2019/03/31 10:42:16 fuzzer started 2019/03/31 10:42:16 dialing manager at 127.0.0.1:32791 2019/03/31 10:42:16 syscalls: 1 2019/03/31 10:42:16 code coverage: support is not implemented in syzkaller 2019/03/31 10:42:16 comparison tracing: support is not implemented in syzkaller 2019/03/31 10:42:16 extra coverage: support is not implemented in syzkaller 2019/03/31 10:42:16 setuid sandbox: support is not implemented in syzkaller 2019/03/31 10:42:16 namespace sandbox: support is not implemented in syzkaller 2019/03/31 10:42:16 Android sandbox: support is not implemented in syzkaller 2019/03/31 10:42:16 fault injection: support is not implemented in syzkaller 2019/03/31 10:42:16 leak checking: support is not implemented in syzkaller 2019/03/31 10:42:16 net packet injection: support is not implemented in syzkaller 2019/03/31 10:42:16 net device setup: support is not implemented in syzkaller 10:42:17 executing program 0: vmm_ctl$VMM_CTL_GET_FLAGS(0x3) r0 = openat$prof_kprintx(0xffffffffffffff9c, &(0x7f0000000000)='/prof/kprintx\x00', 0xe, 0x3, 0x0) r1 = openat$net_tcp_2_listen(0xffffffffffffff9c, &(0x7f0000000040)='/net/tcp/2/listen\x00', 0x12, 0x3, 0x0) r2 = openat$net_tcp_1_local(0xffffffffffffff9c, &(0x7f0000000080)='/net/tcp/1/local\x00', 0x11, 0x1, 0x0) openat$dev_klog(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/klog\x00', 0xa, 0x1, 0x0) fstat(r2, &(0x7f0000000100)) r3 = proc_create(&(0x7f0000000180)='./file0\x00', 0x8, &(0x7f00000001c0)='/net/tcp/1/local\x00', 0x11, 0x0) fchdir(r3, r0) openat$prof_kptrace_ctl(0xffffffffffffff9c, &(0x7f0000000200)='/prof/kptrace_ctl\x00', 0x12, 0x3, 0x0) r4 = openat$net_ipselftab(0xffffffffffffff9c, &(0x7f0000000240)='/net/ipselftab\x00', 0xf, 0x1, 0x0) r5 = openat$proc_self_notepg(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/notepg\x00', 0x12, 0x1, 0x0) openat$net_ipifc_1_local(0xffffffffffffff9c, &(0x7f00000002c0)='/net/ipifc/1/local\x00', 0x13, 0x1, 0x0) read(r4, &(0x7f0000000300)=""/154, 0x9a) getcwd(&(0x7f00000003c0)=""/70, 0x46) r6 = openat$dev_sysstat(0xffffffffffffff9c, &(0x7f0000000440)='/dev/sysstat\x00', 0xd, 0x3, 0x0) openat$net_ether0_addr(0xffffffffffffff9c, &(0x7f0000000480)='/net/ether0/addr\x00', 0x11, 0x3, 0x0) write(r4, &(0x7f00000004c0)="ac6fd35814495c2434164040a13bf0c245d093a7995dea311200f7baf55fb2089e9349d0b6f03aed41cf4ba95d12a7de53d967c0", 0x34) r7 = openat$net_tcp_0_ctl(0xffffffffffffff9c, &(0x7f0000000500)='/net/tcp/0/ctl\x00', 0xf, 0x3, 0x0) openat$net_tcp_1_local(0xffffffffffffff9c, &(0x7f0000000540)='/net/tcp/1/local\x00', 0x11, 0x1, 0x0) r8 = openat$net_empty(0xffffffffffffff9c, &(0x7f0000000580)='/net/.empty\x00', 0xc, 0x3, 0x0) halt_core(0x1) openat$proc_self_notepg(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/self/notepg\x00', 0x12, 0x1, 0x0) r9 = proc_create(&(0x7f0000000600)='./file0\x00', 0x8, &(0x7f0000000640)='\x00', 0x1, 0x1) openat$net_udp_0_status(0xffffffffffffff9c, &(0x7f0000000680)='/net/udp/0/status\x00', 0x12, 0x1, 0x0) dup_fds_to(0xffffffffffffffff, &(0x7f00000006c0)=[{r0}, {r5}, {r1}, {r4}, {r7}, {r7}, {r6}], 0x7) llseek(r2, 0x4, 0x1, &(0x7f0000000740), 0x1) dup_fds_to(r9, &(0x7f0000000780)=[{r2}, {r8}], 0x2) abort_sysc_fd(r6) openat$net_udp_0_data(0xffffffffffffff9c, &(0x7f00000007c0)='/net/udp/0/data\x00', 0x10, 0x3, 0x0) openat$dev_ppid(0xffffffffffffff9c, &(0x7f0000000800)='/dev/ppid\x00', 0xa, 0x1, 0x0) 10:42:17 executing program 1: link(&(0x7f0000000000)='./file0\x00', 0x8, &(0x7f0000000040)='./file0\x00', 0x8) link(&(0x7f0000000080)='./file0\x00', 0x8, &(0x7f00000000c0)='./file0\x00', 0x8) link(&(0x7f0000000100)='./file0\x00', 0x8, &(0x7f0000000140)='./file0\x00', 0x8) openat$net_tcp_1_local(0xffffffffffffff9c, &(0x7f0000000180)='/net/tcp/1/local\x00', 0x11, 0x1, 0x0) getcwd(&(0x7f00000001c0)=""/215, 0xd7) r0 = openat$proc_self_note(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/note\x00', 0x10, 0x1, 0x0) r1 = proc_create(&(0x7f0000000300)='./file1\x00', 0x8, &(0x7f0000000340)='\x00', 0x1, 0x1) proc_destroy(r1, 0x40) openat$dev_caphash(0xffffffffffffff9c, &(0x7f0000000380)='/dev/caphash\x00', 0xd, 0x3, 0x0) r2 = openat$dev_hostdomain(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/hostdomain\x00', 0x10, 0x3, 0x0) r3 = openat$net_ipifc_1_err(0xffffffffffffff9c, &(0x7f0000000400)='/net/ipifc/1/err\x00', 0x11, 0x3, 0x0) r4 = openat$proc_self_vmstatus(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self/vmstatus\x00', 0x14, 0x1, 0x0) openat$dev_urandom(0xffffffffffffff9c, &(0x7f0000000480)='/dev/urandom\x00', 0xd, 0x1, 0x0) pop_ctx(&(0x7f00000004c0)="0a14c9efddbf598256bba6f4b71c9f260da3f81962d0d9ce6fe9aa410cdaf7df78185a7b62559e3ca942c593d93bc4b88d02b8556b47e747e09e1f607a28ebf77f09ea153f1a4c6d5eeef49f3de24dcb05789f27bc74971840a4767b9192472add79519a2a852e8f288d6444e858bc2abdd4f620cad84e669c03b975523b27648f76c796d415c159d1fd8895ee5145b643014a0bed8edf8727a506125ea1b4d79fb85cbbdcfdebf62441e4b4d8c5c7bee4568846a10b63ce70cd2644a71f720044230d6d975db7bd494f3c28fc7876488c583175d2f607b4") read(r3, &(0x7f00000005c0)=""/45, 0x2d) openat$proc_self_text(0xffffffffffffff9c, &(0x7f0000000600)='/proc/self/text\x00', 0x10, 0x1, 0x0) r5 = openat$prof_kprintx(0xffffffffffffff9c, &(0x7f0000000640)='/prof/kprintx\x00', 0xe, 0x3, 0x0) r6 = openat$net_ipselftab(0xffffffffffffff9c, &(0x7f0000000680)='/net/ipselftab\x00', 0xf, 0x1, 0x0) openat$dev_user(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/user\x00', 0xa, 0x3, 0x0) unlink(&(0x7f0000000700)='./file2\x00', 0x8) fwstat(r2, &(0x7f0000000740)=""/69, 0x45, 0x0) abort_sysc_fd(r2) fcntl$F_SETFD(r4, 0x2, 0x1) r7 = openat$dev_pgrpid(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/pgrpid\x00', 0xc, 0x1, 0x0) dup_fds_to(r1, &(0x7f0000000800)=[{r6}, {r0}, {r5}, {r7}, {r4}], 0x5) openat$net_ipifc_1_snoop(0xffffffffffffff9c, &(0x7f0000000840)='/net/ipifc/1/snoop\x00', 0x13, 0x1, 0x0) unlink(&(0x7f0000000880)='./file2\x00', 0x8) openat$net_tcp_0_ctl(0xffffffffffffff9c, &(0x7f00000008c0)='/net/tcp/0/ctl\x00', 0xf, 0x3, 0x0) openat$dev_caphash(0xffffffffffffff9c, &(0x7f0000000900)='/dev/caphash\x00', 0xd, 0x3, 0x0) openat$proc_self_notepg(0xffffffffffffff9c, &(0x7f0000000940)='/proc/self/notepg\x00', 0x12, 0x1, 0x0) 10:42:17 executing program 2: nunmount(&(0x7f0000000000)='./file0\x00', 0x8, &(0x7f0000000040)='./file0\x00', 0x8) nunmount(&(0x7f0000000080)='./file0\x00', 0x8, &(0x7f00000000c0)='./file0\x00', 0x8) nunmount(&(0x7f0000000100)='./file0\x00', 0x8, &(0x7f0000000140)='./file0\x00', 0x8) r0 = openat$proc_self_syscall(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/syscall\x00', 0x13, 0x1, 0x0) r1 = proc_create(&(0x7f00000001c0)='./file0\x00', 0x8, &(0x7f0000000200)='/proc/self/syscall\x00', 0x13, 0x0) r2 = openat$net_ether0_0_stats(0xffffffffffffff9c, &(0x7f0000000240)='/net/ether0/0/stats\x00', 0x14, 0x1, 0x0) nunmount(&(0x7f0000000280)='./file0\x00', 0x8, &(0x7f00000002c0)='./file0/file0\x00', 0xe) rename(&(0x7f0000000300)='./file0/file0\x00', 0xe, &(0x7f0000000340)='./file1\x00', 0x8) r3 = openat$net_tcp_0_local(0xffffffffffffff9c, &(0x7f0000000380)='/net/tcp/0/local\x00', 0x11, 0x1, 0x0) r4 = openat$dev_killkid(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/killkid\x00', 0xd, 0x3, 0x0) r5 = openat(r3, &(0x7f0000000400)='./file0\x00', 0x8, 0x20000, 0x9) wstat(&(0x7f0000000440)='./file0\x00', 0x8, &(0x7f0000000480)=""/111, 0x6f, 0x0) dup_fds_to(r1, &(0x7f0000000500)=[{r3}, {r4}, {r3}, {r2}, {r3}, {r5}, {r5}], 0x7) r6 = openat(r4, &(0x7f0000000580)='./file1\x00', 0x8, 0x10000, 0x10) chdir(0xffffffffffffffff, &(0x7f00000005c0)='./file0/file0\x00', 0xe) openat$net_tcp_2_listen(0xffffffffffffff9c, &(0x7f0000000600)='/net/tcp/2/listen\x00', 0x12, 0x3, 0x0) r7 = openat$dev_stderr(0xffffffffffffff9c, &(0x7f0000000640)='/dev/stderr\x00', 0xc, 0x3, 0x0) openat$net_ether0_0_data(0xffffffffffffff9c, &(0x7f0000000680)='/net/ether0/0/data\x00', 0x13, 0x3, 0x0) openat(r5, &(0x7f00000006c0)='./file1\x00', 0x8, 0x2, 0x0) openat$net_udp_0_data(0xffffffffffffff9c, &(0x7f0000000700)='/net/udp/0/data\x00', 0x10, 0x3, 0x0) openat(r0, &(0x7f0000000740)='./file0\x00', 0x8, 0x10000, 0x40) fcntl$F_SETFD(r3, 0x2, 0x1) close(r6) nunmount(&(0x7f0000000780)='./file1\x00', 0x8, &(0x7f00000007c0)='./file0\x00', 0x8) fcntl$F_SYNC(r7, 0x65) chdir(0xffffffffffffffff, &(0x7f0000000800)='./file0\x00', 0x8) openat$proc_self_ns(0xffffffffffffff9c, &(0x7f0000000840)='/proc/self/ns\x00', 0xe, 0x1, 0x0) openat$dev_sdctl(0xffffffffffffff9c, &(0x7f0000000880)='/dev/sdctl\x00', 0xb, 0x3, 0x0) openat$net_ether0_2_ctl(0xffffffffffffff9c, &(0x7f00000008c0)='/net/ether0/2/ctl\x00', 0x12, 0x3, 0x0) openat$proc_self_text(0xffffffffffffff9c, &(0x7f0000000900)='/proc/self/text\x00', 0x10, 0x1, 0x0) 10:42:17 executing program 3: r0 = openat$net_ipifc_1_err(0xffffffffffffff9c, &(0x7f0000000000)='/net/ipifc/1/err\x00', 0x11, 0x3, 0x0) r1 = openat$net_arp(0xffffffffffffff9c, &(0x7f0000000040)='/net/arp\x00', 0x9, 0x3, 0x0) r2 = openat$prof_kptrace_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/prof/kptrace_ctl\x00', 0x12, 0x3, 0x0) openat$net_ipifc_0_listen(0xffffffffffffff9c, &(0x7f00000000c0)='/net/ipifc/0/listen\x00', 0x14, 0x3, 0x0) vmm_ctl$VMM_CTL_GET_FLAGS(0x3) openat$net_icmp_stats(0xffffffffffffff9c, &(0x7f0000000100)='/net/icmp/stats\x00', 0x10, 0x1, 0x0) openat$net_tcp_2_err(0xffffffffffffff9c, &(0x7f0000000140)='/net/tcp/2/err\x00', 0xf, 0x3, 0x0) tcgetattr(r2, &(0x7f0000000180)) openat$dev_empty(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/.empty\x00', 0xc, 0x3, 0x0) openat$net_ipifc_1_snoop(0xffffffffffffff9c, &(0x7f0000000200)='/net/ipifc/1/snoop\x00', 0x13, 0x1, 0x0) openat$net_ipifc_1_listen(0xffffffffffffff9c, &(0x7f0000000240)='/net/ipifc/1/listen\x00', 0x14, 0x3, 0x0) r3 = openat$net_tcp_2_err(0xffffffffffffff9c, &(0x7f0000000280)='/net/tcp/2/err\x00', 0xf, 0x3, 0x0) tap_fds(&(0x7f00000005c0)=[{r2, 0x2, 0x604, 0x4, &(0x7f0000000340)={&(0x7f00000002c0)="e992d04fb4b3b1fed4e54840080481bfbd8bf2d7a9cdbb8bbf7e1bc1b5c979df76a29b116b5abdb3ff693e399e23c14736b5ee77a22cf05f60a77d481dc034bf78bdafe917a35654d16cee2b276250b2", 0x2, 0x1, 0xfffffffffffff649, 0xa1, 0x8001}}, {r1, 0x1, 0x10, 0x7fff, &(0x7f0000000400)={&(0x7f0000000380)="6693b49e9d4b086c56bf3f3d88b787f800b341f903335c6e1453e560a92036c2f57ff203fc62831764b8cb6a37fad39d3df727b06d3a8fad8f2d766e58f0c14439ff82498bdc967c53199f9dad0c71c0", 0x79f, 0x1, 0x100, 0x37ff}}, {r3, 0x2, 0x481, 0x1, &(0x7f00000004c0)={&(0x7f0000000440)="6cbf1e5fd8c6ae58ab99df5ef04c36539abbe2c1aa405ddf2caa638e54abe8862233a33c0e0261b65d155dc4de58898020a08feea6086c7087648fa3eddf03aed4158994d9069bc90103a5662ccbffd7", 0xa00, 0x0, 0x1, 0x2, 0x5}}, {r0, 0x3, 0x341, 0x2, &(0x7f0000000580)={&(0x7f0000000500)="839f182a12192f419f10669cf540ae2babf36f9e3da942e126f69462267fbffd16b58582d8b5430c1d26077643ae98621a95d18f4ddf519489cb7686b187daba3c639d56f0c079e35a40dfcdcf412a50", 0x4, 0x1, 0x6, 0x80000000}}], 0x4) openat$net_udp_0_data(0xffffffffffffff9c, &(0x7f0000000640)='/net/udp/0/data\x00', 0x10, 0x3, 0x0) openat(r1, &(0x7f0000000680)='./file0\x00', 0x8, 0x100, 0x4) openat$proc_self_syscall(0xffffffffffffff9c, &(0x7f00000006c0)='/proc/self/syscall\x00', 0x13, 0x1, 0x0) openat$net_arp(0xffffffffffffff9c, &(0x7f0000000700)='/net/arp\x00', 0x9, 0x3, 0x0) openat$net_ether0_1_type(0xffffffffffffff9c, &(0x7f0000000740)='/net/ether0/1/type\x00', 0x13, 0x1, 0x0) openat$net_ndb(0xffffffffffffff9c, &(0x7f0000000780)='/net/ndb\x00', 0x9, 0x3, 0x0) openat$dev_random(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/random\x00', 0xc, 0x1, 0x0) openat$net_udp_0_data(0xffffffffffffff9c, &(0x7f0000000800)='/net/udp/0/data\x00', 0x10, 0x3, 0x0) openat$dev_capuse(0xffffffffffffff9c, &(0x7f0000000840)='/dev/capuse\x00', 0xc, 0x3, 0x0) openat$net_udp_0_err(0xffffffffffffff9c, &(0x7f0000000880)='/net/udp/0/err\x00', 0xf, 0x3, 0x0) openat$prof_mpstat_raw(0xffffffffffffff9c, &(0x7f00000008c0)='/prof/mpstat-raw\x00', 0x11, 0x3, 0x0) openat$net_udp_0_err(0xffffffffffffff9c, &(0x7f0000000900)='/net/udp/0/err\x00', 0xf, 0x3, 0x0) r4 = openat$dev_bintime(0xffffffffffffff9c, &(0x7f0000000940)='/dev/bintime\x00', 0xd, 0x3, 0x0) openat$dev_cputime(0xffffffffffffff9c, &(0x7f0000000980)='/dev/cputime\x00', 0xd, 0x1, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x4010, r4, 0x3ff) openat$net_tcp_2_ctl(0xffffffffffffff9c, &(0x7f00000009c0)='/net/tcp/2/ctl\x00', 0xf, 0x3, 0x0) openat$prof_kptrace_ctl(0xffffffffffffff9c, &(0x7f0000000a00)='/prof/kptrace_ctl\x00', 0x12, 0x3, 0x0) 10:42:17 executing program 4: openat$proc_self_strace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/strace\x00', 0x12, 0x1, 0x0) openat$net_ether0_addr(0xffffffffffffff9c, &(0x7f0000000040)='/net/ether0/addr\x00', 0x11, 0x3, 0x0) openat$net_udp_0_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/net/udp/0/ctl\x00', 0xf, 0x3, 0x0) openat$net_tcp_2_remote(0xffffffffffffff9c, &(0x7f00000000c0)='/net/tcp/2/remote\x00', 0x12, 0x1, 0x0) r0 = openat$net_ipifc_stats(0xffffffffffffff9c, &(0x7f0000000100)='/net/ipifc/stats\x00', 0x11, 0x1, 0x0) tap_fds(&(0x7f0000000200)=[{r0, 0x0, 0x0, 0x3ff, &(0x7f00000001c0)={&(0x7f0000000140)="027b3a51bd2e6d5234e775a382ad38134787b90b27c3fb6c06fa801700d375000d6264d87e4800045de858018c982abd1361e1ea609225486925a39209a0e4cbb5ea6201d9b90299c07190270af2f2ab", 0x9, 0x1, 0x3, 0x10001, 0x92b6}}], 0x1) r1 = openat$dev_config(0xffffffffffffff9c, &(0x7f0000000240)='/dev/config\x00', 0xc, 0x1, 0x0) openat$prof_empty(0xffffffffffffff9c, &(0x7f0000000280)='/prof/.empty\x00', 0xd, 0x3, 0x0) openat$net_ipifc_stats(0xffffffffffffff9c, &(0x7f00000002c0)='/net/ipifc/stats\x00', 0x11, 0x1, 0x0) openat$net_ipifc_clone(0xffffffffffffff9c, &(0x7f0000000300)='/net/ipifc/clone\x00', 0x11, 0x3, 0x0) fcntl$F_SETFL(r1, 0x4, 0x80000) openat$dev_sdctl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sdctl\x00', 0xb, 0x3, 0x0) openat$net_tcp_1_ctl(0xffffffffffffff9c, &(0x7f0000000380)='/net/tcp/1/ctl\x00', 0xf, 0x3, 0x0) openat$net_ipifc_1_snoop(0xffffffffffffff9c, &(0x7f00000003c0)='/net/ipifc/1/snoop\x00', 0x13, 0x1, 0x0) fstat(r1, &(0x7f0000000400)) openat$dev_kmesg(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kmesg\x00', 0xb, 0x1, 0x0) openat$proc_self_args(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/self/args\x00', 0x10, 0x3, 0x0) openat$prof_mpstat_raw(0xffffffffffffff9c, &(0x7f0000000500)='/prof/mpstat-raw\x00', 0x11, 0x3, 0x0) openat$dev_config(0xffffffffffffff9c, &(0x7f0000000540)='/dev/config\x00', 0xc, 0x1, 0x0) r2 = openat$net_ether0_0_ctl(0xffffffffffffff9c, &(0x7f0000000580)='/net/ether0/0/ctl\x00', 0x12, 0x3, 0x0) openat$net_ether0_2_data(0xffffffffffffff9c, &(0x7f00000005c0)='/net/ether0/2/data\x00', 0x13, 0x3, 0x0) openat$net_tcp_1_listen(0xffffffffffffff9c, &(0x7f0000000600)='/net/tcp/1/listen\x00', 0x12, 0x3, 0x0) fstat(r2, &(0x7f0000000640)) openat$dev_cputime(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/cputime\x00', 0xd, 0x1, 0x0) openat$net_tcp_0_data(0xffffffffffffff9c, &(0x7f0000000700)='/net/tcp/0/data\x00', 0x10, 0x3, 0x0) openat$net_iprouter(0xffffffffffffff9c, &(0x7f0000000740)='/net/iprouter\x00', 0xe, 0x3, 0x0) openat$proc_self_syscall(0xffffffffffffff9c, &(0x7f0000000780)='/proc/self/syscall\x00', 0x13, 0x1, 0x0) openat$prof_kpdata(0xffffffffffffff9c, &(0x7f00000007c0)='/prof/kpdata\x00', 0xd, 0x3, 0x0) openat$net_tcp_1_listen(0xffffffffffffff9c, &(0x7f0000000800)='/net/tcp/1/listen\x00', 0x12, 0x3, 0x0) openat$proc_self_wait(0xffffffffffffff9c, &(0x7f0000000840)='/proc/self/wait\x00', 0x10, 0x1, 0x0) 10:42:17 executing program 5: nbind(&(0x7f0000000000)='./file0\x00', 0x8, &(0x7f0000000040)='./file0\x00', 0x8, 0x4) openat$net_ipifc_1_listen(0xffffffffffffff9c, &(0x7f0000000080)='/net/ipifc/1/listen\x00', 0x14, 0x3, 0x0) r0 = openat$proc_self_segment(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/segment\x00', 0x13, 0x1, 0x0) openat$proc_self_fpregs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/fpregs\x00', 0x12, 0x1, 0x0) r1 = proc_create(&(0x7f0000000140)='./file0\x00', 0x8, &(0x7f0000000180)='*\x87\x00', 0x3, 0x0) chdir(r1, &(0x7f00000001c0)='./file0\x00', 0x8) openat$dev_config(0xffffffffffffff9c, &(0x7f0000000200)='/dev/config\x00', 0xc, 0x1, 0x0) proc_yield(0x0) proc_create(&(0x7f0000000240)='./file0\x00', 0x8, &(0x7f0000000280)='\x00', 0x1, 0x1) openat$net_tcp_2_local(0xffffffffffffff9c, &(0x7f00000002c0)='/net/tcp/2/local\x00', 0x11, 0x1, 0x0) openat$dev_config(0xffffffffffffff9c, &(0x7f0000000300)='/dev/config\x00', 0xc, 0x1, 0x0) r2 = openat$net_tcp_2_status(0xffffffffffffff9c, &(0x7f0000000340)='/net/tcp/2/status\x00', 0x12, 0x1, 0x0) fcntl$F_SYNC(r0, 0x65) fd2path(r2, &(0x7f0000000380)=""/160, 0xa0) openat$proc_self_syscall(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self/syscall\x00', 0x13, 0x1, 0x0) openat$net_ipifc_0_remote(0xffffffffffffff9c, &(0x7f0000000480)='/net/ipifc/0/remote\x00', 0x14, 0x1, 0x0) r3 = openat$proc_self_maps(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/self/maps\x00', 0x10, 0x1, 0x0) proc_create(&(0x7f0000000500)='./file0\x00', 0x8, &(0x7f0000000540)='\x00', 0x1, 0x1) openat$proc_self_strace(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/strace\x00', 0x12, 0x1, 0x0) openat$proc_self_maps(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/self/maps\x00', 0x10, 0x1, 0x0) openat$dev_sysctl(0xffffffffffffff9c, &(0x7f0000000600)='/dev/sysctl\x00', 0xc, 0x3, 0x0) openat$net_ether0_0_type(0xffffffffffffff9c, &(0x7f0000000640)='/net/ether0/0/type\x00', 0x13, 0x1, 0x0) openat$net_icmpv6_stats(0xffffffffffffff9c, &(0x7f0000000680)='/net/icmpv6/stats\x00', 0x12, 0x1, 0x0) fcntl$F_SYNC(r3, 0x65) openat$net_ipifc_0_remote(0xffffffffffffff9c, &(0x7f00000006c0)='/net/ipifc/0/remote\x00', 0x14, 0x1, 0x0) openat$proc_self_maps(0xffffffffffffff9c, &(0x7f0000000700)='/proc/self/maps\x00', 0x10, 0x1, 0x0) openat$proc_self_strace_traceset(0xffffffffffffff9c, &(0x7f0000000740)='/proc/self/strace_traceset\x00', 0x1b, 0x3, 0x0) openat$net_ipifc_1_listen(0xffffffffffffff9c, &(0x7f0000000780)='/net/ipifc/1/listen\x00', 0x14, 0x3, 0x0) openat$net_udp_0_status(0xffffffffffffff9c, &(0x7f00000007c0)='/net/udp/0/status\x00', 0x12, 0x1, 0x0) wstat(&(0x7f0000000800)='./file0\x00', 0x8, &(0x7f0000000840)=""/144, 0x90, 0x0) 10:42:17 executing program 6: nunmount(&(0x7f0000000000)='./file0\x00', 0x8, &(0x7f0000000040)='./file0\x00', 0x8) r0 = proc_create(&(0x7f0000000080)='./file0\x00', 0x8, &(0x7f00000000c0)='&%*@\x00', 0x5, 0x1) r1 = openat$proc_self_profile(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/profile\x00', 0x13, 0x1, 0x0) r2 = openat$net_ipifc_0_data(0xffffffffffffff9c, &(0x7f0000000140)='/net/ipifc/0/data\x00', 0x12, 0x3, 0x0) r3 = openat$proc_self_ns(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/ns\x00', 0xe, 0x1, 0x0) r4 = openat$net_ipifc_1_listen(0xffffffffffffff9c, &(0x7f00000001c0)='/net/ipifc/1/listen\x00', 0x14, 0x3, 0x0) r5 = openat$net_ipifc_1_ctl(0xffffffffffffff9c, &(0x7f0000000200)='/net/ipifc/1/ctl\x00', 0x11, 0x3, 0x0) r6 = openat$prof_mpstat(0xffffffffffffff9c, &(0x7f0000000240)='/prof/mpstat\x00', 0xd, 0x3, 0x0) r7 = openat$net_tcp_1_status(0xffffffffffffff9c, &(0x7f0000000280)='/net/tcp/1/status\x00', 0x12, 0x1, 0x0) dup_fds_to(r0, &(0x7f00000002c0)=[{r1}, {r2}, {r3}, {r4}, {r5}, {r6}, {r7}], 0x7) openat$net_udp_0_listen(0xffffffffffffff9c, &(0x7f0000000340)='/net/udp/0/listen\x00', 0x12, 0x3, 0x0) nunmount(&(0x7f0000000380)='./file0\x00', 0x8, &(0x7f00000003c0)='./file0\x00', 0x8) openat$net_ipifc_0_ctl(0xffffffffffffff9c, &(0x7f0000000400)='/net/ipifc/0/ctl\x00', 0x11, 0x3, 0x0) openat$net_ether0_1_ifstats(0xffffffffffffff9c, &(0x7f0000000440)='/net/ether0/1/ifstats\x00', 0x16, 0x1, 0x0) openat$net_tcp_1_status(0xffffffffffffff9c, &(0x7f0000000480)='/net/tcp/1/status\x00', 0x12, 0x1, 0x0) openat$net_ether0_1_ctl(0xffffffffffffff9c, &(0x7f00000004c0)='/net/ether0/1/ctl\x00', 0x12, 0x3, 0x0) r8 = openat$dev_zero(0xffffffffffffff9c, &(0x7f0000000500)='/dev/zero\x00', 0xa, 0x1, 0x0) proc_create(&(0x7f0000000540)='\x00', 0x1, &(0x7f0000000580)='/net/udp/0/listen\x00', 0x12, 0x1) openat$net_tcp_1_data(0xffffffffffffff9c, &(0x7f00000005c0)='/net/tcp/1/data\x00', 0x10, 0x3, 0x0) openat$net_tcp_1_err(0xffffffffffffff9c, &(0x7f0000000600)='/net/tcp/1/err\x00', 0xf, 0x3, 0x0) openat$net_tcp_1_err(0xffffffffffffff9c, &(0x7f0000000640)='/net/tcp/1/err\x00', 0xf, 0x3, 0x0) fstat(r8, &(0x7f0000000680)) proc_destroy(r0, 0x2) change_to_m() openat$net_tcp_1_err(0xffffffffffffff9c, &(0x7f0000000700)='/net/tcp/1/err\x00', 0xf, 0x3, 0x0) lstat(&(0x7f0000000740)='./file0/file0\x00', 0xe, &(0x7f0000000780)) openat$dev_random(0xffffffffffffff9c, &(0x7f0000000800)='/dev/random\x00', 0xc, 0x1, 0x0) openat$proc_self_strace(0xffffffffffffff9c, &(0x7f0000000840)='/proc/self/strace\x00', 0x12, 0x1, 0x0) openat$proc_self_args(0xffffffffffffff9c, &(0x7f0000000880)='/proc/self/args\x00', 0x10, 0x3, 0x0) openat$net_ether0_0_stats(0xffffffffffffff9c, &(0x7f00000008c0)='/net/ether0/0/stats\x00', 0x14, 0x1, 0x0) 10:42:17 executing program 7: r0 = openat$dev_user(0xffffffffffffff9c, &(0x7f0000000000)='/dev/user\x00', 0xa, 0x3, 0x0) r1 = openat$net_arp(0xffffffffffffff9c, &(0x7f0000000040)='/net/arp\x00', 0x9, 0x3, 0x0) r2 = openat$dev_kmesg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kmesg\x00', 0xb, 0x1, 0x0) openat$net_ipifc_stats(0xffffffffffffff9c, &(0x7f00000000c0)='/net/ipifc/stats\x00', 0x11, 0x1, 0x0) tcgetattr(r0, &(0x7f0000000100)) openat$net_ether0_2_stats(0xffffffffffffff9c, &(0x7f0000000140)='/net/ether0/2/stats\x00', 0x14, 0x1, 0x0) read(r1, &(0x7f0000000180)=""/33, 0x21) openat$dev_sysname(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sysname\x00', 0xd, 0x3, 0x0) r3 = openat$net_tcp_2_local(0xffffffffffffff9c, &(0x7f0000000200)='/net/tcp/2/local\x00', 0x11, 0x1, 0x0) read(r2, &(0x7f0000000240)=""/241, 0xf1) openat$net_ipifc_0_snoop(0xffffffffffffff9c, &(0x7f0000000340)='/net/ipifc/0/snoop\x00', 0x13, 0x1, 0x0) openat$dev_cputime(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cputime\x00', 0xd, 0x1, 0x0) openat$net_tcp_1_status(0xffffffffffffff9c, &(0x7f00000003c0)='/net/tcp/1/status\x00', 0x12, 0x1, 0x0) openat$net_ipifc_0_local(0xffffffffffffff9c, &(0x7f0000000400)='/net/ipifc/0/local\x00', 0x13, 0x1, 0x0) openat$prof_mpstat_raw(0xffffffffffffff9c, &(0x7f0000000440)='/prof/mpstat-raw\x00', 0x11, 0x3, 0x0) openat$net_ether0_0_ifstats(0xffffffffffffff9c, &(0x7f0000000480)='/net/ether0/0/ifstats\x00', 0x16, 0x1, 0x0) openat$dev_osversion(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/osversion\x00', 0xf, 0x1, 0x0) openat$net_ether0_1_data(0xffffffffffffff9c, &(0x7f0000000500)='/net/ether0/1/data\x00', 0x13, 0x3, 0x0) openat$net_icmp_stats(0xffffffffffffff9c, &(0x7f0000000540)='/net/icmp/stats\x00', 0x10, 0x1, 0x0) openat$net_tcp_1_ctl(0xffffffffffffff9c, &(0x7f0000000580)='/net/tcp/1/ctl\x00', 0xf, 0x3, 0x0) write(r3, &(0x7f00000005c0)="1fffa22c73c3ea6052a60d188884467f260ec8580e5f17fb68413c120f9c6f087c76a80f2d79aaf6809c69b2925384e29b028d009ac6ec29639393873d11da6ca6c33b9cb8898ab7819bb2220c7867f507305759290b68b1d6953a5f8a217cb7c1c4a4817a809026ac76749270cbbd75228b2bff84f8c912398bbb773bdad3aa06988e9db7bf338d0e3880190bcd873db6d058c8edf026d76221cab8afe8a082aea260708b67ea410f4f324c7b8d5f136dea20ade0a520e2920aeaa287b575f84881eab36465dd7081801449eebc2fd5e1272b58e040276cb5348d4a", 0xdc) openat$net_ether0_0_ifstats(0xffffffffffffff9c, &(0x7f00000006c0)='/net/ether0/0/ifstats\x00', 0x16, 0x1, 0x0) openat$net_ether0_2_type(0xffffffffffffff9c, &(0x7f0000000700)='/net/ether0/2/type\x00', 0x13, 0x1, 0x0) openat$net_ether0_clone(0xffffffffffffff9c, &(0x7f0000000740)='/net/ether0/clone\x00', 0x12, 0x3, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2, 0x30810, 0xffffffffffffffff, 0x4) openat$net_ether0_0_type(0xffffffffffffff9c, &(0x7f0000000780)='/net/ether0/0/type\x00', 0x13, 0x1, 0x0) openat$net_udp_clone(0xffffffffffffff9c, &(0x7f00000007c0)='/net/udp/clone\x00', 0xf, 0x3, 0x0) openat$net_ether0_2_data(0xffffffffffffff9c, &(0x7f0000000800)='/net/ether0/2/data\x00', 0x13, 0x3, 0x0) openat$net_ether0_2_ifstats(0xffffffffffffff9c, &(0x7f0000000840)='/net/ether0/2/ifstats\x00', 0x16, 0x1, 0x0) openat$net_ipifc_0_snoop(0xffffffffffffff9c, &(0x7f0000000880)='/net/ipifc/0/snoop\x00', 0x13, 0x1, 0x0) 10:42:17 executing program 0: r0 = openat$proc_self_wait(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/wait\x00', 0xfffffffffffffd3c, 0x1, 0x0) fcntl$F_GETFL(r0, 0x3) 10:42:18 executing program 0: r0 = proc_create(&(0x7f0000000000)='./file0\x00', 0x8, &(0x7f0000000040)=':-\\\x8c\x00', 0x5, 0x8) proc_run(r0) r1 = openat$net_icmp_clone(0xffffffffffffff9c, &(0x7f0000000080)='/net/icmp/clone\x00', 0x10, 0x3, 0x0) rmdir(&(0x7f00000000c0)='./file0\x00', 0x8) proc_destroy(r0, 0x2) lstat(&(0x7f0000000100)='./file0\x00', 0x8, &(0x7f0000000140)) proc_create(&(0x7f00000001c0)='./file0\x00', 0x8, &(0x7f0000000200)=':-\\\x8c\x00', 0x5, 0x0) stat(&(0x7f0000000240)='./file0\x00', 0x8, &(0x7f0000000280)) r2 = openat$net_ipifc_1_local(0xffffffffffffff9c, &(0x7f0000000300)='/net/ipifc/1/local\x00', 0x13, 0x1, 0x0) unlink(&(0x7f0000000340)='./file1\x00', 0x8) write(r1, &(0x7f0000000380)="fd938ddc9f34954b33f71ba3409eab23be40b7e9fe11032e8b3600e5694d34dce9a1e9d96035c4be3b2fcf6fc314f9749839888bf280d2b425b2ebf19b7c22111a916ed67c7e40b581a642b25860e41b6bee82ce5df6e8d28b56567ba32323f748655a3f37cae567c0035da9ab9716972e40302e209dcbf56268c8409667ed0053db81c9761451b00565d7598a8f59991a51da2f121d535435990085657fbb3b4d83f82bff0d1220c4ff7f1c4a631f5c09899bef0e3686df07c719a9931776c68c096a16c9aeab24db87cb87d17acd90f10ad4688c806f3dfe66934b34a319e5790441d33b6de4e3a3337cf1", 0xec) openat$net_tcp_1_local(0xffffffffffffff9c, &(0x7f0000000480)='/net/tcp/1/local\x00', 0x11, 0x1, 0x0) proc_destroy(r0, 0x7) exec(&(0x7f00000004c0)='./file0\x00', 0x8, &(0x7f0000000500)='/net/tcp/1/local\x00', 0x11) r3 = openat$net_tcp_2_local(0xffffffffffffff9c, &(0x7f0000000540)='/net/tcp/2/local\x00', 0x11, 0x1, 0x0) r4 = openat$dev_empty(0xffffffffffffff9c, &(0x7f0000000580)='/dev/.empty\x00', 0xc, 0x3, 0x0) mkdir(&(0x7f00000005c0)='./file1\x00', 0x8, 0x10) stat(&(0x7f0000000600)='./file1\x00', 0x8, &(0x7f0000000640)) rename(&(0x7f00000006c0)='./file0\x00', 0x8, &(0x7f0000000700)='./file1\x00', 0x8) proc_create(&(0x7f0000000740)='./file0\x00', 0x8, &(0x7f0000000780)='&[(-\x00', 0x5, 0x1) r5 = openat$proc_self_notepg(0xffffffffffffff9c, &(0x7f00000007c0)='/proc/self/notepg\x00', 0x12, 0x1, 0x0) unlink(&(0x7f0000000800)='./file1\x00', 0x8) write(r4, &(0x7f0000000840)="142caad4ea1059ba24699a4ae487b1f4ac18d1139b31", 0x16) r6 = openat(r2, &(0x7f0000000880)='./file0\x00', 0x8, 0x200, 0x90) fcntl$F_DUPFD(r5, 0x0, r6, 0x0) openat$net_tcp_1_remote(0xffffffffffffff9c, &(0x7f00000008c0)='/net/tcp/1/remote\x00', 0x12, 0x1, 0x0) openat$net_ether0_1_ifstats(0xffffffffffffff9c, &(0x7f0000000900)='/net/ether0/1/ifstats\x00', 0x16, 0x1, 0x0) fstat(r3, &(0x7f0000000940)) mkdir(&(0x7f00000009c0)='./file0\x00', 0x8, 0x80) openat$dev_kprint(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/kprint\x00', 0xc, 0x1, 0x0) 10:42:18 executing program 0: openat$prof_kpdata(0xffffffffffffff9c, &(0x7f0000000100)='/prof/kpdata\x00', 0x2f4, 0x3, 0x0) r0 = openat$net_udp_0_err(0xffffffffffffff9c, &(0x7f00000000c0)='/net/udp/0/err\x00', 0xf, 0x3, 0x0) fcntl$F_GETFL(r0, 0x3) 10:42:18 executing program 0: r0 = openat$dev_null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0xa, 0x1, 0x0) fcntl$F_SETFL(r0, 0x4, 0x80000) fcntl$F_SETFL(r0, 0x4, 0x800) fcntl$F_SETFL(r0, 0x4, 0x88400) r1 = openat$prof_kprintx(0xffffffffffffff9c, &(0x7f0000000040)='/prof/kprintx\x00', 0xe, 0x3, 0x0) openat$proc_self_fd(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/fd\x00', 0xe, 0x1, 0x0) openat$net_udp_clone(0xffffffffffffff9c, &(0x7f00000000c0)='/net/udp/clone\x00', 0xf, 0x3, 0x0) r2 = openat$proc_self_vmstatus(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/vmstatus\x00', 0x14, 0x1, 0x0) r3 = openat$net_ipifc_0_snoop(0xffffffffffffff9c, &(0x7f0000000140)='/net/ipifc/0/snoop\x00', 0x13, 0x1, 0x0) openat$prof_kptrace_ctl(0xffffffffffffff9c, &(0x7f0000000180)='/prof/kptrace_ctl\x00', 0x12, 0x3, 0x0) openat$net_tcp_clone(0xffffffffffffff9c, &(0x7f00000001c0)='/net/tcp/clone\x00', 0xf, 0x3, 0x0) fd2path(r1, &(0x7f0000000200)=""/232, 0xe8) openat$net_tcp_2_data(0xffffffffffffff9c, &(0x7f0000000300)='/net/tcp/2/data\x00', 0x10, 0x3, 0x0) change_vcore(0x5, 0x1) llseek(r2, 0x2, 0x9b, &(0x7f0000000340), 0x3) openat$net_tcp_0_data(0xffffffffffffff9c, &(0x7f0000000380)='/net/tcp/0/data\x00', 0x10, 0x3, 0x0) openat$proc_self_notepg(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/notepg\x00', 0x12, 0x1, 0x0) openat$dev_random(0xffffffffffffff9c, &(0x7f0000000400)='/dev/random\x00', 0xc, 0x1, 0x0) openat(r3, &(0x7f0000000440)='./file0\x00', 0x8, 0x20083, 0x100) openat$net_ether0_2_ifstats(0xffffffffffffff9c, &(0x7f0000000480)='/net/ether0/2/ifstats\x00', 0x16, 0x1, 0x0) openat$dev_sysname(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/sysname\x00', 0xd, 0x3, 0x0) openat$net_ipifc_1_data(0xffffffffffffff9c, &(0x7f0000000500)='/net/ipifc/1/data\x00', 0x12, 0x3, 0x0) openat$net_ether0_2_type(0xffffffffffffff9c, &(0x7f0000000540)='/net/ether0/2/type\x00', 0x13, 0x1, 0x0) tcgetattr(r2, &(0x7f0000000580)) openat$proc_self_wait(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/self/wait\x00', 0x10, 0x1, 0x0) openat$net_tcp_1_remote(0xffffffffffffff9c, &(0x7f0000000600)='/net/tcp/1/remote\x00', 0x12, 0x1, 0x0) openat$net_tcp_0_err(0xffffffffffffff9c, &(0x7f0000000640)='/net/tcp/0/err\x00', 0xf, 0x3, 0x0) openat$net_ether0_addr(0xffffffffffffff9c, &(0x7f0000000680)='/net/ether0/addr\x00', 0x11, 0x3, 0x0) openat$net_ndb(0xffffffffffffff9c, &(0x7f00000006c0)='/net/ndb\x00', 0x9, 0x3, 0x0) syz_execute_func(&(0x7f0000000700)="410f0218f343a7c4221d3666008f6978e2bf11e2dcaec4e101544200c4417d2fe0c421ff117e00c23b00f30f514d00c4c1225a37") bash-4.3$ Unhandled user trap in vcore context from VC 0 HW TRAP frame (partial) at 0xffffffffc89963a0 on core 3 rax 0x000000005a5a4e80 rbx 0x0000300000006e90 rcx 0x0000000000000150 rdx 0x000010000000a4c0 rbp 0x0000300000006e80 rsi 0x000010000000a5c0 rdi 0x000000005a5a4f80 r8 0x000000005a5a5a5a r9 0x000000005a5a4e80 r10 0x0000000000000000 r11 0x0000000000000200 r12 0x000000000040ff00 r13 0x000010000000a4c0 r14 0x0000000000000004 r15 0x00007f7fffa01200 trap 0x0000000e Page Fault gsbs 0x0000000000000000 fsbs 0x0000000000000000 err 0x--------00000006 rip 0x000000000040fce6 cs 0x------------0023 flag 0x0000000000010202 rsp 0x0000300000006d80 ss 0x------------001b err 0x6 (for PFs: User 4, Wr 2, Rd 1), aux 0x000000005a5a4f80 Addr 0x000000000040fce6 is in syz-executor at offset 0x000000000000fce6 VM Regions for proc 44 NR: Range: Prot, Flags, File, Off 00: (0x0000000000400000 - 0x00000000004b5000): 0x00000005, 0x00000001, 0xffff8000048c6820, 0x0000000000000000 01: (0x00000000004b5000 - 0x00000000004b6000): 0x00000005, 0x00000002, 0xffff8000048c6820, 0x00000000000b5000 02: (0x00000000006b6000 - 0x00000000006b9000): 0x00000003, 0x00000002, 0xffff8000048c6820, 0x00000000000b6000 03: (0x00000000006b9000 - 0x00000000008e5000): 0x00000003, 0x00000002, 0x0000000000000000, 0x0000000000000000 04: (0x0000000020000000 - 0x0000000021000000): 0x00000007, 0x00000022, 0x0000000000000000, 0x0000000000000000 05: (0x0000100000000000 - 0x0000100000024000): 0x00000007, 0x00000022, 0x0000000000000000, 0x0000000000000000 06: (0x0000300000000000 - 0x0000300000001000): 0x00000003, 0x00000002, 0xffff8000048c6820, 0x0000000000000000 07: (0x0000300000001000 - 0x0000300000005000): 0x00000003, 0x00000022, 0x0000000000000000, 0x0000000000000000 08: (0x0000300000005000 - 0x0000300000007000): 0x00000007, 0x00000022, 0x0000000000000000, 0x0000000000000000 09: (0x0000300000007000 - 0x0000300000019000): 0x00000003, 0x00000022, 0x0000000000000000, 0x0000000000000000 10: (0x0000300000019000 - 0x000030000003d000): 0x00000007, 0x00000022, 0x0000000000000000, 0x0000000000000000 11: (0x00007f7fff8ff000 - 0x00007f7fff9ff000): 0x00000003, 0x00000022, 0x0000000000000000, 0x0000000000000000 Backtrace of user context on Core 3: Offsets only matter for shared libraries #01 Addr 0x000000000040fce6 is in syz-executor at offset 0x000000000000fce6 #02 Addr 0x000000000041010e is in syz-executor at offset 0x000000000001010e #03 Addr 0x00000000004156bd is in syz-executor at offset 0x00000000000156bd #04 Addr 0x0000000000407fab is in syz-executor at offset 0x0000000000007fab #05 Addr 0x0000000000414b10 is in syz-executor at offset 0x0000000000014b10 #06 Addr 0x00000000004084da is in syz-executor at offset 0x00000000000084da #07 Addr 0x0000000000403ec9 is in syz-executor at offset 0x0000000000003ec9 #08 Addr 0x000000000041483c is in syz-executor at offset 0x000000000001483c #09 Addr 0x0000000000414841 is in syz-executor at offset 0x0000000000014841 10:42:22 executing program 1: r0 = openat$net_ipifc_1_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/net/ipifc/1/ctl\x00', 0x11, 0x3, 0x0) openat$dev_hostowner(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hostowner\x00', 0xf, 0x3, 0x0) fcntl$F_GETFL(r0, 0x3) 10:42:22 executing program 1: r0 = openat$proc_self_ns(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/ns\x00', 0xe, 0x1, 0x0) close(r0) r1 = openat$dev_ppid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppid\x00', 0xa, 0x1, 0x0) close(r1) r2 = openat$dev_capuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/capuse\x00', 0xc, 0x3, 0x0) r3 = openat$dev_time(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/time\x00', 0xa, 0x3, 0x0) openat$net_ipifc_clone(0xffffffffffffff9c, &(0x7f0000000100)='/net/ipifc/clone\x00', 0x11, 0x3, 0x0) r4 = openat$net_tcp_0_data(0xffffffffffffff9c, &(0x7f0000000140)='/net/tcp/0/data\x00', 0x10, 0x3, 0x0) openat$dev_stderr(0xffffffffffffff9c, &(0x7f0000000180)='/dev/stderr\x00', 0xc, 0x3, 0x0) close(r4) close(r2) openat$net_tcp_0_data(0xffffffffffffff9c, &(0x7f00000001c0)='/net/tcp/0/data\x00', 0x10, 0x3, 0x0) openat$net_ether0_1_data(0xffffffffffffff9c, &(0x7f0000000200)='/net/ether0/1/data\x00', 0x13, 0x3, 0x0) openat$net_ether0_0_ctl(0xffffffffffffff9c, &(0x7f0000000240)='/net/ether0/0/ctl\x00', 0x12, 0x3, 0x0) openat$net_ipifc_stats(0xffffffffffffff9c, &(0x7f0000000280)='/net/ipifc/stats\x00', 0x11, 0x1, 0x0) r5 = openat$net_ipifc_0_remote(0xffffffffffffff9c, &(0x7f00000002c0)='/net/ipifc/0/remote\x00', 0x14, 0x1, 0x0) openat$dev_drivers(0xffffffffffffff9c, &(0x7f0000000300)='/dev/drivers\x00', 0xd, 0x1, 0x0) openat$net_ipifc_0_local(0xffffffffffffff9c, &(0x7f0000000340)='/net/ipifc/0/local\x00', 0x13, 0x1, 0x0) openat$dev_stdin(0xffffffffffffff9c, &(0x7f0000000380)='/dev/stdin\x00', 0xb, 0x3, 0x0) close(r5) read(r3, &(0x7f00000003c0)=""/245, 0xf5) openat$net_ether0_1_type(0xffffffffffffff9c, &(0x7f00000004c0)='/net/ether0/1/type\x00', 0x13, 0x1, 0x0) openat$net_tcp_1_status(0xffffffffffffff9c, &(0x7f0000000500)='/net/tcp/1/status\x00', 0x12, 0x1, 0x0) openat$net_tcp_stats(0xffffffffffffff9c, &(0x7f0000000540)='/net/tcp/stats\x00', 0xf, 0x1, 0x0) openat$dev_time(0xffffffffffffff9c, &(0x7f0000000580)='/dev/time\x00', 0xa, 0x3, 0x0) openat$net_ipifc_0_local(0xffffffffffffff9c, &(0x7f00000005c0)='/net/ipifc/0/local\x00', 0x13, 0x1, 0x0) openat$net_ipifc_1_ctl(0xffffffffffffff9c, &(0x7f0000000600)='/net/ipifc/1/ctl\x00', 0x11, 0x3, 0x0) openat$net_ipselftab(0xffffffffffffff9c, &(0x7f0000000640)='/net/ipselftab\x00', 0xf, 0x1, 0x0) openat$net_ipifc_1_data(0xffffffffffffff9c, &(0x7f0000000680)='/net/ipifc/1/data\x00', 0x12, 0x3, 0x0) openat$net_ipifc_clone(0xffffffffffffff9c, &(0x7f00000006c0)='/net/ipifc/clone\x00', 0x11, 0x3, 0x0) 10:42:22 executing program 1: openat$net_ether0_2_stats(0xffffffffffffff9c, &(0x7f0000000000)='/net/ether0/2/stats\x00', 0x305, 0x1, 0x0) openat$dev_kmesg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kmesg\x00', 0xb, 0x1, 0x0) 10:42:22 executing program 3: openat$dev_klog(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/klog\x00', 0xa, 0x1, 0x0) r0 = openat$net_tcp_1_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/net/tcp/1/ctl\x00', 0xf, 0x3, 0x0) openat$net_icmp_clone(0xffffffffffffff9c, &(0x7f0000000040)='/net/icmp/clone\x00', 0x10, 0x3, 0x0) openat$net_ipifc_stats(0xffffffffffffff9c, &(0x7f0000000080)='/net/ipifc/stats\x00', 0x11, 0x1, 0x0) fcntl$F_GETFD(r0, 0x1) 10:42:22 executing program 4: r0 = openat$net_udp_clone(0xffffffffffffff9c, &(0x7f0000000000)='/net/udp/clone\x00', 0xf, 0x3, 0x0) openat$dev_cputime(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cputime\x00', 0xd, 0x1, 0x0) fstat(r0, &(0x7f0000000040)) openat(r0, &(0x7f0000000200)='./file0\x00', 0x8, 0x280, 0x2e) r1 = openat$dev_drivers(0xffffffffffffff9c, &(0x7f0000000100)='/dev/drivers\x00', 0xd, 0x1, 0x0) fstat(r1, &(0x7f0000000280)) openat$dev_stdout(0xffffffffffffff9c, &(0x7f0000000140)='/dev/stdout\x00', 0xc, 0x3, 0x0) openat$net_ipifc_0_err(0xffffffffffffff9c, &(0x7f0000000180)='/net/ipifc/0/err\x00', 0x11, 0x3, 0x0) openat$net_udp_0_status(0xffffffffffffff9c, &(0x7f00000001c0)='/net/udp/0/status\x00', 0x12, 0x1, 0x0) 10:42:22 executing program 2: r0 = openat$net_tcp_stats(0xffffffffffffff9c, &(0x7f00000001c0)='/net/tcp/stats\x00', 0x8, 0x1, 0x0) read(r0, &(0x7f0000000040)=""/239, 0xef) openat$dev_zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0xa, 0x1, 0x0) openat$proc_self_syscall(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/syscall\x00', 0x13, 0x1, 0x0) 10:42:22 executing program 3: r0 = openat$net_tcp_0_listen(0xffffffffffffff9c, &(0x7f0000000000)='/net/tcp/0/listen\x00', 0x12, 0x3, 0x0) vmm_ctl$VMM_CTL_SET_EXITS(0x2, 0x1) openat$net_ipifc_0_remote(0xffffffffffffff9c, &(0x7f0000000040)='/net/ipifc/0/remote\x00', 0x14, 0x1, 0x0) pop_ctx(&(0x7f0000000080)="30b9401f098d2c75d3282c0a7b4725a1b1d6c1db84c90a6d26f66dfb7f085b690161192cda89a0a96aab9f7c9624a0983825b461619565c9d95a554b2260d11b0513750cceb623329e142563079a3328c4aa5669d11d6f30a2f652f58d0c824fb0001e0a57f9b249500ab01fe44abfb17658d1105ea03eb77cd38e0228df3af989e73e5630fde9bf595ebc57d7c591c47c66826caf1b6e09a7ee1f8f6f8a4779a513fdee926b0f21cdb4651cede8ac75aff153cb9ab8590f61a618240c9a184c6211fe045757ab17518f3acc3cfdf61f26f9e5eb05651b01") openat$net_tcp_1_ctl(0xffffffffffffff9c, &(0x7f0000000180)='/net/tcp/1/ctl\x00', 0xf, 0x3, 0x0) openat$dev_stdout(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/stdout\x00', 0xc, 0x3, 0x0) r1 = openat$net_udp_0_local(0xffffffffffffff9c, &(0x7f0000000200)='/net/udp/0/local\x00', 0x11, 0x1, 0x0) r2 = openat$dev_kprint(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kprint\x00', 0xc, 0x1, 0x0) openat$dev_stdout(0xffffffffffffff9c, &(0x7f0000000280)='/dev/stdout\x00', 0xc, 0x3, 0x0) openat$net_tcp_2_local(0xffffffffffffff9c, &(0x7f00000002c0)='/net/tcp/2/local\x00', 0x11, 0x1, 0x0) openat$dev_cputime(0xffffffffffffff9c, &(0x7f0000000300)='/dev/cputime\x00', 0xd, 0x1, 0x0) r3 = openat$proc_self_user(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/user\x00', 0x10, 0x1, 0x0) openat$net_ipifc_0_data(0xffffffffffffff9c, &(0x7f0000000380)='/net/ipifc/0/data\x00', 0x12, 0x3, 0x0) vmm_add_gpcs(0x1, &(0x7f0000001600)={&(0x7f00000003c0)="d2525770d9dc08742596a31e60488c7a15910577160c0d291b3b2a46afc7774eca0d128d2238fb5656b137f6fc0d46e851f5ed37a8f61e9020943d51428d8cf0e6a29959e51b07976dc914ee6815c2a25d5bff47e7ef3f8b8bd42a2872708927a10f49cd096b24cfab92b54df65fb983a4a5b8ef4759", &(0x7f0000000440)="b645d87f51d05bb6f43cffab444535fd6000002aecee93177f91e8ab9ca96b4f5d3b031809466958d2a7fedee00852e5875872e33f19e3bb6590f2957c7f3049b1615ea6d3d38f40aeab60d395dbeec046be4e0a011a797313acf9f9c5ce53ea2f2a234f1097cbd2099e29cbba48f62a", &(0x7f00000004c0)="fdfdcd8d0ec8e1a683752b264bea34f4febf0c96f13ae85f367bdc8530050878dbabbf99ee9dd57f691610177bf1407d74ccd6ffce4378999b60131ebcd40093c41b9d62cc7fc2b6c7354c3b36aa8ac5a923f5389fe704bcc42469813fe502c2e10202caeb919d1dd8d920fdac9e83540e71a3ef1731842c516237652c3dabec03f7399394c805b7c988747f38acf3cf7ad0e85a2d0e51576cde7e025ea8dbfa3ae1e735248f4f914bcda517510274760df9a212c5b593b74bb336dc941408926ce927b699fac9faf36cec8aa19588777d3b38cb2c0c7040127ac63fe1c00a336f04731246bd813a62fc7415e8492dfda53bff0439cc716950d08b60176695ac8fff2b06d57af8beb93b459070d0812cf19068dcaedb7c46c2705ed89bfadc87c0997866a552e100844315f4d19316077c32026ab0402c0f4ca5130636a1eb26687a31f100b32b8430953986ef6eed9ec2f0e01fe62a9266a7399bf936f9be0d93b82a09d5ba0b68373a26ff1892e77e4ad378d41c430177f9e14e45944fbce39c9aecb9801da89b385f8c52a057845bb37b4504a1a75528f0c4dfcb3170a3f0dcc1b9394f1a46fa4e8a6e9e969cfa1e88c7d1cdd8bde934ad526513e065f1dc8bcf9b006ec5fd7ba68b3fc2b1bf3c7a02f511c8c5e3c7d265173b981d57e37ed637bfdd71e4fbb79a744036f6279889843f602a0682bc2d7ea8317176e94a58e993cf1683cab41d06fa3cdabd5269aeb6d66883d87c78d69fc18d2a18c943656b0a7323423ece11c241a1a88afd59825a9328b81450b2b4966032d63b90e2210897ac757e5d3926d51af9fd3661c53b37004504fb9fddf73f798b64f41e70ea9b8f7eeee8c7d015dcd25fe7e46aeebdcda04e1b44bd1a41e313bf5704200ac22a096c6772f1c36b8d09f8ca37d5cd31af729abafdf9b644fc4c7e4827a0ea487751dd1183635d1d5d3cff1675bb354c13d1fa592154d70b1fb80bad84985edc208a91bd5e75dbc10ecd4f11b163b9ff4e2fbeb331f3f14fdedef06bff5dab40713b89a590cb9a905bda97744510265d4fbf92ecebc33c679518769fdfd221d26b6b7484ba561407fa24bf8274ea5f57518ca694cc178200d13dd7d1efc6e4d698dd8d027ea1766b438b4c2fc0a040c0a1a4d69f30b27fe18c888182689430c987cea66e75968b15b00a761a1f688d875d079ce541f0c68af7607b1064cc0e543a62061a7ef35e96328409fc34764a627a046b2cca640e92863babfbe1c0f1ae564506f46e25be9f84f90890ea1b2787f52c741ca79f010f11a0102f6b23fb36abe1649b6d287de7d935d36db7153fac395771c43b15ca0556f936350f34c9c9053edbcf132cbd0e4545b724406b17a9af995fad0060edd4a25d12e3616e4655993ae83fd0da8e2aae6a3190c384b85fbbb6402a4ce6f38a553ba5c8e4e800031e08f8e10632bd8af204b70c3cd9f0aa993d384d42a38ac15a5f389fe765c7eb27ec8d1459ca93298b10ff89902b40e7cba9a653e54673dc837e246986a41f17f8608148832b6a1955ccbf77a9011eb408e7f8adf131c30abee17ced036ac0771a2c1e1fb0f60dcd85333b3963ce7ac52ba3e6de97f7cafd57c0af21c577dcb66cee28ad6b9976d1d327e335f83b434c427efd1b4521da54ffb6cf4320cc3c301fa1a2f27ae0c5d62a0a9e4790305e3236f1e5603a4a20bc606599c78b2700db3cb845598c0b2ba6d8b6e01a9ffdf29669535a1f8c2e6ea122049cbc444b2e41b21c00d19fc3cc7ade9b274ab82fa0f6c834f4e538861e8b762cb35931adcc2fb099c8c38daa0351c754511b831a3514d518611a36de3edc42feb23ba49bb511352bfa97c31d64998ea971e903a064151ae69fbe074b1971077c7cffe63b6cb223554f361e80d7cfb71af3697aad016ed68a4c6d0bc0930031cb6c9e49cbd38a1f7d6bb2030539be2e7d64f0d763c21203c1c0eb3732f6df0a5c042aff48a412a2b8a565800e620d88a4ef70c206387d5b438d5860eb7a025a54a94bca2804ca1ae8ed72b2d0368a5e76d1efacad539938bb87e3e2406bbc36a51b02139f8599953d0b645398e053416a61ce3ed68a7adfa7e510be9a9db1e283b2c2da91ac48db7047c8444acdf39b2b9486d76cd3236d2739a771a0d2de1befcb926db4654bd72dcf620eb66df7c0499a6a6e715a0687215d03d958af5a4afd8a61504de33a52b0e77546f3ed8322fa22f2a7bc4465aa94d8faf8b0f207f6a18dd3584af6fe4f03266f999675c8dc380d3f839f9a2769637f9b1c110a2c0a5de2d8517bb02077cf6c53a0c94a8504e8d7a87839756dc758caae558ec6931e661d4b559f4feafe90d51ab5ca5c82ef0ae595553f2f70bc480c8babf4ebe68cad0e7514e11d30dedd8c1184ca04d0cf19cc534ce9dd0db21295dea475daf56cdb63d55a6d246ec557db37daf00ef0f071de7ed08e64b13c7c1ca25b1d953813f18c26451a8df668075550aa346c71d8c5b9abfe1dddeec7d98b8de91e9ecdaa6b6eb553139cf2c5101ab3883676fce8b9365cc3cbe79c3cbc8d09ad2e72cd5c5a1126926e4c96becc7be90f04ff88112b172a5f42e34c8eaccf74a3b5951088beb6663ed5fdf781ab6677bec42ad0a31deb4602f840bf3244e85ff5b721ebf48f913fec50cf4bc031260d462063d1815b7966f287908539d8e9a232dea68d84b6247c432d4baa98c1ef8dcbba27553d905021ebb9b46ad09d4fdc65ce3c63ff6b09ccd0c1f253c50b7f2a0c82c3a2007f1689221650f4bb2b4a97d117ca369b3cb8151e2073fd8a1ec599e4de340972d0cb3b391c7f282f8642136ad1cf184df49bddc774a0076ae2e19cb0be2b1edc02614e2c7e98e83af660b63c2537c6c6821083d303e8f8d6b44b3d5d20a9fd437c5b1b62a6add5ae4cf3fcf3f4f3aca204bb4afb49647dd94820e0a28d81b338bd284ffd1ce92c3ea3dd3984adb6e10bc3edf1bb0b8bbebcd67514bf71a9303b1d458dd311f96b1eba53d71891a245bf6eb059fb684417ec01a7f61562afe2348ff900b04756566d1e350065f67aadce0bbcc9b3d6c2e236204e30961f62c888a6a9cb398893f53f71bce83dbdc21ef7ca63a96be2b8046df70de973db96189c0dab8d6b6be95bb644a69c3c17afcdffe2586804d336c7c3277eeb611c9dcf1f73e4304f948e3a5554cc1a27ab715270901c21da88077db904a0f7dec653bf23328af11df7e45d50766e8c909ba4b7cbeb7876304aae76c5c607e48041f506e092d55d6db1109a0b6c93f0b3381516d8a651b5888715732c8a83ceed02e4e31e81838cd85ffaa1f9f5eb7cfe37c695a5c4e46e6a8a13523494f4876ef01f8ea6c46eec0e99f9529848635f335d3e549baad298a16f03be7b396ddb0e8e8e8bfef6ca7425e20481d4790a542587300b3d46b58c6efdde1523e8074504647e8bd9e6351b0b9623508f0695f2e62c30ea873e0de8a1367f14a0a6e97bac678e653ce21166a2aba1ea48555602a094c68ba82e4c98dd3ab7aa8ddd52edbc9fe9302978494aef94596fa0adcab1c907a9228643f0285e9a3e27fc45e198d54f00afe2c1b107db8ef2d71b09e106c61a2a532b2dff5bb30f4aaa68cfa07a0f543ea436e1749b8c803e6aa1105ed8fc4b77904299a7f47ee0ae9ab9d00677cee84188e7a4e18ad208af44f96e9dee9fbd1b31d8ba5e4a0179666583db929c3a2956a397061310ec02724d48944a30aca5b7e511b74842eff792d007e386c080dd5b81d0f7c5353f4e45b20a6f3561d0013b308fba40c6bd8a60decaf55aade2a73b69c96695b2a8572a1db800228bf2ba458a4fc6d7f1269655df26051a54638f5d6b07cdcce0f99ba19ecff37e010c4fad4ed4ec3c0ccfe6c38debef4c6b654f77fb1aa12efddf349124c8c2ddb7e3374db83be642fc20b1778f90eedd61d12cd032c82f0f29b0f18f7d98b92d1f56976df77a466a1cea939260cf29f255e15c33c660d6ba6ac79c6b00ee0f6bdd91be223e878e49786ec347019220fbbff49a1a960427c9f6880c1b04ee85eb2d22403ab11903c5bb13d98669499a667bb5f37c3e6462ab7c41e6d6b6dbf2682337dee0218e107d435b9b7937145079cb71a2ac9877e614b6f3ff919d3d9ad43af896f4342822ac4ebc54c1713c8e3d2363b4e45ab112471926b82b5ad4b57159e4a83ce02daed5003dbbaa5eb2ad88907c1149ec4fbdb2e68a20e9ed288a644eb2a1e4f915d9666e50fd591dd73dcf8c909adaac459f6161efd4689806f64471f3965bb541d02e9cfabe4ab40dd008e11c62c3269e71024d934301079626e0c38e01165771d618b060300630248234da86e4fda9da8bac0cc88b7ddbb6252c92eaa8e8dbf4ac6f98a57e47f8de41fc287c7aee4bb6d0d9390dc733e7ae5cd1c5c79ebca0daf5502790c6341749d01ec07d23ef1d72ca0ba04a06b1a2722ba12c96df46a86b63bd5e8c8c903e867c6c77787683170303ab09c399051b4872297616e932ef311fdb9397a2994a6e4312a3223a1edbd809ac7f566c98bbe0da7ddde07fe6bd14105d48928d1daf356751ac823a4cd4e740bfc102af09f3f3fcde353533f75aa39800a2dd1df0f0d1ae4be42b0e23b5f0db0ea5bd95af648c0d9ea08dcbca6a6785651feb4fb2328d61a326182fff251bd783d6f424db02b52f5cfb9c62ec12ed756229e4e923280cb07a4453eb6c1d253db6114b02ced524a28440293433d29616977cf38b1869cb029091e261a3037d22aa4ecd37a30fbbbbf8e05fca322a32f8cdfaea8457c4d68cbea2f197d185d0e91e00192044ccd177ef7458ea1a6963dde6f533dd6680cb64808288caa5a77f26ce84fbf78d7f4ef259fe369ab40ba64d7b19cd0b9b983b44321e1130803716fb16639fb2a688d0597134e35ceb37df9ec5c059ddd6e255465632d05cbd4b1fbf8c9f2f6843f9a19d8a898b635cdae464831a5d7ce71e436dc850d7e1cc6e41b84ef3a16fba2d8ba6e8447a1f424cd79d29cbfa7f06ecf2ca30025472267c7dae9e8bd717a987e7ffba88cf55102dd3f0d7c0929f838db03ec0d80ce64e3bcfa05bed49cdd74cb370fe2de638e482f78bac070fa51fa612f42e14da04e17871f77887505b231f600f7484283e16e5d3abbfa40d17ebb1e0c39d154222f0d09c3446613eec8cedeab7504ca308ef425ce89a7e311f51684f055176595694f5f510eaaf81b1b81ca6f7f76a2b71a69a53eebf740342ef6bc04a1ad67825e66adb808689e101f24af40d0af9bcced15a2c6622a62ad3caf058ee1aee57d37a5e02eb3f0fc60b7f480df672ec11170529afdd1e182bc0a7ca750d1502ff0e7b60dd8f6e47b363972f916ce3de390ad0fd8e1c4be5953bba28719d490a7e99fb1b55841c8038933ae7c66fa710813b2f3a8cdaf73118f4c6deee38ab3dc31b29f76d93b2da709c92768a8e73f50c0440f1d3cf42390a3abea9fbfe552a3b09edd45d0531699cbe09acb3b194bce0a56e48fed71663d6028eb18003368db3286432bc5782b4c9e91aa0e13cbe3a772f35de46ff5d2a4b6215989e65fba3371025148013fae680fff5750ad3457baa8c282b0c8c8cdd3a991a831e3789daccce7424bdfd3d8caba652ab26b92b7aa1ab501863a97b710e39c5c9d6b3b0fb908e54a1444b673cc76ea09b67476372d9723ddd3be9e172ec2c8c4aad8d79fbb7b7be844f7d611a10b83ff5bccf0c4b9db31922ae59a93c524ffbd373c38af50fb942e7f8a480eb983cc38b82e2d22d676ad1dbba1b44765d0e7590", &(0x7f00000014c0)="776d3f864ffa1979279a5ced677c79c137a120f60e5cf1ad0f5657bad5e453de4bd7d87382aa22c3e3a9c568494fe342d0497e55c47186d12be8a3abfc76e4b3e92e0622ebf79d63ee7a808a75b13b8c06e2c3553822931814534c76cadfa115cb20c56b047ea2eda7f822aec8099d93e1db1b921ca02c1a098ba0a6076a39e7207f8c049a228414dc395eb97a9392bbb119e2b348cf7ca24aa49757326fc4ce6e", &(0x7f0000001580)="ec4daa0ab95e9a27b080260054047fd0b08adfca995b18d7f0a0b9bebcc96d6732ee25986224a5483242a5f8a46c5d5211720ff2655c00230040d7a68470831ef5a334e38b3d4599f0e07dbc47c3e0146e4e1b4baabf622c1b799cd02901e1c8d4c7f92b0a81dc578386a009b38e7268362c1832a4e741276375917c"}) r4 = proc_create(&(0x7f0000001640)='./file0\x00', 0x8, &(0x7f0000001680)='\x00', 0x1, 0x0) dup_fds_to(r4, &(0x7f00000016c0)=[{r2}, {r3}, {r1}], 0x3) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) getcwd(&(0x7f0000001700)=""/190, 0xbe) lstat(&(0x7f00000017c0)='./file0\x00', 0x8, &(0x7f0000001800)) readlink(&(0x7f0000001880)='./file1\x00', 0x8, &(0x7f00000018c0)=""/120, 0x78) wstat(&(0x7f0000001940)='./file0\x00', 0x8, &(0x7f0000001980)=""/203, 0xcb, 0x0) write(r0, &(0x7f0000001a80)="529621d061b63ed4c1dbf8e1b7cca9c65ec7ceebc9f0f022d195b6c7954c59b8fff5c8c6eed4027139e8eadfc710397eca206eda7d15709f52316c33be37396f2efe459dd270c3ebabd5561b7332c6167cca3865299450c384", 0x59) vmm_poke_guest(0x70) openat$dev_urandom(0xffffffffffffff9c, &(0x7f0000001b00)='/dev/urandom\x00', 0xd, 0x1, 0x0) openat$proc_self_segment(0xffffffffffffff9c, &(0x7f0000001b40)='/proc/self/segment\x00', 0x13, 0x1, 0x0) openat$net_tcp_2_listen(0xffffffffffffff9c, &(0x7f0000001b80)='/net/tcp/2/listen\x00', 0x12, 0x3, 0x0) openat$dev_ppid(0xffffffffffffff9c, &(0x7f0000001bc0)='/dev/ppid\x00', 0xa, 0x1, 0x0) openat$net_arp(0xffffffffffffff9c, &(0x7f0000001c00)='/net/arp\x00', 0x9, 0x3, 0x0) openat$net_ipifc_0_listen(0xffffffffffffff9c, &(0x7f0000001c40)='/net/ipifc/0/listen\x00', 0x14, 0x3, 0x0) openat$net_udp_0_listen(0xffffffffffffff9c, &(0x7f0000001c80)='/net/udp/0/listen\x00', 0x12, 0x3, 0x0) 10:42:22 executing program 1: openat$net_tcp_clone(0xffffffffffffff9c, &(0x7f0000000000)='/net/tcp/clone\x00', 0xf, 0x3, 0x0) openat$net_log(0xffffffffffffff9c, &(0x7f0000000040)='/net/log\x00', 0x9, 0x3, 0x0) r0 = openat$dev_cputime(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cputime\x00', 0xd, 0x1, 0x0) openat$net_ipifc_0_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/net/ipifc/0/ctl\x00', 0x11, 0x3, 0x0) openat$net_tcp_0_status(0xffffffffffffff9c, &(0x7f0000000100)='/net/tcp/0/status\x00', 0x12, 0x1, 0x0) openat$net_tcp_2_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/net/tcp/2/ctl\x00', 0xf, 0x3, 0x0) r1 = openat$net_ipifc_0_ctl(0xffffffffffffff9c, &(0x7f0000000180)='/net/ipifc/0/ctl\x00', 0x11, 0x3, 0x0) openat$proc_self_strace_traceset(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/strace_traceset\x00', 0x1b, 0x3, 0x0) read(r1, &(0x7f0000000200)=""/86, 0x56) openat$net_tcp_2_data(0xffffffffffffff9c, &(0x7f0000000280)='/net/tcp/2/data\x00', 0x10, 0x3, 0x0) openat$net_ipifc_0_listen(0xffffffffffffff9c, &(0x7f00000002c0)='/net/ipifc/0/listen\x00', 0x14, 0x3, 0x0) openat$net_ether0_1_ctl(0xffffffffffffff9c, &(0x7f0000000300)='/net/ether0/1/ctl\x00', 0x12, 0x3, 0x0) openat$dev_bintime(0xffffffffffffff9c, &(0x7f0000000340)='/dev/bintime\x00', 0xd, 0x3, 0x0) openat$dev_swap(0xffffffffffffff9c, &(0x7f0000000380)='/dev/swap\x00', 0xa, 0x3, 0x0) unlink(&(0x7f00000003c0)='./file0\x00', 0x8) openat$net_ipselftab(0xffffffffffffff9c, &(0x7f0000000400)='/net/ipselftab\x00', 0xf, 0x1, 0x0) openat$proc_self_strace_traceset(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self/strace_traceset\x00', 0x1b, 0x3, 0x0) fd2path(r0, &(0x7f0000000480)=""/123, 0x7b) openat$net_ether0_2_ctl(0xffffffffffffff9c, &(0x7f0000000500)='/net/ether0/2/ctl\x00', 0x12, 0x3, 0x0) openat$net_ether0_clone(0xffffffffffffff9c, &(0x7f0000000540)='/net/ether0/clone\x00', 0x12, 0x3, 0x0) openat$prof_kpdata(0xffffffffffffff9c, &(0x7f0000000580)='/prof/kpdata\x00', 0xd, 0x3, 0x0) openat$net_tcp_0_listen(0xffffffffffffff9c, &(0x7f00000005c0)='/net/tcp/0/listen\x00', 0x12, 0x3, 0x0) openat$proc_self_note(0xffffffffffffff9c, &(0x7f0000000600)='/proc/self/note\x00', 0x10, 0x1, 0x0) openat$dev_null(0xffffffffffffff9c, &(0x7f0000000640)='/dev/null\x00', 0xa, 0x1, 0x0) openat$proc_self_noteid(0xffffffffffffff9c, &(0x7f0000000680)='/proc/self/noteid\x00', 0x12, 0x3, 0x0) openat$dev_ppid(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/ppid\x00', 0xa, 0x1, 0x0) openat$proc_self_strace(0xffffffffffffff9c, &(0x7f0000000700)='/proc/self/strace\x00', 0x12, 0x1, 0x0) getvcoreid() openat$net_ether0_2_data(0xffffffffffffff9c, &(0x7f0000000740)='/net/ether0/2/data\x00', 0x13, 0x3, 0x0) openat$dev_pgrpid(0xffffffffffffff9c, &(0x7f0000000780)='/dev/pgrpid\x00', 0xc, 0x1, 0x0) 10:42:22 executing program 4: vmm_ctl$VMM_CTL_SET_FLAGS(0x4, 0x2) r0 = openat$dev_ppid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppid\x00', 0xa, 0x1, 0x0) fcntl$F_SETFD(r0, 0x2, 0x1) r1 = openat$dev_swap(0xffffffffffffff9c, &(0x7f0000000040)='/dev/swap\x00', 0xa, 0x3, 0x0) openat$net_ipifc_0_snoop(0xffffffffffffff9c, &(0x7f0000000080)='/net/ipifc/0/snoop\x00', 0x13, 0x1, 0x0) openat$net_tcp_1_err(0xffffffffffffff9c, &(0x7f00000000c0)='/net/tcp/1/err\x00', 0xf, 0x3, 0x0) fd2path(r1, &(0x7f0000000100)=""/160, 0xa0) openat$net_udp_0_err(0xffffffffffffff9c, &(0x7f00000001c0)='/net/udp/0/err\x00', 0xf, 0x3, 0x0) openat$net_ether0_addr(0xffffffffffffff9c, &(0x7f0000000200)='/net/ether0/addr\x00', 0x11, 0x3, 0x0) openat$dev_urandom(0xffffffffffffff9c, &(0x7f0000000240)='/dev/urandom\x00', 0xd, 0x1, 0x0) r2 = openat$net_icmpv6_clone(0xffffffffffffff9c, &(0x7f0000000280)='/net/icmpv6/clone\x00', 0x12, 0x3, 0x0) r3 = openat$dev_sysstat(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/sysstat\x00', 0xd, 0x3, 0x0) write(r2, &(0x7f0000000300)="f06699784f0154639fe93a0391b2d3a55959562eba714cc585744a98c6849e07455965d396949bff9b3f23d6da04803f69925882130f82c49ccc58fe32d059c2afdd6c97dc309dd7802edcbd767acc16cbdba4770fc8259d5b6a50fd2ae8482aa9e2bb2f3093c721ea635c8006225e48d08e1b5813506bbbef103a42bcbf2c98722190de79824543fde99ee142867e09a8e1fe5279b257a1cbe132a455d061eb0453062a1d743bbf10f8b963f444d46f75933f6159c0b6967cfc93c823d602380897aa3e0389d92da7f87baa5d71cbfc0101f4e0eb35ce623f1c8ad46df946de119f78cd", 0xe4) openat$net_ether0_0_stats(0xffffffffffffff9c, &(0x7f0000000400)='/net/ether0/0/stats\x00', 0x14, 0x1, 0x0) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000) openat$net_tcp_2_err(0xffffffffffffff9c, &(0x7f0000000440)='/net/tcp/2/err\x00', 0xf, 0x3, 0x0) openat$proc_self_fpregs(0xffffffffffffff9c, &(0x7f0000000480)='/proc/self/fpregs\x00', 0x12, 0x1, 0x0) openat$net_udp_0_err(0xffffffffffffff9c, &(0x7f00000004c0)='/net/udp/0/err\x00', 0xf, 0x3, 0x0) openat$proc_self_fd(0xffffffffffffff9c, &(0x7f0000000500)='/proc/self/fd\x00', 0xe, 0x1, 0x0) mkdir(&(0x7f0000000540)='./file0\x00', 0x8, 0x20) openat$dev_stdout(0xffffffffffffff9c, &(0x7f0000000580)='/dev/stdout\x00', 0xc, 0x3, 0x0) fcntl$F_SETFL(r3, 0x4, 0x100800) openat$net_ipifc_stats(0xffffffffffffff9c, &(0x7f00000005c0)='/net/ipifc/stats\x00', 0x11, 0x1, 0x0) openat$net_ipifc_0_snoop(0xffffffffffffff9c, &(0x7f0000000600)='/net/ipifc/0/snoop\x00', 0x13, 0x1, 0x0) openat$net_iproute(0xffffffffffffff9c, &(0x7f0000000640)='/net/iproute\x00', 0xd, 0x3, 0x0) openat$prof_mpstat_raw(0xffffffffffffff9c, &(0x7f0000000680)='/prof/mpstat-raw\x00', 0x11, 0x3, 0x0) openat$net_cs(0xffffffffffffff9c, &(0x7f00000006c0)='/net/cs\x00', 0x8, 0x3, 0x0) openat$dev_sdctl(0xffffffffffffff9c, &(0x7f0000000700)='/dev/sdctl\x00', 0xb, 0x3, 0x0) access(&(0x7f0000000740)='./file0\x00', 0x8, 0x2) openat$net_ether0_1_ifstats(0xffffffffffffff9c, &(0x7f0000000780)='/net/ether0/1/ifstats\x00', 0x16, 0x1, 0x0) kernel panic at kern/src/ns/sysfile.c:729, from core 3: assertion failed: n >= sizeof(struct kdirent) Stack Backtrace on Core 3: #01 [<0xffffffffc200a39c>] in backtrace #02 [<0xffffffffc2009b35>] in _panic #03 [<0xffffffffc203f933>] in rread #04 [<0xffffffffc203fa5b>] in sysread #05 [<0xffffffffc20590e9>] in sys_read #06 [<0xffffffffc2059a19>] in syscall #07 [<0xffffffffc205a5c8>] in run_local_syscall #08 [<0xffffffffc205ab09>] in prep_syscalls #09 [<0xffffffffc20ac422>] in sysenter_callwrapper Unhandled user trap in vcore context from VC 0 HW TRAP frame (partial) at 0xffffffffc89960e0 on core 2 rax 0x000000005a5a4e80 rbx 0x0000300000006e90 rcx 0x0000000000000150 rdx 0x000010000000cec0 rbp 0x0000300000006e80 rsi 0x000010000000cfc0 rdi 0x000000005a5a4f80 r8 0x000000005a5a5a5a Entering Nanwan's Dungeon on Core 3 (Ints on): r9 0x000000005a5a4e80 Type 'help' for a list of commands. r10 0x0000000000000000 ROS(Core 3)> r11 0x0000000000000200 r12 0x000000000040ff00 r13 0x000010000000cec0 r14 0x0000000000000004 r15 0x00007f7fffa01200 trap 0x0000000e Page Fault gsbs 0x0000000000000000 fsbs 0x0000000000000000 err 0x--------00000006 rip 0x000000000040fce6 cs 0x------------0023 flag 0x0000000000010202 rsp 0x0000300000006d80 ss 0x------------001b err 0x6 (for PFs: User 4, Wr 2, Rd 1), aux 0x000000005a5a4f80 Addr 0x000000000040fce6 is in syz-executor at offset 0x000000000000fce6 VM Regions for proc 66 NR: Range: Prot, Flags, File, Off 00: (0x0000000000400000 - 0x00000000004b5000): 0x00000005, 0x00000001, 0xffff8000054bc220, 0x0000000000000000 01: (0x00000000004b5000 - 0x00000000004b6000): 0x00000005, 0x00000002, 0xffff8000054bc220, 0x00000000000b5000 02: (0x00000000006b6000 - 0x00000000006b9000): 0x00000003, 0x00000002, 0xffff8000054bc220, 0x00000000000b6000 03: (0x00000000006b9000 - 0x00000000008e5000): 0x00000003, 0x00000002, 0x0000000000000000, 0x0000000000000000 04: (0x0000000020000000 - 0x0000000021000000): 0x00000007, 0x00000022, 0x0000000000000000, 0x0000000000000000 05: (0x0000100000000000 - 0x0000100000024000): 0x00000007, 0x00000022, 0x0000000000000000, 0x0000000000000000 06: (0x0000300000000000 - 0x0000300000001000): 0x00000003, 0x00000002, 0xffff8000054bc220, 0x0000000000000000 07: (0x0000300000001000 - 0x0000300000005000): 0x00000003, 0x00000022, 0x0000000000000000, 0x0000000000000000 08: (0x0000300000005000 - 0x0000300000007000): 0x00000007, 0x00000022, 0x0000000000000000, 0x0000000000000000 09: (0x0000300000007000 - 0x0000300000019000): 0x00000003, 0x00000022, 0x0000000000000000, 0x0000000000000000 10: (0x0000300000019000 - 0x000030000005d000): 0x00000007, 0x00000022, 0x0000000000000000, 0x0000000000000000 11: (0x00007f7fff8ff000 - 0x00007f7fff9ff000): 0x00000003, 0x00000022, 0x0000000000000000, 0x0000000000000000 Backtrace of user context on Core 2: Offsets only matter for shared libraries #01 Addr 0x000000000040fce6 is in syz-executor at offset 0x000000000000fce6 #02 Addr 0x000000000041010e is in syz-executor at offset 0x000000000001010e #03 Addr 0x00000000004156bd is in syz-executor at offset 0x00000000000156bd #04 Addr 0x0000000000407fab is in syz-executor at offset 0x0000000000007fab #05 Addr 0x0000000000414b10 is in syz-executor at offset 0x0000000000014b10 #06 Addr 0x00000000004084da is in syz-executor at offset 0x00000000000084da #07 Addr 0x0000000000403ec9 is in syz-executor at offset 0x0000000000003ec9 #08 Addr 0x000000000041483c is in syz-executor at offset 0x000000000001483c #09 Addr 0x0000000000414841 is in syz-executor at offset 0x0000000000014841