pageable_wire(377ec59536a06fc8,fffffd806cc645e8,21000000,20ff7000,0,4) at uvm_map_pageable_wire+0x2fd uvm_map_protect(3f1780f5ec0cdc1d,10,ffff800020b93080,ba8cbbc0128,0) at uvm_map_protect+0x610 syscall(251db8bc69b1ae29) at syscall+0x5a0 Xsyscall(6,0,ffffffffffffffa4,0,3,ba6b763d010) at Xsyscall+0x128 end of kernel end trace frame: 0xba8cbbc01b0, count: -14 ddb{0}> show registers rdi 0x3 rsi 0x3ffff acpi_pdirpa+0x2be67 rbp 0xffff800020c730f0 rbx 0x3 rdx 0x40000 acpi_pdirpa+0x2be68 rcx 0xffff800002b4b000 rax 0xffff800001b46800 r8 0xffffffff817c727f witness_checkorder+0x12cf r9 0x5 r10 0xdae24743e85bdf1d r11 0x21854a39072565d2 r12 0xfffffd80025cdc30 r13 0xffffffff81ebbd52 cmd0646_9_tim_udma+0xc96d r14 0xffffffff8227b8a0 w_lodata+0x512b0 r15 0xffffffff82280440 w_lodata+0x55e50 rip 0xffffffff81107618 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020c730e0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor1) pid=468597 stat=onproc flags process=10 proc=4000000 pri=53, usrpri=53, nice=20 forw=0xffffffffffffffff, list=0xffff800020b92270,0xffff800020b92028 process=0xffff800020b95a50 user=0xffff800020c6e000, vmspace=0xfffffd807f00c870 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 98084 11263 18833 32767 2 0x10 syz-executor0 98084 449315 18833 32767 3 0x4000090 ttyout syz-executor0 5969 380653 28515 32767 2 0x10 syz-executor1 * 5969 468597 28515 32767 7 0x4000010 syz-executor1 28515 51716 27477 32767 3 0x90 nanosleep syz-executor1 27477 7186 99447 0 3 0x82 wait syz-executor1 18833 144485 50597 32767 3 0x90 nanosleep syz-executor0 50597 454487 99447 0 3 0x82 wait syz-executor0 99447 170345 82419 0 3 0x82 kqread syz-fuzzer 99447 56249 82419 0 3 0x4000082 nanosleep syz-fuzzer 99447 467499 82419 0 3 0x4000082 thrsleep syz-fuzzer 99447 520273 82419 0 3 0x4000082 thrsleep syz-fuzzer 99447 126257 82419 0 3 0x4000082 thrsleep syz-fuzzer 99447 226673 82419 0 3 0x4000082 thrsleep syz-fuzzer 99447 497835 82419 0 3 0x4000082 thrsleep syz-fuzzer 99447 454687 82419 0 3 0x4000082 thrsleep syz-fuzzer 99447 104879 82419 0 3 0x4000082 thrsleep syz-fuzzer 99447 167405 82419 0 3 0x4000082 thrsleep syz-fuzzer 82419 449816 16206 0 3 0x10008a pause ksh 16206 265375 97947 0 3 0x92 select sshd 72505 102362 1 0 3 0x100083 ttyin getty 97947 344406 1 0 3 0x80 select sshd 49062 212148 33080 73 7 0x100090 syslogd 33080 8960 1 0 3 0x100082 netio syslogd 1457 41693 1 77 3 0x100090 poll dhclient 12983 398031 1 0 3 0x80 poll dhclient 46396 313510 0 0 2 0x14200 zerothread 40014 173716 0 0 3 0x14200 aiodoned aiodoned 1617 361500 0 0 3 0x14200 syncer update 15580 160757 0 0 3 0x14200 cleaner cleaner 57383 24508 0 0 3 0x14200 reaper reaper 66877 131058 0 0 3 0x14200 pgdaemon pagedaemon 57966 421244 0 0 3 0x14200 bored crynlk 82095 480563 0 0 3 0x14200 bored crypto 20514 369620 0 0 3 0x40014200 acpi0 acpi0 8686 191511 0 0 3 0x40014200 idle1 10666 151313 0 0 3 0x14200 bored softnet 28249 182945 0 0 3 0x14200 bored systqmp 65410 472732 0 0 3 0x14200 bored systq 37566 321171 0 0 3 0x40014200 bored softclock 21017 117650 0 0 3 0x40014200 idle0 1 310645 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper